am: 8fe0a12f

Change-Id: Ic601afe6feddf4c083a004e739d122f78633d0b0

am: 00ab5d86

Change-Id: Ia2db656580086c542a2dd96cbd725686063bcb26

Test: adb shell /vendor/bin/sh
Fixes: 65448858
Change-Id: Ic2c9fa9b7e5bed3e1532f4e545f54a857ea99fc6

am: 0003e3d5

Change-Id: I9b40bf692885a09c7303ae22ba765a0098660e18

am: ee268643

Change-Id: I69408d68b23c241e396e303f7b68f34c4f6fb832

This gives the privilege to system apps, platform apps,
ephemeral apps, and privileged apps to receive a
UDP socket from the system server. This is being added
for supporting UDP Encapsulation sockets for IPsec, which
must be provided by the system.

This is an analogous change to a previous change that
permitted these sockets for untrusted_apps:
0f75a62e

Bug: 70389346
Test: IpSecManagerTest, System app verified with SL4A
Change-Id: Iec07e97012e0eab92a95fae9818f80f183325c31

am: 9cb71cc9

Change-Id: Ia2337645bebf20575a391d6abd2b5b70659f1787

am: 1d2c3f44

Change-Id: Ic874243cb997d588df01d5099d3c25f14ffd2119

am: 145d2d11

Change-Id: I52cd2febe6aaac3a9c65e94f1ee4d0d56513b4d1

am: 193b1ab3

Change-Id: Iee7632fde0be5301347d6f7e41d3b81c5de37c85

Bug: 71861796
Test: no more denials on walleye for shell init scripts
Change-Id: I51eab267c95a915f927b0aaa7db9d678a83093c7

am: 02dbf4e0

Change-Id: I4977f4c114c304d8a84c081f963644c3b3e4019d

am: 43303c8b

Change-Id: I5e085251c1ccfd8206e421c9b0276a2add385171

Bug: 38206971
Test: test on phone
Change-Id: Id34ab2673c7a16744fba77eb5c176e2e8b474299
Merged-In: Id34ab2673c7a16744fba77eb5c176e2e8b474299

/proc/net/xt_qtaguid is used by apps to track their network data
use. Limit access to just zygote spawned processes - apps and
system_server, omitting access to isolated_app which is not allowed
to create network sockets.
As Android moves to eBPF for app's network data stats, access to
/proc/net/xt_qtaguid will be removed entirely. Segmenting access off
is the first step.
Bug: 68774956

This change also helps further segment and whitelist access to
files in /proc/net and is a step in the lockdown of /proc/net.
Bug: 9496886

Test: boot Taimen. Walk through setup-wizard. Make phone call and
    video call. Browse web. Watch youtube. Navigate in maps.
Test: cts-tradefed run cts -m CtsAppSecurityHostTestCases -t \
    android.appsecurity.cts.AppSecurityTests
Test: cts-tradefed run cts -m CtsNativeNetTestCases
Test: cts-tradefed run cts -m CtsIncidentHostTestCases -t \
    com.android.server.cts.NetstatsIncidentTest
Test: cts-tradefed run cts -m CtsOsTestCases -t \
    android.os.cts.StrictModeTest
Test: cts-tradefed run cts -m CtsNetTestCases -t \
    android.net.cts.TrafficStatsTest
Test: cts-tradefed run cts -m CtsUsageStatsTestCases -t \
    android.app.usage.cts.NetworkUsageStatsTest
Test: vts-tradefed run vts -m VtsQtaguidTest
Change-Id: Idddd318c56b84564142d37b11dcc225a2f2800ea

am: 42f8d7b2

Change-Id: I76914b2339e3e1e53601ab2156a2fad6e70a6b46

am: 70d2bb43

Change-Id: I431de9cf6745203ef5c34b5c9e807df6bbac59f5

am: 5f6aa039

Change-Id: I04ed395355e2f5244750585d26e5b4762a0c0a31

am: f9e7b002

Change-Id: I5749ef12d05909741209e012febdbb3a903932c9

Update statsd sepolicies to avoid selinux violations during cts tests and pulling metrics am: e27af27f
am: 955e543a

