From 1f525e23fdf2c5d0af801277c15ddf9c13b454f7 Mon Sep 17 00:00:00 2001
From: Sandeep Patil <sspatil@google.com>
Date: Mon, 14 Aug 2017 09:35:11 -0700
Subject: [PATCH] DO NOT MERGE: use 'expandattribute' for
 untrusted_app_visible_hwservice

Bug: 62658302
Test: Boot device and observe no new denials

Change-Id: If9a21610897b14a419f276289818127412c29c55
Signed-off-by: Sandeep Patil <sspatil@google.com>
---
 private/app_neverallows.te | 2 +-
 public/attributes          | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index c730d708b..a3d7d498c 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@@ -160,7 +160,7 @@ neverallow all_untrusted_apps {
   -hal_cas_hwservice
   -untrusted_app_visible_hwservice
 }:hwservice_manager find;
-neverallow untrusted_app_visible_hwservice unlabeled:service_manager list; #TODO: b/62658302
+
 # Make sure that the following services are never accessible by untrusted_apps
 neverallow all_untrusted_apps {
   default_android_hwservice
diff --git a/public/attributes b/public/attributes
index 9ac302b36..386b21a56 100644
--- a/public/attributes
+++ b/public/attributes
@@ -156,6 +156,7 @@ expandattribute vendor_executes_system_violators false;
 # attribute to be submitted to AOSP in order to maintain their
 # app-visibility.
 attribute untrusted_app_visible_hwservice;
+expandattribute untrusted_app_visible_hwservice false;
 
 # halserver domains that are accessible to untrusted applications.  These
 # domains are typically those hosting  hwservices attributed by the
-- 
GitLab