d33a9a194b
Create an event_log_tags_file label and use it for /dev/event-log-tags. Only trusted system log readers are allowed direct read access to this file, no write access. Untrusted domain requests lack direct access, and are thus checked for credentials via the "plan b" long path socket to the event log tag service. Test: gTest logd-unit-tests, liblog-unit-tests and logcat-unit-tests Bug: 31456426 Bug: 30566487 Change-Id: Ib9b71ca225d4436d764c9bc340ff7b1c9c252a9e
77 lines
2.7 KiB
Text
77 lines
2.7 KiB
Text
# bluetooth subsystem
|
|
type bluetooth, domain, domain_deprecated;
|
|
|
|
net_domain(bluetooth)
|
|
# Allow access to net_admin ioctls
|
|
allowxperm bluetooth self:udp_socket ioctl priv_sock_ioctls;
|
|
|
|
wakelock_use(bluetooth);
|
|
|
|
# Data file accesses.
|
|
allow bluetooth bluetooth_data_file:dir create_dir_perms;
|
|
allow bluetooth bluetooth_data_file:notdevfile_class_set create_file_perms;
|
|
allow bluetooth bluetooth_logs_data_file:dir rw_dir_perms;
|
|
allow bluetooth bluetooth_logs_data_file:file create_file_perms;
|
|
|
|
# Socket creation under /data/misc/bluedroid.
|
|
allow bluetooth bluetooth_socket:sock_file create_file_perms;
|
|
|
|
# bluetooth factory file accesses.
|
|
r_dir_file(bluetooth, bluetooth_efs_file)
|
|
|
|
allow bluetooth { uhid_device hci_attach_dev }:chr_file rw_file_perms;
|
|
|
|
# sysfs access.
|
|
r_dir_file(bluetooth, sysfs_type)
|
|
allow bluetooth sysfs_bluetooth_writable:file rw_file_perms;
|
|
allow bluetooth self:capability net_admin;
|
|
allow bluetooth self:capability2 wake_alarm;
|
|
|
|
# tethering
|
|
allow bluetooth self:packet_socket create_socket_perms_no_ioctl;
|
|
allow bluetooth self:capability { net_admin net_raw net_bind_service };
|
|
allow bluetooth self:tun_socket create_socket_perms_no_ioctl;
|
|
allow bluetooth tun_device:chr_file rw_file_perms;
|
|
allow bluetooth efs_file:dir search;
|
|
|
|
# proc access.
|
|
allow bluetooth proc_bluetooth_writable:file rw_file_perms;
|
|
|
|
# Allow write access to bluetooth specific properties
|
|
set_prop(bluetooth, bluetooth_prop)
|
|
set_prop(bluetooth, pan_result_prop)
|
|
|
|
allow bluetooth audioserver_service:service_manager find;
|
|
allow bluetooth bluetooth_service:service_manager find;
|
|
allow bluetooth drmserver_service:service_manager find;
|
|
allow bluetooth mediaserver_service:service_manager find;
|
|
allow bluetooth radio_service:service_manager find;
|
|
allow bluetooth surfaceflinger_service:service_manager find;
|
|
allow bluetooth app_api_service:service_manager find;
|
|
allow bluetooth system_api_service:service_manager find;
|
|
|
|
# Bluetooth Sim Access Profile Socket to the RIL
|
|
unix_socket_connect(bluetooth, sap_uim, rild)
|
|
|
|
# already open bugreport file descriptors may be shared with
|
|
# the bluetooth process, from a file in
|
|
# /data/data/com.android.shell/files/bugreports/bugreport-*.
|
|
allow bluetooth shell_data_file:file read;
|
|
|
|
# Perform HwBinder IPC.
|
|
hwbinder_use(bluetooth)
|
|
binder_call(bluetooth, hal_bluetooth)
|
|
binder_call(bluetooth, hal_telephony)
|
|
|
|
read_runtime_log_tags(bluetooth)
|
|
|
|
###
|
|
### Neverallow rules
|
|
###
|
|
### These are things that the bluetooth app should NEVER be able to do
|
|
###
|
|
|
|
# Superuser capabilities.
|
|
# bluetooth requires net_{admin,raw,bind_service} and wake_alarm and block_suspend.
|
|
neverallow bluetooth self:capability ~{ net_admin net_raw net_bind_service };
|
|
neverallow bluetooth self:capability2 ~{ wake_alarm block_suspend };
|