Make AIDL HAL client attribute an exclusive client.

Like HIDL HALs, if we have a service which is allowed to access
hal_<foo>_service, we want that service to have the attribute
hal_<foo>_client.

Unlike HIDL HALs, some AIDL services are allowed to get ahold of all
HALs, so these have to be exempted from this check.

Fixes: 168152053
Test: neverallows pass
Change-Id: I4bce6d9441c2921c3ea40f2b01fef4030c02a28a

private/atrace.te

@@ -1,7 +1,6 @@
 # Domain for atrace process.
 # It is spawned either by traced_probes or by init for the boottrace service.
 
-type atrace, domain, coredomain;
 type atrace_exec, exec_type, file_type, system_file_type;
 
 # boottrace services uses /data/misc/boottrace/categories

public/atrace.te

@@ -0,0 +1 @@
+type atrace, domain, coredomain;

public/hal_fingerprint.te

@@ -3,12 +3,10 @@ binder_call(hal_fingerprint_client, hal_fingerprint_server)
 binder_call(hal_fingerprint_server, hal_fingerprint_client)
 
 hal_attribute_hwservice(hal_fingerprint, hal_fingerprint_hwservice)
+hal_attribute_service(hal_fingerprint, hal_fingerprint_service)
 
-add_service(hal_fingerprint_server, hal_fingerprint_service)
 binder_call(hal_fingerprint_server, servicemanager)
 
-allow hal_fingerprint_client hal_fingerprint_service:service_manager find;
-
 # For memory allocation
 allow hal_fingerprint ion_device:chr_file r_file_perms;
 

public/hal_identity.te

@@ -1,7 +1,6 @@
 # HwBinder IPC from client to server
 binder_call(hal_identity_client, hal_identity_server)
 
-add_service(hal_identity_server, hal_identity_service)
+hal_attribute_service(hal_identity, hal_identity_service)
-binder_call(hal_identity_server, servicemanager)
 
-allow hal_identity_client hal_identity_service:service_manager find;
+binder_call(hal_identity_server, servicemanager)

public/hal_light.te

@@ -3,13 +3,9 @@ binder_call(hal_light_client, hal_light_server)
 binder_call(hal_light_server, hal_light_client)
 
 hal_attribute_hwservice(hal_light, hal_light_hwservice)
+hal_attribute_service(hal_light, hal_light_service)
 
-# server adds itself via service_manager
-add_service(hal_light_server, hal_light_service)
 binder_call(hal_light_server, servicemanager)
-
-# client finds and uses server via service_manager
-allow hal_light_client hal_light_service:service_manager find;
 binder_use(hal_light_client)
 
 allow hal_light_server dumpstate:fifo_file write;

public/hal_power.te

@@ -3,8 +3,7 @@ binder_call(hal_power_client, hal_power_server)
 binder_call(hal_power_server, hal_power_client)
 
 hal_attribute_hwservice(hal_power, hal_power_hwservice)
+hal_attribute_service(hal_power, hal_power_service)
 
-add_service(hal_power_server, hal_power_service)
 binder_call(hal_power_server, servicemanager)
 binder_call(hal_power_client, servicemanager)
-allow hal_power_client hal_power_service:service_manager find;

public/hal_rebootescrow.te

@@ -1,7 +1,6 @@
 # HwBinder IPC from client to server
 binder_call(hal_rebootescrow_client, hal_rebootescrow_server)
 
-add_service(hal_rebootescrow_server, hal_rebootescrow_service)
+hal_attribute_service(hal_rebootescrow, hal_rebootescrow_service)
-binder_use(hal_rebootescrow_server)
 
-allow hal_rebootescrow_client hal_rebootescrow_service:service_manager find;
+binder_use(hal_rebootescrow_server)

public/hal_vibrator.te

@@ -3,12 +3,10 @@ binder_call(hal_vibrator_client, hal_vibrator_server)
 binder_call(hal_vibrator_server, hal_vibrator_client);
 
 hal_attribute_hwservice(hal_vibrator, hal_vibrator_hwservice)
+hal_attribute_service(hal_vibrator, hal_vibrator_service)
 
-add_service(hal_vibrator_server, hal_vibrator_service)
 binder_call(hal_vibrator_server, servicemanager)
 
-allow hal_vibrator_client hal_vibrator_service:service_manager find;
-
 allow hal_vibrator_server dumpstate:fifo_file write;
 
 # vibrator sysfs rw access

public/te_macros

@@ -654,10 +654,42 @@ define(`hal_attribute_hwservice', `
   add_hwservice($1_server, $2)
 
   build_test_only(`
+    # if you are hitting this neverallow, try using:
+    #     hal_client_domain(<your domain>, hal_<foo>)
+    # instead
     neverallow { domain -$1_client -$1_server } $2:hwservice_manager find;
   ')
 ')
 
+###########################################
+# hal_attribute_service(attribute, service)
+# Ability for domain to get a service to hwservice_manager
+# and find it. It also creates a neverallow preventing
+# others from adding it.
+#
+# Used to pair hal_foo_client with hal_foo_hwservice
+define(`hal_attribute_service', `
+  allow $1_client $2:service_manager find;
+  add_service($1_server, $2)
+
+  build_test_only(`
+    # if you are hitting this neverallow, try using:
+    #     hal_client_domain(<your domain>, hal_<foo>)
+    # instead
+    neverallow {
+        domain
+        -$1_client
+        -$1_server
+        # some services are allowed to find all services
+        -atrace
+        -dumpstate
+        -shell
+        -system_app
+        -traceur_app
+    } $2:service_manager find;
+  ')
+')
+
 ###################################
 # can_profile_heap(domain)
 # Allow processes within the domain to have their heap profiled by heapprofd.