From aae27dcdec80be64f36576545ecdf4e64975b7ed Mon Sep 17 00:00:00 2001
From: Pavlin Radoslavov <pavlin@google.com>
Date: Mon, 23 Nov 2015 17:07:51 -0800
Subject: [PATCH] Use GID "wakelock" to control access to kernel wakelock

Add missing usage of the wakelock_use() macro.

Bug: 25864142
Change-Id: I64ff471bcfcd50a6f035907ee124d149e8cda114
---
 bluetooth.te | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/bluetooth.te b/bluetooth.te
index e4b3ff71d..6ff7f4863 100644
--- a/bluetooth.te
+++ b/bluetooth.te
@@ -20,6 +20,7 @@ allow bluetooth { uhid_device hci_attach_dev }:chr_file rw_file_perms;
 allow bluetooth sysfs_bluetooth_writable:file rw_file_perms;
 allow bluetooth self:capability net_admin;
 allow bluetooth self:capability2 wake_alarm;
+wakelock_use(bluetooth);
 
 # tethering
 allow bluetooth self:tun_socket create_socket_perms;
@@ -57,6 +58,6 @@ allow bluetooth shell_data_file:file read;
 ###
 
 # Superuser capabilities.
-# bluetooth requires net_admin and wake_alarm.
+# bluetooth requires net_admin, wake_alarm and block_suspend
 neverallow bluetooth self:capability ~net_admin;
-neverallow bluetooth self:capability2 ~wake_alarm;
+neverallow bluetooth self:capability2 ~{wake_alarm block_suspend};
-- 
GitLab