From 4a0c8036a8b832c4563bcc30e532dbb28e52e15d Mon Sep 17 00:00:00 2001
From: Daniel Rosenberg <drosen@google.com>
Date: Wed, 6 Apr 2016 13:04:44 -0700
Subject: [PATCH] Expand bluetooth access to media_rw_data_file for now.

With sdcardfs, we no longer have a separate sdcardd acting as
an intermediate between the outside world and /data/media.
Unless we modify sdcardfs to change contexts, we need these.

Remove this patch if sdcardfs is updated to change the
secontext of fs accesses.

Bug: 28040634

Change-Id: I492c87e9f232c57f43abd09b7864b52847bc3555
---
 bluetooth.te | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/bluetooth.te b/bluetooth.te
index ff664abbb..4b20a5828 100644
--- a/bluetooth.te
+++ b/bluetooth.te
@@ -57,7 +57,8 @@ allow bluetooth shell_data_file:file read;
 # Access to /data/media.
 # This should be removed if sdcardfs is modified to alter the secontext for its
 # accesses to the underlying FS.
-allow bluetooth media_rw_data_file:dir search;
+allow bluetooth media_rw_data_file:dir create_dir_perms;
+allow bluetooth media_rw_data_file:file create_file_perms;
 
 ###
 ### Neverallow rules
-- 
GitLab