3e8dbf01ef
app_domain was split up in commit:2e00e6373fto enable compilation by hiding type_transition rules from public policy. These rules need to be hidden from public policy because they describe how objects are labeled, of which non-platform should be unaware. Instead of cutting apart the app_domain macro, which non-platform policy may rely on for implementing new app types, move all app_domain calls to private policy. (cherry-pick of commit:76035ea019) Bug: 33428593 Test: bullhead and sailfish both boot. sediff shows no policy change. Change-Id: I4beead8ccc9b6e13c6348da98bb575756f539665
70 lines
2.5 KiB
Text
70 lines
2.5 KiB
Text
# bluetooth subsystem
|
|
type bluetooth, domain, domain_deprecated;
|
|
|
|
net_domain(bluetooth)
|
|
# Allow access to net_admin ioctls
|
|
allowxperm bluetooth self:udp_socket ioctl priv_sock_ioctls;
|
|
|
|
wakelock_use(bluetooth);
|
|
|
|
# Data file accesses.
|
|
allow bluetooth bluetooth_data_file:dir create_dir_perms;
|
|
allow bluetooth bluetooth_data_file:notdevfile_class_set create_file_perms;
|
|
allow bluetooth bluetooth_logs_data_file:dir rw_dir_perms;
|
|
allow bluetooth bluetooth_logs_data_file:file create_file_perms;
|
|
|
|
# Socket creation under /data/misc/bluedroid.
|
|
allow bluetooth bluetooth_socket:sock_file create_file_perms;
|
|
|
|
# bluetooth factory file accesses.
|
|
r_dir_file(bluetooth, bluetooth_efs_file)
|
|
|
|
allow bluetooth { uhid_device hci_attach_dev }:chr_file rw_file_perms;
|
|
|
|
# sysfs access.
|
|
r_dir_file(bluetooth, sysfs_type)
|
|
allow bluetooth sysfs_bluetooth_writable:file rw_file_perms;
|
|
allow bluetooth self:capability net_admin;
|
|
allow bluetooth self:capability2 wake_alarm;
|
|
|
|
# tethering
|
|
allow bluetooth self:packet_socket create_socket_perms_no_ioctl;
|
|
allow bluetooth self:capability { net_admin net_raw net_bind_service };
|
|
allow bluetooth self:tun_socket create_socket_perms_no_ioctl;
|
|
allow bluetooth tun_device:chr_file rw_file_perms;
|
|
allow bluetooth efs_file:dir search;
|
|
|
|
# proc access.
|
|
allow bluetooth proc_bluetooth_writable:file rw_file_perms;
|
|
|
|
# Allow write access to bluetooth specific properties
|
|
set_prop(bluetooth, bluetooth_prop)
|
|
set_prop(bluetooth, pan_result_prop)
|
|
|
|
allow bluetooth audioserver_service:service_manager find;
|
|
allow bluetooth bluetooth_service:service_manager find;
|
|
allow bluetooth drmserver_service:service_manager find;
|
|
allow bluetooth mediaserver_service:service_manager find;
|
|
allow bluetooth radio_service:service_manager find;
|
|
allow bluetooth surfaceflinger_service:service_manager find;
|
|
allow bluetooth app_api_service:service_manager find;
|
|
allow bluetooth system_api_service:service_manager find;
|
|
|
|
# Bluetooth Sim Access Profile Socket to the RIL
|
|
unix_socket_connect(bluetooth, sap_uim, rild)
|
|
|
|
# already open bugreport file descriptors may be shared with
|
|
# the bluetooth process, from a file in
|
|
# /data/data/com.android.shell/files/bugreports/bugreport-*.
|
|
allow bluetooth shell_data_file:file read;
|
|
|
|
###
|
|
### Neverallow rules
|
|
###
|
|
### These are things that the bluetooth app should NEVER be able to do
|
|
###
|
|
|
|
# Superuser capabilities.
|
|
# bluetooth requires net_{admin,raw,bind_service} and wake_alarm and block_suspend.
|
|
neverallow bluetooth self:capability ~{ net_admin net_raw net_bind_service };
|
|
neverallow bluetooth self:capability2 ~{ wake_alarm block_suspend };
|