Restrict HAL network access to HALS that manage network hardware
Only HALs that manage networks need network capabilities and network
sockets.
Test: aosp_marlin and aosp_bullhead policy builds. Note: neverallow
rules are compile time assertions and do not change the
on-device policy.
Bug: 36185625
Change-Id: Id64846eac24cf72ed91ce775cecb2c75f11b78df
diff --git a/public/hal_neverallows.te b/public/hal_neverallows.te
new file mode 100644
index 0000000..61b15ca
--- /dev/null
+++ b/public/hal_neverallows.te
@@ -0,0 +1,19 @@
+# only HALs responsible for network hardware should have privileged
+# network capabilities
+neverallow {
+ halserverdomain
+ -hal_bluetooth_server
+ -hal_wifi_server
+ -hal_wifi_supplicant_server
+ -rild
+} self:capability { net_admin net_raw };
+
+# Unless a HAL's job is to manage network hardware, it should not be
+# using network sockets.
+neverallow {
+ halserverdomain
+ -hal_gnss # TODO b/36085168 b/35757613
+ -hal_wifi_server
+ -hal_wifi_supplicant_server
+ -rild
+} domain:{ tcp_socket udp_socket rawip_socket } *;