Exempt tetheroffload hal from network socket restrictions The tetheroffload hal must be able to use network sockets as part of its job. Bug: 62870833 Test: neverallow-only change builds. Change-Id: I630b36340796a5ecb5db08e732b0978dd82835c7

commit: d75a2c0cc8a9c5ff1a6f534f01099e4d51939b09 [log] [tgz]
author: Jeff Vander Stoep <jeffv@google.com> Wed Jun 21 12:46:21 2017 -0700
committer: Jeff Vander Stoep <jeffv@google.com> Wed Jun 21 12:46:21 2017 -0700
tree: f10fccedd4f767a7c8701d9101a96c1ec2235726
parent: 3692b3189e77c3b058b81f70dd9a1b60837a8138 [diff]
diff --git a/public/hal_neverallows.te b/public/hal_neverallows.te
index feadcda..036e1d2 100644
--- a/public/hal_neverallows.te
+++ b/public/hal_neverallows.te

@@ -8,10 +8,11 @@
   -rild
 } self:capability { net_admin net_raw };
 
-# Unless a HAL's job is to manage network hardware, it should not be
-# using network sockets.
+# Unless a HAL's job is to communicate over the network, or control network
+# hardware, it should not be using network sockets.
 neverallow {
   halserverdomain
+  -hal_tetheroffload_server
   -hal_wifi_server
   -hal_wifi_supplicant_server
   -rild
commit	d75a2c0cc8a9c5ff1a6f534f01099e4d51939b09	[log] [tgz]
author	Jeff Vander Stoep <jeffv@google.com>	Wed Jun 21 12:46:21 2017 -0700
committer	Jeff Vander Stoep <jeffv@google.com>	Wed Jun 21 12:46:21 2017 -0700
tree	f10fccedd4f767a7c8701d9101a96c1ec2235726
parent	3692b3189e77c3b058b81f70dd9a1b60837a8138 [diff]