Allow to use sockets from hal server for auto
Add an exemption to neverallow rule to use sockets from HAL servers only
for automotive build
Bug: 78901167
Test: assign this attribute to hal_vehicle_default and try to open
socket from HAL implementation
Test: verify that new CTS test will fail for non-automotive build with
this attribute buing used
Test: make cts && cts-tradefed run singleCommand cts --skip-device-info
--skip-preconditions --abi arm64-v8a --module CtsSecurityHostTestCases
-t android.security.cts.SELinuxHostTest
Merged-In: I27976443dad4fc5b7425c089512cac65bb54d6d9
(cherry picked from commit 4cafae77a4ac9e9b34410714787b68523dcd5345)
Change-Id: I58e25a0f86579073aa568379b10b6599212134c6
diff --git a/public/hal_neverallows.te b/public/hal_neverallows.te
index 017fcce..0f05d8a 100644
--- a/public/hal_neverallows.te
+++ b/public/hal_neverallows.te
@@ -11,8 +11,13 @@
# Unless a HAL's job is to communicate over the network, or control network
# hardware, it should not be using network sockets.
+# NOTE: HALs for automotive devices have an exemption from this rule because in
+# a car it is common to have external modules and HALs need to communicate to
+# those modules using network. Using this exemption for non-automotive builds
+# will result in CTS failure.
neverallow {
halserverdomain
+ -hal_automotive_socket_exemption
-hal_tetheroffload_server
-hal_wifi_server
-hal_wifi_hostapd_server