Allow bluetooth access to the tun device.

Bluetooth uses the tun device for tethering. Allow access.

  STEPS TO REPRODUCE:
  0. Have two devices to test on, say Device A and Device B
  1. On Device A, Go to settings ->Bluetooth .
  2. Turn on the Bluetooth .
  3. Pair it with device B
  4. Tap on the paired device

  OBSERVED RESULTS:
  -Bluetooth share crash is observed with "Bluetooth share has stopped"
  error message
  -Unable to use Bluetooth tethering due to this issue

  EXPECTED RESULTS:
  No crash and Bluetooth devices should be able to connect for tethering

Addresses the following denial:

com.android.bluetooth: type=1400 audit(0.0:131): avc: denied { open }
for comm=425420536572766963652043616C6C path="/dev/tun" dev="tmpfs"
ino=12340 scontext=u:r:bluetooth:s0 tcontext=u:object_r:tun_device:s0
tclass=chr_file permissive=0

Bug: 27372573
Change-Id: I07724d8d68ffcdda691f1179787a4f40a0ab1c73

app.te

@@ -408,6 +408,3 @@ neverallow appdomain {
   security_file
   tmpfs
 }:lnk_file no_w_file_perms;
-
-# Do not allow Apps to directly open tun_device
-neverallow appdomain tun_device:chr_file open;

bluetooth.te

@@ -25,6 +25,7 @@ allow bluetooth self:capability2 wake_alarm;
 
 # tethering
 allow bluetooth self:tun_socket create_socket_perms;
+allow bluetooth tun_device:chr_file rw_file_perms;
 allow bluetooth efs_file:dir search;
 
 # proc access.

isolated_app.te

@@ -29,6 +29,9 @@ allow isolated_app self:process ptrace;
 ##### Neverallow
 #####
 
+# Do not allow isolated_app to directly open tun_device
+neverallow isolated_app tun_device:chr_file open;
+
 # Do not allow isolated_app to set system properties.
 neverallow isolated_app property_socket:sock_file write;
 neverallow isolated_app property_type:property_service set;

untrusted_app.te

@@ -170,3 +170,6 @@ neverallow untrusted_app {
     -coredump_file          # userdebug/eng only
   ')
 }:dir_file_class_set { create unlink };
+
+# Do not allow untrusted_app to directly open tun_device
+neverallow untrusted_app tun_device:chr_file open;