hal_attribute_hwservice_client drop '_client'

Since this attribute just associates a hal_attribute
with a given hwservice in the standard way.

Bug: 80319537
Test: boot + sanity + test for denials
Change-Id: I545de165515387317e6920ce8f5e8c491f9ab24e

public/hal_audio.te

@@ -2,7 +2,7 @@
 binder_call(hal_audio_client, hal_audio_server)
 binder_call(hal_audio_server, hal_audio_client)
 
-hal_attribute_hwservice_client(hal_audio, hal_audio_hwservice)
+hal_attribute_hwservice(hal_audio, hal_audio_hwservice)
 
 allow hal_audio ion_device:chr_file r_file_perms;
 

public/hal_audiocontrol.te

@@ -2,4 +2,4 @@
 binder_call(hal_audiocontrol_client, hal_audiocontrol_server)
 binder_call(hal_audiocontrol_server, hal_audiocontrol_client)
 
-hal_attribute_hwservice_client(hal_audiocontrol, hal_audiocontrol_hwservice)
+hal_attribute_hwservice(hal_audiocontrol, hal_audiocontrol_hwservice)

public/hal_authsecret.te

@@ -1,4 +1,4 @@
 # HwBinder IPC from client to server
 binder_call(hal_authsecret_client, hal_authsecret_server)
 
-hal_attribute_hwservice_client(hal_authsecret, hal_authsecret_hwservice)
+hal_attribute_hwservice(hal_authsecret, hal_authsecret_hwservice)

public/hal_bluetooth.te

@@ -2,7 +2,7 @@
 binder_call(hal_bluetooth_client, hal_bluetooth_server)
 binder_call(hal_bluetooth_server, hal_bluetooth_client)
 
-hal_attribute_hwservice_client(hal_bluetooth, hal_bluetooth_hwservice)
+hal_attribute_hwservice(hal_bluetooth, hal_bluetooth_hwservice)
 
 wakelock_use(hal_bluetooth);
 

public/hal_bootctl.te

@@ -2,6 +2,6 @@
 binder_call(hal_bootctl_client, hal_bootctl_server)
 binder_call(hal_bootctl_server, hal_bootctl_client)
 
-hal_attribute_hwservice_client(hal_bootctl, hal_bootctl_hwservice)
+hal_attribute_hwservice(hal_bootctl, hal_bootctl_hwservice)
 
 dontaudit hal_bootctl self:capability sys_rawio;

public/hal_broadcastradio.te

@@ -1,3 +1,3 @@
 binder_call(hal_broadcastradio_client, hal_broadcastradio_server)
 
-hal_attribute_hwservice_client(hal_broadcastradio, hal_broadcastradio_hwservice)
+hal_attribute_hwservice(hal_broadcastradio, hal_broadcastradio_hwservice)

public/hal_camera.te

@@ -2,7 +2,7 @@
 binder_call(hal_camera_client, hal_camera_server)
 binder_call(hal_camera_server, hal_camera_client)
 
-hal_attribute_hwservice_client(hal_camera, hal_camera_hwservice)
+hal_attribute_hwservice(hal_camera, hal_camera_hwservice)
 
 allow hal_camera device:dir r_dir_perms;
 allow hal_camera video_device:dir r_dir_perms;

public/hal_cas.te

@@ -2,7 +2,7 @@
 binder_call(hal_cas_client, hal_cas_server)
 binder_call(hal_cas_server, hal_cas_client)
 
-hal_attribute_hwservice_client(hal_cas, hal_cas_hwservice)
+hal_attribute_hwservice(hal_cas, hal_cas_hwservice)
 allow hal_cas_server hidl_memory_hwservice:hwservice_manager find;
 
 # Permit reading device's serial number from system properties

public/hal_confirmationui.te

@@ -1,4 +1,4 @@
 # HwBinder IPC from client to server
 binder_call(hal_confirmationui_client, hal_confirmationui_server)
 
-hal_attribute_hwservice_client(hal_confirmationui, hal_confirmationui_hwservice)
+hal_attribute_hwservice(hal_confirmationui, hal_confirmationui_hwservice)

public/hal_contexthub.te

@@ -2,4 +2,4 @@
 binder_call(hal_contexthub_client, hal_contexthub_server)
 binder_call(hal_contexthub_server, hal_contexthub_client)
 
