From 5b38c47b7e53371f7c400cf9c0f312a1f147dce9 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Tue, 29 Oct 2013 12:45:10 -0700
Subject: [PATCH] Allow bluetooth to write to bluetooth properties

Some bluetooth implementations write to bluetooth.* properties.
It seems reasonable to allow this for all bluetooth implementations.

This addresses the following denial (seen on mako):

<4>[  132.182755] avc:  denied  { set } for property=bluetooth.hciattach scontext=u:r:bluetooth:s0 tcontext=u:object_r:bluetooth_prop:s0 tclass=property_service

Change-Id: I6d92c0ff108838dd1107c5fb3c436699ef824814
---
 bluetooth.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/bluetooth.te b/bluetooth.te
index 2403a5513..32ee842dc 100644
--- a/bluetooth.te
+++ b/bluetooth.te
@@ -39,6 +39,9 @@ allow bluetooth proc_bluetooth_writable:file rw_file_perms;
 allow bluetooth sdcard_internal:dir create_dir_perms;
 allow bluetooth sdcard_internal:file create_file_perms;
 
+# Allow write access to bluetooth specific properties
+allow bluetooth bluetooth_prop:property_service set;
+
 ###
 ### Neverallow rules
 ###
-- 
GitLab