9e6b24c6a5
This switches most remaining HALs to the _client/_server approach. To unblock efforts blocked on majority of HALs having to use this model, this change does not remove unnecessary rules from clients of these HALs. That work will be performed in follow-up commits. This commit only adds allow rules and thus does not break existing functionality. The HALs not yet on the _client/_server model after this commit are: * Allocator HAL, because it's non-trivial to declare all apps except isolated apps as clients of this HAL, which they are. * Boot HAL, because it's still on the non-attributized model and I'm waiting for update_engine folks to answer a couple of questions which will let me refactor the policy of this HAL. Test: mmm system/sepolicy Test: Device boots, no new denials Test: Device boots in recovery mode, no new denials Bug: 34170079 Change-Id: I03e6bcec2fa02f14bdf17d11f7367b62c68a14b9
74 lines
2.6 KiB
Text
74 lines
2.6 KiB
Text
# bluetooth subsystem
|
|
|
|
typeattribute bluetooth domain_deprecated;
|
|
|
|
app_domain(bluetooth)
|
|
net_domain(bluetooth)
|
|
|
|
# Socket creation under /data/misc/bluedroid.
|
|
type_transition bluetooth bluetooth_data_file:sock_file bluetooth_socket;
|
|
|
|
# Allow access to net_admin ioctls
|
|
allowxperm bluetooth self:udp_socket ioctl priv_sock_ioctls;
|
|
|
|
wakelock_use(bluetooth);
|
|
|
|
# Data file accesses.
|
|
allow bluetooth bluetooth_data_file:dir create_dir_perms;
|
|
allow bluetooth bluetooth_data_file:notdevfile_class_set create_file_perms;
|
|
allow bluetooth bluetooth_logs_data_file:dir rw_dir_perms;
|
|
allow bluetooth bluetooth_logs_data_file:file create_file_perms;
|
|
|
|
# Socket creation under /data/misc/bluedroid.
|
|
allow bluetooth bluetooth_socket:sock_file create_file_perms;
|
|
|
|
allow bluetooth self:capability net_admin;
|
|
allow bluetooth self:capability2 wake_alarm;
|
|
|
|
# tethering
|
|
allow bluetooth self:packet_socket create_socket_perms_no_ioctl;
|
|
allow bluetooth self:capability { net_admin net_raw net_bind_service };
|
|
allow bluetooth self:tun_socket create_socket_perms_no_ioctl;
|
|
allow bluetooth tun_device:chr_file rw_file_perms;
|
|
allow bluetooth efs_file:dir search;
|
|
|
|
# proc access.
|
|
allow bluetooth proc_bluetooth_writable:file rw_file_perms;
|
|
|
|
# Allow write access to bluetooth specific properties
|
|
set_prop(bluetooth, bluetooth_prop)
|
|
set_prop(bluetooth, pan_result_prop)
|
|
|
|
allow bluetooth audioserver_service:service_manager find;
|
|
allow bluetooth bluetooth_service:service_manager find;
|
|
allow bluetooth drmserver_service:service_manager find;
|
|
allow bluetooth mediaserver_service:service_manager find;
|
|
allow bluetooth radio_service:service_manager find;
|
|
allow bluetooth surfaceflinger_service:service_manager find;
|
|
allow bluetooth app_api_service:service_manager find;
|
|
allow bluetooth system_api_service:service_manager find;
|
|
|
|
# Bluetooth Sim Access Profile Socket to the RIL
|
|
unix_socket_connect(bluetooth, sap_uim, rild)
|
|
|
|
# already open bugreport file descriptors may be shared with
|
|
# the bluetooth process, from a file in
|
|
# /data/data/com.android.shell/files/bugreports/bugreport-*.
|
|
allow bluetooth shell_data_file:file read;
|
|
|
|
hal_client_domain(bluetooth, hal_bluetooth)
|
|
binder_call(bluetooth, hal_telephony)
|
|
hal_client_domain(bluetooth, hal_telephony)
|
|
|
|
read_runtime_log_tags(bluetooth)
|
|
|
|
###
|
|
### Neverallow rules
|
|
###
|
|
### These are things that the bluetooth app should NEVER be able to do
|
|
###
|
|
|
|
# Superuser capabilities.
|
|
# bluetooth requires net_{admin,raw,bind_service} and wake_alarm and block_suspend.
|
|
neverallow bluetooth self:capability ~{ net_admin net_raw net_bind_service };
|
|
neverallow bluetooth self:capability2 ~{ wake_alarm block_suspend };
|