Change-Id: I8a9c4563ac6fc09e280e41c0bcef1d480f61e481

am: 73b9d8d8

Change-Id: Iaa17a95b76afdca7b7851728228b74b0d98a36fe

am: be7b1b4f

Change-Id: I58c660f564a39e2d60389d922a03966a9160e102

am: e27af27f

Change-Id: I40b4e204ec7d58c7d6971cf7e5e502e10011737a

* changes:
  vold_prepare_subdirs: grant chown
  statsd: annotate boot denials

Test: none
Change-Id: I42f2c2a09235d907b020c4924b91a3428f6c9d8e

Addresses:
avc: denied { chown } for comm="vold_prepare_su" capability=0
scontext=u:r:vold_prepare_subdirs:s0
tcontext=u:r:vold_prepare_subdirs:s0 tclass=capability

Bug: 71796118
Test: build
Change-Id: I64b2f1ad8d6e0748c5820b8a37a4fc4f4101d1fb

Point logspam to its owner.

Bug: 71537285
Test: build
Change-Id: I9db561ee6f2857214b7945b312e6d303630724ea

This CL lists all the exported platform properties in
private/exported_property_contexts.

Additionally accessing core_property_type from vendor components is
restricted.
Instead public_readable_property_type is used to allow vendor components
to read exported platform properties, and accessibility from
vendor_init is also specified explicitly.

Note that whitelisting would be applied only if
PRODUCT_COMPATIBLE_PROPERTY is set on.

Bug: 38146102
Test: tested on walleye with PRODUCT_COMPATIBLE_PROPERTY=true
Change-Id: I304ba428cc4ca82668fec2ddeb17c971e7ec065e

and pulling metrics

Bug: 63757906
Test: manual testing conducted
Change-Id: Ieba524ee676dfb4a457d39d025d203bf02a70831

am: 3ed0362a

Change-Id: I3b179791c46d07621c53f0e187b28c708ce46be0

am: c80f9e03

Change-Id: I1a9201094a3595e2db89688f9ab952453b424b63

Perfetto is a performance instrumentation and logging framework,
living in AOSP's /external/pefetto.
Perfetto introduces in the system one binary and two daemons
(the binary can specialize in either depending on the cmdline).

1) traced: unprivileged daemon. This is architecturally similar to logd.
   It exposes two UNIX sockets:
   - /dev/socket/traced_producer : world-accessible, allows to stream
     tracing data. A tmpfs file descriptor is sent via SCM_RIGHTS
     from traced to each client process, which needs to be able to
     mmap it R/W (but not X)
   - /dev/socket/traced_consumer : privilege-accessible (only from:
     shell, statsd). It allows to configure tracing and read the trace
     buffer.
2) traced_probes: privileged daemon. This needs to:
   - access tracingfs (/d/tracing) to turn tracing on and off.
   - exec atrace
   - connect to traced_producer to stream data to traced.

init.rc file:
https://android-review.googlesource.com/c/platform/external/perfetto/+/575382/14/perfetto.rc

Bug: 70942310
Change-Id: Ia3b5fdacbd5a8e6e23b82f1d6fabfa07e4abc405

Update priv_app selinux policy to allow gmscore to be able to communicate with statsd am: 31b11d8e
am: 2722dd43

Change-Id: I7b480b4f6c1beca41c15f8ebd8e502bd1178196b

am: 31b11d8e

Change-Id: I39fd53f56099df371ec9f8ea8938b6aefb131f49

communicate with statsd

Test: manual testing conducted
Change-Id: Icd268e258f7cbdd9310baab53fe0c66f4f303d5e

Merge "Revert "Allow callers of uevent_kernel_*() access to /proc/sys/kernel/overflowuid"" am: 3ec0dbf7
am: df624b34

Change-Id: I86c278aa93c72a9c51335b1964bcf182c2fbb051