Test: Camera, Photos, YouTube and Play Movies apps.
Bug: 35328855
Change-Id: I3643b668817a7336f7ccda781734920fbbcc2c63

am: 7e26fe4a

Change-Id: I72b534b55324ce3dc8df9a46b5c205e4e76f5509

am: 0fd07767

Change-Id: I519288986e98f95591722e7ed1982a0467fc4501

am: 00a03d42

Change-Id: I0d66b07b8fa3f1a992fd2b3a864dafb3c9c7eb0c

This adjusts the grants for recovery to make it explicit that recovery
can use the Boot Control HAL only in passthrough mode.

Test: Device boots up, no new denials
Test: Reboot into recovery, sideload OTA update succeeds
Test: Apply OTA update via update_engine:
      1. make dist
      2. Ensure device has network connectivity
      3. ota_call.py -s <serial here> out/dist/sailfish-ota-*.zip
Bug: 34170079

Change-Id: I0888816eca4d77939a55a7816e6cae9176713ee5

am: 4abc2d23

Change-Id: I6602b883078cbf5778f9843d68263633de351dbc

am: 2a887bfb

Change-Id: I4e6cada4fd2cdaae9022fc949dfe84837df24088

am: 51a2238c

Change-Id: I612c84a8e27d6b2db8008fd8f71dc5c5f8c7f6d8

This switches Boot Control HAL policy to the design which enables us
to conditionally remove unnecessary rules from domains which are
clients of Boot Control HAL.

Domains which are clients of Boot Control HAL, such as update_server,
are granted rules targeting hal_bootctl only when the Boot Control HAL
runs in passthrough mode (i.e., inside the client's process). When the
HAL runs in binderized mode (i.e., in another process/domain, with
clients talking to the HAL over HwBinder IPC), rules targeting
hal_bootctl are not granted to client domains.

Domains which offer a binderized implementation of Boot Control HAL,
such as hal_bootctl_default domain, are always granted rules targeting
hal_bootctl.

P. S. This commit removes direct access to Boot Control HAL from
system_server because system_server is not a client of this HAL. This
commit also removes bootctrl_block_device type which is no longer
used. Finally, boot_control_hal attribute is removed because it is now
covered by the hal_bootctl attribute.

Test: Device boots up, no new denials
Test: Reboot into recovery, sideload OTA update succeeds
Test: Apply OTA update via update_engine:
      1. make dist
      2. Ensure device has network connectivity
      3. ota_call.py -s <serial here> out/dist/sailfish-ota-*.zip
Bug: 34170079
Change-Id: I9c410c092069e431a3852b66c04c4d2a9f1a25cf

am: 294b7d22

Change-Id: I2479a5dad9e714352634c199101f70c253a7b34a

am: e8acb4f6

Change-Id: Iab0ebf0748c4c3dda5a7505050d3f87d5ddf0608

am: 11ce09bc

Change-Id: I8e964a15af674c16e8272fdcf3c617eb5821c64a

The fix for b/35100237 surfaced this error. This SELinux policy
fragment was included only on Marlin, but needs to be included in core
policy.

Bug: 35100237
Test: With https://android-review.googlesource.com/#/c/354292/
Test: Set up PPTP VPN using http://www.vpnbook.com/ on Marlin.
Test: Connect:
03-17 15:41:22.602  3809  3809 I mtpd    : Starting pppd (pppox = 9)
03-17 15:41:22.628  3811  3811 I pppd    : Using PPPoX (socket = 9)
03-17 15:41:22.637  3811  3811 I pppd    : pppd 2.4.7 started by vpn, uid 1016
03-17 15:41:22.639  3811  3811 I pppd    : Using interface ppp0
03-17 15:41:22.639  3811  3811 I pppd    : Connect: ppp0 <-->
03-17 15:41:22.770  3811  3811 I pppd    : CHAP authentication succeeded
03-17 15:41:22.909  3811  3811 I pppd    : MPPE 128-bit stateless compression enabled
03-17 15:41:23.065  3811  3811 I pppd    : local  IP address 172.16.36.113
03-17 15:41:23.065  3811  3811 I pppd    : remote IP address 172.16.36.1
03-17 15:41:23.065  3811  3811 I pppd    : primary   DNS address 8.8.8.8
03-17 15:41:23.065  3811  3811 I pppd    : secondary DNS address 91.239.100.100

