Merge "Ensure that hwservice_manager adds / finds make sense."

commit: f21085ca298df27b22b76f238a31e5962d0f0b08 [log] [tgz]
author: Treehugger Robot <treehugger-gerrit@google.com> Thu Dec 20 01:33:44 2018 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Thu Dec 20 01:33:44 2018 +0000
tree: c3ce1e2ab66a17bceb5f1755f890e2cd0034856d
parent: c2be630c3af15c06c17fa7a3ee59e91f73b5bc15 [diff]
parent: db43ee04eb7ddcd0e6ce00308ab6e3eb3a3ee506 [diff]
diff --git a/private/rs.te b/private/rs.te
index 94cf6b4..9229ed9 100644
--- a/private/rs.te
+++ b/private/rs.te

@@ -7,6 +7,9 @@
 allow rs rs_data_file:file create_file_perms;
 type_transition rs app_data_file:file rs_data_file;
 
+# Follow /data/user/0 symlink
+allow rs system_data_file:lnk_file read;
+
 # Read files from the app home directory.
 allow rs app_data_file:file r_file_perms;
 allow rs app_data_file:dir r_dir_perms;

diff --git a/public/service.te b/public/service.te
index cf98261..606602d 100644
--- a/public/service.te
+++ b/public/service.te

@@ -180,3 +180,12 @@
 type window_service, system_api_service, system_server_service, service_manager_type;
 type inputflinger_service, system_api_service, system_server_service, service_manager_type;
 type wpantund_service, system_api_service, service_manager_type;
+
+###
+### Neverallow rules
+###
+
+# servicemanager handles registering or looking up named services.
+# It does not make sense to register or lookup something which is not a service.
+# Trigger a compile error if this occurs.
+neverallow domain ~{ service_manager_type vndservice_manager_type }:service_manager { add find };
commit	f21085ca298df27b22b76f238a31e5962d0f0b08	[log] [tgz]
author	Treehugger Robot <treehugger-gerrit@google.com>	Thu Dec 20 01:33:44 2018 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Thu Dec 20 01:33:44 2018 +0000
tree	c3ce1e2ab66a17bceb5f1755f890e2cd0034856d
parent	c2be630c3af15c06c17fa7a3ee59e91f73b5bc15 [diff]
parent	db43ee04eb7ddcd0e6ce00308ab6e3eb3a3ee506 [diff]