Required for I0aeb653afd65e4adead13ea9c7248ec20971b04a

Test: Together with I0aeb653afd65e4adead13ea9c7248ec20971b04a, ensure that the
system service works
Bug: b/30932767
Change-Id: I994b1c74763c073e95d84222e29bfff5483c6a07

reflect the change from "mediaanalytics" to "mediametrics"

Also incorporates a broader access to the service -- e.g. anyone.
This reflects that a number of metrics submissions come from application
space and not only from our controlled, trusted media related processes.
The metrics service (in another commit) checks on the source of any
incoming metrics data and limits what is allowed from unprivileged
clients.

Bug: 34615027
Test: clean build, service running and accessible
Change-Id: I657c343ea1faed536c3ee1940f1e7a178e813a42

Merged-In: Id2b849d7fa22989225066ebe487fc98d319743ea
Bug: 34190490
Test: CTS in internal master
Change-Id: I27ab62469f3a405c59eda1a2a249899e845bed56

Test: builds
Bug: 32206268
Change-Id: I236105b029178f96da519c2295c66c686dcae7cb

Allow storaged to read /proc/[pid]/io
Grant binder access to storaged
Add storaged service
Grant storaged_exec access to dumpstate
Grant storaged binder_call to dumpstate

Bug: 32221677

Change-Id: Iecc9dba266c5566817a99ac6251eb943a0bac630

Bring the context hub service advertised name into compliance with
the other Android services. This changes the name from
"contexthub_service" to "context".

Test: GTS tests pass.

Change-Id: I8490d60f89bdb97813e328b9ddf08270470fda76

Bug: 31077138
Test: Device boots, coverage service works when tested manually.
Change-Id: Ia855cfefd5c25be5d1d8db48908c04b3616b5504

Most of this CL mirrors what we've already done for the "netd" Binder
interface, while sorting a few lists alphabetically.

Migrating installd to Binder will allow us to get rid of one of
the few lingering text-based command protocols, improving system
maintainability and security.

Test: builds, boots
Bug: 13758960, 30944031
Change-Id: I59b89f916fd12e22f9813ace6673be38314c97b7

media framework analytics are gathered in a separate service.
define a context for this new service, allow various
media-related services and libraries to access this new service.

Bug: 30267133
Test: ran media CTS, watched for selinux denials.
Change-Id: I5aa5aaa5aa9e82465b8024f87ed32d6ba4db35ca

Finish NAN -> Aware rename process. Removes old NAN service.

Bug: 32263750
Test: device boots and all Wi-Fi unit-tests pass
Change-Id: I2f0d9595efea2494b56074752194e7a6e66070f2

Add Aware service - new name for NAN. But do not remove NAN
yet. Enables smooth transition.

Bug: 32263750
Test: device boots and all Wi-Fi unit-tests pass
Change-Id: Ieb9f1ebf1d2f31ee27f228562b4601023da5282d

Test: N/A
Change-Id: Ib3c85118bf752152f5ca75ec13371073fc2873cc

- Allow dumpstate to create the dumpservice service.
- Allow System Server and Shell to find that service.
- Don't allow anyone else to create that service.
- Don't allow anyone else to find that service.

BUG: 31636879
Test: manual verification
Change-Id: I642fe873560a2b123e6bafde645467d45a5f5711

BUG: 31001899
Test: manual
Change-Id: I8d462b40d931310eab26bafa09645ac88f13fc97

Divide policy into public and private components.  This is the first
step in splitting the policy creation for platform and non-platform
policies.  The policy in the public directory will be exported for use
in non-platform policy creation.  Backwards compatibility with it will
be achieved by converting the exported policy into attribute-based
policy when included as part of the non-platform policy and a mapping
file will be maintained to be included with the platform policy that
maps exported attributes of previous versions to the current platform
version.

Eventually we would like to create a clear interface between the
platform and non-platform device components so that the exported policy,
and the need for attributes is minimal.  For now, almost all types and
avrules are left in public.

Test: Tested by building policy and running on device.

Change-Id: Idef796c9ec169259787c3f9d8f423edf4ce27f8c

As fallout from the corresponding fix in libselinux,
this patch adds the missing services without changing
semantics.

Test: bullhead builds and boots

Bug: 31353148
Change-Id: I21026c9435ffef956a59d61c4903174ac7b1ef95

Change-Id: I4737a087f2d00e1028d1cb43d9eda814a008dbe8

Build serial is non-user resettable freely available device
identifier. It can be used by ad-netowrks to track the user
across apps which violates the user's privacy.

