From f8c96056cd5f639ed8412285cdb6a13e14abd42e Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Tue, 4 Mar 2014 13:34:54 -0500
Subject: [PATCH] Allow getopt / getattr to bluetooth unix_stream_socket.

Resolve denials such as:

avc:  denied  { getattr } for  pid=16226 comm="Thread-2096" path="socket:[414657]" dev="sockfs" ino=414657 scontext=u:r:untrusted_app:s0 tcontext=u:r:bluetooth:s0 tclass=unix_stream_socket

avc:  denied  { getopt } for  pid=5890 comm="FinalizerDaemon" scontext=u:r:untrusted_app:s0 tcontext=u:r:bluetooth:s0 tclass=unix_stream_socket

(cherry picked from commit 495e9d12b97cfaf3d6efb007b7b68217c2b94ba8)

Change-Id: Ie38979416b36b4452375d58baff46f14b78f1bad
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 bluetooth.te | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/bluetooth.te b/bluetooth.te
index 81c229848..835d7bee4 100644
--- a/bluetooth.te
+++ b/bluetooth.te
@@ -26,7 +26,8 @@ allow bluetooth sysfs_bluetooth_writable:file rw_file_perms;
 allow bluetooth self:capability net_admin;
 
 # Allow clients to use a socket provided by the bluetooth app.
-allow bluetoothdomain bluetooth:unix_stream_socket { read write shutdown };
+# TODO:  See if this is still required under bluedroid.
+allow bluetoothdomain bluetooth:unix_stream_socket { getopt getattr read write shutdown };
 
 # tethering
 allow bluetooth self:{ tun_socket udp_socket } { ioctl create };
-- 
GitLab