From 8d7f50333653a5e41aa7ec70dd0108b84238d0a2 Mon Sep 17 00:00:00 2001
From: Pavel Maltsev <pavelm@google.com>
Date: Tue, 15 May 2018 14:16:57 -0700
Subject: [PATCH] Allow to use sockets from hal server for auto

Add an exemption to neverallow rule to use sockets from HAL servers only
for automotive build

Bug: 78901167
Test: assign this attribute to hal_vehicle_default and try to open
socket from HAL implementation
Test: verify that new CTS test will fail for non-automotive build with
this attribute buing used
Test: make cts && cts-tradefed run singleCommand cts --skip-device-info
 --skip-preconditions --abi arm64-v8a --module CtsSecurityHostTestCases
 -t android.security.cts.SELinuxHostTest

Merged-In: I27976443dad4fc5b7425c089512cac65bb54d6d9

(cherry picked from commit 4cafae77a4ac9e9b34410714787b68523dcd5345)

Change-Id: I58e25a0f86579073aa568379b10b6599212134c6
---
 public/attributes         | 6 ++++++
 public/hal_neverallows.te | 5 +++++
 2 files changed, 11 insertions(+)

diff --git a/public/attributes b/public/attributes
index ed6b97f83..f83394379 100644
--- a/public/attributes
+++ b/public/attributes
@@ -214,6 +214,12 @@ attribute halserverdomain;
 attribute halclientdomain;
 expandattribute halclientdomain true;
 
+# Exempt for halserverdomain to access sockets. Only builds for automotive
+# device types are allowed to use this attribute (enforced by CTS).
+# Unlike phone, in a car many modules are external from Android perspective and
+# HALs should be able to communicate with those devices through sockets.
+attribute hal_automotive_socket_exemption;
+
 # TODO(b/72757373): Use hal_attribute macro once expandattribute value conflicts
 # can be resolve.
 attribute hal_audio;
diff --git a/public/hal_neverallows.te b/public/hal_neverallows.te
index 017fcce7b..0f05d8ad3 100644
--- a/public/hal_neverallows.te
+++ b/public/hal_neverallows.te
@@ -11,8 +11,13 @@ neverallow {
 
 # Unless a HAL's job is to communicate over the network, or control network
 # hardware, it should not be using network sockets.
+# NOTE: HALs for automotive devices have an exemption from this rule because in
+# a car it is common to have external modules and HALs need to communicate to
+# those modules using network.  Using this exemption for non-automotive builds
+# will result in CTS failure.
 neverallow {
   halserverdomain
+  -hal_automotive_socket_exemption
   -hal_tetheroffload_server
   -hal_wifi_server
   -hal_wifi_hostapd_server
-- 
GitLab