This change deprecates Build.SERIAL and adds a new Build.getSerial()
API which requires holding the read_phone_state permission.
The Build.SERIAL value is set to "undefined" for apps targeting
high enough SDK and for legacy app the value is still available.

bug:31402365

Change-Id: I6309aa58c8993b3db4fea7b55aae05592408b6e4

(cherry picked from commit 58b079a2)

Bug: 22914603
Change-Id: I8ae1a786702694ca2bb8707a4c142b8a233042ee

(cherry picked from commit f412cc62)

Bug: 31254800
Change-Id: If8708c8a4e0ea7655f31028881248a14cf2ba5f7

Bug: 31254800
Change-Id: If8708c8a4e0ea7655f31028881248a14cf2ba5f7

Add the necessary permissions for |wpa_supplicant| to expose a binder
interface. This binder interface will be used by the newly added
|wificond| service (and potentially system_server).
|wpa_supplicant| also needs to invoke binder callbacks on |wificond|.

Changes in the CL:
1. Allow |wpa_supplicant| to register binder service.
2. Allow |wpa_supplicant| to invoke binder calls on |wificond|.
3. Allow |wificond| to invoke binder calls on |wpa_supplicant|

Denials:
06-30 08:14:42.788   400   400 E SELinux : avc:  denied  { add } for
service=wpa_supplicant pid=20756 uid=1010 scontext=u:r:wpa:s0
tcontext=u:object_r:default_android_service:s0 tclass=service_manager
permissive=1

BUG:29877467
TEST: Compiled and ensured that the selinux denials are no longer
present in logs.
TEST: Ran integration test to find the service.

Change-Id: Ib78d8e820fc81b2c3d9260e1c877c5faa9f1f662
(cherry picked from commit 18883a93)

This allows wificond to publish binder interface using
service manager.

Denial warnings:

wificond: type=1400 audit(0.0:8): avc:
denied { call } for scontext=u:r:wificond:s0
tcontext=u:r:servicemanager:s0 tclass=binder permissive=1

wificond: type=1400 audit(0.0:9): avc:
denied { transfer } for scontext=u:r:wificond:s0
tcontext=u:r:servicemanager:s0 tclass=binder permissive=1

servicemanager: type=1400
audit(0.0:10): avc: denied { search } for name="6085" dev="proc"
ino=40626 scontext=u:r:servicemanager:s0 tcontext=u:r:wificond:s0
tclass=dir permissive=1

servicemanager: type=1400
audit(0.0:11): avc: denied { read } for name="current" dev="proc"
ino=40641 scontext=u:r:servicemanager:s0 tcontext=u:r:wificond:s0
tclass=file permissive=1

servicemanager: type=1400
audit(0.0:12): avc: denied { open } for path="/proc/6085/attr/current"
dev="proc" ino=40641 scontext=u:r:servicemanager:s0
tcontext=u:r:wificond:s0 tclass=file permissive=1

servicemanager: type=1400
audit(0.0:13): avc: denied { getattr } for
scontext=u:r:servicemanager:s0 tcontext=u:r:wificond:s0 tclass=process
permissive=1

SELinux : avc:  denied  { add } for
service=wificond pid=6085 uid=0 scontext=u:r:wificond:s0
tcontext=u:object_r:wifi_service:s0 tclass=service_manager permissive=1

BUG=28867093
TEST=compile
TEST=use a client to call wificond service through binder

Change-Id: I9312892caff171f17b04c30a415c07036b39ea7f
(cherry picked from commit d56bcb1c)

Add pinner service to system_service services.
Add CAP_IPC_LOCK permissions to system_server in order to allow
system_server to pin more memory than the lockedmem ulimit.

bug 28251566

Change-Id: I990c73d25fce4f2cc9a2db0015aa238fa7b0e984

1. Allow the system server to create the dns_listener service.
2. Allow netd to use said service.

Change-Id: Ic6394d7b2bdebf1c4d6cf70a79754a4996e943e2

Bug: 27884853
Change-Id: I097306a324bdc25c5d22868f0342e175ce0dbb9a

Bug: 26620936 and 27352427
Change-Id: I3d6d2e479d95133693790a97827e45e9dd30bc4a

SELinux label is created for contexthub_service system service.

ContextHub service manages all available context hubs and serves fulfil communication between apps
and underlying context hub hardware.

