Bug: 119305624
Test: normal/recovery boot aosp_taimen

Change-Id: I46da995886ce421bb87e741d577f659426ff79c4

Bug: 119305624
Test: normal/recovery boot aosp_taimen
Change-Id: I15aa275fa658b58f5a5d3e651d164f9fcd87c0af

Bug: 119305624
Test: normal/recovery boot aosp_taimen
Change-Id: Ia8d69be16011db8dd63fa41672449a4ade7302c2

Bug: 119305624
Test: normal/recovery boot aosp_taimen
Change-Id: Ib7a29a9f8f23dd917cc25c23c7612f9e4ae36ea0

Bug: 119305624
Test: normal/recovery boot aosp_taimen
Change-Id: I1009745686acd51563378dac56e857be0d60e794

For consistency with APKs, signature verification is performed
in the system_server. This includes checking that the signature of
an updated install matches the signature of the active package that
it updates. For this, it requires search access to /data/apex and
read access to the files under that directory.

Test: m
Change-Id: Ia073adb8892886e4767fa5529e95c110b9cbff1b

Test: flashed, booted, verified app running properly
Bug: b/112869080
Change-Id: I10737736ca5da67ef08fca1055e0f702371aba58

Test: basic workflow between apexd and PackageManager tested with
changes being developed.
Bug: 118865310
Change-Id: I1ae866f33e9b22493585e108c4fd45400493c7ac

This prevents denials while taking a bugreport.

Bug: 116711254
Test: cts-tradefed run cts -m CtsSecurityHostTestCases -t
android.security.cts.SELinuxHostTest#testNoBugreportDenials

Change-Id: I64f441eb66c355d03eaf7755f2e9d3e970305ecd

Used for e.g. abb.

Test: Build, flash and boot, use `adb abb` to verify

Change-Id: I4ad75498819edbcc0303f66420a58d06788ab5fb

This was originally implemented in commit
89041472 and reverted in commit
fa3eb773. This effectively reverts the
revert, with minimal changes to cope with the subsequent reversion of
commit b3624743.

Auditing is only enabled for apps targeting API <= 28.

Test: Compiles, audit messages are seen.
Bug: 121333210
Bug: 111338677
Change-Id: Ie38498a2b61f4b567902117f9ef293faa0e689dd

Bug: 120080521
Test: removing a mapped type in the mapping file triggers new error
message
Change-Id: I04b21da7206777af8c281a843bd39ea5c4f0863a

e2bc9fe9d5ac82457bc6050bf705ff43a1b05cbf in platform/art project added
the dynamic linker to the runtime APEX. Since the dynamic linker has
been labeled as 'system_linker_exec' so does the linker in the APEX.

Bug: 120266448
Test: ls -Z /apex/com.android.runtime/bin/linker
u:object_r:system_linker_exec:s0 /apex/com.android.runtime/bin/linker

Change-Id: I243b86a74d94058b3283830c32232c6584639ff3

This prevents denials while taking a bugreport.

Bug: 116711254
Test: cts-tradefed run cts -m CtsSecurityHostTestCases -t
android.security.cts.SELinuxHostTest#testNoBugreportDenials

Change-Id: Ie190bfa62cf5aa172ebfff8bfd82dea2a7d1a016

Make /(product|system/product)/vendor_overlay/<ver> have the vendor
file context.

If vendor_overlay requires to mount on the vendor directories other
than 'vendor_file', the contexts must be defined in the device
specific sepolicy files.

Bug: 119076200
Test: build and check if the files are overided and have the required
sepolicy contexts.

Change-Id: I69ed38d4ea8e7d89f56865b1ca1e26f290e9892d

Notes:
- Added face hal domain, context and file types for the default
  SELinux policy.
- Please see aosp/q/topic:"Face+Authentication"

Bug: 80155388
Test: Built successfully.
Change-Id: I2e02cf6df009c5ca476dfd842b493c6b76b7712a

This reverts commit 9eb3b8ff.

Reason for revert: We are deciding for now not to make StagingManager a fully-fledged binder service, as it will only be accessed by PackageInstaller. We might re-evaluate this decision later if needed.

Bug: 122072686
Change-Id: Ic2a53fc92ddd7d7eeccc6a4a0117f28724346ec7

Adding a new high-level service which will handle staged installs, i.e.
installs that require a reboot.

Bug: 118865310
Test: An initial implementation of StagingManager can be reached
successfully by PackageManagerService and PackageInstallerService.
Change-Id: I8859b463575f8ee85caae43570958347b82f967e

Test: manually verified SensorPrivacyService is accessible
Bug: 110842805
Merged-In: Idd215f338f2da0dab4898ea06fa08d9b4a1bcb5f
Change-Id: Idd215f338f2da0dab4898ea06fa08d9b4a1bcb5f
(cherry picked from commit 0ac3dea7)

Use regular expression for all composer service versions.

BUG: 115554640
Test: Build, flash and boot

Merged-In: Ie84ebb0a43c9eaad66829b15deaa8b3046bd7fe4
Change-Id: Ie84ebb0a43c9eaad66829b15deaa8b3046bd7fe4

This reverts commit b3624743.

Reason for revert:

android.jvmti.cts.JvmtiHostTest1906#testJvmti unittest failures.

Bug: 121333210
Bug: 112357170
Change-Id: I6e68855abaaaa1e9248265a468712fa8d70ffa74
Test: compiles and boots

This reverts commit 89041472.

Unittest failures of JvmtiHostTest1906#testJvmti. To do a clean revert
of b3624743, we need to also revert this
change.

Test: compiles
Bug: 121333210
Bug: 111338677

Add "rs" and "rs_exec" types to public policy. Access
to these types might be needed for device specific
customization.

Bug: 121306110
Test: Manual using application
Change-Id: Ief35d3353625adfbf468447de74aa80651dd9451

Arbitrary apps need to connect to heapprofd in order to send samples.

Relevant denial trying to profile com.google.android.inputmethod.latin
on userdebug:

12-20 14:50:20.420 25219 25219 I heapprofd: type=1400 audit(0.0:1006): avc: denied { read } for path="/proc/24819/mem" dev="proc" ino=244219 scontext=u:r:heapprofd:s0 tcontext=u:r:untrusted_app_27:s0:c133,c256,c512,c768 tclass=file permissive=1

Bug: 121370989

Test: m
Test: flash walleye
Test: profile com.google.android.inputmethod.latin

Change-Id: Iee82c8c49951e5a5726cd5ab0b9e8fa71226c802

The policies allow the system server to register a network_stack_service
used to communicate with the network stack process.

Test: atest FrameworksNetTests
Bug: b/112869080
Change-Id: Ib9b7d9150fe4afcce03c8b3dbb36b81c67e39366

Test: None.
Change-Id: Ie317dbdf96de32d8129da15fa0d771caa4ebca9d

Bug: 121099965
Test: manual
Change-Id: I940868eb984399763d7346a201e37cb07fb12333

There are many permission related APIs currently handled by the
package manager service. These are simply pass throughs from the
package manager service to an internal API defined by the
permission manager service. Instead of this multi-hop, we want
to open the permission manager service directly to apps. For
legacy, we won't be able to remove the APIs from PackageManager,
but, the implementation should go directly to the Permission
Manager Service.

Test: System boots w/o selinux denials
Change-Id: I1d953077b3da18ccf44deb85b9084be68a2179bd