Allow bluetooth access to the tun device.

am: 9a1347ee * commit '9a1347ee': Allow bluetooth access to the tun device.

Allow bluetooth access to the tun device.
087601e0 · Nick Kralevich · android-build-merger · 0551e9e8 · 9a1347ee · 087601e0
Commit 087601e0 authored 9 years ago by Nick Kralevich Committed by android-build-merger 9 years ago
--- a/app.te
+++ b/app.te
@@ -408,6 +408,3 @@ neverallow appdomain {
  security_file
  tmpfs
 }:lnk_file no_w_file_perms;
-# Do not allow Apps to directly open tun_device
-neverallow appdomain tun_device:chr_file open;
--- a/bluetooth.te
+++ b/bluetooth.te
@@ -25,6 +25,7 @@ allow bluetooth self:capability2 wake_alarm;
 # tethering
 allow bluetooth self:tun_socket create_socket_perms;
+allow bluetooth tun_device:chr_file rw_file_perms;
 allow bluetooth efs_file:dir search;
 # proc access.

--- a/isolated_app.te
+++ b/isolated_app.te
@@ -29,6 +29,9 @@ allow isolated_app self:process ptrace;
 ##### Neverallow
 #####
+# Do not allow isolated_app to directly open tun_device
+neverallow isolated_app tun_device:chr_file open;
 # Do not allow isolated_app to set system properties.
 neverallow isolated_app property_socket:sock_file write;
 neverallow isolated_app property_type:property_service set;

--- a/untrusted_app.te
+++ b/untrusted_app.te
@@ -170,3 +170,6 @@ neverallow untrusted_app {
    -coredump_file          # userdebug/eng only
  ')
 }:dir_file_class_set { create unlink };
+# Do not allow untrusted_app to directly open tun_device
+neverallow untrusted_app tun_device:chr_file open;