Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 9ff34235270d3fbe7e7a39d6bb53f2dc1b2d533d^! / .
commit9ff34235270d3fbe7e7a39d6bb53f2dc1b2d533d[log] [tgz]
authorHenri Chataing <henrichataing@google.com>Wed Jan 04 16:55:23 2023 +0000
committerMyles Watson <mylesgw@google.com>Thu Jan 12 19:02:57 2023 +0000
tree9d92acac8e6c572362ef69634150c8eeb4fe2d5d
parentd09a14baee182999fb9f85efa50f225ab900fb5f [diff]
Add missing permissions for default bluetooth hal

Test: launch_cvd
Bug: 205758693
Change-Id: Ie55352bbe48c5eef281a293bedc5aa057f5dcdad
Merged-In: Ie55352bbe48c5eef281a293bedc5aa057f5dcdad

diff --git a/private/compat/33.0/33.0.ignore.cil b/private/compat/33.0/33.0.ignore.cil
index c16fcab..db3da5b 100644
--- a/private/compat/33.0/33.0.ignore.cil
+++ b/private/compat/33.0/33.0.ignore.cil

@@ -8,6 +8,7 @@
     adaptive_haptics_prop
     apex_ready_prop
     artd
+    bt_device
     credential_service
     device_config_camera_native_prop
     device_config_memory_safety_native_prop

diff --git a/public/device.te b/public/device.te
index 1bb386f..6542ce0 100644
--- a/public/device.te
+++ b/public/device.te

@@ -7,6 +7,7 @@
 type hwbinder_device, dev_type, mlstrustedobject;
 type vndbinder_device, dev_type;
 type block_device, dev_type;
+type bt_device, dev_type;
 type camera_device, dev_type;
 type dm_device, dev_type;
 type dm_user_device, dev_type;

diff --git a/vendor/file_contexts b/vendor/file_contexts
index 7f3cc88..126fc34 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts

@@ -17,6 +17,7 @@
 /(vendor|system/vendor)/bin/hw/android\.hardware\.automotive\.remoteaccess@V1-(.*)-service u:object_r:hal_remoteaccess_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.bluetooth@1\.[0-9]+-service      u:object_r:hal_bluetooth_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.bluetooth@1\.[0-9]+-service\.btlinux    u:object_r:hal_bluetooth_btlinux_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.bluetooth-service.default      u:object_r:hal_bluetooth_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.face@1\.[0-9]+-service\.example u:object_r:hal_face_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.face-service\.example u:object_r:hal_face_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service u:object_r:hal_fingerprint_default_exec:s0

diff --git a/vendor/hal_bluetooth_default.te b/vendor/hal_bluetooth_default.te
index 01d60db..efa75a7 100644
--- a/vendor/hal_bluetooth_default.te
+++ b/vendor/hal_bluetooth_default.te

@@ -1,5 +1,8 @@
 type hal_bluetooth_default, domain;
 hal_server_domain(hal_bluetooth_default, hal_bluetooth)
 
+allow hal_bluetooth_default bt_device:chr_file { open read write };
+allow hal_bluetooth_default self:bluetooth_socket { create bind read write };
+
 type hal_bluetooth_default_exec, exec_type, vendor_file_type, file_type;
 init_daemon_domain(hal_bluetooth_default)