-hal_attribute_hwservice_client(hal_contexthub, hal_contexthub_hwservice)
+hal_attribute_hwservice(hal_contexthub, hal_contexthub_hwservice)

public/hal_drm.te

@@ -2,7 +2,7 @@
 binder_call(hal_drm_client, hal_drm_server)
 binder_call(hal_drm_server, hal_drm_client)
 
-hal_attribute_hwservice_client(hal_drm, hal_drm_hwservice)
+hal_attribute_hwservice(hal_drm, hal_drm_hwservice)
 
 allow hal_drm hidl_memory_hwservice:hwservice_manager find;
 

public/hal_dumpstate.te

@@ -2,7 +2,7 @@
 binder_call(hal_dumpstate_client, hal_dumpstate_server)
 binder_call(hal_dumpstate_server, hal_dumpstate_client)
 
-hal_attribute_hwservice_client(hal_dumpstate, hal_dumpstate_hwservice)
+hal_attribute_hwservice(hal_dumpstate, hal_dumpstate_hwservice)
 
 # write bug reports in /data/data/com.android.shell/files/bugreports/bugreport
 allow hal_dumpstate shell_data_file:file write;

public/hal_fingerprint.te

@@ -2,7 +2,7 @@
 binder_call(hal_fingerprint_client, hal_fingerprint_server)
 binder_call(hal_fingerprint_server, hal_fingerprint_client)
 
-hal_attribute_hwservice_client(hal_fingerprint, hal_fingerprint_hwservice)
+hal_attribute_hwservice(hal_fingerprint, hal_fingerprint_hwservice)
 
 # For memory allocation
 allow hal_fingerprint ion_device:chr_file r_file_perms;

public/hal_gatekeeper.te

@@ -1,6 +1,6 @@
 binder_call(hal_gatekeeper_client, hal_gatekeeper_server)
 
-hal_attribute_hwservice_client(hal_gatekeeper, hal_gatekeeper_hwservice)
+hal_attribute_hwservice(hal_gatekeeper, hal_gatekeeper_hwservice)
 
 # TEE access.
 allow hal_gatekeeper tee_device:chr_file rw_file_perms;

public/hal_gnss.te

@@ -2,4 +2,4 @@
 binder_call(hal_gnss_client, hal_gnss_server)
 binder_call(hal_gnss_server, hal_gnss_client)
 
-hal_attribute_hwservice_client(hal_gnss, hal_gnss_hwservice)
+hal_attribute_hwservice(hal_gnss, hal_gnss_hwservice)

public/hal_graphics_allocator.te

@@ -1,7 +1,7 @@
 # HwBinder IPC from client to server
 binder_call(hal_graphics_allocator_client, hal_graphics_allocator_server)
 
-hal_attribute_hwservice_client(hal_graphics_allocator, hal_graphics_allocator_hwservice)
+hal_attribute_hwservice(hal_graphics_allocator, hal_graphics_allocator_hwservice)
 allow hal_graphics_allocator_client hal_graphics_mapper_hwservice:hwservice_manager find;
 
 # GPU device access

public/hal_graphics_composer.te

@@ -2,7 +2,7 @@
 binder_call(hal_graphics_composer_client, hal_graphics_composer_server)
 binder_call(hal_graphics_composer_server, hal_graphics_composer_client)
 
-hal_attribute_hwservice_client(hal_graphics_composer, hal_graphics_composer_hwservice)
+hal_attribute_hwservice(hal_graphics_composer, hal_graphics_composer_hwservice)
 
 # Coordinate with hal_graphics_mapper
 allow hal_graphics_composer_server hal_graphics_mapper_hwservice:hwservice_manager find;

public/hal_health.te

@@ -2,7 +2,7 @@
 binder_call(hal_health_client, hal_health_server)
 binder_call(hal_health_server, hal_health_client)
 
-hal_attribute_hwservice_client(hal_health, hal_health_hwservice)
+hal_attribute_hwservice(hal_health, hal_health_hwservice)
 
 # Read access to system files for HALs in
 # /{system,vendor,odm}/lib[64]/hw/ in order

public/hal_ir.te

@@ -2,4 +2,4 @@
 binder_call(hal_ir_client, hal_ir_server)
 binder_call(hal_ir_server, hal_ir_client)
 
