Replace unix_socket_connect() and explicit property sets with macro

A common source of mistakes when authoring sepolicy is properly
setting up property sets. This is a 3 part step of:
1. Allowing the unix domain connection to the init/property service
2. Allowing write on the property_socket file
3. Allowing the set on class property_service

The macro unix_socket_connect() handled 1 and 2, but could be
confusing for first time policy authors. 3 had to be explicitly
added.

To correct this, we introduce a new macros:
set_prop(sourcedomain, targetprop)

This macro handles steps 1, 2 and 3.

No difference in sediff is expected.

(cherrypicked from commit 625a3526f1ebaaa014bb563239cc33829f616232)

Change-Id: I630ba0178439c935d08062892990d43a3cc1239e
Signed-off-by: William Roberts <william.c.roberts@linux.intel.com>

1 files changed, 3 insertions, 6 deletions

diff --git a/bluetooth.te b/bluetooth.te
index f30e7ef..a79023d 100644
--- a/bluetooth.te
+++ b/bluetooth.te
@@ -38,16 +38,13 @@ allow bluetoothdomain bluetooth:unix_stream_socket { getopt setopt getattr read
 allow bluetooth self:tun_socket create_socket_perms;
 allow bluetooth efs_file:dir search;
 
-# Talk to init over the property socket.
-unix_socket_connect(bluetooth, property, init)
-
 # proc access.
 allow bluetooth proc_bluetooth_writable:file rw_file_perms;
 
 # Allow write access to bluetooth specific properties
-allow bluetooth bluetooth_prop:property_service set;
-allow bluetooth pan_result_prop:property_service set;
-allow bluetooth ctl_dhcp_pan_prop:property_service set;
+set_prop(bluetooth, bluetooth_prop)
+set_prop(bluetooth, pan_result_prop)
+set_prop(bluetooth, ctl_dhcp_pan_prop)
 
 allow bluetooth bluetooth_service:service_manager find;
 allow bluetooth mediaserver_service:service_manager find;