sandbox: Complete migration away from os_malloc()

Now that we can use direct access to the system malloc() in sandbox, drop
the remaining uses of os_malloc().

The only one remaining now is for the RAM buffer, which we do want to be
at a known address, so this is intended.

Signed-off-by: Simon Glass <sjg@chromium.org>

drivers/misc/cros_ec_sandbox.c

@@ -11,10 +11,10 @@
 #include <ec_commands.h>
 #include <errno.h>
 #include <hash.h>
-#include <malloc.h>
 #include <os.h>
 #include <u-boot/sha256.h>
 #include <spi.h>
+#include <asm/malloc.h>
 #include <asm/state.h>
 #include <asm/sdl.h>
 #include <linux/input.h>
@@ -115,7 +115,7 @@ static int cros_ec_read_state(const void *blob, int node)
 	prop = fdt_getprop(blob, node, "flash-data", &len);
 	if (prop) {
 		ec->flash_data_len = len;
-		ec->flash_data = os_malloc(len);
+		ec->flash_data = malloc(len);
 		if (!ec->flash_data)
 			return -ENOMEM;
 		memcpy(ec->flash_data, prop, len);
@@ -545,14 +545,14 @@ int cros_ec_probe(struct udevice *dev)
 	    ec->flash_data_len != ec->ec_config.flash.length) {
 		printf("EC data length is %x, expected %x, discarding data\n",
 		       ec->flash_data_len, ec->ec_config.flash.length);
-		os_free(ec->flash_data);
+		free(ec->flash_data);
 		ec->flash_data = NULL;
 	}
 
 	/* Otherwise allocate the memory */
 	if (!ec->flash_data) {
 		ec->flash_data_len = ec->ec_config.flash.length;
-		ec->flash_data = os_malloc(ec->flash_data_len);
+		ec->flash_data = malloc(ec->flash_data_len);
 		if (!ec->flash_data)
 			return -ENOMEM;
 	}