-hal_attribute_hwservice_client(hal_ir, hal_ir_hwservice)
+hal_attribute_hwservice(hal_ir, hal_ir_hwservice)

public/hal_keymaster.te

@@ -1,7 +1,7 @@
 # HwBinder IPC from client to server
 binder_call(hal_keymaster_client, hal_keymaster_server)
 
-hal_attribute_hwservice_client(hal_keymaster, hal_keymaster_hwservice)
+hal_attribute_hwservice(hal_keymaster, hal_keymaster_hwservice)
 
 allow hal_keymaster tee_device:chr_file rw_file_perms;
 allow hal_keymaster ion_device:chr_file r_file_perms;

public/hal_light.te

@@ -2,7 +2,7 @@
 binder_call(hal_light_client, hal_light_server)
 binder_call(hal_light_server, hal_light_client)
 
-hal_attribute_hwservice_client(hal_light, hal_light_hwservice)
+hal_attribute_hwservice(hal_light, hal_light_hwservice)
 
 allow hal_light sysfs_leds:lnk_file read;
 allow hal_light sysfs_leds:file rw_file_perms;

public/hal_lowpan.te

@@ -4,7 +4,7 @@ binder_call(hal_lowpan_server, hal_lowpan_client)
 
 
 # Allow hal_lowpan_client to be able to find the hal_lowpan_server
-hal_attribute_hwservice_client(hal_lowpan, hal_lowpan_hwservice)
+hal_attribute_hwservice(hal_lowpan, hal_lowpan_hwservice)
 
 # hal_lowpan domain can write/read to/from lowpan_prop
 set_prop(hal_lowpan_server, lowpan_prop)

public/hal_memtrack.te

@@ -1,4 +1,4 @@
 # HwBinder IPC from client to server
 binder_call(hal_memtrack_client, hal_memtrack_server)
 
-hal_attribute_hwservice_client(hal_memtrack, hal_memtrack_hwservice)
+hal_attribute_hwservice(hal_memtrack, hal_memtrack_hwservice)

public/hal_neuralnetworks.te

@@ -2,6 +2,6 @@
 binder_call(hal_neuralnetworks_client, hal_neuralnetworks_server)
 binder_call(hal_neuralnetworks_server, hal_neuralnetworks_client)
 
-hal_attribute_hwservice_client(hal_neuralnetworks, hal_neuralnetworks_hwservice)
+hal_attribute_hwservice(hal_neuralnetworks, hal_neuralnetworks_hwservice)
 allow hal_neuralnetworks hidl_memory_hwservice:hwservice_manager find;
 allow hal_neuralnetworks hal_allocator:fd use;

public/hal_nfc.te

@@ -2,7 +2,7 @@
 binder_call(hal_nfc_client, hal_nfc_server)
 binder_call(hal_nfc_server, hal_nfc_client)
 
-hal_attribute_hwservice_client(hal_nfc, hal_nfc_hwservice)
+hal_attribute_hwservice(hal_nfc, hal_nfc_hwservice)
 
 # Set NFC properties (used by bcm2079x HAL).
 set_prop(hal_nfc, nfc_prop)

public/hal_oemlock.te

@@ -1,4 +1,4 @@
 # HwBinder IPC from client to server
 binder_call(hal_oemlock_client, hal_oemlock_server)
 
-hal_attribute_hwservice_client(hal_oemlock, hal_oemlock_hwservice)
+hal_attribute_hwservice(hal_oemlock, hal_oemlock_hwservice)

public/hal_omx.te

@@ -25,8 +25,8 @@ crash_dump_fallback(hal_omx_server)
 # via PDX. Thus, there is no need to use pdx_client macro.
 allow hal_omx_server bufferhubd:fd use;
 
-hal_attribute_hwservice_client(hal_omx, hal_omx_hwservice)
-hal_attribute_hwservice_client(hal_omx, hal_codec2_hwservice)
+hal_attribute_hwservice(hal_omx, hal_omx_hwservice)
+hal_attribute_hwservice(hal_omx, hal_codec2_hwservice)
 
 allow hal_omx_client hidl_token_hwservice:hwservice_manager find;
 

public/hal_power.te

@@ -2,4 +2,4 @@
 binder_call(hal_power_client, hal_power_server)
 binder_call(hal_power_server, hal_power_client)
 
-hal_attribute_hwservice_client(hal_power, hal_power_hwservice)
+hal_attribute_hwservice(hal_power, hal_power_hwservice)

public/hal_secure_element.te

@@ -2,4 +2,4 @@
 binder_call(hal_secure_element_client, hal_secure_element_server)
 binder_call(hal_secure_element_server, hal_secure_element_client)
 
