Policy for hci_attach service.

device.te

@@ -37,3 +37,9 @@ type urandom_device, dev_type;
 type video_device, dev_type;
 type vcs_device, dev_type;
 type zero_device, dev_type;
+
+# All devices have a uart for the hci
+# attach service. The uart dev node
+# varies per device. This type
+# is used in per device policy
+type hci_attach_dev, dev_type;

file.te

@@ -56,6 +56,11 @@ type efs_file, file_type;
 # Type for wallpaper file.
 type wallpaper_file, file_type;
 
+# All devices have bluetooth efs files. But they
+# vary per device, so this type is used in per
+# defice policy
+type bluetooth_efs_file, file_type;
+
 # Socket types
 type bluetooth_socket, file_type;
 type dbus_socket, file_type;

hci_attach.te

@@ -0,0 +1,9 @@
+type hci_attach, domain;
+type hci_attach_exec, exec_type, file_type;
+
+init_daemon_domain(hci_attach)
+
+allow hci_attach kernel:system module_request;
+allow hci_attach hci_attach_dev:chr_file rw_file_perms;
+allow hci_attach bluetooth_efs_file:dir r_dir_perms;
+allow hci_attach bluetooth_efs_file:file r_file_perms;

rild.te

@@ -17,6 +17,7 @@ allow rild mtd_device:dir search;
 allow rild efs_file:dir create_dir_perms;
 allow rild efs_file:file create_file_perms;
 allow rild shell_exec:file rx_file_perms;
+allow rild bluetooth_efs_file:file r_file_perms;
 dontaudit rild self:capability sys_admin;
 # XXX Label sysfs files with a specific type?
 allow rild sysfs:file rw_file_perms;