* changes:
  Soong module for selinux files including board-specific directories.
  Soong module selinux compat maps

The tags property is (and has always been) unused by Soong. The property has
been defined as a list of strings, and the `androidmk` converted any
LOCAL_MODULE_TAGS entries over to it, but we've never done anything with it.

In preparation for removing the definition from Soong, I'm removing it from all
Android.bp files in the tree.

Since this has never done anything, this is a no-op, but if you really did want
the Android.mk behavior, the proper way to define a module to be installed in
userdebug / eng builds is to use PRODUCT_PACKAGES_DEBUG or PRODUCT_PACKAGES_ENG
in the appropriate product makefile.

Change-Id: Ia9a9b1c35533e02047cbb183b317ab93f1eeec6b
Exempt-From-Owner-Approval: global no-op build change
Test: remove `tags` from Soong, see errors go away.

se_filegroup is used to export selinux files from board-specific
directories (e.g. device/google/wahoo/sepolicy).

Use se_filegroup module to export partner extension of compatibility
mapping to build logic in system/sepolicy.

Bug: 33691272
Bug: 74669108
Test: .cil mapping files can be correctly added from vendor directory.
Change-Id: Iaa2a95d0e326cb03a478fc12c1a14ba40e57e117

And migrate 26.0.cil and 27.0.cil build targets from Android.mk to
Android.bp

Bug: 33691272
Test: 26.0.cil and 27.0.cil mapping files on the device are unchanged.
Change-Id: Id0ea45c149e096996bc0657615ea98915df3c9e1

This should help fix presubmit tests.

Bug: 79414024
Test: Built policy.
Change-Id: Ic840150767ff6c2799ac3b5ef22ba139108c94dd

Let the audioserver record metrics with media.metrics service.
This is for 'audiopolicy' metrics.

Bug: 78595399
Test: record from different apps, see records in 'dumpsys media.metrics'
Change-Id: Ie5c403d0e5ac8c6d614db5e7b700611ddd6d07e9
Merged-In: I63f9d4ad2d2b08eb98a49b8de5f86b6797ba2995

Keymaster hal needs to be able to read the vendor SPL for purposes of
rollback protection.

Test: Keymaster can access the hal_keymaster_default property
Change-Id: Ifa53adb23f6ab79346e9dd9616b34d8b24395a0a

Bug: 33691272
Test: make clean && mmma system/sepolicy
Change-Id: I6bbd6271c375338e7d24cd6089c6f826080c98b6

Test: compile
Bug: 64114943
Change-Id: I2bbf84a6e472d720f02282e10d56795b75ac62d1

Bug: 70637118
Test: build, flash and boot automotive builds

Change-Id: I6db23258de30174d6db09d241e91b08aa5afedef
Merged-In: I6db23258de30174d6db09d241e91b08aa5afedef
(cherry picked from commit 394dbe34)

Test: Builds

Bug: 64121714
Bug: 31973802
Change-Id: Id37be8726a8bb297e35bca494964fdbcc48c6a73
(cherry picked from commit 4be28894)

Files in /proc/net leak information. This change is the first step in
determining which files apps may use, whitelisting benign access, and
otherwise removing access while providing safe alternative APIs.

To that end, this change:
* Introduces the proc_net_type attribute which will assigned to any
new SELinux types in /proc/net to avoid removing access to privileged
processes. These processes may be evaluated later, but are lower
priority than apps.
* Labels /proc/net/{tcp,tcp6,udp,udp6} as proc_net_vpn due to existing
use by VPN apps. This may be replaced by an alternative API.
* Audits all other proc/net access for apps.
* Audits proc/net access for other processes which are currently
granted broad read access to /proc/net but should not be including
storaged, zygote, clatd, logd, preopt2cachename and vold.

Bug: 9496886
Bug: 68016944
Test: Boot Taimen-userdebug. On both wifi and cellular: stream youtube
    navigate maps, send text message, make voice call, make video call.
    Verify no avc "granted" messages in the logs.
Test: A few VPN apps including "VPN Monster", "Turbo VPN", and
"Freighter". Verify no logspam with the current setup.
Test: atest CtsNativeNetTestCases
Test: atest netd_integration_test
Test: atest QtaguidPermissionTest
Test: atest FileSystemPermissionTest

Change-Id: I7e49f796a25cf68bc698c6c9206e24af3ae11457
Merged-In: I7e49f796a25cf68bc698c6c9206e24af3ae11457
(cherry picked from commit 08731895)

* Note on cherry-pick: Some of the dependent changes are not in AOSP.
In order to keep hostapd running correctly in AOSP, I've modified this
change to only include policy additions.

