The refactoring in S unintendedly introduced a change that allowed
signature|privileged to be granted to platform-signed privileged apps
without being in the allowlist XML, so we should revert to the old
behavior.

The refactoring was done in the hope that we can have one step that
handles privileged permission granting. However upon retrospection, we
have to do this in two separate steps because the privapp permission
allowlist should always be enforced first.

This change reverts to the old behavior by looking at both the current
code and the R source code, then extracts the privapp permission
enforcement as a separate step that happens first, to be used by both
signature and the new internal permission protection.

Also simplified the check about privileged permission, because vendor
privileged permission is always a privileged permission, as made sure
in PermissionInfo.fixProtectionLevel().

In the mean time, added the missing privapp permission allowlist entry
for Settings and RESTART_WIFI_SUBSYSTEM for device to boot.

Fixes: 179309876
Test: manual
Change-Id: I93cfe7a4621fc5ac65229d42c7a8ebd825ae8ae5

Bug: 179309876
Test: presubmit
Change-Id: I936746b842d113cffda4361bec98d1acbcf62ac1

(Permission will be migrated to a role in a follow-up).

Bug: 178644109
Test: atest CtsPermission2TestCases:android.permission2.cts.PrivappPermissionsTest#privappPermissionsNeedToBeWhitelisted -- --abi arm64-v8a
Change-Id: I491450d8748ac669a017547ffb8616e2544aa397
(cherry picked from commit 6fa6344e)

- gcar_emu_x86_64 starts to crash after commit 1dafc385 is merged.

Bug: 179455284
Test: Build gcar_emu_x86_64 and check if it boots successfully.
Change-Id: I59dad57c846e3a83d71abb58fdd5e57019d99e75

Origional changes were in aosp/1546877. It has a merged-in referencing
ag/13319676, but ag/13319676 doesn't contain these changes. This CL is
to add the missing changes.

Bug: 177271291
Test: gts-tradefed run gts -m GtsAssistIntentTestCases
Change-Id: I22a3e6a3475263ec4e007e37412a269ca95c8bbe

Added a new permission QUERY_USERS, granted the
new permission and MODIFY_USERS to shell.
These permissions are required to enable CTS
tests to access the following APIs:
* UserManager#getUsers and any other API that depend on it
* UserManager#getProfileParent
* UserManager#requestQuietModeEnabled

Test: Confirmed that a CTS test can call these APIs
Bug: 178695365
Merged-In: Ifa14d24ee1873161e3986e8d0669fd47a7bcaa7a
Change-Id: Ifa14d24ee1873161e3986e8d0669fd47a7bcaa7a

This reverts commit 4d3f1c56.

Reason for revert: b/179308296

Change-Id: Idccf97038d5aa92268a13bacc512215878e8aefa

Added a new permission QUERY_USERS, granted the
new permission and MODIFY_USERS to shell.
These permissions are required to enable CTS
tests to access the following APIs:
* UserManager#getUsers and any other API that depend on it
* UserManager#getProfileParent
* UserManager#requestQuietModeEnabled

Test: Confirmed that a CTS test can call these APIs
Bug: 178695365
Change-Id: Ifa14d24ee1873161e3986e8d0669fd47a7bcaa7a

Sandbox Display#getRealSize and WindowManager
bounds when letterbox or size compat mode are
applied to the configuration. Display uses
this field to provide the sandboxed display
size.

Test: atest WindowConfigurationTests
Test: atest FrameworksMockingCoreTests:android.view.DisplayTests
Test: atest WmTests:SizeCompatTests
Bug: 171386167
Change-Id: I6f78edcd9214b52ab0708e3892bc86ee05bb5b9a

Apps can't request this permission anyways so some apps started
misbehaving when forcing users to grant all permissions without caring
what they are.

Test: Boot
Fixes: 172844303
Bug: 158311343
Change-Id: Ia83ad5433ff3cdae57d901b3a9d781725124c6b9

Bug: 177271291
Test: gts-tradefed run gts -m GtsAssistIntentTestCases
Change-Id: I6c6134a9912a73039556a4d700bbb0bb97b6b3d4
Merged-In: I293d66811f8a27170f2bc4cb74b7d4c9ec55fac8

Bug: 177096054
Test: Presubmit for quickstep
Change-Id: Ia824ed21a3836548eccb186ee7c9a3f697e9ee66

Introduces a new SystemService to act as intermediary between the
Perfetto trace daemon and Traceur.

