From db43ee04eb7ddcd0e6ce00308ab6e3eb3a3ee506 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Wed, 19 Dec 2018 14:24:26 -0800
Subject: [PATCH] Ensure that hwservice_manager adds / finds make sense.

Add a neverallow rule asserting that services registered or queried
through hwservicemanager must have the attribute hwservice_manager_type.
Attempting to add or query a service which does not have that
attribute is malformed policy.

Test: compiles
Change-Id: Ib498508694f478c396f2d9273abaccbff06975e6
---
 public/hwservice.te | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/public/hwservice.te b/public/hwservice.te
index fa838628b..09808b33a 100644
--- a/public/hwservice.te
+++ b/public/hwservice.te
@@ -66,3 +66,12 @@ type system_net_netd_hwservice, hwservice_manager_type, coredomain_hwservice;
 type system_suspend_hwservice, hwservice_manager_type, coredomain_hwservice;
 type system_wifi_keystore_hwservice, hwservice_manager_type, coredomain_hwservice;
 type thermalcallback_hwservice, hwservice_manager_type;
+
+###
+### Neverallow rules
+###
+
+# hwservicemanager handles registering or looking up named services.
+# It does not make sense to register or lookup something which is not a
+# hwservice. Trigger a compile error if this occurs.
+neverallow domain ~hwservice_manager_type:hwservice_manager { add find };