Change sepolicy permissions to now classify hostapd as a HAL exposing
HIDL interface.

Sepolicy denial for accessing /data/vendor/misc/wifi/hostapd:
12-27 23:40:55.913  4952  4952 W hostapd : type=1400 audit(0.0:19): avc:
denied { write } for name="hostapd" dev="sda13" ino=4587601
scontext=u:r:hal_wifi_hostapd_default:s0
tcontext=u:object_r:system_data_file:s0 tclass=dir permissive=0

01-02 19:07:16.938  5791  5791 W hostapd : type=1400 audit(0.0:31): avc:
denied { search } for name="net" dev="sysfs" ino=30521
scontext=u:r:hal_wifi_hostapd_default:s0
tcontext=u:object_r:sysfs_net:s0 tclass=dir permissive=0

Bug: 36646171
Test: Device boots up and able to turn on SoftAp.
Change-Id: Ibacfcc938deab40096b54b8d0e608d53ca91b947
Merged-In: Ibacfcc938deab40096b54b8d0e608d53ca91b947
(cherry picked from commit 5bca3e86)

Buh-bye!
Test: none

Change-Id: Ib1917adf03f9e777c7fc4bcb749c34c051176860

com.android.server.power.PowerManagerServiceTest#testGetLastShutdownReasonInternal due to "RuntimeException: failed to set system property"

W/roidJUnitRunner: type=1400 audit(0.0:6): avc: denied { write } for name="property_service" dev="tmpfs" ino=13178 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=0
W/libc    : Unable to set property "test.sys.boot.reason" to "shutdown,thermal": connection failed; errno=13 (Permission denied)

Had to use precise property definition as com.android.phone accesses
test properties as well.

Test: compile
Bug: 78245377
Change-Id: I2cc810846f8615f2a2fae8e0d4f41de585b7abd7

It's used in build-time tests and in CTS.

Bug: 78898770
Test: build user-build
Change-Id: I254bf4d7ed0c0cb029b55110ceec982b84e4a91b
Merged-In: I254bf4d7ed0c0cb029b55110ceec982b84e4a91b

This reverts commit 0ab13a8d.

Reason for revert: broken presubmit tests
https://sponge.corp.google.com/target?show=FAILED&sortBy=STATUS&id=83e847b2-8e30-4417-9b15-8e66af4b2bc3&target=DeviceBootTest

Change-Id: Id173c8e7fa28ba04070f507098f301f076e4aae7

On userdebug builds we can now profile system server without disabling
selinux. This is the final piece, and allows the system server to save its
own profile.

Test: manual, on a device with system server profiling enabled
Bug: 73313191
Change-Id: Iaf9575d3cda19ae4c38f1e20a8e1b9288b7abc83

Bug: 78603347
Test: build and locally tested
Change-Id: Ib9b041af63d1fac7a689b932e7a2b202fa8d0f83

Give all the right permissions to find and send a message to
perfprofd from the system server.

Bug: 73175642
Test: m
Test: manual
Change-Id: I82b63ec097dcd445d9e8169fe0df4398d62ac184

com.android.server.power.PowerManagerServiceTest#testGetLastShutdownReasonInternal due to "RuntimeException: failed to set system property"

W/roidJUnitRunner: type=1400 audit(0.0:6): avc: denied { write } for name="property_service" dev="tmpfs" ino=13178 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=0
W/libc    : Unable to set property "test.sys.boot.reason" to "shutdown,thermal": connection failed; errno=13 (Permission denied)

Test: compile
Bug: 78245377
Change-Id: Id21436d281bab27823969a9f7e92318d70b5a2d6

Vendor public libs are exposed to apps (not system), and their ABI
stability is guaranteed by vendor. Introducing new selinux type so that
we don't conflate concepts of same-process HAL and vendor public lib.
The former is exposed to all domains, while the latter should only be
acessible by apps.

Bug: 76413554
Test: build-only change, policy builds
Change-Id: I89dad351374f46c7fe2726991eb4c05064c37ed5

avc: denied { sys_resource } for comm="adbd" capability=24
scontext=u:r:adbd:s0 tcontext=u:r:adbd:s0 tclass=capability

Test: build aosp_sailfish-userdebug
Bug: 78935353
Change-Id: I094e54cbd61245d368f3164e30222dfdff902ffa