This is being done in preparation for the migration from ashmem to
memfd. In order for tmpfs objects to be usable across the Treble
boundary, they need to be declared in public policy whereas, they're
currently all declared in private policy as part of the
tmpfs_domain() macro. Remove the type declaration from the
macro, and remove tmpfs_domain() from the init_daemon_domain() macro
to avoid having to declare the *_tmpfs types for all init launched
domains. tmpfs is mostly used by apps and the media frameworks.

Bug: 122854450
Test: Boot Taimen and blueline. Watch videos, make phone calls, browse
internet, send text, install angry birds...play angry birds, keep
playing angry birds...

Change-Id: I20a47d2bb22e61b16187015c7bc7ca10accf6358
Merged-In: I20a47d2bb22e61b16187015c7bc7ca10accf6358
(cherry picked from commit e16fb910)

Test: successful fs-verity setup with key loaded from shell
Bug: 112037636
Change-Id: Ide01d11f309008fffeafdedb517508db94472873

An app should never follow a symlink provided by another app.

Test: build, boot Taimen, install some apps, watch youtube, browse
chrome.
Bug: 123350324
Change-Id: Iedd42fe1c27d406f7f58293c20d05e1b7646d8a2

Test: Manually verified that service is accessible
Change-Id: If3748f4719b6194eccd16a097a0f1fc050f4160f

system/sepolicy/Android.mk has become too large (~2k lines) and hard to
navigate. This patch reorganizes build rules for convenience. No
functional changes are made.

Test: m selinux_policy
Change-Id: I9a022b223b2387a4475da6d8209d561bfea228fb

Test: A/B OTA update test (asit/dexoptota/self_full).
Bug: 113373927
Bug: 120796514
Change-Id: Icbbe1babe0dceebff2546264ddabe779babba761

Bug: 111457573
Test: N/A
Change-Id: I457fd9d13cc481f2687ab39d22240c6ea7231183

Merge changes from topics "runtime-apex-otapreopt_chroot-tear-down", "runtime-apex-installd-support", "runtime-apex-otapreopt_chroot-support"

* changes:
  Allow `oatpreopt_chroot` to deactivate APEX packages in `/postinstall/apex`.
  Allow `oatpreopt` to run `dex2oat` from the Runtime APEX.
  Allow `otapreopt_chroot` to mount APEX packages using `apexd` logic.

The dynamic linker always calls access(2) on the path. Don't generate SElinux
denials since the linker does not actually access the path in case the path
does not exist or isn't accessible for the process.

Bug: 120996057
Test: copy ping to /data/local/tmp, run it, no selinux denials
Test: bionic unit tests

Change-Id: Idf33ba7bc6c0d657b6ab0abde6bd078e4bb024e5

selinux_denial_metadate is an concatenation of different bug maps on the
device, including vendor one. This file is only used for debugging, so
we simply move it to /vendor instead of splitting it up.

/vendor/etc/selinux/selinux_denial_metadata has vendor_configs_file
selinux type, which is logd readable.

Bug: 5159394
Test: bug information is still preserved in avc logs, e.g.
audit(0.0:248): avc: denied { read } for
name="u:object_r:vendor_default_prop:s0" dev="tmpfs" ino=18012
scontext=u:r:platform_app:s0:c512,c768
tcontext=u:object_r:vendor_default_prop:s0 tclass=file permissive=0
b/79617173 app=com.android.systemui
Change-Id: Id5eb9abd3bdeed92feb2aca40880903533468d50

Give apexd permission to execute sh.

Add userdebug_or_eng domains and rules for the test
APEX for pre- and post-install.

Bug: 119260955
Bug: 119261380
Test: atest apexservice_test
Change-Id: I0c4a5e35e096101a53c9d1f212d2db2e63728267

Untrustworthy symlinks dereferenced by priv-apps could cause those apps
to access files they weren't intending to access. Trusted components
such as priv-apps should never trust untrustworthy symlinks from
untrusted apps.

Modify the rules and add a neverallow assertion to prevent regressions.

Bug: 123350324
Test: device boots and no obvious problems.
Change-Id: I8c4a5c9c8571fd29b2844b20b4fd1126db4128c0

The app_zygote should never use any unix sockets, except the
logd socket and some sockets only available on userdebug/eng.

Prevent it from using ptrace.

Bug: 111434506
Test: builds
Change-Id: Ic47cfca51fba0b150a136194ba0e4a8a488c9996

Whitelist the persistent system properties that will be used as
flags in activity manager experiments.

Bug: 120794810
Test: m, flash, test getting flag value in ActivityManagerService.java
Change-Id: I90a10bc87d6db3a64347b62fd02e6f0b12ac9fa8

Allow apexd to log to the kernel log. This aids in low-level
diagnostics, when adb is not available.

Test: m
Change-Id: Ib8f286bd917b34f5e8992b37ab230313a4820bf9

The new codepath for creating the classloader in the webview zygote
triggers an selinux denial; track this until it is fixed.

Bug: 123246126
Test: DeviceBootTest.SELinuxUncheckedDenialBootTest
Merged-In: I6835947e81364b5dd43898199108af7b14d31088
Change-Id: I6835947e81364b5dd43898199108af7b14d31088

The bpf maps for per uid stats need to be regularly cleaned now to
optimize the memory usage and performance. It can only done by
system_server since it is the process that scrapes and read the stats.
So allow it to write to maps to clean the stats. This change also
allows the system server to create PF_KEY sockets since we need a
reliable way to force synchronize the rcu on devices with 4.9 kernel.

Test: CtsUsageStatsTestCases
Bug: 79171384
Change-Id: I6564a56a5906a958f7d8e1d290b85de3f6fa121d

Test: Manual
Change-Id: Ic4c3fd5b2d8d709573f8cc6332a6340d28d3ba26

Bug: 118835348
Test: build and boot pixel 3.
Test: run simpleperf_app_runner manually.

Change-Id: Ifb6c2ab78e075684bc197d06f761becced8281d1