Find hal_foo_hwservice -> you are hal_foo_client.
Before, it was possible to access a hwservice without declaring
that you were a client.
This introduces the following macro:
hal_attribute_hwservice_client(hal_foo, hal_foo_hwservice)
which makes sure the above implication holds using a neverallow rule.
Bug: 80319537
Test: boot + sanity
Change-Id: Iededae68f14f0f3bd412c1205aa3b650a54d55c6
diff --git a/public/hal_neuralnetworks.te b/public/hal_neuralnetworks.te
index c697ac2..149f768 100644
--- a/public/hal_neuralnetworks.te
+++ b/public/hal_neuralnetworks.te
@@ -3,6 +3,6 @@
binder_call(hal_neuralnetworks_server, hal_neuralnetworks_client)
add_hwservice(hal_neuralnetworks_server, hal_neuralnetworks_hwservice)
-allow hal_neuralnetworks_client hal_neuralnetworks_hwservice:hwservice_manager find;
+hal_attribute_hwservice_client(hal_neuralnetworks, hal_neuralnetworks_hwservice)
allow hal_neuralnetworks hidl_memory_hwservice:hwservice_manager find;
allow hal_neuralnetworks hal_allocator:fd use;