This was a regression in Q, and the file is an implementation of
liblog.

Bug: 113083310
Test: use tags from vendor and see no denials

Change-Id: I726cc1fcfad39afc197b21e431a687a3e4c8ee4a

Add the required permissions for the InputClassifier HAL.

Bug: 62940136
Test: no selinux denials in logcat when HAL is used inside input flinger.
Change-Id: Ibc9b115a83719421d56ecb4bca2fd196ec71fd76

Bug: b/122620633
Test: m
Change-Id: I36fe66fc22a1664f9ef25c66f933a2613a6f346b

When recording hour-long traces, logcat messages help
to interpret the trace, giving human readable context on what
is happening on the system.
Furthermore this is particularly helpful for startup
debugging thanks to activity manager instrumentation events
(am_on_create_called, am_on_start, ...).
This is only allowed on userdebug/eng builds.

Bug: 122243384
Change-Id: I4dfaebf21107e9853b0bf42403fbab6c3b4d5141

Bug: 116512211
Test: Builds, boots, including upcoming changes needing this
Change-Id: I6f119368c5a4f7ac6c0325915dff60124c5a6399

The way we build and run CTS expects full_treble_only and
compatible_property_only macros to be applied to whole rules and not be
nested inside other rules.

Fixes: 122601363
Test: corresponding neverallow rule in auto-generated
SELinuxNeverallowRulesTest.java is parsed correctly.
Change-Id: Ibf5187cedca72510fe74c6dc55a75a54a86c02ff

bug: 111407413
Change-Id: Ica209ad9476b0597a206bf53823a1928643c8256

runas_app domain is used by lldb/ndk-gdb/simpleperf to debug/profile
debuggable apps. But it misses permissions to ptrace app processes and
read /proc/<app_pid> directory.

Bug: none
Test: build and boot marlin.
Test: run lldb and simpleperf on apps with target sdk version 24-29.
Change-Id: I9e6f940ec81a8285eae8db3b77fb1251a25dedd0

In order to use the bionic libs and the dynamic linker from the runtime
APEX for all processes that are started after the APEX is activated, the
paths /system/lib/{libc.so|libm.so|libdl.so} and /system/bin/linker are
bind-mounted to the corresponding bionic libs and the dynamic linker
in the runtime APEX.

This bind mount allows us to keep other part of the platform and the
tests having implicit assumption that bionic libs are located at
/system/lib and loaded from the default linker namespace.

Bug: 120266448
Test: device boots

Change-Id: Ied611b267d187ee3d75a139c378ee12242d5b8d8

Bug: 33308258
Test: atest CtsSelinuxTargetSdk25TestCases
Change-Id: Ifeceecec7b2f38ebd38b6693712b8f65ee24dc5d

Recent change in netd and bpfloader switched the creater of bpf maps
from netd to bpfloader. Change the rules related to it to make sure it
doesn't fail.

Test: dumpsys netd trafficcontroller
Bug: 112334572
Change-Id: I016ff68b58ef7b12bdfdebc2fd178be1d0206a62

Bug: 119305624
Test: normal/recovery boot aosp_taimen

Change-Id: I46da995886ce421bb87e741d577f659426ff79c4

Bug: 119305624
Test: normal/recovery boot aosp_taimen
Change-Id: I15aa275fa658b58f5a5d3e651d164f9fcd87c0af

Bug: 119305624
Test: normal/recovery boot aosp_taimen
Change-Id: Ia8d69be16011db8dd63fa41672449a4ade7302c2

Bug: 119305624
Test: normal/recovery boot aosp_taimen
Change-Id: Ib7a29a9f8f23dd917cc25c23c7612f9e4ae36ea0

Bug: 119305624
Test: normal/recovery boot aosp_taimen
Change-Id: I1009745686acd51563378dac56e857be0d60e794

For consistency with APKs, signature verification is performed
in the system_server. This includes checking that the signature of
an updated install matches the signature of the active package that
it updates. For this, it requires search access to /data/apex and
read access to the files under that directory.

Test: m
Change-Id: Ia073adb8892886e4767fa5529e95c110b9cbff1b

Test: flashed, booted, verified app running properly
Bug: b/112869080
Change-Id: I10737736ca5da67ef08fca1055e0f702371aba58

Test: basic workflow between apexd and PackageManager tested with
changes being developed.
Bug: 118865310
Change-Id: I1ae866f33e9b22493585e108c4fd45400493c7ac

This prevents denials while taking a bugreport.

Bug: 116711254
Test: cts-tradefed run cts -m CtsSecurityHostTestCases -t
android.security.cts.SELinuxHostTest#testNoBugreportDenials

Change-Id: I64f441eb66c355d03eaf7755f2e9d3e970305ecd

Used for e.g. abb.

Test: Build, flash and boot, use `adb abb` to verify

Change-Id: I4ad75498819edbcc0303f66420a58d06788ab5fb

This was originally implemented in commit
89041472 and reverted in commit
fa3eb773. This effectively reverts the
revert, with minimal changes to cope with the subsequent reversion of
commit b3624743.

Auditing is only enabled for apps targeting API <= 28.

Test: Compiles, audit messages are seen.
Bug: 121333210
Bug: 111338677
Change-Id: Ie38498a2b61f4b567902117f9ef293faa0e689dd

Bug: 120080521
Test: removing a mapped type in the mapping file triggers new error
message
Change-Id: I04b21da7206777af8c281a843bd39ea5c4f0863a

In order to boot into GSI, we need init's first-stage block-device
machinery to find userdata. This will create its symlink before sepolicy
is loaded, leading to denials in the second stage.

Bug: 121209697
Test: device boots
Change-Id: Ibf3398c811016e09747116cf17393e8d22541bb2