1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
#Adding all bt related service to bt domains
type sapd, bluetoothdomain;
type sapd_exec, exec_type, file_type;
domain_auto_trans(init, sapd_exec, bluetooth)
type dun-server, bluetoothdomain;
type dun-server_exec, exec_type, file_type;
domain_auto_trans(init, dun-server_exec, bluetooth)
type btsnoop, bluetoothdomain;
type btsnoop_exec, exec_type, file_type;
domain_auto_trans(init, btsnoop_exec, bluetooth)
#BT needes read and write on smd device node
allow bluetooth smd_device:chr_file rw_file_perms;
allow bluetooth bluetooth_prop:property_service set;
allow bluetooth serial_device:chr_file rw_file_perms;
allow bluetooth sysfs:file rw_file_perms;
#BT Snoop logging
allow bluetooth self:tcp_socket { create setopt bind accept listen };
allow bluetooth port:tcp_socket name_bind;
allow bluetooth node:tcp_socket node_bind;
allow bluetooth uhid_device:chr_file rw_file_perms;
allow bluetooth input_device:chr_file { open read write ioctl };
allow bluetooth persist_file:dir search;
allow bluetooth persist_file:file rw_file_perms;
#For bluetooth firmware
allow bluetooth bt_firmware_file:dir r_dir_perms;
allow bluetooth bt_firmware_file:file r_file_perms;
#dun-server requires interaction with net_domain socket
net_domain(bluetooth);
#dun-server requires binding with system_app and servicemanager
binder_use(bluetooth);
binder_call(bluetooth, system_app);
binder_call(bluetooth, servicemanager);
#sapd requires interaction with qmux sockets
qmux_socket(bluetooth);
|
