Ensure that hwservice_manager adds / finds make sense.

Add a neverallow rule asserting that services registered or queried through hwservicemanager must have the attribute hwservice_manager_type. Attempting to add or query a service which does not have that attribute is malformed policy. Test: compiles Change-Id: Ib498508694f478c396f2d9273abaccbff06975e6

Ensure that hwservice_manager adds / finds make sense.
Add a neverallow rule asserting that services registered or queried through hwservicemanager must have the attribute hwservice_manager_type. Attempting to add or query a service which does not have that attribute is malformed policy. Test: compiles Change-Id: Ib498508694f478c396f2d9273abaccbff06975e6
db43ee04 · Nick Kralevich · 3361ec43 · db43ee04
Commit db43ee04 authored 6 years ago by Nick Kralevich
--- a/public/hwservice.te
+++ b/public/hwservice.te
@@ -66,3 +66,12 @@ type system_net_netd_hwservice, hwservice_manager_type, coredomain_hwservice;
 type system_suspend_hwservice, hwservice_manager_type, coredomain_hwservice;
 type system_wifi_keystore_hwservice, hwservice_manager_type, coredomain_hwservice;
 type thermalcallback_hwservice, hwservice_manager_type;
+
+###
+### Neverallow rules
+###
+
+# hwservicemanager handles registering or looking up named services.
+# It does not make sense to register or lookup something which is not a
+# hwservice. Trigger a compile error if this occurs.
+neverallow domain ~hwservice_manager_type:hwservice_manager { add find };