tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Allow Bluetooth stack to read security log sysprop

Browse source 
Bluetooth stack needs to read persist.logd.security and
ro.organization_owned sysprop (via __android_log_security())
to control security logging for Bluetooth events.

Bug: 232283779
Test: manual
Change-Id: Ic8162cd4a4436981a15acea6ac75079081790525
(cherry picked from commit a274858e3b)
Merged-In: Ic8162cd4a4436981a15acea6ac75079081790525
This commit is contained in:
Rubin Xu 2022-05-12 14:49:10 +01:00 committed by Cherrypicker Worker
parent 709b339420
commit 8ff276e8d2
2 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
prebuilts/api/33.0/private/bluetooth.te
View file

@ -46,6 +46,9 @@ allow bluetooth proc_bluetooth_writable:file rw_file_perms;
allow bluetooth proc_filesystems:file r_file_perms; allow bluetooth proc_filesystems:file r_file_perms;
get_prop(bluetooth, incremental_prop) get_prop(bluetooth, incremental_prop)
# For Bluetooth to check security logging state
get_prop(bluetooth, device_logging_prop)
# Allow write access to bluetooth specific properties # Allow write access to bluetooth specific properties
set_prop(bluetooth, binder_cache_bluetooth_server_prop); set_prop(bluetooth, binder_cache_bluetooth_server_prop);
neverallow { domain -bluetooth -init } neverallow { domain -bluetooth -init }

3
private/bluetooth.te
View file

@ -46,6 +46,9 @@ allow bluetooth proc_bluetooth_writable:file rw_file_perms;
allow bluetooth proc_filesystems:file r_file_perms; allow bluetooth proc_filesystems:file r_file_perms;
get_prop(bluetooth, incremental_prop) get_prop(bluetooth, incremental_prop)
# For Bluetooth to check security logging state
get_prop(bluetooth, device_logging_prop)
# Allow write access to bluetooth specific properties # Allow write access to bluetooth specific properties
set_prop(bluetooth, binder_cache_bluetooth_server_prop); set_prop(bluetooth, binder_cache_bluetooth_server_prop);
neverallow { domain -bluetooth -init } neverallow { domain -bluetooth -init }