From 7e3802162387b0ddcc641bc9061dbaf75e42298b Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Mon, 22 Aug 2016 17:29:46 -0700
Subject: [PATCH] fix build: exclude bluetooth from neverallow restriction

Bluetooth is sometimes started from init.

Addresses the following compiler error:

  libsepol.report_failure: neverallow on line 489 of
  system/sepolicy/domain.te (or line 9149 of policy.conf) violated by
  allow init bluetooth:process { transition };
  libsepol.check_assertions: 1 neverallow failures occurred
  Error while expanding policy

Change-Id: I2bc1e15217892e1ba2a62c9683af0f3c0aa16b86
---
 domain.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/domain.te b/domain.te
index 332db9401..a853b3a3d 100644
--- a/domain.te
+++ b/domain.te
@@ -485,7 +485,7 @@ neverallow {
 
 # Only domains spawned from zygote and runas may have the appdomain attribute.
 neverallow { domain -runas -zygote } {
-  appdomain -shell userdebug_or_eng(`-su')
+  appdomain -shell userdebug_or_eng(`-su') -bluetooth
 }:process { transition dyntransition };
 
 # Minimize read access to shell- or app-writable symlinks.
-- 
GitLab