#Adding all bt related service to bt domains type sapd, bluetoothdomain, domain_deprecated; type sapd_exec, exec_type, file_type; domain_auto_trans(init, sapd_exec, bluetooth) type dun-server, bluetoothdomain, domain_deprecated; type dun-server_exec, exec_type, file_type; domain_auto_trans(init, dun-server_exec, bluetooth) type btsnoop, bluetoothdomain, domain_deprecated; type btsnoop_exec, exec_type, file_type; domain_auto_trans(init, btsnoop_exec, bluetooth) type btnvtool, bluetoothdomain, domain_deprecated; type btnvtool_exec, exec_type, file_type; domain_auto_trans(init, btnvtool_exec, bluetooth) type fmhal_service, bluetoothdomain, domain_deprecated; type fmhal_service_exec, exec_type, file_type; domain_auto_trans(init, fmhal_service_exec, bluetooth) allow bluetooth bluetooth_prop:property_service set; allow bluetooth sysfs:file w_file_perms; #Access to /data/media allow bluetooth media_rw_data_file:dir create_dir_perms; allow bluetooth media_rw_data_file:file create_file_perms; #allow proc_sysrq access for crash dump userdebug_or_eng(` allow bluetooth proc_sysrq:file w_file_perms; #allow bluetooth debugfs:file r_file_perms; ') allow bluetooth { uhid_device input_device serial_device #BT needes read and write on smd device node smd_device bt_device }:chr_file rw_file_perms; #Access to persist_file allow bluetooth persist_bluetooth_file:dir rw_dir_perms; allow bluetooth persist_bluetooth_file:file create_file_perms; r_dir_file(bluetooth, persist_file) allow bluetooth persist_file:file w_file_perms; allow bluetooth self:socket { create ioctl write getopt read }; #For bluetooth firmware r_dir_file(bluetooth, bt_firmware_file) #dun-server requires binding with system_app and servicemanager binder_use(bluetooth); binder_call(bluetooth, system_app); binder_call(bluetooth, servicemanager); allow bluetooth dun_service:service_manager find; #sapd requires interaction with qmux sockets qmux_socket(bluetooth); # for finding wbc_service allow bluetooth wbc_service:service_manager find; # for fastmmi test bluetooth allow bluetooth mmi:unix_stream_socket connectto; #connect to wcnss_filter allow bluetooth wcnss_filter:unix_stream_socket connectto;