From 7f46899463bc33231f1a09c0b77e4c1612efac91 Mon Sep 17 00:00:00 2001
From: Alex Klyubin <klyubin@google.com>
Date: Fri, 20 Jan 2017 12:49:35 -0800
Subject: [PATCH] Grant rild and gatekeeperd access to hwservicemanager

In my commit f41d89eb249ca1f9fce41d86852047f924b1714e I forgot to
switch rild and gatekeeperd rules from explicitly associating these
domains with the hal_telephony and hal_gatekeeper to using the
hal_impl_domain macro. As a result, the recent commit
a25192262b7bde0d480910b9662027c8617cccba inadvertently revoked
HwBinder access from rild and gatekeeperd.

This commit fixes the issue by switching rild and gatekeeperd to the
hal_impl_domain macro.

Test: "sepolicy-analyze out/target/product/bullhead/root/sepolicy attribute haldomain"
      now lists rild and gatekeeperd
Test: "sepolicy-analyze out/target/product/bullhead/root/sepolicy attribute hal_telephony"
      still lists rild
Test: "sepolicy-analyze out/target/product/bullhead/root/sepolicy attribute hal_gatekeeper"
      still lists gatekeeperd
Bug: 34180936
Bug: 34470443
Change-Id: I7949556f58c36811205d5ea3ee78ea5708e95b45
---
 public/gatekeeperd.te | 3 ++-
 public/rild.te        | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/public/gatekeeperd.te b/public/gatekeeperd.te
index 3831dff71..88a2e00fc 100644
--- a/public/gatekeeperd.te
+++ b/public/gatekeeperd.te
@@ -1,5 +1,6 @@
+type gatekeeperd, domain;
 # normally uses HAL; implements HAL in pass-through mode only
-type gatekeeperd, hal_gatekeeper, domain;
+hal_impl_domain(gatekeeperd, hal_gatekeeper)
 type gatekeeperd_exec, exec_type, file_type;
 
 # gatekeeperd
diff --git a/public/rild.te b/public/rild.te
index 4d9cb2111..1ce19e3dc 100644
--- a/public/rild.te
+++ b/public/rild.te
@@ -1,5 +1,6 @@
 # rild - radio interface layer daemon
-type rild, domain, domain_deprecated, hal_telephony;
+type rild, domain, domain_deprecated;
+hal_impl_domain(rild, hal_telephony)
 type rild_exec, exec_type, file_type;
 
 net_domain(rild)
-- 
GitLab