Allow mediaserver to connect to bluetooth.
Re-purpose the existing bluetooth_socket type, originally for /dev/socket/bluetooth used by bluetoothd in the old bluetooth stack, for sockets created by bluedroid under /data/misc/bluedroid, and allow mediaserver to connect to such sockets. This is required for playing audio on paired BT devices. Based on b/12417855. Change-Id: I24ecdf407d066e7c4939ed2a0edb97222a1879f6 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
This commit is contained in:
parent
94f322e016
commit
09f6a99b66
1
app.te
1
app.te
@ -249,7 +249,6 @@ neverallow { appdomain -unconfineddomain } socket_device:sock_file write;
|
|||||||
|
|
||||||
# Unix domain sockets.
|
# Unix domain sockets.
|
||||||
neverallow { appdomain -unconfineddomain } adbd_socket:sock_file write;
|
neverallow { appdomain -unconfineddomain } adbd_socket:sock_file write;
|
||||||
neverallow { appdomain -unconfineddomain } bluetooth_socket:sock_file write;
|
|
||||||
neverallow { appdomain -unconfineddomain } installd_socket:sock_file write;
|
neverallow { appdomain -unconfineddomain } installd_socket:sock_file write;
|
||||||
neverallow { appdomain -bluetooth -radio -shell -system_app -unconfineddomain }
|
neverallow { appdomain -bluetooth -radio -shell -system_app -unconfineddomain }
|
||||||
property_socket:sock_file write;
|
property_socket:sock_file write;
|
||||||
|
@ -7,6 +7,10 @@ app_domain(bluetooth)
|
|||||||
allow bluetooth bluetooth_data_file:dir create_dir_perms;
|
allow bluetooth bluetooth_data_file:dir create_dir_perms;
|
||||||
allow bluetooth bluetooth_data_file:notdevfile_class_set create_file_perms;
|
allow bluetooth bluetooth_data_file:notdevfile_class_set create_file_perms;
|
||||||
|
|
||||||
|
# Socket creation under /data/misc/bluedroid.
|
||||||
|
type_transition bluetooth bluetooth_data_file:sock_file bluetooth_socket;
|
||||||
|
allow bluetooth bluetooth_socket:sock_file create_file_perms;
|
||||||
|
|
||||||
# bluetooth factory file accesses.
|
# bluetooth factory file accesses.
|
||||||
r_dir_file(bluetooth, bluetooth_efs_file)
|
r_dir_file(bluetooth, bluetooth_efs_file)
|
||||||
|
|
||||||
|
@ -75,7 +75,6 @@
|
|||||||
/dev/snd(/.*)? u:object_r:audio_device:s0
|
/dev/snd(/.*)? u:object_r:audio_device:s0
|
||||||
/dev/socket(/.*)? u:object_r:socket_device:s0
|
/dev/socket(/.*)? u:object_r:socket_device:s0
|
||||||
/dev/socket/adbd u:object_r:adbd_socket:s0
|
/dev/socket/adbd u:object_r:adbd_socket:s0
|
||||||
/dev/socket/bluetooth u:object_r:bluetooth_socket:s0
|
|
||||||
/dev/socket/dnsproxyd u:object_r:dnsproxyd_socket:s0
|
/dev/socket/dnsproxyd u:object_r:dnsproxyd_socket:s0
|
||||||
/dev/socket/dumpstate u:object_r:dumpstate_socket:s0
|
/dev/socket/dumpstate u:object_r:dumpstate_socket:s0
|
||||||
/dev/socket/gps u:object_r:gps_socket:s0
|
/dev/socket/gps u:object_r:gps_socket:s0
|
||||||
|
@ -66,3 +66,7 @@ allow mediaserver rild:unix_stream_socket { connectto read write setopt };
|
|||||||
# Needed on some devices for playing DRM protected content,
|
# Needed on some devices for playing DRM protected content,
|
||||||
# but seems expected and appropriate for all devices.
|
# but seems expected and appropriate for all devices.
|
||||||
unix_socket_connect(mediaserver, drmserver, drmserver)
|
unix_socket_connect(mediaserver, drmserver, drmserver)
|
||||||
|
|
||||||
|
# Needed on some devices for playing audio on paired BT device,
|
||||||
|
# but seems appropriate for all devices.
|
||||||
|
unix_socket_connect(mediaserver, bluetooth, bluetooth)
|
||||||
|
Loading…
Reference in New Issue
Block a user