1# bluetooth subsystem
2type bluetooth, domain;
3app_domain(bluetooth)
4net_domain(bluetooth)
5
6# Data file accesses.
7allow bluetooth bluetooth_data_file:dir create_dir_perms;
8allow bluetooth bluetooth_data_file:notdevfile_class_set create_file_perms;
9
10# Socket creation under /data/misc/bluedroid.
11type_transition bluetooth bluetooth_data_file:sock_file bluetooth_socket;
12allow bluetooth bluetooth_socket:sock_file create_file_perms;
13
14# bluetooth factory file accesses.
15r_dir_file(bluetooth, bluetooth_efs_file)
16
17# Device accesses.
18allow bluetooth { tun_device uhid_device hci_attach_dev }:chr_file rw_file_perms;
19
20# Other domains that can create and use bluetooth sockets.
21# SELinux does not presently define a specific socket class for
22# bluetooth sockets, nor does it distinguish among the bluetooth protocols.
23# TODO: This should no longer be needed with bluedroid for bluetooth
24# but may be getting used for other non-bluetooth sockets that has no
25# specific class defined.  Consider taking to specific domains.
26allow bluetoothdomain self:socket create_socket_perms;
27
28# sysfs access.
29allow bluetooth sysfs_bluetooth_writable:file rw_file_perms;
30allow bluetooth self:capability net_admin;
31allow bluetooth self:capability2 wake_alarm;
32
33# Allow clients to use a socket provided by the bluetooth app.
34# TODO:  See if this is still required under bluedroid.
35allow bluetoothdomain bluetooth:unix_stream_socket { getopt setopt getattr read write ioctl shutdown };
36
37# tethering
38allow bluetooth self:tun_socket create_socket_perms;
39allow bluetooth efs_file:dir search;
40
41# proc access.
42allow bluetooth proc_bluetooth_writable:file rw_file_perms;
43
44# Allow write access to bluetooth specific properties
45set_prop(bluetooth, bluetooth_prop)
46set_prop(bluetooth, pan_result_prop)
47set_prop(bluetooth, ctl_dhcp_pan_prop)
48
49allow bluetooth bluetooth_service:service_manager find;
50allow bluetooth mediaserver_service:service_manager find;
51allow bluetooth radio_service:service_manager find;
52allow bluetooth surfaceflinger_service:service_manager find;
53allow bluetooth app_api_service:service_manager find;
54allow bluetooth system_api_service:service_manager find;
55
56# Bluetooth Sim Access Profile Socket to the RIL
57unix_socket_connect(bluetooth, sap_uim, rild)
58
59# already open bugreport file descriptors may be shared with
60# the bluetooth process, from a file in
61# /data/data/com.android.shell/files/bugreports/bugreport-*.
62allow bluetooth shell_data_file:file read;
63
64###
65### Neverallow rules
66###
67### These are things that the bluetooth app should NEVER be able to do
68###
69
70# Superuser capabilities.
71# bluetooth requires net_admin and wake_alarm.
72neverallow bluetooth self:capability ~net_admin;
73neverallow bluetooth self:capability2 ~wake_alarm;
74