From a274858e3b4cc4ba4795ab61cccb2741758c15cd Mon Sep 17 00:00:00 2001
From: Rubin Xu <rubinxu@google.com>
Date: Thu, 12 May 2022 14:49:10 +0100
Subject: [PATCH] Allow Bluetooth stack to read security log sysprop

Bluetooth stack needs to read persist.logd.security and
ro.organization_owned sysprop (via __android_log_security())
to control security logging for Bluetooth events.

Bug: 232283779
Test: manual
Change-Id: Ic8162cd4a4436981a15acea6ac75079081790525
---
 prebuilts/api/33.0/private/bluetooth.te | 3 +++
 private/bluetooth.te                    | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/prebuilts/api/33.0/private/bluetooth.te b/prebuilts/api/33.0/private/bluetooth.te
index d548e8018..0b001e281 100644
--- a/prebuilts/api/33.0/private/bluetooth.te
+++ b/prebuilts/api/33.0/private/bluetooth.te
@@ -46,6 +46,9 @@ allow bluetooth proc_bluetooth_writable:file rw_file_perms;
 allow bluetooth proc_filesystems:file r_file_perms;
 get_prop(bluetooth, incremental_prop)
 
+# For Bluetooth to check security logging state
+get_prop(bluetooth, device_logging_prop)
+
 # Allow write access to bluetooth specific properties
 set_prop(bluetooth, binder_cache_bluetooth_server_prop);
 neverallow { domain -bluetooth -init }
diff --git a/private/bluetooth.te b/private/bluetooth.te
index d548e8018..0b001e281 100644
--- a/private/bluetooth.te
+++ b/private/bluetooth.te
@@ -46,6 +46,9 @@ allow bluetooth proc_bluetooth_writable:file rw_file_perms;
 allow bluetooth proc_filesystems:file r_file_perms;
 get_prop(bluetooth, incremental_prop)
 
+# For Bluetooth to check security logging state
+get_prop(bluetooth, device_logging_prop)
+
 # Allow write access to bluetooth specific properties
 set_prop(bluetooth, binder_cache_bluetooth_server_prop);
 neverallow { domain -bluetooth -init }