Allow bluetooth access to the tun device.
Bluetooth uses the tun device for tethering. Allow access.
STEPS TO REPRODUCE:
0. Have two devices to test on, say Device A and Device B
1. On Device A, Go to settings ->Bluetooth .
2. Turn on the Bluetooth .
3. Pair it with device B
4. Tap on the paired device
OBSERVED RESULTS:
-Bluetooth share crash is observed with "Bluetooth share has stopped"
error message
-Unable to use Bluetooth tethering due to this issue
EXPECTED RESULTS:
No crash and Bluetooth devices should be able to connect for tethering
Addresses the following denial:
com.android.bluetooth: type=1400 audit(0.0:131): avc: denied { open }
for comm=425420536572766963652043616C6C path="/dev/tun" dev="tmpfs"
ino=12340 scontext=u:r:bluetooth:s0 tcontext=u:object_r:tun_device:s0
tclass=chr_file permissive=0
Bug: 27372573
(cherry picked from commit 9a1347eee6)
Change-Id: Ibd16e48c09fe80ebb4f3779214de3b4806c12497
This commit is contained in:
Nick Kralevich
parent
50bcd14846
commit
ba12da9572
4 changed files with 7 additions and 3 deletions
3
app.te
3
app.te
|
|
@ -419,6 +419,3 @@ neverallow appdomain {
|
|||
security_file
|
||||
tmpfs
|
||||
}:lnk_file no_w_file_perms;
|
||||
|
||||
# Do not allow Apps to directly open tun_device
|
||||
neverallow appdomain tun_device:chr_file open;
|
||||
|
|
|
|||
|
|
@ -27,6 +27,7 @@ allow bluetooth self:capability2 wake_alarm;
|
|||
allow bluetooth self:packet_socket create_socket_perms;
|
||||
allow bluetooth self:capability { net_admin net_raw net_bind_service };
|
||||
allow bluetooth self:tun_socket create_socket_perms;
|
||||
allow bluetooth tun_device:chr_file rw_file_perms;
|
||||
allow bluetooth efs_file:dir search;
|
||||
|
||||
# proc access.
|
||||
|
|
|
|||
|
|
@ -29,6 +29,9 @@ allow isolated_app self:process ptrace;
|
|||
##### Neverallow
|
||||
#####
|
||||
|
||||
# Do not allow isolated_app to directly open tun_device
|
||||
neverallow isolated_app tun_device:chr_file open;
|
||||
|
||||
# Do not allow isolated_app to set system properties.
|
||||
neverallow isolated_app property_socket:sock_file write;
|
||||
neverallow isolated_app property_type:property_service set;
|
||||
|
|
|
|||
|
|
@ -178,3 +178,6 @@ neverallow untrusted_app {
|
|||
-coredump_file # userdebug/eng only
|
||||
')
|
||||
}:dir_file_class_set { create unlink };
|
||||
|
||||
# Do not allow untrusted_app to directly open tun_device
|
||||
neverallow untrusted_app tun_device:chr_file open;
|
||||
|
|
|
|||
Loading…
Reference in a new issue