Disallow HAL access to Bluetooth data files

Devices that store their BT MAC address in /data/misc/bluedroid/ need to find another place for that file. Bug: 36602160 Test: Restart Bluetooth, check for selinux denials/files in /data/misc Change-Id: Ib8d610f201a8c35f95b464c24857c6639205bc66

Disallow HAL access to Bluetooth data files
1317b4ca · Myles Watson · 36c8f160 · 1317b4ca · 1317b4ca
Commit 1317b4ca authored 7 years ago by Myles Watson
--- a/public/hal_bluetooth.te
+++ b/public/hal_bluetooth.te
@@ -12,9 +12,6 @@ r_dir_file(hal_bluetooth, bluetooth_efs_file)

 allow hal_bluetooth { uhid_device hci_attach_dev }:chr_file rw_file_perms;

-# Access to config files to look for a Bluetooth address
-r_dir_file(hal_bluetooth, bluetooth_data_file)
-
 # sysfs access.
 r_dir_file(hal_bluetooth, sysfs_type)
 allow hal_bluetooth sysfs_bluetooth_writable:file rw_file_perms;

--- a/vendor/hal_bluetooth_default.te
+++ b/vendor/hal_bluetooth_default.te
@@ -3,11 +3,3 @@ hal_server_domain(hal_bluetooth_default, hal_bluetooth)

 type hal_bluetooth_default_exec, exec_type, file_type;
 init_daemon_domain(hal_bluetooth_default)
-
-# Logging for backward compatibility
-allow hal_bluetooth_default bluetooth_data_file:dir ra_dir_perms;
-allow hal_bluetooth_default bluetooth_data_file:file create_file_perms;
-
-# TODO (b/36602160) Remove hal_bluetooth's access to the Bluetooth app's
-# data type. Remove coredata_in_vendor_violators attribute.
-typeattribute hal_bluetooth_default coredata_in_vendor_violators;