From 1b4e69a734c1dfa57e945799d47266da45281b0e Mon Sep 17 00:00:00 2001
From: William Roberts <william.c.roberts@linux.intel.com>
Date: Mon, 11 May 2015 13:02:46 -0700
Subject: [PATCH] make unix_socket_connect() for property service a warning

Encourage the use of set_prop macro by making existing
unix_socket_connect(domain, property, init) calls
warn at compile time. When encountering one of these macros,
m4 will emit a deprecated message as follows:

m4: external/sepolicy/adbd.te: 97: deprecated: unix_socket_connect(adbd, property, init) Please use set_prop(adbd, <property name>) instead.

Change-Id: I997fed75d2683933e08db8b9efeecea71523c7c3
Signed-off-by: William Roberts <william.c.roberts@linux.intel.com>
---
 te_macros | 23 ++++++++++++++++++-----
 1 file changed, 18 insertions(+), 5 deletions(-)

diff --git a/te_macros b/te_macros
index 408d9d5fe..5248f1849 100644
--- a/te_macros
+++ b/te_macros
@@ -129,6 +129,15 @@ typeattribute $1 bluetoothdomain;
 # use set_prop(sourcedomain, targetproperty)
 #
 define(`unix_socket_connect', `
+ifelse($2, `property', `
+    ifelse($3,`init', `
+       print(`deprecated: unix_socket_connect($1, $2, $3) Please use set_prop($1, <property name>) instead.')
+   ')
+')
+__unix_socket_connect__($1, $2, $3)
+')
+
+define(`__unix_socket_connect__', `
 allow $1 $2_socket:sock_file write;
 allow $1 $3:unix_stream_socket connectto;
 ')
@@ -139,7 +148,7 @@ allow $1 $3:unix_stream_socket connectto;
 # targetproperty.
 #
 define(`set_prop', `
-unix_socket_connect($1, property, init)
+__unix_socket_connect__($1, property, init)
 allow $1 $2:property_service set;
 ')
 
@@ -244,11 +253,10 @@ allow $1 security_file:file r_file_perms;
 # trigger runtime reload.
 define(`selinux_manage_policy', `
 security_access_policy($1)
-unix_socket_connect($1, property, init)
 allow $1 security_file:dir create_dir_perms;
 allow $1 security_file:file create_file_perms;
 allow $1 security_file:lnk_file { create rename unlink };
-allow $1 security_prop:property_service set;
+set_prop($1, security_prop)
 ')
 
 #####################################
@@ -257,11 +265,10 @@ allow $1 security_prop:property_service set;
 # trigger runtime reload, change
 # mmac enforcing mode and access logcat.
 define(`mmac_manage_policy', `
-unix_socket_connect($1, property, init)
 allow $1 security_file:dir create_dir_perms;
 allow $1 security_file:file create_file_perms;
 allow $1 security_file:lnk_file { create rename unlink };
-allow $1 security_prop:property_service set;
+set_prop($1, security_prop)
 ')
 
 #####################################
@@ -374,3 +381,9 @@ define(`use_drmservice', `
   allow drmserver $1:file { read open };
   allow drmserver $1:process getattr;
 ')
+
+##########################################
+# print a message with a trailing newline
+# print(`args')
+define(`print', `errprint(`m4: '__file__: __line__`: $*
+')')
-- 
GitLab