Replace unix_socket_connect() and explicit property sets with macro

A common source of mistakes when authoring sepolicy is properly
setting up property sets. This is a 3 part step of:
1. Allowing the unix domain connection to the init/property service
2. Allowing write on the property_socket file
3. Allowing the set on class property_service

The macro unix_socket_connect() handled 1 and 2, but could be
confusing for first time policy authors. 3 had to be explicitly
added.

To correct this, we introduce a new macros:
set_prop(sourcedomain, targetprop)

This macro handles steps 1, 2 and 3.

No difference in sediff is expected.

(cherrypicked from commit 625a3526f1ebaaa014bb563239cc33829f616232)

Change-Id: I630ba0178439c935d08062892990d43a3cc1239e
Signed-off-by: William Roberts <william.c.roberts@linux.intel.com>

1 files changed, 2 insertions, 3 deletions

diff --git a/recovery.te b/recovery.te
index 8576356..29f1a50 100644
--- a/recovery.te
+++ b/recovery.te
@@ -78,11 +78,10 @@ recovery_only(`
   allow recovery cache_file:file create_file_perms;
 
   # Reboot the device
-  allow recovery powerctl_prop:property_service set;
-  unix_socket_connect(recovery, property, init)
+  set_prop(recovery, powerctl_prop)
 
   # Start/stop adbd via ctl.start adbd
-  allow recovery ctl_default_prop:property_service set;
+  set_prop(recovery, ctl_default_prop)
 
   # Use setfscreatecon() to label files for OTA updates.
   allow recovery self:process setfscreate;