am: 9fa01919

Change-Id: I8625aca8f8c8e925585afd84822680e9e0d812ec

am: 5a2de627

Change-Id: I960ee43281da8c8c6b0ec68bbea2ac53f43ab457

am: ade5c284

Change-Id: Ic0b15caac14587bb6a6326ca53f956c78188b42a

am: 20b8d6b9

Change-Id: I8d3fe3a79791560669be031c790cd3862fb8782b

Bug: 35657600
Test: user build of Marlin starts with BT
Change-Id: Ic2380da66467b9b1c385da7d7fa10fddf4c7fae1

am: 872ff684

Change-Id: Ic4e4cd105af65b5ee7c0adfb62f851bff55fed70

am: 706bb202

Change-Id: I0f2169981c80769e85c686f637135097e2d74f56

The 'overlay' service is the Overlay Manager Service, which tracks
packages and their Runtime Resource Overlay overlay packages.

Change-Id: I897dea6a32c653d31be88a7b3fc56ee4538cf178
Co-authored-by: Martin Wallgren <martin.wallgren@sonymobile.com>
Signed-off-by: Zoran Jovanovic <zoran.jovanovic@sonymobile.com>
Bug: 31052947
Test: boot the Android framework

am: 2c99c9ff

Change-Id: Ic11f3abd6b27769ac1c77af0530cec6b4702d911

am: 2f348392

Change-Id: Ia375e92fac568547c44adc42090843ad9ba7eb9f

This switches Dumpstate HAL policy to the design which enables us to
conditionally remove unnecessary rules from domains which are clients
of Dumpstate HAL.

Domains which are clients of Dumpstate HAL, such as dumpstate domain,
are granted rules targeting hal_dumpstate only when the Dumpstate HAL
runs in passthrough mode (i.e., inside the client's process). When the
HAL runs in binderized mode (i.e., in another process/domain, with
clients talking to the HAL over HwBinder IPC), rules targeting
hal_dumpstate are not granted to client domains.

Domains which offer a binderized implementation of Dumpstate HAL, such
as hal_dumpstate_default domain, are always granted rules targeting
hal_dumpstate.

Test: adb bugreport
Test: Take bugreport through system UI
Bug: 34170079
Change-Id: I3e827534af03cdfa876921c5fa4af3a53025ba27

Bug: 35632346
Test: build and boot aosp_marlin
Change-Id: Ia2d019b0160e9b512f3e3a70ded70504fe4fea0c

am: 351ba2c8

Change-Id: I961d7edd3d14c0f87f54ecfe6b0947ed454d1f66

am: d68aae65

Change-Id: Ib57282ba98e07b330df27ae203f51ce17568088b

am: bb252e98

Change-Id: Ic428c4301b2b6f8de5ba24b152e10d900c0f5aac

am: 313dfe7d

Change-Id: Id3134f3157f29b3e878cde82ed33cac35f162c87

In the master external/ipsec-tools/{main.c, racoon.rc},
racoon doesn't call setuid, and doesn't have the setuid capability.

Bug: 35642293
Signed-off-by: Lucas Duffey <lucas.duffey@invapid.org>

am: a5c6cd06

Change-Id: I0100cedf44cf395891271228aa4ce0ef4bda86a0

am: 1c4014ab

Change-Id: I2a36fd9265032e343e92adf022705121bba287f4

am: ef27bb8a

Change-Id: I3b65acb16cb57db7964967529c01acef838f757e

am: 429e71a6

Change-Id: Id9a9c60ac55405ab02cede5690431c3ceacd1dba

Bug: http://b/32123312
Test: mm && boot
Change-Id: I6550fbe2bd5f9f5a474419b483b0f786d4025e88

am: eaf5525c

Change-Id: I7e58af319179acde4306c639e0408d5c364c277a

am: 0b1e965f

Change-Id: I666c3e5d216d9b3b1110d72467ed855fd78b2afb

This switches Fingerprint HAL policy to the design which enables us to
conditionally remove unnecessary rules from domains which are clients
of Bluetooth HAL.

Domains which are clients of Fingerprint HAL, such as system_server
domain, are granted rules targeting hal_fingerprint only when the
Fingerprint HAL runs in passthrough mode (i.e., inside the client's
process). When the HAL runs in binderized mode (i.e., in another
process/domain, with clients talking to the HAL over HwBinder IPC),
rules targeting hal_fingerprint are not granted to client domains.

Domains which offer a binderized implementation of Fingerprint HAL,
such as hal_fingerprint_default domain, are always granted rules
targeting hal_fingerprint.

NOTE: This commit also removes unnecessary allow rules from
Fingerprint HAL, such access to servicemanager (not hwservicemanager)
and access to keystore daemon over Binder IPC. Fingerprint HAL does
not use this functionality anyway and shouldn't use it either.

Test: Enable fingerprint + PIN secure lock screen, confirm it unlocks
      with fingerprint or PIN
Test: Disable PIN (and thus fingerprint) secure lock screen
Test: make FingerprintDialog, install, make a fake purchase
Test: Add fingerprint_hidl_hal_test to device.mk, build & add to device,
      adb shell stop,
      adb shell /data/nativetest64/fingerprint_hidl_hal_test/fingerprint_hidl_hal_test -- all tests pass
Bug: 34170079

Change-Id: I6951c0f0640194c743ff7049357c77f5f21b71a1

The preview surface will run in app process and hal_camera will
need to wait on FD generated by preview surface.

Test: the denial is gone, able to take photo in
      messenger/hangout/drive application.
Bug: 35589980
Bug: 35485227
Change-Id: I1977174369b104617156065ff25203a17265b707

am: 0ccb8836

Change-Id: I416995e57663912c8383206416184bccdd0f8a20

am: 205ec044

Change-Id: Ia8ffaa7a7d2f92cdd9d298de92154660462e5dcf

untrusted_v2_app is basically a refinement of untrusted_app with legacy
capabilities removed and potentially backwards incompatible changes.

This is not currently hooked up to anything.

Bug: 33350220
Test: builds
Change-Id: Ic9fad57476bc2b6022b1eaca8667bf6d844753c2

This removes the compile-time deprecation warning about
hal_impl_domain macro. The warning was introduced in
86e87806f5777a7fc09ea962e694442297e4f8d6. We don't want to spam all
Android platform developers about something internal to the ongoing
SELinux policy restructuring.

Test: Policy compiles without any warnings
Test: Google Play Movies plays back movies (i.e., DRM HAL works)
Bug: 34170079
Change-Id: Icbd4d1283196f7ccc84c2a041c5601113d3c9f21

am: 3879c107

Change-Id: I8af408636378267bad6b9d4974f365489ad87e4c

am: 2a70c173

Change-Id: I81689fdf9a332a0d0ed645f207b1ac73731e77b3

am: 6b28742a

Change-Id: I87902101dac4b3468b929c6020f318afe21702d5