Merge in upstream changes

From :https://github.com/phhusson/treble_patches

Change-Id: I785ed4d854f28f661b1b48530dc10a5adf076e74
diff --git a/patches/platform_system_sepolicy/0001-Don-t-set-esdfs-or-exfat-genfscon.-Assume-OEM-does.patch b/patches/platform_system_sepolicy/0001-Don-t-set-esdfs-or-exfat-genfscon.-Assume-OEM-does.patch
new file mode 100644
index 0000000..184afe4
--- /dev/null
+++ b/patches/platform_system_sepolicy/0001-Don-t-set-esdfs-or-exfat-genfscon.-Assume-OEM-does.patch
@@ -0,0 +1,51 @@
+From 46578b3b71aeb1de3a1d98177a8ead86a194afc5 Mon Sep 17 00:00:00 2001
+From: Pierre-Hugues Husson <phh@phh.me>
+Date: Tue, 14 Aug 2018 20:56:54 +0200
+Subject: [PATCH 1/2] Don't set esdfs or exfat genfscon. Assume OEM does
+
+---
+ prebuilts/api/28.0/private/genfs_contexts | 4 ++--
+ private/genfs_contexts                    | 4 ++--
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/prebuilts/api/28.0/private/genfs_contexts b/prebuilts/api/28.0/private/genfs_contexts
+index 7e2ea50..56cd92d 100644
+--- a/prebuilts/api/28.0/private/genfs_contexts
++++ b/prebuilts/api/28.0/private/genfs_contexts
+@@ -231,12 +231,12 @@ genfscon debugfs /tracing/events/fence/
+ 
+ genfscon inotifyfs / u:object_r:inotify:s0
+ genfscon vfat / u:object_r:vfat:s0
+-genfscon exfat / u:object_r:exfat:s0
++#genfscon exfat / u:object_r:exfat:s0
+ genfscon debugfs / u:object_r:debugfs:s0
+ genfscon fuse / u:object_r:fuse:s0
+ genfscon configfs / u:object_r:configfs:s0
+ genfscon sdcardfs / u:object_r:sdcardfs:s0
+-genfscon esdfs / u:object_r:sdcardfs:s0
++#genfscon esdfs / u:object_r:sdcardfs:s0
+ genfscon pstore / u:object_r:pstorefs:s0
+ genfscon functionfs / u:object_r:functionfs:s0
+ genfscon usbfs / u:object_r:usbfs:s0
+diff --git a/private/genfs_contexts b/private/genfs_contexts
+index 7e2ea50..56cd92d 100644
+--- a/private/genfs_contexts
++++ b/private/genfs_contexts
+@@ -231,12 +231,12 @@ genfscon debugfs /tracing/events/fence/
+ 
+ genfscon inotifyfs / u:object_r:inotify:s0
+ genfscon vfat / u:object_r:vfat:s0
+-genfscon exfat / u:object_r:exfat:s0
++#genfscon exfat / u:object_r:exfat:s0
+ genfscon debugfs / u:object_r:debugfs:s0
+ genfscon fuse / u:object_r:fuse:s0
+ genfscon configfs / u:object_r:configfs:s0
+ genfscon sdcardfs / u:object_r:sdcardfs:s0
+-genfscon esdfs / u:object_r:sdcardfs:s0
++#genfscon esdfs / u:object_r:sdcardfs:s0
+ genfscon pstore / u:object_r:pstorefs:s0
+ genfscon functionfs / u:object_r:functionfs:s0
+ genfscon usbfs / u:object_r:usbfs:s0
+-- 
+2.7.4
+
diff --git a/patches/platform_system_sepolicy/0002-Relax-proc-read-from-ueventd-huawei-needs-it.patch b/patches/platform_system_sepolicy/0002-Relax-proc-read-from-ueventd-huawei-needs-it.patch
new file mode 100644
index 0000000..077b878
--- /dev/null
+++ b/patches/platform_system_sepolicy/0002-Relax-proc-read-from-ueventd-huawei-needs-it.patch
@@ -0,0 +1,37 @@
+From ba947f13165df3081572a680009157bfb0827752 Mon Sep 17 00:00:00 2001
+From: Pierre-Hugues Husson <phh@phh.me>
+Date: Wed, 15 Aug 2018 12:27:21 +0200
+Subject: [PATCH 2/2] Relax /proc read from ueventd, huawei needs it
+
+---
+ prebuilts/api/28.0/private/domain.te | 1 +
+ private/domain.te                    | 1 +
+ 2 files changed, 2 insertions(+)
+
+diff --git a/prebuilts/api/28.0/private/domain.te b/prebuilts/api/28.0/private/domain.te
+index fb6ba4f..95f0dbc 100644
+--- a/prebuilts/api/28.0/private/domain.te
++++ b/prebuilts/api/28.0/private/domain.te
+@@ -32,6 +32,7 @@ full_treble_only(`
+   # /proc
+   neverallow {
+     coredomain
++    -ueventd
+     -vold
+   } proc:file no_rw_file_perms;
+ 
+diff --git a/private/domain.te b/private/domain.te
+index fb6ba4f..95f0dbc 100644
+--- a/private/domain.te
++++ b/private/domain.te
+@@ -32,6 +32,7 @@ full_treble_only(`
+   # /proc
+   neverallow {
+     coredomain
++    -ueventd
+     -vold
+   } proc:file no_rw_file_perms;
+ 
+-- 
+2.7.4
+