From cb835a2852997dde0be2941173f8c879ebbef157 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Mon, 23 Nov 2015 17:15:11 -0800
Subject: [PATCH] Add auditallow for bluetoothdomain rules
Let's see if it's safe to get rid of them.
Bug: 25768265
Bug: 25767747
Change-Id: Iaf022b4dafe1cc9eab871c8d7ec5afd3cf20bf96
---
bluetoothdomain.te | 6 ++++--
system_server.te | 4 ++++
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/bluetoothdomain.te b/bluetoothdomain.te
index 9626e4b4b..a84ddf88d 100644
--- a/bluetoothdomain.te
+++ b/bluetoothdomain.te
@@ -3,9 +3,11 @@
# bluetooth sockets, nor does it distinguish among the bluetooth protocols.
# TODO: This should no longer be needed with bluedroid for bluetooth
# but may be getting used for other non-bluetooth sockets that has no
-# specific class defined. Consider taking to specific domains.
+# specific class defined. Consider taking to specific domains. (b/25768265)
allow bluetoothdomain self:socket create_socket_perms;
+auditallow { bluetoothdomain -system_server } self:socket create_socket_perms;
# Allow clients to use a socket provided by the bluetooth app.
-# TODO: See if this is still required under bluedroid.
+# TODO: See if this is still required under bluedroid. (b/25767747)
allow bluetoothdomain bluetooth:unix_stream_socket { getopt setopt getattr read write ioctl shutdown };
+auditallow bluetoothdomain bluetooth:unix_stream_socket { getopt setopt getattr read write ioctl shutdown };
diff --git a/system_server.te b/system_server.te
index 476a6be62..96d8773f7 100644
--- a/system_server.te
+++ b/system_server.te
@@ -65,6 +65,10 @@ allow system_server self:netlink_kobject_uevent_socket create_socket_perms;
# Use generic netlink sockets.
allow system_server self:netlink_socket create_socket_perms;
+# Use generic "sockets" where the address family is not known
+# to the kernel.
+allow system_server self:socket create_socket_perms;
+
# Set and get routes directly via netlink.
allow system_server self:netlink_route_socket nlmsg_write;
--
GitLab