Add auditallow for bluetoothdomain rules

Let's see if it's safe to get rid of them.

Bug: 25768265
Bug: 25767747
Change-Id: Iaf022b4dafe1cc9eab871c8d7ec5afd3cf20bf96
This commit is contained in:
Nick Kralevich 2015-11-23 17:15:11 -08:00
parent 4fd216060c
commit cb835a2852
2 changed files with 8 additions and 2 deletions

View file

@ -3,9 +3,11 @@
# bluetooth sockets, nor does it distinguish among the bluetooth protocols.
# TODO: This should no longer be needed with bluedroid for bluetooth
# but may be getting used for other non-bluetooth sockets that has no
# specific class defined. Consider taking to specific domains.
# specific class defined. Consider taking to specific domains. (b/25768265)
allow bluetoothdomain self:socket create_socket_perms;
auditallow { bluetoothdomain -system_server } self:socket create_socket_perms;
# Allow clients to use a socket provided by the bluetooth app.
# TODO: See if this is still required under bluedroid.
# TODO: See if this is still required under bluedroid. (b/25767747)
allow bluetoothdomain bluetooth:unix_stream_socket { getopt setopt getattr read write ioctl shutdown };
auditallow bluetoothdomain bluetooth:unix_stream_socket { getopt setopt getattr read write ioctl shutdown };

View file

@ -65,6 +65,10 @@ allow system_server self:netlink_kobject_uevent_socket create_socket_perms;
# Use generic netlink sockets.
allow system_server self:netlink_socket create_socket_perms;
# Use generic "sockets" where the address family is not known
# to the kernel.
allow system_server self:socket create_socket_perms;
# Set and get routes directly via netlink.
allow system_server self:netlink_route_socket nlmsg_write;