From 09f6a99b667c63cb4084583df10b13cde9b1e78a Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Mon, 13 Jan 2014 09:14:15 -0500
Subject: [PATCH] Allow mediaserver to connect to bluetooth.

Re-purpose the existing bluetooth_socket type, originally
for /dev/socket/bluetooth used by bluetoothd in the old
bluetooth stack, for sockets created by bluedroid under
/data/misc/bluedroid, and allow mediaserver to connect
to such sockets.  This is required for playing audio
on paired BT devices.

Based on b/12417855.

Change-Id: I24ecdf407d066e7c4939ed2a0edb97222a1879f6
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 app.te         | 1 -
 bluetooth.te   | 4 ++++
 file_contexts  | 1 -
 mediaserver.te | 4 ++++
 4 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/app.te b/app.te
index 14f343072..1ee307550 100644
--- a/app.te
+++ b/app.te
@@ -249,7 +249,6 @@ neverallow { appdomain -unconfineddomain } socket_device:sock_file write;
 
 # Unix domain sockets.
 neverallow { appdomain -unconfineddomain } adbd_socket:sock_file write;
-neverallow { appdomain -unconfineddomain } bluetooth_socket:sock_file write;
 neverallow { appdomain -unconfineddomain } installd_socket:sock_file write;
 neverallow { appdomain -bluetooth -radio -shell -system_app -unconfineddomain }
     property_socket:sock_file write;
diff --git a/bluetooth.te b/bluetooth.te
index 6b48ed48d..a46ace80a 100644
--- a/bluetooth.te
+++ b/bluetooth.te
@@ -7,6 +7,10 @@ app_domain(bluetooth)
 allow bluetooth bluetooth_data_file:dir create_dir_perms;
 allow bluetooth bluetooth_data_file:notdevfile_class_set create_file_perms;
 
+# Socket creation under /data/misc/bluedroid.
+type_transition bluetooth bluetooth_data_file:sock_file bluetooth_socket;
+allow bluetooth bluetooth_socket:sock_file create_file_perms;
+
 # bluetooth factory file accesses.
 r_dir_file(bluetooth, bluetooth_efs_file)
 
diff --git a/file_contexts b/file_contexts
index c0d7e6515..f593f6db0 100644
--- a/file_contexts
+++ b/file_contexts
@@ -75,7 +75,6 @@
 /dev/snd(/.*)?		u:object_r:audio_device:s0
 /dev/socket(/.*)?	u:object_r:socket_device:s0
 /dev/socket/adbd	u:object_r:adbd_socket:s0
-/dev/socket/bluetooth	u:object_r:bluetooth_socket:s0
 /dev/socket/dnsproxyd	u:object_r:dnsproxyd_socket:s0
 /dev/socket/dumpstate	u:object_r:dumpstate_socket:s0
 /dev/socket/gps		u:object_r:gps_socket:s0
diff --git a/mediaserver.te b/mediaserver.te
index 7589ee8ba..46a9587ca 100644
--- a/mediaserver.te
+++ b/mediaserver.te
@@ -66,3 +66,7 @@ allow mediaserver rild:unix_stream_socket { connectto read write setopt };
 # Needed on some devices for playing DRM protected content,
 # but seems expected and appropriate for all devices.
 unix_socket_connect(mediaserver, drmserver, drmserver)
+
+# Needed on some devices for playing audio on paired BT device,
+# but seems appropriate for all devices.
+unix_socket_connect(mediaserver, bluetooth, bluetooth)
-- 
GitLab