Policy for hci_attach service.

7fa2f9e0 · William Roberts · Stephen Smalley · efd6d6e0 · 7fa2f9e0 · 7fa2f9e0
Commit 7fa2f9e0 authored 12 years ago by William Roberts Committed by Stephen Smalley 12 years ago
--- a/device.te
+++ b/device.te
@@ -37,3 +37,9 @@ type urandom_device, dev_type;
 type video_device, dev_type;
 type vcs_device, dev_type;
 type zero_device, dev_type;
+# All devices have a uart for the hci
+# attach service. The uart dev node
+# varies per device. This type
+# is used in per device policy
+type hci_attach_dev, dev_type;
--- a/file.te
+++ b/file.te
@@ -56,6 +56,11 @@ type efs_file, file_type;
 # Type for wallpaper file.
 type wallpaper_file, file_type;
+# All devices have bluetooth efs files. But they
+# vary per device, so this type is used in per
+# defice policy
+type bluetooth_efs_file, file_type;
 # Socket types
 type bluetooth_socket, file_type;
 type dbus_socket, file_type;

--- a/hci_attach.te
+++ b/hci_attach.te
+type hci_attach, domain;
+type hci_attach_exec, exec_type, file_type;
+init_daemon_domain(hci_attach)
+allow hci_attach kernel:system module_request;
+allow hci_attach hci_attach_dev:chr_file rw_file_perms;
+allow hci_attach bluetooth_efs_file:dir r_dir_perms;
+allow hci_attach bluetooth_efs_file:file r_file_perms;
--- a/rild.te
+++ b/rild.te
@@ -17,6 +17,7 @@ allow rild mtd_device:dir search;
 allow rild efs_file:dir create_dir_perms;
 allow rild efs_file:file create_file_perms;
 allow rild shell_exec:file rx_file_perms;
+allow rild bluetooth_efs_file:file r_file_perms;
 dontaudit rild self:capability sys_admin;
 # XXX Label sysfs files with a specific type?
 allow rild sysfs:file rw_file_perms;