platform_system_sepolicy/public/hal_bluetooth.te
Myles Watson 02d9d21dcb Disallow HAL access to Bluetooth data files
Devices that store their BT MAC address in /data/misc/bluedroid/ need
to find another place for that file.

Bug: 36602160
Test: Restart Bluetooth, check for selinux denials/files in /data/misc
Change-Id: Ib8d610f201a8c35f95b464c24857c6639205bc66
Merged-In: Ib8d610f201a8c35f95b464c24857c6639205bc66
2017-03-30 17:59:32 +00:00

24 lines
816 B
Text

# HwBinder IPC from clients into server, and callbacks
binder_call(hal_bluetooth_client, hal_bluetooth_server)
binder_call(hal_bluetooth_server, hal_bluetooth_client)
wakelock_use(hal_bluetooth);
# The HAL toggles rfkill to power the chip off/on.
allow hal_bluetooth self:capability net_admin;
# bluetooth factory file accesses.
r_dir_file(hal_bluetooth, bluetooth_efs_file)
allow hal_bluetooth { uhid_device hci_attach_dev }:chr_file rw_file_perms;
# sysfs access.
r_dir_file(hal_bluetooth, sysfs_type)
allow hal_bluetooth sysfs_bluetooth_writable:file rw_file_perms;
allow hal_bluetooth self:capability2 wake_alarm;
# Allow write access to bluetooth-specific properties
set_prop(hal_bluetooth, bluetooth_prop)
# /proc access (bluesleep etc.).
allow hal_bluetooth proc_bluetooth_writable:file rw_file_perms;