Change-Id: I192b4dfc9613d1000f804b9c4ca2727d502a1927

am: 8ef9a36a

Change-Id: I486d9f7de964f230dbd87b129dedbaf651991655

am: 1e77eac6

Change-Id: Icd6e61eef74a51bdffe58af7effbe441b8df53e6

am: 87ec1d55

Change-Id: I93b7abac24ba6edf158d9caa0d91cb247e6e73f0

am: bcd48241

Change-Id: I5a6b0228e421d197dd9023aec79c07c73be03a35

am: 3cc71b09

Change-Id: I09b098573619738cfaf8da9c84e6321bad72e6fa

am: f7c2613e

Change-Id: I8153d6c7fa3d2aa05851f9d3c7de6011165f1302

Certain libraries may actually be links. Allow OTA dexopt to read
those links.

Bug: 25612095
Test: m
Change-Id: Iafdb899a750bd8d1ab56e5f6dbc09d836d5440ed

Allow getattr on links for otapreopt_slot. It reads links (to the
boot image oat files) when collecting the size of the artifacts
for logging purposes.

Bug: 30832951
Test: m
Change-Id: If97f7a77fc9bf334a4ce8a613c212ec2cfc4c581

am: 026679e3

Change-Id: Ia8f7ad357ce34068f0c1b4bfe54723e3ae05e2bc

am: c067607b

Change-Id: I5c97dca913c4e7efaa5bf87459e8a60a2f08d622

am: 37f7ffa3

Change-Id: I57b6b54327d79011bf0366f46c77cecb2b8826ac

This switches most remaining HALs to the _client/_server approach.
To unblock efforts blocked on majority of HALs having to use this
model, this change does not remove unnecessary rules from clients of
these HALs. That work will be performed in follow-up commits. This
commit only adds allow rules and thus does not break existing
functionality.

The HALs not yet on the _client/_server model after this commit are:
* Allocator HAL, because it's non-trivial to declare all apps except
  isolated apps as clients of this HAL, which they are.
* Boot HAL, because it's still on the non-attributized model and I'm
  waiting for update_engine folks to answer a couple of questions
  which will let me refactor the policy of this HAL.

Test: mmm system/sepolicy
Test: Device boots, no new denials
Test: Device boots in recovery mode, no new denials
Bug: 34170079
Change-Id: I03e6bcec2fa02f14bdf17d11f7367b62c68a14b9

am: 50cf7058

Change-Id: I514e37adac91688fc7f0ca33f44ef86d1ae3672f

am: d52bed3d

Change-Id: I84cb6b60a04bfe2806d1091d9566918560c41c5c

am: 83011a26

Change-Id: Ice0df08e8cd5bd6c12a4396c358f6e69a8ee9576

am: c76d801b

Change-Id: I46071b71f95d93c39568cadd48f2fbea9d3955bc

am: 8dadca8e

Change-Id: I4f853f046f3dd4b3aafd98e04fabe69f58ad696f

am: 312e7eaa

Change-Id: Ifc9b2ad755b35908b96b887f9223a81c1fd358ce

Test: take a screenshot
Test: run CTS ImageReaderTest
Bug: 36194109

(cherry picked from commit 49ed0cd6)

Change-Id: I331bce37b35e30084ba9f7ecd063a344a79c5232

am: 00e878f1

Change-Id: I5484dd59f31a6e25022ef0d9c9bf9523fa3caf90

am: d801cdd8

Change-Id: I4139fa3b3c95b05683cdfcf3ac0e4040073ef104

am: 156ccbb2

Change-Id: Ib5709ccd17861915626baf8c7e3864be81a911fe