a0e764c972
Change-Id: I095c5294daf29da389c2da16f03c6bb1508d6be6
85 lines
3.2 KiB
Text
85 lines
3.2 KiB
Text
# Copyright (c) 2019, The Linux Foundation. All rights reserved.
|
|
#
|
|
# Redistribution and use in source and binary forms, with or without
|
|
# modification, are permitted provided that the following conditions are
|
|
# met:
|
|
# * Redistributions of source code must retain the above copyright
|
|
# notice, this list of conditions and the following disclaimer.
|
|
# * Redistributions in binary form must reproduce the above
|
|
# copyright notice, this list of conditions and the following
|
|
# disclaimer in the documentation and/or other materials provided
|
|
# with the distribution.
|
|
# * Neither the name of The Linux Foundation nor the names of its
|
|
# contributors may be used to endorse or promote products derived
|
|
# from this software without specific prior written permission.
|
|
#
|
|
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
|
|
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
|
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
|
|
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
|
|
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
|
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
|
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
|
|
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
|
|
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
|
|
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
|
|
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
#Adding all bt related service to bt domains
|
|
|
|
type btsnoop, bluetoothdomain, domain;
|
|
type btsnoop_exec, exec_type, vendor_file_type, file_type;
|
|
|
|
type btnvtool, bluetoothdomain, domain;
|
|
type btnvtool_exec, exec_type, vendor_file_type, file_type;
|
|
|
|
allow bluetooth sysfs_bluetooth_writable:file w_file_perms;
|
|
|
|
#Access to /data/media
|
|
allow bluetooth media_rw_data_file:dir create_dir_perms;
|
|
allow bluetooth media_rw_data_file:file create_file_perms;
|
|
#allow proc_sysrq access for crash dump
|
|
userdebug_or_eng(`
|
|
allow bluetooth proc_sysrq:file w_file_perms;
|
|
allow bluetooth qti_debugfs:file r_file_perms;
|
|
')
|
|
|
|
allow bluetooth {
|
|
uhid_device
|
|
serial_device
|
|
#BT needes read and write on smd device node
|
|
smd_device
|
|
bt_device
|
|
}:chr_file rw_file_perms;
|
|
|
|
|
|
allow bluetooth self:socket { create write getopt read };
|
|
|
|
#dun-server requires binding with system_app and servicemanager
|
|
binder_use(bluetooth);
|
|
binder_call(bluetooth, system_app);
|
|
binder_call(bluetooth, servicemanager);
|
|
allow bluetooth dun_service:service_manager find;
|
|
|
|
|
|
# for finding wbc_service
|
|
allow bluetooth wbc_service:service_manager find;
|
|
|
|
# ioctlcmd=c302
|
|
allow bluetooth self:socket ioctl;
|
|
allowxperm bluetooth self:socket ioctl msm_sock_ipc_ioctls;
|
|
|
|
#SplitA2dp bluetooth requires binding with audio hal
|
|
binder_call(bluetooth, hal_audio);
|
|
allow bluetooth hal_audio_hwservice:hwservice_manager find;
|
|
|
|
# suppress denials for services, which should not be accessed by bluetooth
|
|
dontaudit bluetooth {
|
|
netd_service
|
|
}:service_manager find;
|
|
|
|
#allow bluetooth to access btconfigstore hal
|
|
hal_client_domain(bluetooth, hal_btconfigstore);
|
|
|
|
#allow bluetooth to access perf hal
|
|
hal_client_domain(bluetooth, hal_perf);
|