Change-Id: I8470fedd9c79a00012e1cdb9b548a1b632ba7de6

Applications do not explicitly request handles to the batteryproperties
service, but the BatteryManager obtains a reference to it and uses it
for its underlying property queries.  Mark it as an app_api_service so
that all applications may use this API.  Also remove the batterypropreg
service label, as this does not appear to be used and may have been a
duplication of batteryproperties.  As a result, remove the
healthd_service type and replace it with a more specific
batteryproperties_service type.

(cherry-picked from commit: 9ed71eff)

Bug: 27442760
Change-Id: I537c17c09145b302728377bf856c1147e4cc37e9

Applications do not explicitly request handles to the batteryproperties
service, but the BatteryManager obtains a reference to it and uses it
for its underlying property queries.  Mark it as an app_api_service so
that all applications may use this API.  Also remove the batterypropreg
service label, as this does not appear to be used and may have been a
duplication of batteryproperties.  As a result, remove the
healthd_service type and replace it with a more specific
batteryproperties_service type.

Bug: 27442760
Change-Id: I5c0f9d7992ff2ec64adaeef22356e88fd0e8169c

Bug: 27531271
Change-Id: I3c5eee86d09696373ab155f93ba6c85da224cb51

Bug 27325877

Change-Id: Idf2f9ae816e1f3d822a6286a4cf738c14e29a45e

NetworkTimeUpdateService has been registered as a system service, so that
its dump state can be included into bugreports.

Bug: 23983739
Change-Id: I0d364009ba4630dcfd1d22c647195e33eedaa4e0

Bug: 27239233
Change-Id: Icc9d14008d2ff6334a8ec66805f7289aedd5d97d

RecoverySystemService is separated from PowerManagerService as a
dedicated system service to handle recovery related requests (such as
invoking uncrypt to uncrypt an OTA package on /data or to set up /
clear the bootloader control block (i.e. /misc) and etc).

The matching CL in frameworks/base is in:
  Change-Id: Ic606fcf5b31c54ce54f0ab12c1768fef0fa64560.

Bug: 26830925
Change-Id: Iee0583c458f784bfa422d0f7af5d1f2681d9609e
(cherry picked from commit 65b5fde9)

RecoverySystemService is separated from PowerManagerService as a
dedicated system service to handle recovery related requests (such as
invoking uncrypt to uncrypt an OTA package on /data or to set up /
clear the bootloader control block (i.e. /misc) and etc).

The matching CL in frameworks/base is in:
  Change-Id: Ic606fcf5b31c54ce54f0ab12c1768fef0fa64560.

Bug: 26830925
Change-Id: Iee0583c458f784bfa422d0f7af5d1f2681d9609e

This will allow us to provide a better interface between Java
services (e.g., ConnectivityService) and netd than the current
FrameworkListener / NativeDaemonConnector interface which uses
text strings over a Unix socket.

Bug: 27239233
Change-Id: If40582ae2820e54f1960556b7bf7e88d98c525af

Bug: 26945055
Change-Id: I5745d02be9889f6a0e02de12bd8d8f2808de9ce0

Part of media security hardening

This is an intermediate step toward moving
mediadrm to a new service separate from mediaserver.
This first step allows mediadrmservice to run based
on the system property media.mediadrmservice.enable
so it can be selectively enabled on devices that
support using native_handles for secure buffers.

bug: 22990512
Change-Id: I2208c1e87a6bd8d5bfaed06b1fdcb0509c11cff2

update_engine needs to access bootctrl_block_device to get and set the slot to boot.
avc: denied { write } for name="mmcblk0boot1" dev="tmpfs" ino=1266 scontext=u:r:update_engine:s0 tcontext=u:object_r:bootctrl_block_device:s0 tclass=blk_file
avc: denied { open } for path="/dev/block/mmcblk0boot1" dev="tmpfs" ino=1266 scontext=u:r:update_engine:s0 tcontext=u:object_r:bootctrl_block_device:s0 tclass=blk_file

Also track the name change of the native binder service.
avc:  denied  { add } for service=android.os.UpdateEngineService pid=210 uid=0 scontext=u:r:update_engine:s0 tcontext=u:object_r:default_android_service:s0 tclass=service_manager

Bug: 27106053
Change-Id: Idbfef18578489db33fead0721e8f26d63db5ce09
(cherry picked from commit 3ec34ceb)