Bug: 175591887
Test: adb shell service call 1 i32 0/1

Change-Id: Idea7761a8479827f0cfa561e56ba2beac3072939

Pre-grant START_ACTIVITIES_FROM_BACKGROUND to emergency app

The emergency app needs this permission to start foreground service
after sdk 31.

Fix: 172364084
Test: manual
Change-Id: I111dbda3418edf4fcf34aa26f39dc6ce662f2e5d
(cherry picked from commit fb001c98)

Update local variables and comments with Task terms.

No logical changes.

Bug: 157876447
Test: presubmit
Change-Id: Iffcd5ca8971fc8856775538c3eebcefef2cf4b24

Bug: 177920807
Test: atest CtsPermission2TestCases:android.permission2.cts.PrivappPermissionsTest#privappPermissionsNeedToBeWhitelisted -- --abi arm64-v8a
Change-Id: I01d60ff89ee2eb38bab37a1d00c5e81bd6a06c01

This reverts commit ddb49025.

Change-Id: I7d5433bf676661ede208f840c27a71abbe663195

New permission is needed to allow CTS to trigger the new WiFi subsystem
restart API.

Bug: 175084231
Bug: 178125790
Test: atest android.net.wifi.cts.WifiManagerTest#testRestartWifiSubsystem
Change-Id: I0eb0362e6421480c10ba64f923a9069d1258d4ca

Bug: 160037666
Test: m
Change-Id: Ib96198a39c18a0b9c3cf64c0c58c89b1a5b62c19

The UserSystemPackageInstaller installs packages on new users
based on their configuration in an allowlist. An exception was
made for auto-generated RROs, which were instead installed based
on their overlay target package's configuration (thus avoiding
the need for manually allowlisting each such overlay).

This is now expanded to all static overlays (which should
include auto-generated RROs, according to the bug). That is:
Static overlays no longer need to be mentioned in the list,
but will instead be installed based on the listing for their
overlay target package.

Test: atest UserSystemPackageInstallerTest
Fixes: 172956245
Change-Id: I6b974bba20ee059a8f744092db7c3441580d327f

Bug: 160037666
Test: Compiles
Change-Id: I955916f97815fb55a4e701f69a01a975e0d0c205
Merged-In: Ib96198a39c18a0b9c3cf64c0c58c89b1a5b62c19

Bug: 177346942
Test: manual
Change-Id: Icc512fd8e205bdc6645558053f254e2b39bea077

- It now overrides shell package itself

Bug: 177099512
Test: Check if shell package has all necessary permissions
Change-Id: I139b47fcb2992e42da020aaac8680ae8dd2efac0
Merged-In: I139b47fcb2992e42da020aaac8680ae8dd2efac0
(cherry picked from commit 2bd010b7)

Test: n/a
Change-Id: Ic4ffafeb36d2bc69ebdd39e3f8ff40547bdcddd3

...  until it adds the first view

In R, we create WindowToken for every WindowContext creation.
In S, we only create WindowToken for the WindowContext which adding
a view.
This CL also provide the ability to attach an existing WindowToken
by overriding WindowManager.LayoutParams.mToken, and remove the
WindowContext created WindowToken after WindowContext destruction.

Bug: 159767464
Bug: 153369119
Test: atest WindowTokenTests WindowContextListenerControllerTests
Change-Id: Iefe0315461b452a84cecbff2d08ee04c1f34051d

Original CL got reverted because target aosp_arm64-userdebug was failing
to boot. Apparently, the right place to put the permission for launcher3
is in frameworks/base/data/etc/com.android.launcher3.xml, not
frameworks/base/data/etc/privapp-permissions-platform.xml (despite it
having an entry on the latter) because launcher3 lives in system_ext.

-- Original CL description

CellBroadcastReceiver, a mainline module signed with the networkstack,
needs it before showing emergency alerts to the user.

This is inline and ok with the rest of of the restrictions given that
STATUS_BAR that allows calls to StatusBarManager.collapsePanels() also
has "privileged" protection level.

Also adding permission to privapp-permissions-platform for Launcher3
because of b/177506944, despite it getting it via "recents" protection
level.

Bug: 177346942
Bug: 159105552
Test: atest PermissionPolicyTest
Test: Run DeviceBootTest for aosp_arm64-userdebug in forrest.
Change-Id: Ie3298c839003aeaca3cc84782e8846374beca5b8

Revert "Add BROADCAST_CLOSE_SYSTEM_DIALOGS to launcher via privi..."

