From 7745770bca80e30acc2ef2e174468c30bed4f4ac Mon Sep 17 00:00:00 2001 From: Jeff Vander Stoep Date: Wed, 23 May 2018 07:21:32 -0700 Subject: [PATCH] Use non-expanded types in prop neverallows Using hal_foo attributes in neverallow rules does not work because they are auto-expanded to types. Use hal_foo_server types instead. Fixes the following error: unit.framework.AssertionFailedError: The following errors were encountered when validating the SELinuxneverallow rule: neverallow { domain -coredomain -bluetooth -hal_bluetooth } { bluetooth_prop }: property_service set; Warning! Type or attribute hal_bluetooth used in neverallow undefined in policy being checked. Test: CtsSecurityHostTestCases Bug: 80153368 Change-Id: I2baf9f66d2ff110a4f181423790a1160a6e138da --- prebuilts/api/28.0/public/property.te | 12 ++++++------ public/property.te | 12 ++++++------ 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/prebuilts/api/28.0/public/property.te b/prebuilts/api/28.0/public/property.te index c31210c0b..c9e1316a8 100644 --- a/prebuilts/api/28.0/public/property.te +++ b/prebuilts/api/28.0/public/property.te @@ -186,7 +186,7 @@ compatible_property_only(` domain -coredomain -bluetooth - -hal_bluetooth + -hal_bluetooth_server } { bluetooth_prop }:property_service set; @@ -195,7 +195,7 @@ compatible_property_only(` domain -coredomain -bluetooth - -hal_bluetooth + -hal_bluetooth_server -vendor_init } { exported_bluetooth_prop @@ -204,7 +204,7 @@ compatible_property_only(` neverallow { domain -coredomain - -hal_wifi + -hal_wifi_server -wificond } { wifi_prop @@ -213,7 +213,7 @@ compatible_property_only(` neverallow { domain -coredomain - -hal_wifi + -hal_wifi_server -wificond -vendor_init } { @@ -265,7 +265,7 @@ compatible_property_only(` domain -coredomain -bluetooth - -hal_bluetooth + -hal_bluetooth_server } { bluetooth_prop }:file no_rw_file_perms; @@ -273,7 +273,7 @@ compatible_property_only(` neverallow { domain -coredomain - -hal_wifi + -hal_wifi_server -wificond } { wifi_prop diff --git a/public/property.te b/public/property.te index c31210c0b..c9e1316a8 100644 --- a/public/property.te +++ b/public/property.te @@ -186,7 +186,7 @@ compatible_property_only(` domain -coredomain -bluetooth - -hal_bluetooth + -hal_bluetooth_server } { bluetooth_prop }:property_service set; @@ -195,7 +195,7 @@ compatible_property_only(` domain -coredomain -bluetooth - -hal_bluetooth + -hal_bluetooth_server -vendor_init } { exported_bluetooth_prop @@ -204,7 +204,7 @@ compatible_property_only(` neverallow { domain -coredomain - -hal_wifi + -hal_wifi_server -wificond } { wifi_prop @@ -213,7 +213,7 @@ compatible_property_only(` neverallow { domain -coredomain - -hal_wifi + -hal_wifi_server -wificond -vendor_init } { @@ -265,7 +265,7 @@ compatible_property_only(` domain -coredomain -bluetooth - -hal_bluetooth + -hal_bluetooth_server } { bluetooth_prop }:file no_rw_file_perms; @@ -273,7 +273,7 @@ compatible_property_only(` neverallow { domain -coredomain - -hal_wifi + -hal_wifi_server -wificond } { wifi_prop