From 9819a6cba32a124a48ad4c4d41a7eadc1bd2957f Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Fri, 19 Dec 2014 16:43:41 -0800
Subject: [PATCH] bluetooth: allow sending bugreports via bluetooth

Bluetooth can receive bugreport data for beaming to another device.
This comes across as an open file descriptor. Allow bluetooth access
to bugreports.

Addresses the following denial:

  avc: denied { read } for path="/data/data/com.android.shell/files/bugreports/bugreport-2014-12-19-15-35-32.txt" dev="dm-0" ino=662738 scontext=u:r:bluetooth:s0 tcontext=u:object_r:shell_data_file:s0 tclass=file permissive=0

Change-Id: I7be2ce2e0e48323c1e8f932be17b434b89daf085
---
 bluetooth.te | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/bluetooth.te b/bluetooth.te
index d6adc3b49..60ce11858 100644
--- a/bluetooth.te
+++ b/bluetooth.te
@@ -53,6 +53,11 @@ allow bluetooth bluetooth_service:service_manager find;
 allow bluetooth radio_service:service_manager find;
 allow bluetooth system_server_service:service_manager find;
 
+# already open bugreport file descriptors may be shared with
+# the bluetooth process, from a file in
+# /data/data/com.android.shell/files/bugreports/bugreport-*.
+allow bluetooth shell_data_file:file read;
+
 ###
 ### Neverallow rules
 ###
-- 
GitLab