From 536d3413b84c4340f9d8cea96a3239490784169f Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Mon, 26 Nov 2018 23:10:56 -0800
Subject: [PATCH] use hal_bootctl_server in neverallow rule

Hals have 3 attributes associated with them, the attribute itself, the
_client attribute, and the _server attribute. Only the server attribute
isn't expanded using the expandattribute keyword, and as a result, is
the only attribute which can be used in neverallow rules.

Fix neverallow rule to use hal_bootctl_server, which is not expanded,
instead of hal_bootctl.

Introduced in: https://android-review.googlesource.com/c/platform/system/sepolicy/+/777178

Test: policy compiles
Bug: 119500144
Change-Id: I8cff9cc03f4c30704175afb203c68f237fbd61ca
---
 public/vold.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/public/vold.te b/public/vold.te
index d26c83614..d6ab4af66 100644
--- a/public/vold.te
+++ b/public/vold.te
@@ -291,7 +291,7 @@ neverallow vold {
   -hal_health_storage_server
   -hal_keymaster_server
   -hal_system_suspend_server
-  -hal_bootctl
+  -hal_bootctl_server
   -healthd
   -hwservicemanager
   -iorapd_service
-- 
GitLab