Bug: 138545724
Test: n/a

(cherry picked from commit 3d58603623dd67b181fb965f437c552428c979bc)

Change-Id: I03c2430778f1112679090bb7aad234c907384ea1
CRs-Fixed: 2491659

SELinux has a separate file mmap permission in 4.14+ kernels. Add this
to dexoptanalyzer(d) in cases where it could already access files (in
particular, secondary dex files).

Addresses denials of the form:

  avc: denied { map } for […] path="/data/data/[…]" […]
  scontext=u:r:dexoptanalyzer:s0 tcontext=u:object_r:app_data_file:s0

(cherry picked from commit c72b7d17310499f6bd6545e0e509fd603045d329)

Test: Reproduce steps in bug 138683603 on a device with a 4.14+ kernel
      and check the absence of SELinux denials
Bug: 138683603

Change-Id: Ieba53eb431c0ba3914dcb5e5abdae667bd063555

This should be available in user and userdebug builds.

Bug: 137289935
Test: Alongside atrace changes, recorded a trace using Traceur and
verified that the tracepoints were included in the recorded trace in
both user and userdebug builds.

Change-Id: I6131557bdd0a298be9e75b39759599b189b9b988
Merged-In: I6131557bdd0a298be9e75b39759599b189b9b988

Required to check if migration is necessary and migrate obb contents

Bug: 136199978
Test: make
Change-Id: I23890e4eeea1da7791e25ce5c9584b1abe94f440
(cherry picked from commit 793dc8f8)

Required to check if migration is necessary and migrate obb contents

Bug: 136199978
Test: make
Change-Id: I23890e4eeea1da7791e25ce5c9584b1abe94f440

This will allow Perfetto to capture GPU frequency changes
on the target, which is useful to graphics developers
using Perfetto to profile graphics HW usage.

This change also updates the private prebuilt at version
29.0 to match the update.

Bug: 136062452
Merged-In: Idb7870b2f674f1359ef3b4487dbeff190b394248
Change-Id: Ib98ba10d96caa199d7030be3a17148045576a80c

In order to show licensing information, we need to read it from
an asset stored in the .apex file.

Bug: 135183006
Test: Manual; settings can access apex files stored on /data
Change-Id: I71fbde6e295d9c890c9b9b0449e5150834a6680e
Merged-In: I71fbde6e295d9c890c9b9b0449e5150834a6680e

Bug: http://b/135139675

Coverage files are written to /data/misc/trace (governed by the
method_trace_data_file selinux type).  Allow all domains to access
(create directories, access files) this directory when native coverage
is enabled (by setting NATIVE_COVERAGE to true) in an userdebug or eng
build.

Also relax neverallow constraints to allow access to
method_trace_data_file for native coverage builds.

Test: Build 32-bit cuttlefish with coverage:
          m NATIVE_COVERAGE=true COVERAGE_PATHS="*"
      and verify that there are no selinux denials in kernel log and
      logcat.

Change-Id: I3fe7c77612854b9de7de7a0ddd5cbf44a2f5c21e
(cherry picked from commit ce9c0c5a5fbd3fda8e1fd102d2bf1ca6afebbdf9)

Test: manual
Bug: 126802513

Change-Id: If037483f305e161a158e30f6322d5e25b7770952

Bug: 135111122
Test: Ran "adb shell am hang" and verified that power.stats HAL
information is in /data/anr/<anr_file>
Change-Id: I60a6191626a20c737124033e8ad453fa91425e39

This property will be set by system_server (to indicate the currently
selected theme for device), and can be accessed by vendor init.rc.

avc:  denied  { read } for property=persist.sys.theme pid=0 uid=0 gid=0 scontext=u:r:vendor_init:s0 tcontext=u:object_r:theme_prop:s0 tclass=file

Bug: 113028175
Test: Set a vendor init trigger that waits on `persist.sys.theme`. Check
      that the trigger fires without denial.
Change-Id: Ibb4e392d5059b76059f36f7d11ba82cd65cbe970

avc: denied { sigchld } for comm="main"
scontext=u:r:system_server_startup:s0 tcontext=u:r:zygote:s0
tclass=process permissive=0

Test: build
Bug: 134496658
Change-Id: I98c106b17ba1740f953c3108bd0fc927c150096f
(cherry picked from commit 67dc274f87b25b80d507f8ad8263648f5f9a1dd1)

This set of patches adds a way for the perfetto command line client to
save a trace to a hardcoded location,
/data/misc/perfetto-traces/incident-trace, and call into incidentd to
start a report, which will include said trace in a new section.

This is not a long-term solution, and is structured to minimize changes
to perfetto and incidentd. The latter is currently architected in a way
where it can only pull pre-defined information out of the system, so
we're resorting to persisting the intermediate results in a hardcoded
location.

This will introduce at most two more linked files at the same time.