Revert "Udpate BROADCAST_SYSTEM_DIALOGS permission in CTS"

Revert submission 13328953-acsd-privileged

Reason for revert: DeviceBootTest#REBOOT_TEST fail on b/177952808.
Reverted Changes:
Id3fdaf36f:Udpate BROADCAST_SYSTEM_DIALOGS permission in CTS
I40a28210f:Add BROADCAST_CLOSE_SYSTEM_DIALOGS to launcher via...
If027c6824:Add privileged to BROADCAST_CLOSE_SYSTEM_DIALOGS

Change-Id: I2a2e12af9075727e0d6f0be07467c4ba9285b2d3

Add new column definitions in the call log db to support storing the new
call composer elements in the call log. Also refactor addCall to use a
builder pattern, and add READ_VOICEMAIL for shell in order to support
new CTS tests

Test: atest CallLogTest
Bug: 174798736
Change-Id: I00e127510c382d9ff0ffc70f4c5ad7179ac7319a

After this change, the power button on the reference remote will function
as a power toggle for the HDMI-connected display (=TV) power state. The
device will then follow the TV power state.

Bug: 157402294
Test: N/A
Change-Id: I462f792f5aae8c47c876d3ea3dfea64fc1c551b5

Bug: 177364704
Test: none
Change-Id: I8f19d7d58ee78b64d93de265739a7a880b6a52df
Merged-In: I8f19d7d58ee78b64d93de265739a7a880b6a52df

Bug: 177364704
Test: none
Change-Id: I8f19d7d58ee78b64d93de265739a7a880b6a52df

CellBroadcastReceiver, a mainline module signed with the networkstack,
needs it before showing emergency alerts to the user.

This is inline and ok with the rest of of the restrictions given that
STATUS_BAR that allows calls to StatusBarManager.collapsePanels() also
has "privileged" protection level.

Also adding permission to privapp-permissions-platform for Launcher3
because of b/177506944, despite it getting it via "recents" protection
level.

Bug: 177346942
Bug: 159105552
Test: atest PermissionPolicyTest
Change-Id: If027c6824a58c8b9a917f9995e34bf8b306cab54

Bug: 176127289
Test: make
Change-Id: Ic322a097ef2d33f52da593fbc4e3acd78674b220

Part 1 was aosp/1546301.
Two parts are required due to b/175318571.

Test: N/A
Change-Id: I1a89f7d26da70dce36d1e891a8e8ebc4042dc56c

- It now overrides shell package itself

Bug: 177099512
Test: Check if shell package has all necessary permissions
Change-Id: I139b47fcb2992e42da020aaac8680ae8dd2efac0

In Android 10 access to device identifiers was moved from a runtime
permission to the privileged READ_PRIVILEGED_PHONE_STATE permission.
One of the non-resettable identifiers missed was SubscriptionInfo#
getIccId. The contacts provider currently uses this ID to upgrade
to version 1003 of the database; to ensure there are no issues with
this upgrade this permission is being whitelisted for the contacts
provider.

Bug: 131909991
Bug: 173421434
Test: atest ContactsProviderTests
Change-Id: I7574f787a7e55aa0337237b9fe916ee143a2f697
Merged-In: I7574f787a7e55aa0337237b9fe916ee143a2f697

Bug: 175043978
Test: atest PrivappPermissionsTest#privappPermissionsNeedToBeWhitelisted
Change-Id: I4153770218c0cae39882b80266183d74af6622fe

As part of targetting the Android S API level, we need to explicitly
allow the privapp Traceur to start services from the background.

Test: atest TraceurUiTest
Bug: 176849372
Change-Id: I58c2a23653541f8516beedf0971d60403eedbb02

This CL adds flags per-change in a transition so that
extra meta-information (like is-wallpaper, shows-wallpaper,
translucent, starting-window-transfer) can be passed to
shell.

This then treats wallpaper like other activities WRT to
transitions (collect/send to shell) except for a couple
differences:
1. When any window is collected, if it shows wallpaper, then
   the wallpaper will be automatically collected too.
2. During TransitionInfo construction, wallpaper containers
   are excluded from promotion and root-leash calculation.

This also adds starting-window transfers to the transition
and adds support in the example player.

Bug: 169035082
Test: launch any non-wallpaper app (eg. messages), then press
      home-button to bring home to front. The wallpaper should
      be included with the home fading-in.
Change-Id: I7ceea614e16c2686f533937db10436f66764255e

Adding key layout and device configuration file
for Google Reference RCU.
The VID/PID pair used in file name is speicifically for
Reference RCU, which supports both G10 and G20.

b/173100313
test: manually on custom build for ADT-3

Change-Id: I2048012fb91adfc6a2f61065ba262d5ed344c673