From 84edadca92139f86a44e0e0780e491135eee0285 Mon Sep 17 00:00:00 2001
From: Myles Watson <mylesgw@google.com>
Date: Wed, 29 Mar 2017 14:02:08 -0700
Subject: [PATCH] Disallow HAL access to Bluetooth data files

Devices that store their BT MAC address in /data/misc/bluedroid/ need
to find another place for that file.

Bug: 36602160
Test: Restart Bluetooth, check for selinux denials/files in /data/misc
Change-Id: Ib8d610f201a8c35f95b464c24857c6639205bc66
---
 public/hal_bluetooth.te         | 3 ---
 vendor/hal_bluetooth_default.te | 8 --------
 2 files changed, 11 deletions(-)

diff --git a/public/hal_bluetooth.te b/public/hal_bluetooth.te
index e9679de5c..46fd9d718 100644
--- a/public/hal_bluetooth.te
+++ b/public/hal_bluetooth.te
@@ -12,9 +12,6 @@ r_dir_file(hal_bluetooth, bluetooth_efs_file)
 
 allow hal_bluetooth { uhid_device hci_attach_dev }:chr_file rw_file_perms;
 
-# Access to config files to look for a Bluetooth address
-r_dir_file(hal_bluetooth, bluetooth_data_file)
-
 # sysfs access.
 r_dir_file(hal_bluetooth, sysfs_type)
 allow hal_bluetooth sysfs_bluetooth_writable:file rw_file_perms;
diff --git a/vendor/hal_bluetooth_default.te b/vendor/hal_bluetooth_default.te
index 54f2abf40..e32770dc8 100644
--- a/vendor/hal_bluetooth_default.te
+++ b/vendor/hal_bluetooth_default.te
@@ -3,11 +3,3 @@ hal_server_domain(hal_bluetooth_default, hal_bluetooth)
 
 type hal_bluetooth_default_exec, exec_type, file_type;
 init_daemon_domain(hal_bluetooth_default)
-
-# Logging for backward compatibility
-allow hal_bluetooth_default bluetooth_data_file:dir ra_dir_perms;
-allow hal_bluetooth_default bluetooth_data_file:file create_file_perms;
-
-# TODO (b/36602160) Remove hal_bluetooth's access to the Bluetooth app's
-# data type. Remove coredata_in_vendor_violators attribute.
-typeattribute hal_bluetooth_default coredata_in_vendor_violators;
-- 
GitLab