Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 9b2e0cbeeaae560b07e4ffa6e5b8e505699e4a76 / . / public / hal_bluetooth.te
blob: 461523bdca988a6c132c5d909bfff8ec462adf03 [file] [log] [blame]
Alex Klyubin168435f2017-02-16 20:14:56 -0800[diff] [blame]1# HwBinder IPC from clients into server, and callbacks
2binder_call(hal_bluetooth_client, hal_bluetooth_server)
3binder_call(hal_bluetooth_server, hal_bluetooth_client)
Andre Eisenbachbe27f922016-10-12 14:49:56 -0700[diff] [blame]4
Alex Klyubin53656c12017-04-13 19:05:27 -0700[diff] [blame]5add_hwservice(hal_bluetooth_server, hal_bluetooth_hwservice)
6allow hal_bluetooth_client hal_bluetooth_hwservice:hwservice_manager find;
7
Andre Eisenbachbe27f922016-10-12 14:49:56 -0700[diff] [blame]8wakelock_use(hal_bluetooth);
9
Myles Watson20b8d6b2017-02-22 11:50:20 -0800[diff] [blame]10# The HAL toggles rfkill to power the chip off/on.
Benjamin Gordon9b2e0cb2017-11-09 15:51:26 -0700[diff] [blame^]11allow hal_bluetooth self:global_capability_class_set net_admin;
Myles Watson20b8d6b2017-02-22 11:50:20 -0800[diff] [blame]12
Andre Eisenbachbe27f922016-10-12 14:49:56 -0700[diff] [blame]13# bluetooth factory file accesses.
14r_dir_file(hal_bluetooth, bluetooth_efs_file)
15
16allow hal_bluetooth { uhid_device hci_attach_dev }:chr_file rw_file_perms;
17
Andre Eisenbachbe27f922016-10-12 14:49:56 -0700[diff] [blame]18# sysfs access.
19r_dir_file(hal_bluetooth, sysfs_type)
20allow hal_bluetooth sysfs_bluetooth_writable:file rw_file_perms;
Benjamin Gordon9b2e0cb2017-11-09 15:51:26 -0700[diff] [blame^]21allow hal_bluetooth self:global_capability2_class_set wake_alarm;
Andre Eisenbachbe27f922016-10-12 14:49:56 -0700[diff] [blame]22
23# Allow write access to bluetooth-specific properties
24set_prop(hal_bluetooth, bluetooth_prop)
Andre Eisenbach6e3a5d02017-02-07 20:30:40 -0800[diff] [blame]25
26# /proc access (bluesleep etc.).
27allow hal_bluetooth proc_bluetooth_writable:file rw_file_perms;
Martijn Coenen0d1f7d22017-05-09 09:53:46 -0700[diff] [blame]28
29# allow to run with real-time scheduling policy
Benjamin Gordon9b2e0cb2017-11-09 15:51:26 -0700[diff] [blame^]30allow hal_bluetooth self:global_capability_class_set sys_nice;