Add auditallow for bluetoothdomain rules

am: cb835a28 * commit 'cb835a28': Add auditallow for bluetoothdomain rules

Add auditallow for bluetoothdomain rules
4eee8138 · Nick Kralevich · android-build-merger · a049bb30 · cb835a28 · 4eee8138
Commit 4eee8138 authored 9 years ago by Nick Kralevich Committed by android-build-merger 9 years ago
--- a/bluetoothdomain.te
+++ b/bluetoothdomain.te
@@ -3,9 +3,11 @@
 # bluetooth sockets, nor does it distinguish among the bluetooth protocols.
 # TODO: This should no longer be needed with bluedroid for bluetooth
 # but may be getting used for other non-bluetooth sockets that has no
-# specific class defined.  Consider taking to specific domains.
+# specific class defined.  Consider taking to specific domains. (b/25768265)
 allow bluetoothdomain self:socket create_socket_perms;
+auditallow { bluetoothdomain -system_server } self:socket create_socket_perms;
 # Allow clients to use a socket provided by the bluetooth app.
-# TODO:  See if this is still required under bluedroid.
+# TODO:  See if this is still required under bluedroid. (b/25767747)
 allow bluetoothdomain bluetooth:unix_stream_socket { getopt setopt getattr read write ioctl shutdown };
+auditallow bluetoothdomain bluetooth:unix_stream_socket { getopt setopt getattr read write ioctl shutdown };
--- a/system_server.te
+++ b/system_server.te
@@ -65,6 +65,10 @@ allow system_server self:netlink_kobject_uevent_socket create_socket_perms;
 # Use generic netlink sockets.
 allow system_server self:netlink_socket create_socket_perms;
+# Use generic "sockets" where the address family is not known
+# to the kernel.
+allow system_server self:socket create_socket_perms;
 # Set and get routes directly via netlink.
 allow system_server self:netlink_route_socket nlmsg_write;