Find hal_foo_hwservice -> you are hal_foo_client. Before, it was possible to access a hwservice without declaring that you were a client. This introduces the following macro: hal_attribute_hwservice_client(hal_foo, hal_foo_hwservice) which makes sure the above implication holds using a neverallow rule. Bug: 80319537 Test: boot + sanity Change-Id: Iededae68f14f0f3bd412c1205aa3b650a54d55c6

commit: 8fc79818854dffd133d2e40358a33cdd84f4d511 [log] [tgz]
author: Steven Moreland <smoreland@google.com> Wed May 30 16:43:17 2018 -0700
committer: Steven Moreland <smoreland@google.com> Wed May 30 16:46:57 2018 -0700
tree: 2dbbfb7b44568ca13e081f612cd411679ce8f86b
parent: 7baf725ea63c9db5a360ba3d4516c30e2ad18d4a [diff] [blame]
diff --git a/public/hal_wifi_supplicant.te b/public/hal_wifi_supplicant.te
index 3d61766..87a061f 100644
--- a/public/hal_wifi_supplicant.te
+++ b/public/hal_wifi_supplicant.te

@@ -3,7 +3,7 @@
 binder_call(hal_wifi_supplicant_server, hal_wifi_supplicant_client)
 
 add_hwservice(hal_wifi_supplicant_server, hal_wifi_supplicant_hwservice)
-allow hal_wifi_supplicant_client hal_wifi_supplicant_hwservice:hwservice_manager find;
+hal_attribute_hwservice_client(hal_wifi_supplicant, hal_wifi_supplicant_hwservice)
 
 # in addition to ioctls whitelisted for all domains, grant hal_wifi_supplicant priv_sock_ioctls.
 allowxperm hal_wifi_supplicant self:udp_socket ioctl priv_sock_ioctls;
commit	8fc79818854dffd133d2e40358a33cdd84f4d511	[log] [tgz]
author	Steven Moreland <smoreland@google.com>	Wed May 30 16:43:17 2018 -0700
committer	Steven Moreland <smoreland@google.com>	Wed May 30 16:46:57 2018 -0700
tree	2dbbfb7b44568ca13e081f612cd411679ce8f86b
parent	7baf725ea63c9db5a360ba3d4516c30e2ad18d4a [diff] [blame]