-hal_attribute_hwservice_client(hal_secure_element, hal_secure_element_hwservice)
+hal_attribute_hwservice(hal_secure_element, hal_secure_element_hwservice)

public/hal_sensors.te

@@ -1,7 +1,7 @@
 # HwBinder IPC from client to server
 binder_call(hal_sensors_client, hal_sensors_server)
 
-hal_attribute_hwservice_client(hal_sensors, hal_sensors_hwservice)
+hal_attribute_hwservice(hal_sensors, hal_sensors_hwservice)
 
 # Allow sensor hals to access ashmem memory allocated by apps
 allow hal_sensors { appdomain -isolated_app }:fd use;

public/hal_telephony.te

@@ -2,7 +2,7 @@
 binder_call(hal_telephony_client, hal_telephony_server)
 binder_call(hal_telephony_server, hal_telephony_client)
 
-hal_attribute_hwservice_client(hal_telephony, hal_telephony_hwservice)
+hal_attribute_hwservice(hal_telephony, hal_telephony_hwservice)
 
 allowxperm hal_telephony_server self:udp_socket ioctl priv_sock_ioctls;
 

public/hal_tetheroffload.te

@@ -2,7 +2,7 @@
 binder_call(hal_tetheroffload_client, hal_tetheroffload_server)
 binder_call(hal_tetheroffload_server, hal_tetheroffload_client)
 
-hal_attribute_hwservice_client(hal_tetheroffload, hal_tetheroffload_hwservice)
+hal_attribute_hwservice(hal_tetheroffload, hal_tetheroffload_hwservice)
 
 # allow the client to pass the server already open netlink sockets
 allow hal_tetheroffload_server hal_tetheroffload_client:netlink_netfilter_socket { getattr read setopt write };

public/hal_thermal.te

@@ -2,4 +2,4 @@
 binder_call(hal_thermal_client, hal_thermal_server)
 binder_call(hal_thermal_server, hal_thermal_client)
 
-hal_attribute_hwservice_client(hal_thermal, hal_thermal_hwservice)
+hal_attribute_hwservice(hal_thermal, hal_thermal_hwservice)

public/hal_tv_cec.te

@@ -2,4 +2,4 @@
 binder_call(hal_tv_cec_client, hal_tv_cec_server)
 binder_call(hal_tv_cec_server, hal_tv_cec_client)
 
-hal_attribute_hwservice_client(hal_tv_cec, hal_tv_cec_hwservice)
+hal_attribute_hwservice(hal_tv_cec, hal_tv_cec_hwservice)

public/hal_tv_input.te

@@ -2,4 +2,4 @@
 binder_call(hal_tv_input_client, hal_tv_input_server)
 binder_call(hal_tv_input_server, hal_tv_input_client)
 
-hal_attribute_hwservice_client(hal_tv_input, hal_tv_input_hwservice)
+hal_attribute_hwservice(hal_tv_input, hal_tv_input_hwservice)

public/hal_usb.te

@@ -2,7 +2,7 @@
 binder_call(hal_usb_client, hal_usb_server)
 binder_call(hal_usb_server, hal_usb_client)
 
-hal_attribute_hwservice_client(hal_usb, hal_usb_hwservice)
+hal_attribute_hwservice(hal_usb, hal_usb_hwservice)
 
 allow hal_usb self:netlink_kobject_uevent_socket create;
 allow hal_usb self:netlink_kobject_uevent_socket setopt;

public/hal_usb_gadget.te

@@ -2,7 +2,7 @@
 binder_call(hal_usb_gadget_client, hal_usb_gadget_server)
 binder_call(hal_usb_gadget_server, hal_usb_gadget_client)
 
-hal_attribute_hwservice_client(hal_usb_gadget, hal_usb_gadget_hwservice)
+hal_attribute_hwservice(hal_usb_gadget, hal_usb_gadget_hwservice)
 
 # Configuring usb gadget functions
 allow hal_usb_gadget_server configfs:lnk_file { read create unlink};

public/hal_vehicle.te

@@ -3,4 +3,4 @@ binder_call(hal_vehicle_client, hal_vehicle_server)
 binder_call(hal_vehicle_server, hal_vehicle_client)
 
