4 files changed, 12 insertions, 0 deletions

diff --git a/common/bluetooth.te b/common/bluetooth.te
index f2b9f065..84b77f64 100644
--- a/common/bluetooth.te
+++ b/common/bluetooth.te
@@ -11,6 +11,10 @@ type btsnoop, bluetoothdomain;
 type btsnoop_exec, exec_type, file_type;
 domain_auto_trans(init, btsnoop_exec, bluetooth)
 
+type btnvtool, bluetoothdomain;
+type btnvtool_exec, exec_type, file_type;
+domain_auto_trans(init, btnvtool_exec, bluetooth)
+
 type wcnss_filter, bluetoothdomain;
 type wcnss_filter_exec, exec_type, file_type;
 domain_auto_trans(init, wcnss_filter_exec, bluetooth)
@@ -36,9 +40,13 @@ allow bluetooth {
 }:chr_file rw_file_perms;
 
 #Access to persist_file
+allow bluetooth persist_bluetooth_file:dir rw_dir_perms;
+allow bluetooth persist_bluetooth_file:file create_file_perms;
 r_dir_file(bluetooth, persist_file)
 allow bluetooth persist_file:file w_file_perms;
 
+allow bluetooth self:socket { create ioctl write getopt read };
+
 #For bluetooth firmware
 r_dir_file(bluetooth, bt_firmware_file)
 
diff --git a/common/file.te b/common/file.te
index e3f1b3a9..b3b2885c 100644
--- a/common/file.te
+++ b/common/file.te
@@ -29,6 +29,7 @@ type data_test_data_file, file_type, data_file_type;
 type sysrq_trigger_proc, fs_type, mlstrustedobject;
 # Persist file types
 type persist_file, file_type;
+type persist_bluetooth_file, file_type;
 type persist_data_file, file_type;
 type persist_drm_file, file_type;
 type data_qsee_file, file_type;
diff --git a/common/file_contexts b/common/file_contexts
index cbc6b9a3..35605fc7 100644
--- a/common/file_contexts
+++ b/common/file_contexts
@@ -200,6 +200,7 @@
 /system/vendor/bin/seemp_healthd                u:object_r:seemp_health_daemon_exec:s0
 /system/bin/seempd                              u:object_r:seempd_exec:s0
 /system/bin/sapd                                u:object_r:sapd_exec:s0
+/system/bin/btnvtool                            u:object_r:btnvtool_exec:s0
 /system/bin/btsnoop                             u:object_r:btsnoop_exec:s0
 /system/bin/dun-server                          u:object_r:dun-server_exec:s0
 /system/bin/wfdservice                          u:object_r:wfdservice_exec:s0
@@ -305,6 +306,7 @@
 # persist files
 #
 /persist(/.*)?                                                      u:object_r:persist_file:s0
+/persist/bluetooth(/.*)?                                            u:object_r:persist_bluetooth_file:s0
 /persist/drm(/.*)?                                                  u:object_r:persist_drm_file:s0
 /persist/sensors(/.*)?                                              u:object_r:sensors_persist_file:s0
 /persist/data(/.*)?                                                 u:object_r:persist_drm_file:s0
diff --git a/common/mediaserver.te b/common/mediaserver.te
index 06980d79..2e412682 100644
--- a/common/mediaserver.te
+++ b/common/mediaserver.te
@@ -70,3 +70,4 @@ allow mediaserver system_app:unix_stream_socket { connectto read write setopt };
 #Allow mediaserver to access service manager STAProxyService
 #Allow mediaserver to access service manager wfdservice
 allow mediaserver { STAProxyService wfdservice_service }:service_manager find;
+allow mediaserver surfaceflinger:unix_stream_socket rw_socket_perms;