Change-Id: I86bb9be9c129846714919f3c4a4568a4e4f9b4f4

Bug: 140882488
Test: create files and dirs in /data/per_boot, check they're removed.
Cherry-Picked-From: 2367ba358f0ec0c0c591e3e2feadabf891f38eef
Merged-In: Idf0ba09cbe51cbff6a7b2a464c4651a1f7fcf343
Change-Id: Idf0ba09cbe51cbff6a7b2a464c4651a1f7fcf343

Change-Id: Ic80c46084072e15fdd0f7dbd3bf5de60577a381a

SELinux has a separate file mmap permission in 4.14+ kernels. Add this
to dexoptanalyzer(d) in cases where it could already access files (in
particular, secondary dex files).

Addresses denials of the form:

  avc: denied { map } for […] path="/data/data/[…]" […]
  scontext=u:r:dexoptanalyzer:s0 tcontext=u:object_r:app_data_file:s0

(cherry picked from commit c72b7d17310499f6bd6545e0e509fd603045d329)

Test: Reproduce steps in bug 138683603 on a device with a 4.14+ kernel
      and check the absence of SELinux denials
Bug: 138683603

Change-Id: Ieba53eb431c0ba3914dcb5e5abdae667bd063555

Change-Id: I335936148da2273575dff19062339cff4f80c7df

am: 32481828

Change-Id: I35a78cd9208439c9fc89c20ea546081fb5d4b4f2

am: 32f279c0

Change-Id: I03466cdb7fe4c3c5c52a8e57d0cd5cd394ee0dfe

Tag gpu_service as app_api_service. This is the corresponding api 29.0
change to the public service.te from commit aosp/1105058
(I30a951cd712b0ae4aacd2c4d6d42e74fac5c0707).

Bug: 139685237
Test: m selinux_policy
Change-Id: Ia23cdd5f59b40a3e99cae424d9cf41d5e7442631

gpu_service is already accessible to untrusted 3p apps aosp/898376.
Otherwise, vendor apps can't access gpu_service.

Bug: 139685237
Test: m selinux_policy
Change-Id: I30a951cd712b0ae4aacd2c4d6d42e74fac5c0707

Change-Id: I94df70b3f929a8af5915b45152d7b4b6340a2a21

This should be available in user and userdebug builds.

Bug: 137289935
Test: Alongside atrace changes, recorded a trace using Traceur and
verified that the tracepoints were included in the recorded trace in
both user and userdebug builds.

Change-Id: I6131557bdd0a298be9e75b39759599b189b9b988
Merged-In: I6131557bdd0a298be9e75b39759599b189b9b988

Change-Id: I04f76fabac9931d4423fd02d44868edff7d34999

Change-Id: I5a85c5f98d41739613df19b0960541c82a81afd0

am: a85c5360

Change-Id: I9cf4bf773a5c7d36922bb590f74e283c565673c8

Required to check if migration is necessary and migrate obb contents

Bug: 136199978
Test: make
Change-Id: I23890e4eeea1da7791e25ce5c9584b1abe94f440

Bug: 135550670
Test: Boot with SELinux enforcing
Change-Id: I61c30abc39909a263a2c402a5c0eb1de570748bb

Change-Id: Id2ebcde52ad378194a25fd6808c1b0fcd1aa52b5

To reduce the DPU loading in color conversion, we enable device-specific
dataspace for color space agnostic surfaces. Since the type of surfaces
usually provide gray-level surfaces to users, it can be acceptable to
ignore the color conversion on them.

Bug: 134783740
Bug: 135140940
Test: Check ScreenDecorOverlays in expected dataspace
Test: Play HDR video on C2 and check dataspace
Change-Id: Ief32f0ff3867b2e154fecd6c9ebd6610b0e6ed11

Change-Id: I786416297808c47dc1a8c1b54164c8e8bb60841b

am: 9bfaa1c4

Change-Id: Ie0ec9a00dab4c2d8aea365fb95b708aee8ef09d0

Change-Id: I95e9cee47faa690ea4aec2d1792ff969e66d82b5

This will allow Perfetto to capture GPU frequency changes
on the target, which is useful to graphics developers
using Perfetto to profile graphics HW usage.

This change also updates the private prebuilt at version
29.0 to match the update.

Bug: 136062452
Merged-In: Idb7870b2f674f1359ef3b4487dbeff190b394248
Change-Id: Ib98ba10d96caa199d7030be3a17148045576a80c

am: 9067699d

Change-Id: Id3541133ffa48e7685f8e8195f5c585ea8fe9630

In order to show licensing information, we need to read it from
an asset stored in the .apex file.

Bug: 135183006
Test: Manual; settings can access apex files stored on /data
Change-Id: I71fbde6e295d9c890c9b9b0449e5150834a6680e
Merged-In: I71fbde6e295d9c890c9b9b0449e5150834a6680e

Change-Id: I39b68a117f4e81f96a895a7c9d5096b7d7a385bb

am: 72a75ffe

Change-Id: I86d660a7402876aa9bfad72ef6c6e75771f376cd

Change-Id: I1b90dda0749c93c50632f43f110b4254e5ffbb32

am: 6d976f4d

Change-Id: I7077ceb75ff9e5c4d13acebbffe03089b9952a99

Bug: http://b/135139675

Coverage files are written to /data/misc/trace (governed by the
method_trace_data_file selinux type).  Allow all domains to access
(create directories, access files) this directory when native coverage
is enabled (by setting NATIVE_COVERAGE to true) in an userdebug or eng
build.

Also relax neverallow constraints to allow access to
method_trace_data_file for native coverage builds.

Test: Build 32-bit cuttlefish with coverage:
          m NATIVE_COVERAGE=true COVERAGE_PATHS="*"
      and verify that there are no selinux denials in kernel log and
      logcat.

Change-Id: I3fe7c77612854b9de7de7a0ddd5cbf44a2f5c21e
(cherry picked from commit ce9c0c5a5fbd3fda8e1fd102d2bf1ca6afebbdf9)

Test: manual
Bug: 126802513

Change-Id: If037483f305e161a158e30f6322d5e25b7770952

Bug: 135111122
Test: Ran "adb shell am hang" and verified that power.stats HAL
information is in /data/anr/<anr_file>
Change-Id: I60a6191626a20c737124033e8ad453fa91425e39

am: 890dba49

Change-Id: I7071270ce19cc650663f196de839e82e793ee206

Change-Id: I40a38173c0ece44f5aa1dfeb2633a4cdd777b886

am: 9bb71537

Change-Id: I868d3dafeb1a584aeb047c03b9ec2d916d5102b4