Find hal_foo_hwservice -> you are hal_foo_client. Before, it was possible to access a hwservice without declaring that you were a client. This introduces the following macro: hal_attribute_hwservice_client(hal_foo, hal_foo_hwservice) which makes sure the above implication holds using a neverallow rule. Bug: 80319537 Test: boot + sanity Change-Id: Iededae68f14f0f3bd412c1205aa3b650a54d55c6

commit: 8fc79818854dffd133d2e40358a33cdd84f4d511 [log] [tgz]
author: Steven Moreland <smoreland@google.com> Wed May 30 16:43:17 2018 -0700
committer: Steven Moreland <smoreland@google.com> Wed May 30 16:46:57 2018 -0700
tree: 2dbbfb7b44568ca13e081f612cd411679ce8f86b
parent: 7baf725ea63c9db5a360ba3d4516c30e2ad18d4a [diff] [blame]
diff --git a/public/hal_fingerprint.te b/public/hal_fingerprint.te
index ebe0b0c..240f1dd 100644
--- a/public/hal_fingerprint.te
+++ b/public/hal_fingerprint.te

@@ -3,7 +3,7 @@
 binder_call(hal_fingerprint_server, hal_fingerprint_client)
 
 add_hwservice(hal_fingerprint_server, hal_fingerprint_hwservice)
-allow hal_fingerprint_client hal_fingerprint_hwservice:hwservice_manager find;
+hal_attribute_hwservice_client(hal_fingerprint, hal_fingerprint_hwservice)
 
 # For memory allocation
 allow hal_fingerprint ion_device:chr_file r_file_perms;
commit	8fc79818854dffd133d2e40358a33cdd84f4d511	[log] [tgz]
author	Steven Moreland <smoreland@google.com>	Wed May 30 16:43:17 2018 -0700
committer	Steven Moreland <smoreland@google.com>	Wed May 30 16:46:57 2018 -0700
tree	2dbbfb7b44568ca13e081f612cd411679ce8f86b
parent	7baf725ea63c9db5a360ba3d4516c30e2ad18d4a [diff] [blame]