From a1f903dab202fac48b2e24a7850732a1b3c8e0f1 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Fri, 11 Dec 2015 16:39:15 -0800
Subject: [PATCH] bluetoothdomain.te: drop bluetooth unix_stream_socket
 auditallow

Yes, it's being used.

  type=1400 audit(0.0:19391): avc: granted { read write } for comm="Binder_4" path="socket:[1354209]" dev="sockfs" ino=1354209 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:r:bluetooth:s0 tclass=unix_stream_socket
  type=1400 audit(0.0:19392): avc: granted { read } for comm="pandora.android" scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:r:bluetooth:s0 tclass=unix_stream_socket
  type=1400 audit(0.0:19393): avc: granted { read } for comm="TransportReader" scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:r:bluetooth:s0 tclass=unix_stream_socket
  type=1400 audit(0.0:19398): avc: granted { shutdown } for comm="AppLinkBluetoot" scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:r:bluetooth:s0 tclass=unix_stream_socket
  type=1400 audit(0.0:19400): avc: granted { getopt } for comm="AppLinkBluetoot" scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:r:bluetooth:s0 tclass=unix_stream_socket
  type=1400 audit(0.0:12517): avc: granted { write } for comm="MultiQueueWrite" scontext=u:r:priv_app:s0:c512,c768 tcontext=u:r:bluetooth:s0 tclass=unix_stream_socket
  type=1400 audit(0.0:12563): avc: granted { read } for comm="WearableReader" scontext=u:r:priv_app:s0:c512,c768 tcontext=u:r:bluetooth:s0 tclass=unix_stream_socket

and a lot more...

Bug: 25767747
Change-Id: I15f89be1f44eef471e432e6d9f9ecb60a43801f8
---
 bluetoothdomain.te | 2 --
 1 file changed, 2 deletions(-)

diff --git a/bluetoothdomain.te b/bluetoothdomain.te
index a84ddf88d..7fed3ae4f 100644
--- a/bluetoothdomain.te
+++ b/bluetoothdomain.te
@@ -8,6 +8,4 @@ allow bluetoothdomain self:socket create_socket_perms;
 auditallow { bluetoothdomain -system_server } self:socket create_socket_perms;
 
 # Allow clients to use a socket provided by the bluetooth app.
-# TODO:  See if this is still required under bluedroid. (b/25767747)
 allow bluetoothdomain bluetooth:unix_stream_socket { getopt setopt getattr read write ioctl shutdown };
-auditallow bluetoothdomain bluetooth:unix_stream_socket { getopt setopt getattr read write ioctl shutdown };
-- 
GitLab