From 77eb35263f40607e36fdcd85d95050a4ecedb6b8 Mon Sep 17 00:00:00 2001
From: Sharvil Nanavati <sharvil@google.com>
Date: Sun, 29 Jun 2014 10:45:03 -0700
Subject: [PATCH] Grant Bluetooth CAP_WAKE_ALARM so it can use the POSIX timer
 API for wake alarms.

Change-Id: Ic7b25e79116b90378e5e89a879d8e6b87e4f052e
---
 app.te       | 4 ++--
 bluetooth.te | 4 +++-
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/app.te b/app.te
index 91210f571..491e785b8 100644
--- a/app.te
+++ b/app.te
@@ -185,9 +185,9 @@ use_keystore(appdomain)
 ###
 
 # Superuser capabilities.
-# bluetooth requires net_admin.
+# bluetooth requires net_admin and wake_alarm.
 neverallow { appdomain -unconfineddomain -bluetooth } self:capability *;
-neverallow { appdomain -unconfineddomain } self:capability2 *;
+neverallow { appdomain -unconfineddomain -bluetooth } self:capability2 *;
 
 # Block device access.
 neverallow { appdomain -unconfineddomain } dev_type:blk_file { read write };
diff --git a/bluetooth.te b/bluetooth.te
index 4e274c492..619ce7f7c 100644
--- a/bluetooth.te
+++ b/bluetooth.te
@@ -28,6 +28,7 @@ allow bluetoothdomain self:socket create_socket_perms;
 # sysfs access.
 allow bluetooth sysfs_bluetooth_writable:file rw_file_perms;
 allow bluetooth self:capability net_admin;
+allow bluetooth self:capability2 wake_alarm;
 
 # Allow clients to use a socket provided by the bluetooth app.
 # TODO:  See if this is still required under bluedroid.
@@ -55,5 +56,6 @@ allow bluetooth ctl_dhcp_pan_prop:property_service set;
 ###
 
 # Superuser capabilities.
-# bluetooth requires net_admin.
+# bluetooth requires net_admin and wake_alarm.
 neverallow { bluetooth -unconfineddomain } self:capability ~net_admin;
+neverallow { bluetooth -unconfineddomain } self:capability2 ~wake_alarm;
-- 
GitLab