mirror of
https://git.kernel.org/pub/scm/bluetooth/bluez.git
synced 2024-11-23 12:14:26 +08:00
cba67bc192
This adds required policy files and updates documentation with more SELinux information.
48 lines
1.7 KiB
Plaintext
48 lines
1.7 KiB
Plaintext
type bluetoothd, domain;
|
|
type bluetoothd_exec, exec_type, file_type;
|
|
type bluetoothd_main_exec, exec_type, file_type;
|
|
|
|
# Start bluetoothd from init
|
|
init_daemon_domain(bluetoothd)
|
|
|
|
# Data file accesses
|
|
allow bluetoothd bluetooth_data_file:dir w_dir_perms;
|
|
allow bluetoothd bluetooth_data_file:notdevfile_class_set create_file_perms;
|
|
|
|
allow bluetoothd self:capability { setuid net_admin net_bind_service net_raw };
|
|
allow bluetoothd kernel:system module_request;
|
|
|
|
# TODO: this may be romoved for userbuild where we don't use bluetoothd_wrapper
|
|
allow bluetoothd bluetoothd_main_exec:file { execute execute_no_trans read open };
|
|
|
|
# IPC socket communication
|
|
allow bluetoothd self:socket { create_socket_perms accept listen setopt getopt };
|
|
|
|
# Allow clients to use a socket provided by the bluetooth app.
|
|
allow bluetoothd { bluetooth mediaserver }:unix_stream_socket connectto;
|
|
|
|
# Allow system app to use sockets and fds
|
|
allow bluetooth bluetoothd:fd use;
|
|
allow bluetooth bluetoothd:unix_stream_socket rw_socket_perms;
|
|
|
|
# Allow user bluetooth apps to use sockets and fds
|
|
allow bluetoothdomain bluetoothd:fd use;
|
|
allow bluetoothdomain bluetoothd:unix_stream_socket { getopt setopt getattr read write ioctl shutdown };
|
|
|
|
# Other domains that can create and use bluetooth sockets.
|
|
allow bluetoothdomain self:socket create_socket_perms;
|
|
|
|
#This we might should put to mediaserver.te ?
|
|
allow mediaserver bluetoothd:fd use;
|
|
allow mediaserver bluetoothd:socket rw_socket_perms;
|
|
|
|
# needs /system/bin/log access
|
|
allow bluetoothd devpts:chr_file rw_file_perms;
|
|
|
|
# access to uhid device
|
|
allow bluetoothd uhid_device:chr_file rw_file_perms;
|
|
|
|
# tethering
|
|
allow bluetoothd self:udp_socket create_socket_perms;
|
|
allow bluetoothd self:tcp_socket { create ioctl };
|