f5446eb148
On PRODUCT_FULL_TREBLE devices, non-vendor domains (except vendor
apps) are not permitted to use Binder. This commit thus:
* groups non-vendor domains using the new "coredomain" attribute,
* adds neverallow rules restricting Binder use to coredomain and
appdomain only, and
* temporarily exempts the domains which are currently violating this
rule from this restriction. These domains are grouped using the new
"binder_in_vendor_violators" attribute. The attribute is needed
because the types corresponding to violators are not exposed to the
public policy where the neverallow rules are.
Test: mmm system/sepolicy
Test: Device boots, no new denials
Test: In Chrome, navigate to ip6.me, play a YouTube video
Test: YouTube: play a video
Test: Netflix: play a movie
Test: Google Camera: take a photo, take an HDR+ photo, record video with
sound, record slow motion video with sound. Confirm videos play
back fine and with sound.
Bug: 35870313
Change-Id: I0cd1a80b60bcbde358ce0f7a47b90f4435a45c95
75 lines
2.6 KiB
Text
75 lines
2.6 KiB
Text
# bluetooth subsystem
|
|
|
|
typeattribute bluetooth coredomain;
|
|
typeattribute bluetooth domain_deprecated;
|
|
|
|
app_domain(bluetooth)
|
|
net_domain(bluetooth)
|
|
|
|
# Socket creation under /data/misc/bluedroid.
|
|
type_transition bluetooth bluetooth_data_file:sock_file bluetooth_socket;
|
|
|
|
# Allow access to net_admin ioctls
|
|
allowxperm bluetooth self:udp_socket ioctl priv_sock_ioctls;
|
|
|
|
wakelock_use(bluetooth);
|
|
|
|
# Data file accesses.
|
|
allow bluetooth bluetooth_data_file:dir create_dir_perms;
|
|
allow bluetooth bluetooth_data_file:notdevfile_class_set create_file_perms;
|
|
allow bluetooth bluetooth_logs_data_file:dir rw_dir_perms;
|
|
allow bluetooth bluetooth_logs_data_file:file create_file_perms;
|
|
|
|
# Socket creation under /data/misc/bluedroid.
|
|
allow bluetooth bluetooth_socket:sock_file create_file_perms;
|
|
|
|
allow bluetooth self:capability net_admin;
|
|
allow bluetooth self:capability2 wake_alarm;
|
|
|
|
# tethering
|
|
allow bluetooth self:packet_socket create_socket_perms_no_ioctl;
|
|
allow bluetooth self:capability { net_admin net_raw net_bind_service };
|
|
allow bluetooth self:tun_socket create_socket_perms_no_ioctl;
|
|
allow bluetooth tun_device:chr_file rw_file_perms;
|
|
allow bluetooth efs_file:dir search;
|
|
|
|
# proc access.
|
|
allow bluetooth proc_bluetooth_writable:file rw_file_perms;
|
|
|
|
# Allow write access to bluetooth specific properties
|
|
set_prop(bluetooth, bluetooth_prop)
|
|
set_prop(bluetooth, pan_result_prop)
|
|
|
|
allow bluetooth audioserver_service:service_manager find;
|
|
allow bluetooth bluetooth_service:service_manager find;
|
|
allow bluetooth drmserver_service:service_manager find;
|
|
allow bluetooth mediaserver_service:service_manager find;
|
|
allow bluetooth radio_service:service_manager find;
|
|
allow bluetooth surfaceflinger_service:service_manager find;
|
|
allow bluetooth app_api_service:service_manager find;
|
|
allow bluetooth system_api_service:service_manager find;
|
|
|
|
# Bluetooth Sim Access Profile Socket to the RIL
|
|
unix_socket_connect(bluetooth, sap_uim, rild)
|
|
|
|
# already open bugreport file descriptors may be shared with
|
|
# the bluetooth process, from a file in
|
|
# /data/data/com.android.shell/files/bugreports/bugreport-*.
|
|
allow bluetooth shell_data_file:file read;
|
|
|
|
hal_client_domain(bluetooth, hal_bluetooth)
|
|
binder_call(bluetooth, hal_telephony)
|
|
hal_client_domain(bluetooth, hal_telephony)
|
|
|
|
read_runtime_log_tags(bluetooth)
|
|
|
|
###
|
|
### Neverallow rules
|
|
###
|
|
### These are things that the bluetooth app should NEVER be able to do
|
|
###
|
|
|
|
# Superuser capabilities.
|
|
# bluetooth requires net_{admin,raw,bind_service} and wake_alarm and block_suspend.
|
|
neverallow bluetooth self:capability ~{ net_admin net_raw net_bind_service };
|
|
neverallow bluetooth self:capability2 ~{ wake_alarm block_suspend };
|