Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / d7fd22e601293ffae0de2166b226adbae1f7e33e^! / .
commitd7fd22e601293ffae0de2166b226adbae1f7e33e[log] [tgz]
authorStephen Smalley <sds@tycho.nsa.gov>Tue Oct 22 12:56:32 2013 -0400
committerStephen Smalley <sds@tycho.nsa.gov>Tue Oct 22 12:58:06 2013 -0400
tree1e6dbedcc6a2106cd570279b48356df420fd923f
parent28a711c89a1b51d0aaf9baa475994a255cd33f3c [diff]
Confine bluetooth app.

Remove unconfined_domain() from the bluetooth app domain,
restore the rules from our policy, and move the neverallow
rule for bluetooth capabilities to bluetooth.te.
Make the bluetooth domain permissive again until it has
received sufficient testing.

Change-Id: I3b3072d76e053eefd3d0e883a4fdb7c333bbfc09
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

diff --git a/app.te b/app.te
index 242e5ab..7da4445 100644
--- a/app.te
+++ b/app.te

@@ -132,7 +132,6 @@
 # Superuser capabilities.
 # bluetooth requires net_admin.
 neverallow { appdomain -unconfineddomain -bluetooth } self:capability *;
-neverallow { bluetooth -unconfineddomain } self:capability ~net_admin;
 neverallow { appdomain -unconfineddomain } self:capability2 *;
 
 # Block device access.

diff --git a/bluetooth.te b/bluetooth.te
index 72263e3..2403a55 100644
--- a/bluetooth.te
+++ b/bluetooth.te

@@ -1,4 +1,50 @@
 # bluetooth subsystem
 type bluetooth, domain;
+permissive bluetooth;
 app_domain(bluetooth)
-unconfined_domain(bluetooth)
+
+# Data file accesses.
+allow bluetooth bluetooth_data_file:dir create_dir_perms;
+allow bluetooth bluetooth_data_file:notdevfile_class_set create_file_perms;
+
+# bluetooth factory file accesses.
+r_dir_file(bluetooth, bluetooth_efs_file)
+
+# Device accesses.
+allow bluetooth { tun_device uhid_device hci_attach_dev input_device }:chr_file rw_file_perms;
+
+# Other domains that can create and use bluetooth sockets.
+# SELinux does not presently define a specific socket class for
+# bluetooth sockets, nor does it distinguish among the bluetooth protocols.
+allow bluetoothdomain self:socket *;
+
+# sysfs access.
+allow bluetooth sysfs_bluetooth_writable:file rw_file_perms;
+allow bluetooth self:capability net_admin;
+
+# Allow clients to use a socket provided by the bluetooth app.
+allow bluetoothdomain bluetooth:unix_stream_socket { read write shutdown };
+
+# tethering
+allow bluetooth self:{ tun_socket udp_socket } { ioctl create };
+allow bluetooth efs_file:dir search;
+
+# Talk to init over the property socket.
+unix_socket_connect(bluetooth, property, init)
+
+# proc access.
+allow bluetooth proc_bluetooth_writable:file rw_file_perms;
+
+# bluetooth file transfers
+allow bluetooth sdcard_internal:dir create_dir_perms;
+allow bluetooth sdcard_internal:file create_file_perms;
+
+###
+### Neverallow rules
+###
+### These are things that the bluetooth app should NEVER be able to do
+###
+
+# Superuser capabilities.
+# bluetooth requires net_admin.
+neverallow bluetooth self:capability ~net_admin;