This was originally implemented in commit
89041472 and reverted in commit
fa3eb773. This effectively reverts the
revert, with minimal changes to cope with the subsequent reversion of
commit b3624743.

Auditing is only enabled for apps targeting API <= 28.

Test: Compiles, audit messages are seen.
Bug: 121333210
Bug: 111338677
Change-Id: Ie38498a2b61f4b567902117f9ef293faa0e689dd

This prevents denials while taking a bugreport.

Bug: 116711254
Test: cts-tradefed run cts -m CtsSecurityHostTestCases -t
android.security.cts.SELinuxHostTest#testNoBugreportDenials

Change-Id: Ie190bfa62cf5aa172ebfff8bfd82dea2a7d1a016

Make /(product|system/product)/vendor_overlay/<ver> have the vendor
file context.

If vendor_overlay requires to mount on the vendor directories other
than 'vendor_file', the contexts must be defined in the device
specific sepolicy files.

Bug: 119076200
Test: build and check if the files are overided and have the required
sepolicy contexts.

Change-Id: I69ed38d4ea8e7d89f56865b1ca1e26f290e9892d

Notes:
- Added face hal domain, context and file types for the default
  SELinux policy.
- Please see aosp/q/topic:"Face+Authentication"

Bug: 80155388
Test: Built successfully.
Change-Id: I2e02cf6df009c5ca476dfd842b493c6b76b7712a

This reverts commit 9eb3b8ff.

Reason for revert: We are deciding for now not to make StagingManager a fully-fledged binder service, as it will only be accessed by PackageInstaller. We might re-evaluate this decision later if needed.

Bug: 122072686
Change-Id: Ic2a53fc92ddd7d7eeccc6a4a0117f28724346ec7

Adding a new high-level service which will handle staged installs, i.e.
installs that require a reboot.

Bug: 118865310
Test: An initial implementation of StagingManager can be reached
successfully by PackageManagerService and PackageInstallerService.
Change-Id: I8859b463575f8ee85caae43570958347b82f967e

Test: manually verified SensorPrivacyService is accessible
Bug: 110842805
Merged-In: Idd215f338f2da0dab4898ea06fa08d9b4a1bcb5f
Change-Id: Idd215f338f2da0dab4898ea06fa08d9b4a1bcb5f
(cherry picked from commit 0ac3dea7)

Use regular expression for all composer service versions.

BUG: 115554640
Test: Build, flash and boot

Merged-In: Ie84ebb0a43c9eaad66829b15deaa8b3046bd7fe4
Change-Id: Ie84ebb0a43c9eaad66829b15deaa8b3046bd7fe4

This reverts commit b3624743.

Reason for revert:

android.jvmti.cts.JvmtiHostTest1906#testJvmti unittest failures.

Bug: 121333210
Bug: 112357170
Change-Id: I6e68855abaaaa1e9248265a468712fa8d70ffa74
Test: compiles and boots

This reverts commit 89041472.

Unittest failures of JvmtiHostTest1906#testJvmti. To do a clean revert
of b3624743, we need to also revert this
change.

Test: compiles
Bug: 121333210
Bug: 111338677

Add "rs" and "rs_exec" types to public policy. Access
to these types might be needed for device specific
customization.

Bug: 121306110
Test: Manual using application
Change-Id: Ief35d3353625adfbf468447de74aa80651dd9451

Arbitrary apps need to connect to heapprofd in order to send samples.

Relevant denial trying to profile com.google.android.inputmethod.latin
on userdebug:

12-20 14:50:20.420 25219 25219 I heapprofd: type=1400 audit(0.0:1006): avc: denied { read } for path="/proc/24819/mem" dev="proc" ino=244219 scontext=u:r:heapprofd:s0 tcontext=u:r:untrusted_app_27:s0:c133,c256,c512,c768 tclass=file permissive=1

Bug: 121370989

Test: m
Test: flash walleye
Test: profile com.google.android.inputmethod.latin

Change-Id: Iee82c8c49951e5a5726cd5ab0b9e8fa71226c802

The policies allow the system server to register a network_stack_service
used to communicate with the network stack process.

Test: atest FrameworksNetTests
Bug: b/112869080
Change-Id: Ib9b7d9150fe4afcce03c8b3dbb36b81c67e39366

Bug: 121099965
Test: manual
Change-Id: I940868eb984399763d7346a201e37cb07fb12333

There are many permission related APIs currently handled by the
package manager service. These are simply pass throughs from the
package manager service to an internal API defined by the
permission manager service. Instead of this multi-hop, we want
to open the permission manager service directly to apps. For
legacy, we won't be able to remove the APIs from PackageManager,
but, the implementation should go directly to the Permission
Manager Service.

