From aa5f37dab96a05cfea6e2aba4a746be1259968ec Mon Sep 17 00:00:00 2001
From: Jeff Vander Stoep <jeffv@google.com>
Date: Thu, 14 Sep 2017 16:14:11 -0700
Subject: [PATCH] do not expand hal_cas attribute

Addresses:
junit.framework.AssertionFailedError: The following errors were
encountered when validating the SELinuxneverallow rule:
neverallow {   domain   -adbd   -dumpstate   -hal_drm -hal_cas -init
-mediadrmserver   -recovery   -shell   -system_server }
serialno_prop:file { getattr open read ioctl lock map };
Warning!  Type or attribute hal_cas used in neverallow undefined in
policy being checked.
libsepol.report_failure: neverallow violated by allow mediaextractor
serialno_prop:file { ioctl read getattr lock map open };
libsepol.report_failure: neverallow violated by allow mediacodec
serialno_prop:file { ioctl read getattr lock map open };
libsepol.report_failure: neverallow violated by allow hal_cas_default
serialno_prop:file { ioctl read getattr lock map open };
libsepol.check_assertions: 3 neverallow failures occurred

Bug: 65681219
Test: build
Change-Id: I2a6445d6372ee4e768cc2cea2140c6de97707a74
Merged-In: I1092aff40da9dcf09bd044400bedd1f549eb7e38
---
 public/attributes | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/public/attributes b/public/attributes
index d384efd8d..f0bb18d42 100644
--- a/public/attributes
+++ b/public/attributes
@@ -245,7 +245,7 @@ expandattribute hal_drm_client true;
 attribute hal_drm_server;
 expandattribute hal_drm_server true;
 attribute hal_cas;
-expandattribute hal_cas true;
+expandattribute hal_cas false;
 attribute hal_cas_client;
 expandattribute hal_cas_client true;
 attribute hal_cas_server;
-- 
GitLab