am: d7b8338e  -s ours

Change-Id: I66d268eb596277171a88377dad0e613a7497e3f4

am: 392c86e9

Change-Id: Id520704ad8a2be81648c33d2d1ef4a865badacd0

am: 4dd14f69

Change-Id: I60c3e0f1441aa4f548b1875e68f49c2047bf74e4

am: 4c013db7

Change-Id: I77c714f588bdc78020af4e7dbf6a89d9e6792ca6

am: d437f0e0

Change-Id: Ib72b4435a8173a213f1ddb3331afc0bebf991029

am: d3ce5dc3

Change-Id: Ifd66a82a429b18f6e0077b042dccef38ddcd636d

Test: no relevant denials on marlin while booting
Test: no relevant denials on angler while booting
Bug: 36278706
Change-Id: Ieba79e1c8fca4f74c63bc63e6dd0bdcf59204ca2

vndservicemanager is the context manager for binder services
that are solely registered and accessed from vendor processes.

Bug: 36052864
Test: vendorservicemanager runs
Merged-In: Ifbf536932678d0ff13d019635fe6347e185ef387
Change-Id: I430f1762eb83825f6cd4be939a69d46a8ddc80ff

am: 8f0abfec

Change-Id: Id2a898b91932fa74389586bb534cb1dba3bfe26c

am: 1c05f800

Change-Id: Icb9150c5828272df8ccfce8a4145df2f3c987c45

am: 63211f8d

Change-Id: If8aa9152a643522fc896b7a412d3fafb19043649

am: e43f5c97

Change-Id: I40ee71a3473e23a29b370cdc8be7cabd8e8245fc

am: e2f8626e

Change-Id: If401e4107787e6620ed31115c45b7d594812dbe5

am: 871e44c4

Change-Id: I1c261dc247b93306c6d1a70dd0014532c84843c5

am: 23bf2d44

Change-Id: Ib9d7b139d7792eedf3c8963cdc12fbe9f194f0f4

am: 3d49330b

Change-Id: I1ceaf1d95f07b8c4635a6055384cf6dcff932d51

am: 6456542f

Change-Id: I353c8d695a5c995f72fe865f27682a05011f8f55

ASAN builds may require additional permissions to launch processes
with ASAN wrappers. In this case, system_server needs permission to
execute /system/bin/sh.

Create with_asan() macro which can be used exclusively on debug
builds. Note this means that ASAN builds with these additional
permission will not pass the security portion of CTS - like any
other debug build.

Addresses:
avc: denied { execute } for name="sh" dev="dm-0" ino=571
scontext=u:r:system_server:s0 tcontext=u:object_r:shell_exec:s0
tclass=file

Test: lunch aosp_marlin-userdebug;
      cd system/sepolicy; mm SANITIZE_TARGET=address;
      Verify permissions granted using with_asan() are granted.
Test: lunch aosp_marlin-userdebug;
      cd system/sepolicy; mm;
      Verify permissions granted using with_asan() are not granted.
Test: lunch aosp_marlin-user;
      cd system/sepolicy; mm SANITIZE_TARGET=address;
      Verify permissions granted using with_asan() are not granted.
Bug: 36138508
Change-Id: I6e39ada4bacd71687a593023f16b45bc16cd7ef8

/proc/interrupts may be dumped by dumpstate HAL if required.

Bug: 36486169
Test: 'adb shell bugreport' on sailfish

Change-Id: Ifc41a516aeea846bc56b86b064bda555b43c58ed
Signed-off-by: Sandeep Patil <sspatil@google.com>

Merge "wpa_supplicant: Remove unnecessary permissions from system_server" am: e1a350a0 am: 79005214
am: 180a6882

Change-Id: Ic5e8018fd106a645d24f52b8502fff3e4c603f7e

am: 79005214

Change-Id: Icf0aefc596f8c3df64be9bc68b4c1f4243059747

am: e1a350a0

Change-Id: Ib2f28bdd5aa8dc1a6641f3f114965ac3ddec17e2

vndservicemanager is the context manager for binder services
that are solely registered and accessed from vendor processes.

Bug: 36052864
Test: vendorservicemanager runs
Change-Id: Ifbf536932678d0ff13d019635fe6347e185ef387

am: acc1701f

Change-Id: I7b732b74d4495c9b6aede9530e7944b5b3e07584

am: 6fcbd0f5

Change-Id: Ibc6947686cc6edf439e25cda9aaf5b1444da6c8c

am: cc45b87c

Change-Id: I17fe3e79b7f673a0703be5be7bb93838cd2f7ed6

am: 52cc23c9

Change-Id: I02062a80ab0a489c0e00f7890ecdcd0731ced405

am: a6445395

Change-Id: I7c47721f7fd0c30ce20c4948e412c1bb0d5b34f1

am: bbe7213f

Change-Id: I0c82b4e73e54cf7ac1f434c97558bd3cef3c36e7

Now that the android wifi framework has fully switched over to HIDL,
remove the sepolicy permissions for accessing wpa_supplicant using
socket control interface.

While there, also removed the redundant |hwbinder_use|.

Bug: 35707797
Test: Device boots up and able to connect to wifi networks.
Test: Wifi integration tests passed.
Change-Id: I55e24b852558d1a905b189116879179d62bdc76c

Prevent app domains (processes spawned by zygote) from acquiring
locks on files in /system. In particular, /system/etc/xtables.lock
must never be lockable by applications, as it will block future
iptables commands from running.

Test: device boots and no obvious problems.
Change-Id: Ifd8dc7b117cf4a622b30fd4fffbcab1b76c4421b