Add a neverallow rule asserting that services registered or queried
through hwservicemanager must have the attribute hwservice_manager_type.
Attempting to add or query a service which does not have that
attribute is malformed policy.

Test: compiles
Change-Id: Ib498508694f478c396f2d9273abaccbff06975e6

Add a neverallow rule asserting that services registered or queried
through servicemanager must have the attribute service_manager_type
or vndservice_manager_type. Attempting to add or query a service which
does not have one of those attributes is malformed policy.

See
https://android-review.googlesource.com/c/platform/system/sepolicy/+/826500/7/private/system_server.te#696
as an example where this occurred.

Test: compiles
Change-Id: I339bde04b80819b07832d96797fd7f477a4b676a

sed "-i" flag on Mac has different syntax than on Linux. Replace use of
sed with grep.

A simple fix like this should suffice for this case, but ideally, we
should maintain our own utils instead of using tools on the host
machine.

Fixes: 121235932
Test: m selinux_policy
Change-Id: I46c3bdb90bf7de48d2c942b15a65ce82ae3041c5

The bcc command line uses /data/user/0 paths, so renderscript needs to
be able to follow those symlinks.

Addresses the following denial:

  audit(1545249938.830:2274): avc: denied { read } for comm="bcc" name="0" dev="dm-6" ino=101 scontext=u:r:rs:s0:c184,c256,c512,c768 tcontext=u:object_r:system_data_file:s0 tclass=lnk_file permissive=1 app=android.rscpp.cts

Test: cts-tradefed run cts -m CtsRsCppTestCases
Bug: 121266184
Bug: 112357170
Change-Id: I16210f9b95f386bdee0863cf0044c956af99586d

Bug: 119305624
Test: boot blueline
Change-Id: I3ecdeab3bb33c3cb5e80dc10ba1079c9853048f8

* changes:
  Separate product_sepolicy.cil out of system sepolicy
  Replace "grep -f" with python util.

Product-specific sepolicy will be installed into /product/etc/selinux/*.
This change separates out /product/etc/selinux/product_sepolicy.cil out
of system sepolicy.

This file is merged into precompiled_sepolicy at build-time. In case
precompiled_sepolicy can't be used (e.g. system-only-ota), init wll
merge this file with the rest of the sepolicy at runtime.

I left TODOs to separate other product-specific SELinux artifacts out of
system.

Bug: 119305624
Test: boot aosp_taimen with product_sepolicy.cil
Test: build selinux_policy for aosp_arm64; no product_sepolicy.cil
produced
Change-Id: Idb84a1c8ceb2de78f1460d954497c53fed08935f

grep can potentially run out of memory on Mac builds for large input
files. So we add a python util to handle filtering out files.

We will also need this util to filter plat_sepolicy.cil out of
product_sepolicy.cil

Bug: 119305624
Test: boot aosp_taimen
Change-Id: I61cd68f407ea5de43a06bf522a5fc149e5067e8c

Bug: 120865921
Test: Manual verification
Change-Id: Ic0b3f85fad24ccedc0a8e9935c198bc8503bb415

Make mediaextractor use hidl memory allocated by
hidl allocator, instead of constructing hidl memory
from IMemory.

bug: 112766913
bug: 111407253
Change-Id: I7902f18768005c995925bc9a7947299e9988b68a
(Needed for internal commit I39e131718ea41f9cb23177c28213ddf7b7741338)

Test: Booted with Vulkan rendering
Change-Id: I00485c16e5a878321a699f35d28fb85834991255

We're creating a new PermissionManagerService that will handle
all of the permission related APIs. These are currently being
routed through PackageManagerService.

Test: Device boots
Change-Id: I7d08561dd33b692209c30d413cdca0ff567358f1

rss_hwm_reset is binary that reset RSS high-water mark counters for all
currently running processes. It runs in a separate process because it
needs dac_override capability.

Bug: 119603799
Test: no errors in logcat
Change-Id: I6221a5eca3427bf532830575d8fba98eb3e65c29

Test: Run CtsMediaTestCases on aosp_marlin_svelte
Change-Id: Ie7d491fbc11ef5c24826a0d69e479bc03bd2ad08

Bug: 111276913
Test: manual verification

Merged-In: If76dc7bfdad87789a58fc94e0fd280deae1a41ab
Change-Id: If76dc7bfdad87789a58fc94e0fd280deae1a41ab
(cherry picked from commit 73e7fa88)

On debug builds, introduce audit logging of apps targeting SDK <= 28
that execute native code from a non-priv app home directory via
execve() or dl_open().

Bug: 111338677
Test: Builds + boots.
Test: Launch app that uses private .so files, see granted logs.
Change-Id: I5880801d3a29cbf2c1cf4e0d72adc69a9d548952

To work around a kernel bug where pages that are read before changing
the loop device offset are not invalidated correctly.

Bug: 120853401
Test: apexd mounts APEX files on gphone_sdk_x86_64
Change-Id: I89f23f8f9d472e599f053553b73cc0618dcb3747

It doesn't seem like any of our (Google's) devices use
BOARD_ODM_SEPOLICY_DIRS, but this will be helpful for partners.

Also, use BOARD_VENDOR_SEPOLICY_DIRS instead BOARD_SEPOLICY_DIRS for
readability.

Bug: n/a
Test: m selinux_policy
Change-Id: I23f64a24d51ccdb8aa616d0fd8a06d70b6efed32

When daemonizing perfetto, SIGINT should be sent to ensure clean
shutdown.

Denial:
12-06 11:12:16.566  3099  3099 I sh      : type=1400 audit(0.0:462): avc: denied { signal } for scontext=u:r:shell:s0 tcontext=u:r:perfetto:s0 tclass=process permissive=1

Test: m
Test: flash walleye
Test: SIGINT perfetto from shell

Change-Id: I8d34b447ea90c315faf88f020f1dfc49e4abbcce

Bug: 111789719
Test: manual
Change-Id: I5a5c1da69fd5d55e3276bb7384a94b9831e3cccd

Test: Compiles - neverallow rules are compile time checks
Change-Id: I2e1177897d2697cde8a190228ba83381d9a1877a

Bug: 112260995
Bug: 120277977
Test: atest VtsHalGnssV2_0TargetTest
Change-Id: I196d8506b2f7c2153e1f647ea5ba61b81bf3d881

Remove the ability for applications to dlopen() executable code from
their home directory for newer API versions. API versions <= 28 are
uneffected by this change.

Bug: 112357170
Test: cts-tradefed run cts -m CtsRenderscriptTestCases
Change-Id: I1d7f3a1015d54b8610d1c561f38a1a3c2bcf79e4