From 7745770bca80e30acc2ef2e174468c30bed4f4ac Mon Sep 17 00:00:00 2001
From: Jeff Vander Stoep <jeffv@google.com>
Date: Wed, 23 May 2018 07:21:32 -0700
Subject: [PATCH] Use non-expanded types in prop neverallows

Using hal_foo attributes in neverallow rules does not work because
they are auto-expanded to types. Use hal_foo_server types instead.

Fixes the following error:
unit.framework.AssertionFailedError: The following errors were
encountered when validating the SELinuxneverallow rule: neverallow
{ domain -coredomain -bluetooth -hal_bluetooth } { bluetooth_prop }:
property_service set; Warning! Type or attribute hal_bluetooth used
in neverallow undefined in policy being checked.

Test: CtsSecurityHostTestCases
Bug: 80153368
Change-Id: I2baf9f66d2ff110a4f181423790a1160a6e138da
---
 prebuilts/api/28.0/public/property.te | 12 ++++++------
 public/property.te                    | 12 ++++++------
 2 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/prebuilts/api/28.0/public/property.te b/prebuilts/api/28.0/public/property.te
index c31210c0b..c9e1316a8 100644
--- a/prebuilts/api/28.0/public/property.te
+++ b/prebuilts/api/28.0/public/property.te
@@ -186,7 +186,7 @@ compatible_property_only(`
     domain
     -coredomain
     -bluetooth
-    -hal_bluetooth
+    -hal_bluetooth_server
   } {
     bluetooth_prop
   }:property_service set;
@@ -195,7 +195,7 @@ compatible_property_only(`
     domain
     -coredomain
     -bluetooth
-    -hal_bluetooth
+    -hal_bluetooth_server
     -vendor_init
   } {
     exported_bluetooth_prop
@@ -204,7 +204,7 @@ compatible_property_only(`
   neverallow {
     domain
     -coredomain
-    -hal_wifi
+    -hal_wifi_server
     -wificond
   } {
     wifi_prop
@@ -213,7 +213,7 @@ compatible_property_only(`
   neverallow {
     domain
     -coredomain
-    -hal_wifi
+    -hal_wifi_server
     -wificond
     -vendor_init
   } {
@@ -265,7 +265,7 @@ compatible_property_only(`
     domain
     -coredomain
     -bluetooth
-    -hal_bluetooth
+    -hal_bluetooth_server
   } {
     bluetooth_prop
   }:file no_rw_file_perms;
@@ -273,7 +273,7 @@ compatible_property_only(`
   neverallow {
     domain
     -coredomain
-    -hal_wifi
+    -hal_wifi_server
     -wificond
   } {
     wifi_prop
diff --git a/public/property.te b/public/property.te
index c31210c0b..c9e1316a8 100644
--- a/public/property.te
+++ b/public/property.te
@@ -186,7 +186,7 @@ compatible_property_only(`
     domain
     -coredomain
     -bluetooth
-    -hal_bluetooth
+    -hal_bluetooth_server
   } {
     bluetooth_prop
   }:property_service set;
@@ -195,7 +195,7 @@ compatible_property_only(`
     domain
     -coredomain
     -bluetooth
-    -hal_bluetooth
+    -hal_bluetooth_server
     -vendor_init
   } {
     exported_bluetooth_prop
@@ -204,7 +204,7 @@ compatible_property_only(`
   neverallow {
     domain
     -coredomain
-    -hal_wifi
+    -hal_wifi_server
     -wificond
   } {
     wifi_prop
@@ -213,7 +213,7 @@ compatible_property_only(`
   neverallow {
     domain
     -coredomain
-    -hal_wifi
+    -hal_wifi_server
     -wificond
     -vendor_init
   } {
@@ -265,7 +265,7 @@ compatible_property_only(`
     domain
     -coredomain
     -bluetooth
-    -hal_bluetooth
+    -hal_bluetooth_server
   } {
     bluetooth_prop
   }:file no_rw_file_perms;
@@ -273,7 +273,7 @@ compatible_property_only(`
   neverallow {
     domain
     -coredomain
-    -hal_wifi
+    -hal_wifi_server
     -wificond
   } {
     wifi_prop
-- 
GitLab