Test: System boots w/o selinux denials
Change-Id: I1d953077b3da18ccf44deb85b9084be68a2179bd

The networking stack app hosts services that used to be in the system
server (IpClient, NetworkMonitor for now), but in a different process to
be packaged as a mainline module.

Test: booted, verified networking stack working when in app
Change-Id: I300a556f51b35c17378af961cea1ec937444e597

To configure read-ahead on loop devices, eg.
/sys/devices/virtual/block/loop0/queue/read_ahead_kb

Bug: 120776455
Test: configuring read-ahead on loop devices works from apexd
Change-Id: Ib25372358e8ca62fa634daf286e4b64e635fac58

Add a neverallow rule asserting that services registered or queried
through hwservicemanager must have the attribute hwservice_manager_type.
Attempting to add or query a service which does not have that
attribute is malformed policy.

Test: compiles
Change-Id: Ib498508694f478c396f2d9273abaccbff06975e6

Add a neverallow rule asserting that services registered or queried
through servicemanager must have the attribute service_manager_type
or vndservice_manager_type. Attempting to add or query a service which
does not have one of those attributes is malformed policy.

See
https://android-review.googlesource.com/c/platform/system/sepolicy/+/826500/7/private/system_server.te#696
as an example where this occurred.

Test: compiles
Change-Id: I339bde04b80819b07832d96797fd7f477a4b676a

sed "-i" flag on Mac has different syntax than on Linux. Replace use of
sed with grep.

A simple fix like this should suffice for this case, but ideally, we
should maintain our own utils instead of using tools on the host
machine.

Fixes: 121235932
Test: m selinux_policy
Change-Id: I46c3bdb90bf7de48d2c942b15a65ce82ae3041c5

The bcc command line uses /data/user/0 paths, so renderscript needs to
be able to follow those symlinks.

Addresses the following denial:

  audit(1545249938.830:2274): avc: denied { read } for comm="bcc" name="0" dev="dm-6" ino=101 scontext=u:r:rs:s0:c184,c256,c512,c768 tcontext=u:object_r:system_data_file:s0 tclass=lnk_file permissive=1 app=android.rscpp.cts

Test: cts-tradefed run cts -m CtsRsCppTestCases
Bug: 121266184
Bug: 112357170
Change-Id: I16210f9b95f386bdee0863cf0044c956af99586d

Bug: 119305624
Test: boot blueline
Change-Id: I3ecdeab3bb33c3cb5e80dc10ba1079c9853048f8

Bug: 120921905
Test: locally tested
Change-Id: I23fda0f83daff8765f7946814a61588dac00c85a

* changes:
  Separate product_sepolicy.cil out of system sepolicy
  Replace "grep -f" with python util.

Product-specific sepolicy will be installed into /product/etc/selinux/*.
This change separates out /product/etc/selinux/product_sepolicy.cil out
of system sepolicy.

This file is merged into precompiled_sepolicy at build-time. In case
precompiled_sepolicy can't be used (e.g. system-only-ota), init wll
merge this file with the rest of the sepolicy at runtime.

I left TODOs to separate other product-specific SELinux artifacts out of
system.

Bug: 119305624
Test: boot aosp_taimen with product_sepolicy.cil
Test: build selinux_policy for aosp_arm64; no product_sepolicy.cil
produced
Change-Id: Idb84a1c8ceb2de78f1460d954497c53fed08935f

grep can potentially run out of memory on Mac builds for large input
files. So we add a python util to handle filtering out files.

We will also need this util to filter plat_sepolicy.cil out of
product_sepolicy.cil

Bug: 119305624
Test: boot aosp_taimen
Change-Id: I61cd68f407ea5de43a06bf522a5fc149e5067e8c

Bug: 120865921
Test: Manual verification
Change-Id: Ic0b3f85fad24ccedc0a8e9935c198bc8503bb415

Make mediaextractor use hidl memory allocated by
hidl allocator, instead of constructing hidl memory
from IMemory.

bug: 112766913
bug: 111407253
Change-Id: I7902f18768005c995925bc9a7947299e9988b68a
(Needed for internal commit I39e131718ea41f9cb23177c28213ddf7b7741338)