Bug: 130543265
Bug: 134706389
Tested: manually on crosshatch-userdebug
Merged-In: I2aa27e25f0209b3a5cdf5d550d0312693932b808
Change-Id: I2aa27e25f0209b3a5cdf5d550d0312693932b808
(cherry picked from commit ce3a33ff182ce49cf91091cea553a3003d2c20f6)

Bug: 121350843
Change-Id: I0977d31b1959c86fbec1f13676cd1554fa602eb4

Bug: 133435561
Test: adb shell gsi_tool install
Change-Id: Iaa610c72d8098e157bb89e321624369f86f4ea19
Merged-In: Iaa610c72d8098e157bb89e321624369f86f4ea19

Bug: 132444397
Test: manually tested with ag/7555609

Change-Id: I9e5f0a9d501a6728af3f27241300b3bb5c5c2123
Merged-In: I9e5f0a9d501a6728af3f27241300b3bb5c5c2123
(cherry picked from commit febfa8f22dc829c32ed493969afc43378e327ecf)

.. and let installd execute it. Required to migrate legacy obb contents

Bug: 129167772
Test: make

Change-Id: I35d35016680379e3a9363408704ee890a78a9748

Test: make cts -j123 && cts-tradefed run cts-dev -m \
CtsMediaTestCases --compatibility:module-arg \
CtsMediaTestCases:include-annotation:\
android.platform.test.annotations.RequiresDevice

Bug: 131677974
Change-Id: I59c3d225499a8c53c2ed9f3bd677ff3d7423990b

This is a matching change for commit 8f39cce7 ("Add
vendor_misc_writer."), which updates the prebuilts for API 29.

Bug: 132906936
Test: Build crosshatch that includes misc_writer module. Invoke
      /vendor/bin/misc_writer to write data to /misc.
Change-Id: Id12a1ed45c8cef6e4039a9dda6a1fb41f9e014de

Similar to aosp/961857, but enables the logging of atrace events from
the camera HAL (primarily HIDL interactions, but also a couple of ION
events).

Keeping it confined to userdebug_or_eng. Longer-term planning belongs on
b/78136428.

Not adding fwk_camera_hwservice, as it is a HIDL interface to
cameraserver (which is already covered above).

Plus slight reorganization of existing atrace.te contents, and donaudits
to reduce logspam from denials (including pre-existing ones that were
hitting the rate limiter).

Specific denials addressed (listing HALs, finding camera HAL, notifying it):
05-15 18:07:19.684   618   618 E SELinux : avc:  denied  { list } for  scontext=u:r:atrace:s0 tcontext=u:r:hwservicemanager:s0 tclass=hwservice_manager permissive=1
05-15 18:07:19.701   618   618 E SELinux : avc:  denied  { find } for interface=android.hardware.camera.provider::ICameraProvider sid=u:r:atrace:s0 pid=10137 scontext=u:r:atrace:s0 tcontext=u:object_r:hal_camera_hwservice:s0 tclass=hwservice_manager permissive=1
05-15 18:07:19.698 10137 10137 I atrace  : type=1400 audit(0.0:273): avc: denied { call } for scontext=u:r:atrace:s0 tcontext=u:r:hal_camera_default:s0 tclass=binder permissive=1

Bug: 130543265
Tested: flashed blueline-userdebug, took a trace with perfetto, confirmed HIDL atrace slices present in camera hal trace.
Merged-In: I0f8ce989355603e41d6c05c3de07e7dd615555eb
Change-Id: I0f8ce989355603e41d6c05c3de07e7dd615555eb
(cherry picked from commit 19459a38026f89e266a07cbed88a586f95830ca5)

This allows the atrace cmd to notify cameraserver (the host of
media.camera service) that the set of tracing-related system properties
have changed. This allows the cameraserver to notice that it might need
to enable its trace events.

The atrace cmd has the necessary permission when running as shell, but
not when it is running as the "atrace" domain (notably when exec'd by
perfetto's traced_probes).

We're adding cameraserver to the whitelist as it contains important
events for investigating the camera stack.

Example denial:
05-14 22:29:43.501  8648  8648 W atrace  : type=1400 audit(0.0:389): avc: denied { call } for scontext=u:r:atrace:s0 tcontext=u:r:cameraserver:s0 tclass=binder permissive=0

Tested: flashed blueline-userdebug, captured a perfetto trace with "camera" atrace category, confirmed that userspace atrace events are included in the trace.
Bug: 130543265
Merged-In: Ifd3fd5fd3a737c7618960343b9f89d3bf7141c94
Change-Id: Ifd3fd5fd3a737c7618960343b9f89d3bf7141c94
(cherry picked from commit 232295e8dbb25017676e8a68daabc4457addbe31)

This is a hacked version of ag/7282335 as qt-release is behind qt-dev

Bug: 129943426
Test: Build
Change-Id: I5863d433668b90a641d07fdbcd30ed82b28c9c1a
(cherry picked from commit 8d411adea3eba1e943e45e104113f4efbc3d5d65)

Bug: 129943426
Test: Build
Change-Id: I3e091652fa8d1757b1f71f7559186d5b32f000d5