NekoSakura/android_device_mediatek_sepolicy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
android_device_mediatek_sep.../non_plat/mtk_hal_bluetooth.te
Peng Qi 9e04bd90cc [ALPS03893095] Selinux: MTK BT HAL 
[Detail]
AOSP has defined neverallow rules
to restrict direct access to system files.

[Solution]
Since MTK does not use "/data/misc/bluedroid/" to
store BT address. It should be alright to remove
this kind of thing.

MTK-Commit-Id: 5b3aae9aebd39c24a3846c27c7ca9fceda9513d3

Change-Id: I5a8420e9f5259259b2bd11a6da033a140f0bea7c
CR-Id: ALPS03893095
Feature: BT Chipset Capability
2020-01-18 09:39:50 +08:00

46 lines
1.6 KiB
Plaintext
Raw Blame History

type mtk_hal_bluetooth, domain;
type mtk_hal_bluetooth_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(mtk_hal_bluetooth)
r_dir_file(mtk_hal_bluetooth, system_file)
# call into the Bluetooth process (callbacks)
binder_call(mtk_hal_bluetooth, bluetooth)
hwbinder_use(mtk_hal_bluetooth);
wakelock_use(mtk_hal_bluetooth);
# bluetooth factory file accesses.
r_dir_file(mtk_hal_bluetooth, bluetooth_efs_file)
allow mtk_hal_bluetooth { uhid_device hci_attach_dev }:chr_file rw_file_perms;
# sysfs access.
r_dir_file(mtk_hal_bluetooth, sysfs_type)
allow mtk_hal_bluetooth sysfs_bluetooth_writable:file rw_file_perms;
allow mtk_hal_bluetooth self:capability2 wake_alarm;
# Allow write access to bluetooth-specific properties
set_prop(mtk_hal_bluetooth, bluetooth_prop)
# /proc access (bluesleep etc.).
allow mtk_hal_bluetooth proc_bluetooth_writable:file rw_file_perms;
# VTS tests need to be able to toggle rfkill
allow mtk_hal_bluetooth self:capability net_admin;
# Purpose : Set to access stpbt driver & NVRAM
allow mtk_hal_bluetooth stpbt_device:chr_file rw_file_perms;
allow mtk_hal_bluetooth nvdata_file:dir search;
allow mtk_hal_bluetooth nvdata_file:file rw_file_perms;
allow mtk_hal_bluetooth nvram_data_file:lnk_file read;
allow mtk_hal_bluetooth nvdata_file:lnk_file read;
allow mtk_hal_bluetooth hwservicemanager_prop:file r_file_perms;
add_hwservice(hal_bluetooth, mtk_hal_bluetooth_hwservice)
allow hal_bluetooth_client mtk_hal_bluetooth_hwservice:hwservice_manager find;
allow mtk_hal_bluetooth system_data_file:lnk_file read;
hal_server_domain(mtk_hal_bluetooth,hal_bluetooth);
Reference in New Issue View Git Blame Copy Permalink