commit 37ee61f663ba11a69469c3b68c8a200d8047ce87
author Roshan Pius <rpius@google.com> Tue Aug 24 13:59:07 2021 -0700
committer Roshan Pius <rpius@google.com> Thu Aug 26 05:20:39 2021 +0000
tree 24a5586ee17b2c4a14b93ab9b35da6d587089d0f
parent 28515dd083c61d09a4f619b5adfc339724839ef4

sepolicy: Rename hal_uwb -> hal_uwb_vendor

Since we are now creating an AOSP HAL for uwb. Rename Pixel specific
internal UWB HAL from Android S to hal_uwb_vendor to avoid conflicts
with the AOSP HAL sepolicy rules that are going to be added in
Android T.

Android S Architecture:
|Apps | AOSP API | Vendor Service | Vendor HAL Interface | Vendor HAL
Implementation | Vendor driver/firmware

Android T Architecture:
|Apps | AOSP API | AOSP Service | AOSP HAL Interface | Vendor HAL
Implementation | Vendor driver/firmware

Ignore-AOSP-First: Dependent changes in internal-only projects.

Bug: 195308730
Test: Compiles
Change-Id: I7bf4794232604372134ea299c8e2a6ba14a801d3
Merged-In: I7bf4794232604372134ea299c8e2a6ba14a801d3
(cherry picked from commit 40465250e4612f8171a376daa1994849a232014c)
(cherry picked from commit 27ab309fad20694d705baeb9e1169af96c33606c)

public/hal_neverallows.te

diff --git a/public/hal_neverallows.te b/public/hal_neverallows.te
index 45227e4..3254f11 100644
--- a/public/hal_neverallows.te
+++ b/public/hal_neverallows.te
@@ -8,7 +8,7 @@
   -hal_wifi_hostapd_server
   -hal_wifi_supplicant_server
   -hal_telephony_server
-  -hal_uwb_server
+  -hal_uwb_vendor_server
 } self:global_capability_class_set { net_admin net_raw };
 
 # Unless a HAL's job is to communicate over the network, or control network
@@ -26,7 +26,7 @@
   -hal_wifi_hostapd_server
   -hal_wifi_supplicant_server
   -hal_telephony_server
-  -hal_uwb_server
+  -hal_uwb_vendor_server
 } domain:{ udp_socket rawip_socket } *;
 
 neverallow {
@@ -45,11 +45,11 @@
 
 # The UWB HAL is not actually a networking HAL but may need to bring up and down
 # interfaces. Restrict it to only these networking operations.
-neverallow hal_uwb_server self:global_capability_class_set { net_raw };
+neverallow hal_uwb_vendor_server self:global_capability_class_set { net_raw };
 
 # Subset of socket_class_set likely to be usable for communication or accessible through net_admin.
 # udp_socket is required to use interface ioctls.
-neverallow hal_uwb_server domain:{ socket rawip_socket netlink_socket packet_socket key_socket netlink_route_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_socket netlink_audit_socket netlink_dnrt_socket netlink_kobject_uevent_socket tun_socket netlink_iscsi_socket netlink_fib_lookup_socket netlink_connector_socket netlink_netfilter_socket netlink_scsitransport_socket netlink_rdma_socket netlink_crypto_socket qipcrtr_socket xdp_socket } *;
+neverallow hal_uwb_vendor_server domain:{ socket rawip_socket netlink_socket packet_socket key_socket netlink_route_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_socket netlink_audit_socket netlink_dnrt_socket netlink_kobject_uevent_socket tun_socket netlink_iscsi_socket netlink_fib_lookup_socket netlink_connector_socket netlink_netfilter_socket netlink_scsitransport_socket netlink_rdma_socket netlink_crypto_socket qipcrtr_socket xdp_socket } *;
 
 ###
 # HALs are defined as an attribute and so a given domain could hypothetically