platform_system_sepolicy/private/bluetooth.te
Alex Klyubin 168435fe03 Switch Bluetooth HAL policy to _client/_server
This switches Bluetooth HAL policy to the design which enables us to
conditionally remove unnecessary rules from domains which are clients
of Bluetooth HAL.

Domains which are clients of Bluetooth HAL, such as bluetooth domain,
are granted rules targeting hal_bluetooth only when the Bluetooth HAL
runs in passthrough mode (i.e., inside the client's process). When the
HAL runs in binderized mode (i.e., in another process/domain, with
clients talking to the HAL over HwBinder IPC), rules targeting
hal_bluetooth are not granted to client domains.

Domains which offer a binderized implementation of Bluetooth HAL, such
as hal_bluetooth_default domain, are always granted rules targeting
hal_bluetooth.

Test: Toggle Bluetooth off and on
Test: Pair with another Android, and transfer a file to that Android
      over Bluetooth
Test: Pair with a Bluetooth speaker, play music through that
      speaker over Bluetooth
Test: Add bluetooth_hidl_hal_test to device.mk, build & add to device,
      adb shell stop,
      adb shell /data/nativetest64/bluetooth_hidl_hal_test/bluetooth_hidl_hal_test
Bug: 34170079
Change-Id: I05c3ccf1e98cbbc1450a81bb1000c4fb75eb8a83
2017-02-17 11:32:00 -08:00

73 lines
2.5 KiB
Text

# bluetooth subsystem
typeattribute bluetooth domain_deprecated;
app_domain(bluetooth)
net_domain(bluetooth)
# Socket creation under /data/misc/bluedroid.
type_transition bluetooth bluetooth_data_file:sock_file bluetooth_socket;
# Allow access to net_admin ioctls
allowxperm bluetooth self:udp_socket ioctl priv_sock_ioctls;
wakelock_use(bluetooth);
# Data file accesses.
allow bluetooth bluetooth_data_file:dir create_dir_perms;
allow bluetooth bluetooth_data_file:notdevfile_class_set create_file_perms;
allow bluetooth bluetooth_logs_data_file:dir rw_dir_perms;
allow bluetooth bluetooth_logs_data_file:file create_file_perms;
# Socket creation under /data/misc/bluedroid.
allow bluetooth bluetooth_socket:sock_file create_file_perms;
allow bluetooth self:capability net_admin;
allow bluetooth self:capability2 wake_alarm;
# tethering
allow bluetooth self:packet_socket create_socket_perms_no_ioctl;
allow bluetooth self:capability { net_admin net_raw net_bind_service };
allow bluetooth self:tun_socket create_socket_perms_no_ioctl;
allow bluetooth tun_device:chr_file rw_file_perms;
allow bluetooth efs_file:dir search;
# proc access.
allow bluetooth proc_bluetooth_writable:file rw_file_perms;
# Allow write access to bluetooth specific properties
set_prop(bluetooth, bluetooth_prop)
set_prop(bluetooth, pan_result_prop)
allow bluetooth audioserver_service:service_manager find;
allow bluetooth bluetooth_service:service_manager find;
allow bluetooth drmserver_service:service_manager find;
allow bluetooth mediaserver_service:service_manager find;
allow bluetooth radio_service:service_manager find;
allow bluetooth surfaceflinger_service:service_manager find;
allow bluetooth app_api_service:service_manager find;
allow bluetooth system_api_service:service_manager find;
# Bluetooth Sim Access Profile Socket to the RIL
unix_socket_connect(bluetooth, sap_uim, rild)
# already open bugreport file descriptors may be shared with
# the bluetooth process, from a file in
# /data/data/com.android.shell/files/bugreports/bugreport-*.
allow bluetooth shell_data_file:file read;
hal_client_domain(bluetooth, hal_bluetooth)
binder_call(bluetooth, hal_telephony)
read_runtime_log_tags(bluetooth)
###
### Neverallow rules
###
### These are things that the bluetooth app should NEVER be able to do
###
# Superuser capabilities.
# bluetooth requires net_{admin,raw,bind_service} and wake_alarm and block_suspend.
neverallow bluetooth self:capability ~{ net_admin net_raw net_bind_service };
neverallow bluetooth self:capability2 ~{ wake_alarm block_suspend };