From 536ddba8986a0039f77809232477485dde6995a8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9rgio=20Faria?= <sergio91pt@gmail.com>
Date: Sun, 29 Jun 2014 13:11:27 +0100
Subject: [PATCH] Allow setopt on bluetooth's unix_stream_socket.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This is extremely useful as it allows timeouts on the socket.
Since ioctl is allowed, setopt shouldn't be a problem.

Resolves denials, in 3rd party apps, such as:

avc:  denied  { setopt } for  pid=18107 comm="AudioRouter-6"
scontext=u:r:untrusted_app:s0 tcontext=u:r:bluetooth:s0
tclass=unix_stream_socket

Change-Id: I6f38d7b86983c517575b735f43b62a2ed811e81c
Signed-off-by: Sérgio Faria <sergio91pt@gmail.com>
---
 bluetooth.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bluetooth.te b/bluetooth.te
index 7d56d45e6..4e274c492 100644
--- a/bluetooth.te
+++ b/bluetooth.te
@@ -31,7 +31,7 @@ allow bluetooth self:capability net_admin;
 
 # Allow clients to use a socket provided by the bluetooth app.
 # TODO:  See if this is still required under bluedroid.
-allow bluetoothdomain bluetooth:unix_stream_socket { getopt getattr read write ioctl shutdown };
+allow bluetoothdomain bluetooth:unix_stream_socket { getopt setopt getattr read write ioctl shutdown };
 
 # tethering
 allow bluetooth self:tun_socket create_socket_perms;
-- 
GitLab