bluetooth: Remove domain_deprecated
Remove domain_deprecated from bluetooth. This removes some unnecessarily
permissive rules.
Bug: 25433265
Test: All of the permissions being removed were being audited. Verify
that no audited (granted) avc messages for bluetooth exist in
in the logs.
Change-Id: Ifa12a0f1533edcb623bbb9631f88f1ff1d6d7085
diff --git a/private/bluetooth.te b/private/bluetooth.te
index 628f971..8b25ecc 100644
--- a/private/bluetooth.te
+++ b/private/bluetooth.te
@@ -1,7 +1,6 @@
-# bluetooth subsystem
+# bluetooth app
typeattribute bluetooth coredomain;
-typeattribute bluetooth domain_deprecated;
app_domain(bluetooth)
net_domain(bluetooth)
diff --git a/public/domain_deprecated.te b/public/domain_deprecated.te
index aa6ec4e..5702ace 100644
--- a/public/domain_deprecated.te
+++ b/public/domain_deprecated.te
@@ -217,7 +217,6 @@
} proc:lnk_file { open ioctl lock }; # getattr read granted in domain
auditallow {
domain_deprecated
- -bluetooth
-fingerprintd
-healthd
-netd
@@ -231,7 +230,6 @@
} sysfs:dir { open getattr read ioctl lock }; # search granted in domain
auditallow {
domain_deprecated
- -bluetooth
-fingerprintd
-healthd
-netd
@@ -245,7 +243,6 @@
} sysfs:file r_file_perms;
auditallow {
domain_deprecated
- -bluetooth
-fingerprintd
-healthd
-netd