platform_system_sepolicy/private/hal_bluetooth_default.te
Alex Klyubin 168435fe03 Switch Bluetooth HAL policy to _client/_server
This switches Bluetooth HAL policy to the design which enables us to
conditionally remove unnecessary rules from domains which are clients
of Bluetooth HAL.

Domains which are clients of Bluetooth HAL, such as bluetooth domain,
are granted rules targeting hal_bluetooth only when the Bluetooth HAL
runs in passthrough mode (i.e., inside the client's process). When the
HAL runs in binderized mode (i.e., in another process/domain, with
clients talking to the HAL over HwBinder IPC), rules targeting
hal_bluetooth are not granted to client domains.

Domains which offer a binderized implementation of Bluetooth HAL, such
as hal_bluetooth_default domain, are always granted rules targeting
hal_bluetooth.

Test: Toggle Bluetooth off and on
Test: Pair with another Android, and transfer a file to that Android
      over Bluetooth
Test: Pair with a Bluetooth speaker, play music through that
      speaker over Bluetooth
Test: Add bluetooth_hidl_hal_test to device.mk, build & add to device,
      adb shell stop,
      adb shell /data/nativetest64/bluetooth_hidl_hal_test/bluetooth_hidl_hal_test
Bug: 34170079
Change-Id: I05c3ccf1e98cbbc1450a81bb1000c4fb75eb8a83
2017-02-17 11:32:00 -08:00

14 lines
491 B
Text

type hal_bluetooth_default, domain;
hal_server_domain(hal_bluetooth_default, hal_bluetooth)
type hal_bluetooth_default_exec, exec_type, file_type;
init_daemon_domain(hal_bluetooth_default)
# VTS tests need to be able to toggle rfkill
userdebug_or_eng(`
allow hal_bluetooth_default self:capability net_admin;
')
# Logging for backward compatibility
allow hal_bluetooth_default bluetooth_data_file:dir ra_dir_perms;
allow hal_bluetooth_default bluetooth_data_file:file create_file_perms;