Something went wrong on our end
Select Git revision
bluetooth.te
-
Nick Kralevich authoredThe following CTS tests are failing on nakasig-userdebug Failing tests android.bluetooth.cts.BasicAdapterTest#test_enableDisable android.bluetooth.cts.BasicAdapterTest#test_getAddress android.bluetooth.cts.BasicAdapterTest#test_getBondedDevices android.bluetooth.cts.BasicAdapterTest#test_getName android.bluetooth.cts.BasicAdapterTest#test_listenUsingRfcommWithServiceRecord Logs ===== junit.framework.AssertionFailedError: expected:<11> but was:<10> at android.bluetooth.cts.BasicAdapterTest.enable(BasicAdapterTest.java:278) at android.bluetooth.cts.BasicAdapterTest.test_enableDisable(BasicAdapterTest.java:128) at java.lang.reflect.Method.invokeNative(Native Method) at android.test.AndroidTestRunner.runTest(AndroidTestRunner.java:191) at android.test.AndroidTestRunner.runTest(AndroidTestRunner.java:176) at android.test.InstrumentationTestRunner.onStart(InstrumentationTestRunner.java:554) at android.app.Instrumentation$InstrumentationThread.run(Instrumentation.java:1701) Reverting this change until we get a proper fix in place. SELinux bluetooth denials: nnk@nnk:~$ grep "avc: " Redirecting.txt | grep bluetooth <5>[ 831.249360] type=1400 audit(1389206307.416:215): avc: denied { write } for pid=14216 comm="BluetoothAdapte" name="state" dev=sysfs ino=4279 scontext=u:r:bluetooth:s0 tcontext=u:object_r:sysfs:s0 tclass=file <5>[ 834.329536] type=1400 audit(1389206310.496:217): avc: denied { write } for pid=14218 comm="BTIF" name="state" dev=sysfs ino=4279 scontext=u:r:bluetooth:s0 tcontext=u:object_r:sysfs:s0 tclass=file This reverts commit 2eba9c5f. Bug: 12475767 Change-Id: Id4989f6b371fa02986299114db70279e151ad64aNick Kralevich authoredThe following CTS tests are failing on nakasig-userdebug Failing tests android.bluetooth.cts.BasicAdapterTest#test_enableDisable android.bluetooth.cts.BasicAdapterTest#test_getAddress android.bluetooth.cts.BasicAdapterTest#test_getBondedDevices android.bluetooth.cts.BasicAdapterTest#test_getName android.bluetooth.cts.BasicAdapterTest#test_listenUsingRfcommWithServiceRecord Logs ===== junit.framework.AssertionFailedError: expected:<11> but was:<10> at android.bluetooth.cts.BasicAdapterTest.enable(BasicAdapterTest.java:278) at android.bluetooth.cts.BasicAdapterTest.test_enableDisable(BasicAdapterTest.java:128) at java.lang.reflect.Method.invokeNative(Native Method) at android.test.AndroidTestRunner.runTest(AndroidTestRunner.java:191) at android.test.AndroidTestRunner.runTest(AndroidTestRunner.java:176) at android.test.InstrumentationTestRunner.onStart(InstrumentationTestRunner.java:554) at android.app.Instrumentation$InstrumentationThread.run(Instrumentation.java:1701) Reverting this change until we get a proper fix in place. SELinux bluetooth denials: nnk@nnk:~$ grep "avc: " Redirecting.txt | grep bluetooth <5>[ 831.249360] type=1400 audit(1389206307.416:215): avc: denied { write } for pid=14216 comm="BluetoothAdapte" name="state" dev=sysfs ino=4279 scontext=u:r:bluetooth:s0 tcontext=u:object_r:sysfs:s0 tclass=file <5>[ 834.329536] type=1400 audit(1389206310.496:217): avc: denied { write } for pid=14218 comm="BTIF" name="state" dev=sysfs ino=4279 scontext=u:r:bluetooth:s0 tcontext=u:object_r:sysfs:s0 tclass=file This reverts commit 2eba9c5f. Bug: 12475767 Change-Id: Id4989f6b371fa02986299114db70279e151ad64a
bluetooth.te 1.63 KiB
# bluetooth subsystem
type bluetooth, domain;
permissive bluetooth;
app_domain(bluetooth)
# Data file accesses.
allow bluetooth bluetooth_data_file:dir create_dir_perms;
allow bluetooth bluetooth_data_file:notdevfile_class_set create_file_perms;
# bluetooth factory file accesses.
r_dir_file(bluetooth, bluetooth_efs_file)
# Device accesses.
allow bluetooth { tun_device uhid_device hci_attach_dev }:chr_file rw_file_perms;
# Other domains that can create and use bluetooth sockets.
# SELinux does not presently define a specific socket class for
# bluetooth sockets, nor does it distinguish among the bluetooth protocols.
allow bluetoothdomain self:socket *;
# sysfs access.
allow bluetooth sysfs_bluetooth_writable:file rw_file_perms;
allow bluetooth self:capability net_admin;
# Allow clients to use a socket provided by the bluetooth app.
allow bluetoothdomain bluetooth:unix_stream_socket { read write shutdown };
# tethering
allow bluetooth self:{ tun_socket udp_socket } { ioctl create };
allow bluetooth efs_file:dir search;
# Talk to init over the property socket.
unix_socket_connect(bluetooth, property, init)
# proc access.
allow bluetooth proc_bluetooth_writable:file rw_file_perms;
# bluetooth file transfers
allow bluetooth sdcard_internal:dir create_dir_perms;
allow bluetooth sdcard_internal:file create_file_perms;
# Allow write access to bluetooth specific properties
allow bluetooth bluetooth_prop:property_service set;
###
### Neverallow rules
###
### These are things that the bluetooth app should NEVER be able to do
###
# Superuser capabilities.
# bluetooth requires net_admin.
neverallow bluetooth self:capability ~net_admin;