Move all app tmpfs types to appdomain_tmpfs. These are still protected
by mls categories and DAC. TODO clean up other app tmpfs types in a
separate change.

Treble-ize tmpfs passing between graphics composer HAL and
surfaceflinger.

Bug: 122854450
Test: boot Blueline with memfd enabled.
Change-Id: Ib98aaba062f10972af6ae80fb85b7a0f60a32eee

Bug: 79465976
Test: testHeic CTS test
Change-Id: I51eb485dc29d869c5d35fc317b0e008d04bdcbad

This reverts commit 4e1497c7.

Reason for revert: Write temporary file to in-memory tmpfs instead

Test: testHeic CTS test
Bug: 123526741
Change-Id: Ifa7f5a0b50c46ee3e1a5695595233b17adc99222

The convention for native properties is to use _native suffix.

Bug: 123524494
Bug: 120794191
Test: set a property and ensure it can be read in AndroidRuntime.cpp

Change-Id: I69feab9be78f24d812b8f953d3ec06a5d8d18f15

Directory `/postinstall/apex` is used as a mount point for a tmpfs
filesystem during A/B OTA updates. APEX packages from the new system
partition are mounted ("activated") in subdirectories of
`/postinstall/apex`, so that they are available when `otapreopt` is
running.

Directory `/postinstall/apex` used to be of type `tmpfs` for SELinux
purposes. The new `postinstall_apex_mnt_dir` label is more
restrictive, and tightens permissions granted to `otapreopt_chroot`,
`otapreopt` (running as `postinstall_dexopt`), and `dex2oat`,
regarding the apexd logic recently added to `otapreopt_chroot`.

Test: A/B OTA update test (asit/dexoptota/self_full).
Bug: 113373927
Bug: 120796514
Change-Id: I03f0b0433d9c066a0c607f864d60ca62fc68c990

When TARGET_FLATTEN_APEX=true, APEX files are not packaged in *.apex
files but flattened to the system partition under /system/apex/<name>
directories. There was a bug that those flattened files are not labeled
because the per-APEX file_contexts were applied only when building
*.apex. Fixing this by converting the file_contexts files so that
/system/apex/<name> path is prepended and applying the generated
file_contexts file for system.img when TARGET_FLATTEN_APEX=true.

Bug: 123314817
Test: TARGET_FLATTEN_APEX=true m
ls -alZ /system/apex/*/* shows that the files are correctly labeled

Change-Id: Ia82740a1da0083d5bcfd71354a6d374d2a918342

Bug: 120794191
Bug: 123524494
Test: set a property and ensure it can be read in AndroidRuntime.cpp

Change-Id: Ib37102f35e9987d3d9baff83c45571a5d632ad50

Test: Cameraserver writes/reads/overwrites files in the folder
Bug: 79465976
Change-Id: I76460844a8e02e4c6ce704b85c72e57f861f5b18

Test: Verify that cameraserver can call MediaCodec functions
Bug: 79465976
Change-Id: I145d2aac5004bf0d9432c3d5dd4d6dcd672374be

Extend the auditing of native code loading from non-priv app home
directories to user builds. Only applies to apps targeting SDK <= 28.

Bug: 111338677
Test: Builds
Change-Id: I6fbbd80626a1c87dd7ece689f9fecd7c0a1a59d6

Test: n/a
Change-Id: Id29de05c9dc4cf6771292050bbd8946bbb939cdd

The test was failing because of a selinux denial.
This adds the required rule.

Test: atest (previously failing CTS test passed)
Change-Id: Ieb99f9ab4c6014a3d0aa1fe6c6fb6b82fa9b7631

RcsService will die continously without the setting.

Bug: 123325711
Test: boot aosp_arm64_ab-userdebug on a blueline device
Change-Id: Ic140cb3e6466428bf62f0065c78aaf16f957f4d5

Allow netd to send network events to the NetworkStack, and allow the
NetworkStack to interact with netlink_route_socket for neighbor
monitoring.

Test: built, booted, WiFi works, no more violations
Bug: 112869080
Change-Id: If212b2897e37e9d249f81ba8139461bce461528e

It is a side channel for dumpstate and incidentd to communicate
status and get user authorization to share bugreports by calling
system_server.

Test: atest PermissionControllerTest / atest GooglePermissionControllerTest
Change-Id: I995a43a25f375e5c97dba1deb92ebe893ca8585d

Fixes build breakage:
system/sepolicy/private/traced.te:36:ERROR 'unknown type iorapd_tmpfs' at token ';' on line 43166:

Bug: 123445058
Test: build marlin-userdebug
Change-Id: Iefeba03ed2efee92fb0d61214514338c6d999bd1
(cherry picked from commit 426ff119)

This is being done in preparation for the migration from ashmem to
memfd. In order for tmpfs objects to be usable across the Treble
boundary, they need to be declared in public policy whereas, they're
currently all declared in private policy as part of the
tmpfs_domain() macro. Remove the type declaration from the
macro, and remove tmpfs_domain() from the init_daemon_domain() macro
to avoid having to declare the *_tmpfs types for all init launched
domains. tmpfs is mostly used by apps and the media frameworks.

Bug: 122854450
Test: Boot Taimen and blueline. Watch videos, make phone calls, browse
internet, send text, install angry birds...play angry birds, keep
playing angry birds...

Change-Id: I20a47d2bb22e61b16187015c7bc7ca10accf6358
Merged-In: I20a47d2bb22e61b16187015c7bc7ca10accf6358
(cherry picked from commit e16fb910)

Test: successful fs-verity setup with key loaded from shell
Bug: 112037636
Change-Id: Ide01d11f309008fffeafdedb517508db94472873

An app should never follow a symlink provided by another app.

Test: build, boot Taimen, install some apps, watch youtube, browse
chrome.
Bug: 123350324
Change-Id: Iedd42fe1c27d406f7f58293c20d05e1b7646d8a2

Test: Manually verified that service is accessible
Change-Id: If3748f4719b6194eccd16a097a0f1fc050f4160f

system/sepolicy/Android.mk has become too large (~2k lines) and hard to
navigate. This patch reorganizes build rules for convenience. No
functional changes are made.

Test: m selinux_policy
Change-Id: I9a022b223b2387a4475da6d8209d561bfea228fb