audit untrusted_app access to mtp_device am: 7b8f9f153e am: 775dda1fb3
am: ad32785689
* commit 'ad32785689beec1939f215e1947bac0ee12b099d':
audit untrusted_app access to mtp_device
diff --git a/bluetooth.te b/bluetooth.te
index 4f240fb..5016bcf 100644
--- a/bluetooth.te
+++ b/bluetooth.te
@@ -3,8 +3,6 @@
app_domain(bluetooth)
net_domain(bluetooth)
-wakelock_use(bluetooth);
-
# Data file accesses.
allow bluetooth bluetooth_data_file:dir create_dir_perms;
allow bluetooth bluetooth_data_file:notdevfile_class_set create_file_perms;
@@ -77,4 +75,4 @@
# Superuser capabilities.
# bluetooth requires net_admin and wake_alarm.
neverallow bluetooth self:capability ~net_admin;
-neverallow bluetooth self:capability2 ~{ wake_alarm block_suspend };
+neverallow bluetooth self:capability2 ~wake_alarm;
diff --git a/domain.te b/domain.te
index f5078c0..c1efa94 100644
--- a/domain.te
+++ b/domain.te
@@ -189,7 +189,6 @@
-init
-ueventd
-vold
- -recovery
} self:capability mknod;
# Limit raw I/O to these whitelisted domains.
diff --git a/system_server.te b/system_server.te
index b176243..c50498f 100644
--- a/system_server.te
+++ b/system_server.te
@@ -432,6 +432,9 @@
# Allow system process to relabel the fingerprint directory after mkdir
allow system_server fingerprintd_data_file:dir {r_dir_perms relabelto};
+# Allow system process to read network MAC address
+allow system_server sysfs_mac_address:file r_file_perms;
+
###
### Neverallow rules
###