Find hal_foo_hwservice -> you are hal_foo_client. Before, it was possible to access a hwservice without declaring that you were a client. This introduces the following macro: hal_attribute_hwservice_client(hal_foo, hal_foo_hwservice) which makes sure the above implication holds using a neverallow rule. Bug: 80319537 Test: boot + sanity Change-Id: Iededae68f14f0f3bd412c1205aa3b650a54d55c6

commit: 8fc79818854dffd133d2e40358a33cdd84f4d511 [log] [tgz]
author: Steven Moreland <smoreland@google.com> Wed May 30 16:43:17 2018 -0700
committer: Steven Moreland <smoreland@google.com> Wed May 30 16:46:57 2018 -0700
tree: 2dbbfb7b44568ca13e081f612cd411679ce8f86b
parent: 7baf725ea63c9db5a360ba3d4516c30e2ad18d4a [diff] [blame]
diff --git a/public/hal_bootctl.te b/public/hal_bootctl.te
index 181de4a..a901cf2 100644
--- a/public/hal_bootctl.te
+++ b/public/hal_bootctl.te

@@ -3,6 +3,6 @@
 binder_call(hal_bootctl_server, hal_bootctl_client)
 
 add_hwservice(hal_bootctl_server, hal_bootctl_hwservice)
-allow hal_bootctl_client hal_bootctl_hwservice:hwservice_manager find;
+hal_attribute_hwservice_client(hal_bootctl, hal_bootctl_hwservice)
 
 dontaudit hal_bootctl self:capability sys_rawio;
commit	8fc79818854dffd133d2e40358a33cdd84f4d511	[log] [tgz]
author	Steven Moreland <smoreland@google.com>	Wed May 30 16:43:17 2018 -0700
committer	Steven Moreland <smoreland@google.com>	Wed May 30 16:46:57 2018 -0700
tree	2dbbfb7b44568ca13e081f612cd411679ce8f86b
parent	7baf725ea63c9db5a360ba3d4516c30e2ad18d4a [diff] [blame]