Merge "Add selinux policy for Bluetooth HAL"

fc0dc89d · Treehugger Robot · Gerrit Code Review · dd70dfbe · be27f92a · fc0dc89d
Commit fc0dc89d authored 8 years ago by Treehugger Robot Committed by Gerrit Code Review 8 years ago
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -235,6 +235,7 @@
 /system/fake-lib(64)?/libart.*   u:object_r:libart_file:s0
 /system/lib(64)?/libart.*        u:object_r:libart_file:s0
 /system/bin/hw/android\.hardware\.audio@2\.0-service          u:object_r:hal_audio_default_exec:s0
+/system/bin/hw/android\.hardware\.bluetooth@1\.0-service      u:object_r:hal_bluetooth_default_exec:s0
 /system/bin/hw/android\.hardware\.boot@1\.0-service           u:object_r:hal_boot_exec:s0
 /system/bin/hw/android\.hardware\.contexthub@1\.0-service     u:object_r:hal_contexthub_default_exec:s0
 /system/bin/hw/android\.hardware\.dumpstate@1\.0-service      u:object_r:hal_dumpstate_default_exec:s0

--- a/private/hal_bluetooth_default.te
+++ b/private/hal_bluetooth_default.te
+type hal_bluetooth_default, hal_bluetooth, domain;
+type hal_bluetooth_default_exec, exec_type, file_type;
+init_daemon_domain(hal_bluetooth_default)
+# VTS tests need to be able to toggle rfkill
+userdebug_or_eng(`
+  allow hal_bluetooth_default self:capability net_admin;
+')
--- a/public/attributes
+++ b/public/attributes
@@ -116,6 +116,7 @@ attribute update_engine_common;
 # HALs
 attribute hal_audio;
+attribute hal_bluetooth;
 attribute hal_dumpstate;
 attribute hal_gatekeeper;
 attribute hal_graphics_allocator;

--- a/public/bluetooth.te
+++ b/public/bluetooth.te
@@ -60,6 +60,7 @@ allow bluetooth shell_data_file:file read;
 # Perform HwBinder IPC.
 hwbinder_use(bluetooth)
+binder_call(bluetooth, hal_bluetooth)
 binder_call(bluetooth, hal_telephony)
 ###

--- a/public/hal_bluetooth.te
+++ b/public/hal_bluetooth.te
+# hwbinder access
+hwbinder_use(hal_bluetooth)
+r_dir_file(hal_bluetooth, system_file)
+# call into the Bluetooth process (callbacks)
+binder_call(hal_bluetooth, bluetooth)
+wakelock_use(hal_bluetooth);
+# bluetooth factory file accesses.
+r_dir_file(hal_bluetooth, bluetooth_efs_file)
+allow hal_bluetooth { uhid_device hci_attach_dev }:chr_file rw_file_perms;
+# Access to config files to look for a Bluetooth address
+r_dir_file(hal_bluetooth, bluetooth_data_file)
+# sysfs access.
+r_dir_file(hal_bluetooth, sysfs_type)
+allow hal_bluetooth sysfs_bluetooth_writable:file rw_file_perms;
+allow hal_bluetooth self:capability2 wake_alarm;
+# Allow write access to bluetooth-specific properties
+set_prop(hal_bluetooth, bluetooth_prop)
--- a/public/system_server.te
+++ b/public/system_server.te
@@ -159,6 +159,7 @@ binder_service(system_server)
 # Perform HwBinder IPC.
 hwbinder_use(system_server)
+binder_call(system_server, hal_bluetooth)
 binder_call(system_server, hal_boot)
 binder_call(system_server, hal_contexthub)
 binder_call(system_server, hal_ir)