This hwservice isn't registered with hwservicemanager but rather passed
to the thermal hal, so it doesn't need sepolicy associated with it to
do so.

Test: manual: boot, inspect logs
Test: VtsHalThermalV1_1TargetTest
Bug: 109802374
Change-Id: Ifb727572bf8eebddc58deba6c0ce513008e01861
Merged-In: Ifb727572bf8eebddc58deba6c0ce513008e01861

Suppress selinux logspam for non-API files in /sys.

Bug: 110914297
Test: build
Change-Id: I9b3bcf2dbf80f282ae5c74b61df360c85d02483c

Test: build aosp_taimen-userdebug
Change-Id: Ie35ffcb8d2e3b83b6592f863caca946270aa4032

Bug: 110757800
Test: none
Change-Id: I2627c43fc45a78c936fa4a7ca968c606c89b9728

Test: ls -laZ /vendor/bin/hw/android.hardware.bluetooth*
Change-Id: I394594ad041f87583ca6b5b44d836cfab5da8103
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Merged-In: I394594ad041f87583ca6b5b44d836cfab5da8103

"ro.telephony.default_network" can define as comma-separated Sting per
slot for multi SIM device. However, it cannot be read correctly due to
it defined as Int in property_contexts file.

Bug: 110626665
Test: manual - Checked the ro.telephony.default_network can be read per
slot for multi SIM device.
Change-Id: I900620e46c819c14bf339751f00a1db1473fd45f

Bug: 110230810
Test: N/A
Change-Id: Ide135dd5a8da05f0ea639bf03ce9612862108225

This reverts commit b5dc6137.

Reason for revert: Reverted incorrect change

Change-Id: Ieafa3338e28ffeed40bcceb73486cffbfbd08b9d

This reverts commit faebeaca.

Reason for revert: broke the build

Change-Id: I3d61ce011ad42c6ff0e9f122de3daa37e846407a

This change makes it such that only init can start adbd directly. It
also introduces new rules for ctl.{start,stop,restart} properties such
that only usbd and recovery (and su, since it's permissive) can directly
ask init to start adbd.

Bug: 64720460
Test: adbd still runs
Test: /data/nativetest64/adbd_test/adbd_test
Test: python system/core/adb/test_adb.py
Test: "USB debugging" in System Settings still start/stop adbd
Test: Recovery menu still make the device show as "recovery" in adb
      devices
Test: "Apply update from ADB" in recovery menu still works
Change-Id: Iafcda8aa44e85129afcc958036b472d856fa1192

This property is read by the audio service in system server to toggle
camera shutter sound enforcement on a device-specific basis.

Test: Camera shutter sound enforcement works when audio.camerasound.force is set
Bug: 110126976
Change-Id: I2720d3c699c4712d1a328f59dde0b16bbf1016f3

This adds a label for system properties that will affect system-wide
time / time detection logic.

The first example will be something like:
persist.time.detection_impl_version

Bug: 78217059
Test: build
Change-Id: I46044f1e28170760001da9acf2496a1e3037e48a

When we have wide color gamut content, SurfaceFlinger might want to send a
PowerHint through Power Hal to boost GPU to higher frequency, to make sure GPU
composition can finish in time.

BUG: 110112323
Test: adb shell cat /sys/class/kgsl/kgsl-3d0/devfreq/cur_freq
Change-Id: If60c13aedc4ff84eaefd3430794dc15a478c5a73

Grant access to icmp_socket to netdomain. This was previously
labeled as rawip_socket which apps are allowed to use. Neverallow
all other new socket types for apps.

Kernels versions > 4.9 redefine ICMP sockets from rawip_socket
to icmp_socket. To pass neverallow tests, we need to define
which IOCTLs are allowed (and disallowed).

Note that this does not change behavior on devices with
kernel versions <=4.9. However, it is necessary (although not
sufficient) to pass CTS on kernel version 4.14.

Bug: 110520616
Test: Grant icmp_socket in net.te and build.
Change-Id: I5c7cb6867d1a4cd1554a8da0d55daa8e06daf803

Like /system and /product, /product-services will contain apps that
should have the same privileges as the one in other system partitions.

