Only the bluetooth app may run in the bluetooth domain

Remove neverallow exemption allowing other processes to run in the bluetooth app's selinux domain. The bluetooth domain is intended to host the zygote spawned bluetooth app. It is not intended to host other bluetooth related processes. Please define new domains for these processes. Test: build Marlin Change-Id: I1fd3dd0fe85f73457d77b63a65b4307821cbd41c

Only the bluetooth app may run in the bluetooth domain
67b40378 · Jeff Vander Stoep · 47061e59 · 67b40378
Commit 67b40378 authored 7 years ago by Jeff Vander Stoep
--- a/public/domain.te
+++ b/public/domain.te
@@ -597,7 +597,7 @@ neverallow {

 # Only domains spawned from zygote and runas may have the appdomain attribute.
 neverallow { domain -runas -webview_zygote -zygote } {
-  appdomain -shell userdebug_or_eng(`-su') -bluetooth
+  appdomain -shell userdebug_or_eng(`-su')
 }:process { transition dyntransition };

 # Minimize read access to shell- or app-writable symlinks.