From 8d7f50333653a5e41aa7ec70dd0108b84238d0a2 Mon Sep 17 00:00:00 2001 From: Pavel Maltsev <pavelm@google.com> Date: Tue, 15 May 2018 14:16:57 -0700 Subject: [PATCH] Allow to use sockets from hal server for auto Add an exemption to neverallow rule to use sockets from HAL servers only for automotive build Bug: 78901167 Test: assign this attribute to hal_vehicle_default and try to open socket from HAL implementation Test: verify that new CTS test will fail for non-automotive build with this attribute buing used Test: make cts && cts-tradefed run singleCommand cts --skip-device-info --skip-preconditions --abi arm64-v8a --module CtsSecurityHostTestCases -t android.security.cts.SELinuxHostTest Merged-In: I27976443dad4fc5b7425c089512cac65bb54d6d9 (cherry picked from commit 4cafae77a4ac9e9b34410714787b68523dcd5345) Change-Id: I58e25a0f86579073aa568379b10b6599212134c6 --- public/attributes | 6 ++++++ public/hal_neverallows.te | 5 +++++ 2 files changed, 11 insertions(+) diff --git a/public/attributes b/public/attributes index ed6b97f83..f83394379 100644 --- a/public/attributes +++ b/public/attributes @@ -214,6 +214,12 @@ attribute halserverdomain; attribute halclientdomain; expandattribute halclientdomain true; +# Exempt for halserverdomain to access sockets. Only builds for automotive +# device types are allowed to use this attribute (enforced by CTS). +# Unlike phone, in a car many modules are external from Android perspective and +# HALs should be able to communicate with those devices through sockets. +attribute hal_automotive_socket_exemption; + # TODO(b/72757373): Use hal_attribute macro once expandattribute value conflicts # can be resolve. attribute hal_audio; diff --git a/public/hal_neverallows.te b/public/hal_neverallows.te index 017fcce7b..0f05d8ad3 100644 --- a/public/hal_neverallows.te +++ b/public/hal_neverallows.te @@ -11,8 +11,13 @@ neverallow { # Unless a HAL's job is to communicate over the network, or control network # hardware, it should not be using network sockets. +# NOTE: HALs for automotive devices have an exemption from this rule because in +# a car it is common to have external modules and HALs need to communicate to +# those modules using network. Using this exemption for non-automotive builds +# will result in CTS failure. neverallow { halserverdomain + -hal_automotive_socket_exemption -hal_tetheroffload_server -hal_wifi_server -hal_wifi_hostapd_server -- GitLab