Bug: 80741439
Test: successfully tested e2e on two devices, one with
/product-services partition and another with /product-services
symlinking to -> /system/product-services
Change-Id: Ieee7a9a7641a178f44bb406dbdef39ed46713899

From now on, linker will resolve dir.${section} paths of ld.config.txt.
This is added to suppress SELinux denial during resolving /postinstall.

Bug: http://b/80422611
Test: on taimen m -j, logcat | grep denied, atest on bionic/linker/tests
Change-Id: I12c2bb76d71ae84055b5026933dcaa6ef2808590

Add sepolicy entries for the new time zone detector service.

The timezonedetector_service will be called from the
telephony process.

Bug: 78217059
Test: make / booted device
Change-Id: Ib719a4bb444b2af7dd71910fb0bd12992df9d88c

There will likely be no need for platform apps
to call the timedetector_service; it was added
in error.

Bug: 78217059
Test: build / boot
Change-Id: Ie299c92a60f26fe6cb00562219e386a9f13e459f

For 4.14+ kernels, we need map permissions for vendor_config_files,
for things like kernel loaded firmware blobs, etc.

Change-Id: I8144c50b0239aedf4124569003187cc50c963080
Signed-off-by: John Stultz <john.stultz@linaro.org>

init, dumpstate and shell

Test: check avc for init is now gone
Bug: 7232205
Bug: 109821005
Change-Id: I299a0ba29bcc97a97047f12a5c48f6056f5e6de5

* changes:
  init is a dynamic executable
  adbd is allowed to execute shell in recovery mode

init is now a dynamic executable. So it has to be able to execute the
dynamic linker (/system/bin/linker) and shared libraries (e.g.,
/system/lib/libc.so). Furthermore, when in recovery mode, the files are
all labeled as rootfs - because the recovery ramdisk does not support
xattr, so files of type rootfs is allowed to be executed.

Do the same for kernel and ueventd because they are executing the init
executable.

Bug: 63673171
Test: `adb reboot recovery; adb devices` shows the device ID
Change-Id: Ic6225bb8e129a00771e1455e259ff28241b70396

Legacy hardware and code still depends on the ueventd helpers to
locate the firmware supported files which are on new mount path
labeled with mnt_vendot_file. For ueventd helper to work we need dir search
and read permission on this new label so moving ueventd to exempted list.

Already ueventd has the vendor_file_type read access.

Bug:110083808

Change-Id: Ia15cc39ecef9e29b4f1f684efdddbeb78b427988

If you can get or serve the hal allocator interface,
you should be a hal_allocator_client or
hal_allocator_server.

Bug: 80319537
Test: boot aosp_walleye and (sanity) take photos
Change-Id: Iea14c67c4aa56df7a74ebdb17e99b78b1d3aa105

The timedetector_service will be called from the
telephony process

Bug: 78217059
Test: build / local testing with a client
Change-Id: I25dfa4daabaa80e6b5e697ad1b1e2f7f72377702

To ensure a surprise reboot does not take the last boot reason on
face value especially if coming from more than one boot sessions ago.
We shift and clear the value from persist.sys.boot.reason to
sys.boot.reason.last and establish a correct last reboot reason in
the canonical sys.boot.reason property.  As a result, the power
manager should read the canonical sys.boot.reason for a definitive
result rather than relying on the possibly incorrect values in the
persistent storage.  sys.boot.reason should be a core property as
it represents the canonical boot reason API.

Test: compile
Bug: 86671991
Bug: 63736262
Change-Id: If3742c487d6c0ab69c464f056bf48c786b66a945

The shell is now available directly in the recovery ramdisk. We no
longer need to mount system.img to /system as the recovery ramdisk is
self-contained. However, there is a problem that every file in the
ramdisk is labeled as rootfs because the ramdisk does not support xattr.

This CL adds several recovery-only rules that are required to make the
recovery ramdisk self-contained. Most importantly, adbd is allowed to
domain_trans to shell. Also shell is allowe to execute files of type
rootfs. Finally, the recovery is allowed to mount on tmpfs since it now
mounts system.img to /mnt/system.

Bug: 63673171
Test: `adb reboot recovery; adb devices` shows the device ID
Test: `adb root && adb shell` and then
$ lsof -p `pidof adbd` shows that libm.so, libc.so, etc. are loaded from
the /lib directory.

Change-Id: If21b069aee63541344a5ca8939fb9a46ffef4d3e