Merge "Ensure that hwservice_manager adds / finds make sense." am: f21085ca29 am: 4aa9123f1b am: 5688729fd5 Change-Id: I2e121886c46909e8148f65e5e4980af797733295

commit: b515b9b4983b66b7f76d9427d5b2357b54bbb7ae [log] [tgz]
author: Nick Kralevich <nnk@google.com> Wed Dec 19 17:56:15 2018 -0800
committer: android-build-merger <android-build-merger@google.com> Wed Dec 19 17:56:15 2018 -0800
tree: d30a63773163e89ca9a6410b8c636de6ac37f649
parent: 845b18eae9b10052991e14524d6cc1fc1081f9aa [diff]
parent: 5688729fd5885bd3c012b6cdf13ce0227e0f42a7 [diff]
diff --git a/public/hwservice.te b/public/hwservice.te
index 4490ae8..3c71d91 100644
--- a/public/hwservice.te
+++ b/public/hwservice.te

@@ -67,3 +67,12 @@
 type system_suspend_hwservice, hwservice_manager_type, coredomain_hwservice;
 type system_wifi_keystore_hwservice, hwservice_manager_type, coredomain_hwservice;
 type thermalcallback_hwservice, hwservice_manager_type;
+
+###
+### Neverallow rules
+###
+
+# hwservicemanager handles registering or looking up named services.
+# It does not make sense to register or lookup something which is not a
+# hwservice. Trigger a compile error if this occurs.
+neverallow domain ~hwservice_manager_type:hwservice_manager { add find };
commit	b515b9b4983b66b7f76d9427d5b2357b54bbb7ae	[log] [tgz]
author	Nick Kralevich <nnk@google.com>	Wed Dec 19 17:56:15 2018 -0800
committer	android-build-merger <android-build-merger@google.com>	Wed Dec 19 17:56:15 2018 -0800
tree	d30a63773163e89ca9a6410b8c636de6ac37f649
parent	845b18eae9b10052991e14524d6cc1fc1081f9aa [diff]
parent	5688729fd5885bd3c012b6cdf13ce0227e0f42a7 [diff]