Find hal_foo_hwservice -> you are hal_foo_client. Before, it was possible to access a hwservice without declaring that you were a client. This introduces the following macro: hal_attribute_hwservice_client(hal_foo, hal_foo_hwservice) which makes sure the above implication holds using a neverallow rule. Bug: 80319537 Test: boot + sanity Change-Id: Iededae68f14f0f3bd412c1205aa3b650a54d55c6

commit: 8fc79818854dffd133d2e40358a33cdd84f4d511 [log] [tgz]
author: Steven Moreland <smoreland@google.com> Wed May 30 16:43:17 2018 -0700
committer: Steven Moreland <smoreland@google.com> Wed May 30 16:46:57 2018 -0700
tree: 2dbbfb7b44568ca13e081f612cd411679ce8f86b
parent: 7baf725ea63c9db5a360ba3d4516c30e2ad18d4a [diff] [blame]
diff --git a/public/hal_tetheroffload.te b/public/hal_tetheroffload.te
index 48d67a2..d44573a 100644
--- a/public/hal_tetheroffload.te
+++ b/public/hal_tetheroffload.te

@@ -2,7 +2,7 @@
 binder_call(hal_tetheroffload_client, hal_tetheroffload_server)
 binder_call(hal_tetheroffload_server, hal_tetheroffload_client)
 
-allow hal_tetheroffload_client hal_tetheroffload_hwservice:hwservice_manager find;
+hal_attribute_hwservice_client(hal_tetheroffload, hal_tetheroffload_hwservice)
 
 # allow the client to pass the server already open netlink sockets
 allow hal_tetheroffload_server hal_tetheroffload_client:netlink_netfilter_socket { getattr read setopt write };
commit	8fc79818854dffd133d2e40358a33cdd84f4d511	[log] [tgz]
author	Steven Moreland <smoreland@google.com>	Wed May 30 16:43:17 2018 -0700
committer	Steven Moreland <smoreland@google.com>	Wed May 30 16:46:57 2018 -0700
tree	2dbbfb7b44568ca13e081f612cd411679ce8f86b
parent	7baf725ea63c9db5a360ba3d4516c30e2ad18d4a [diff] [blame]