 
-hal_attribute_hwservice_client(hal_vehicle, hal_vehicle_hwservice)
+hal_attribute_hwservice(hal_vehicle, hal_vehicle_hwservice)

public/hal_vibrator.te

@@ -1,7 +1,7 @@
 # HwBinder IPC from client to server
 binder_call(hal_vibrator_client, hal_vibrator_server)
 
-hal_attribute_hwservice_client(hal_vibrator, hal_vibrator_hwservice)
+hal_attribute_hwservice(hal_vibrator, hal_vibrator_hwservice)
 
 # vibrator sysfs rw access
 allow hal_vibrator sysfs_vibrator:file rw_file_perms;

public/hal_vr.te

@@ -2,4 +2,4 @@
 binder_call(hal_vr_client, hal_vr_server)
 binder_call(hal_vr_server, hal_vr_client)
 
-hal_attribute_hwservice_client(hal_vr, hal_vr_hwservice)
+hal_attribute_hwservice(hal_vr, hal_vr_hwservice)

public/hal_weaver.te

@@ -1,4 +1,4 @@
 # HwBinder IPC from client to server
 binder_call(hal_weaver_client, hal_weaver_server)
 
-hal_attribute_hwservice_client(hal_weaver, hal_weaver_hwservice)
+hal_attribute_hwservice(hal_weaver, hal_weaver_hwservice)

public/hal_wifi.te

@@ -2,7 +2,7 @@
 binder_call(hal_wifi_client, hal_wifi_server)
 binder_call(hal_wifi_server, hal_wifi_client)
 
-hal_attribute_hwservice_client(hal_wifi, hal_wifi_hwservice)
+hal_attribute_hwservice(hal_wifi, hal_wifi_hwservice)
 
 r_dir_file(hal_wifi, proc_net_type)
 r_dir_file(hal_wifi, sysfs_type)

public/hal_wifi_hostapd.te

@@ -2,7 +2,7 @@
 binder_call(hal_wifi_hostapd_client, hal_wifi_hostapd_server)
 binder_call(hal_wifi_hostapd_server, hal_wifi_hostapd_client)
 
-hal_attribute_hwservice_client(hal_wifi_hostapd, hal_wifi_hostapd_hwservice)
+hal_attribute_hwservice(hal_wifi_hostapd, hal_wifi_hostapd_hwservice)
 
 allow hal_wifi_hostapd_server self:global_capability_class_set { net_admin net_raw };
 

public/hal_wifi_offload.te

@@ -2,7 +2,7 @@
 binder_call(hal_wifi_offload_client, hal_wifi_offload_server)
 binder_call(hal_wifi_offload_server, hal_wifi_offload_client)
 
-hal_attribute_hwservice_client(hal_wifi_offload, hal_wifi_offload_hwservice)
+hal_attribute_hwservice(hal_wifi_offload, hal_wifi_offload_hwservice)
 
 r_dir_file(hal_wifi_offload, proc_net_type)
 r_dir_file(hal_wifi_offload, sysfs_type)

public/hal_wifi_supplicant.te

@@ -2,7 +2,7 @@
 binder_call(hal_wifi_supplicant_client, hal_wifi_supplicant_server)
 binder_call(hal_wifi_supplicant_server, hal_wifi_supplicant_client)
 
-hal_attribute_hwservice_client(hal_wifi_supplicant, hal_wifi_supplicant_hwservice)
+hal_attribute_hwservice(hal_wifi_supplicant, hal_wifi_supplicant_hwservice)
 
 # in addition to ioctls whitelisted for all domains, grant hal_wifi_supplicant priv_sock_ioctls.
 allowxperm hal_wifi_supplicant self:udp_socket ioctl priv_sock_ioctls;

public/te_macros

@@ -605,13 +605,13 @@ define(`add_hwservice', `
 ')
 
 ###########################################
-# hal_attribute_hwservice_client(attribute, service)
+# hal_attribute_hwservice(attribute, service)
 # Ability for domain to get a service to hwservice_manager
 # and find it. It also creates a neverallow preventing
 # others from adding it.
 #
 # Used to pair hal_foo_client with hal_foo_hwservice
-define(`hal_attribute_hwservice_client', `
+define(`hal_attribute_hwservice', `
   allow $1_client $2:hwservice_manager find;
   neverallow { domain -$1_client -$1_server } $2:hwservice_manager find;