Add auditallow for bluetoothdomain rules

Let's see if it's safe to get rid of them. Bug: 25768265 Bug: 25767747 Change-Id: Iaf022b4dafe1cc9eab871c8d7ec5afd3cf20bf96
2015-11-23 17:15:11 -08:00 · 2015-11-23 17:15:11 -08:00 · cb835a2852
commit cb835a2852
parent 4fd216060c
2 changed files with 8 additions and 2 deletions
--- a/bluetoothdomain.te
+++ b/bluetoothdomain.te
@ -3,9 +3,11 @@
 # bluetooth sockets, nor does it distinguish among the bluetooth protocols.
 # TODO: This should no longer be needed with bluedroid for bluetooth
 # but may be getting used for other non-bluetooth sockets that has no
-# specific class defined.  Consider taking to specific domains.
+# specific class defined.  Consider taking to specific domains. (b/25768265)
 allow bluetoothdomain self:socket create_socket_perms;
+auditallow { bluetoothdomain -system_server } self:socket create_socket_perms;

 # Allow clients to use a socket provided by the bluetooth app.
-# TODO:  See if this is still required under bluedroid.
+# TODO:  See if this is still required under bluedroid. (b/25767747)
 allow bluetoothdomain bluetooth:unix_stream_socket { getopt setopt getattr read write ioctl shutdown };
+auditallow bluetoothdomain bluetooth:unix_stream_socket { getopt setopt getattr read write ioctl shutdown };
--- a/system_server.te
+++ b/system_server.te
@ -65,6 +65,10 @@ allow system_server self:netlink_kobject_uevent_socket create_socket_perms;
 # Use generic netlink sockets.
 allow system_server self:netlink_socket create_socket_perms;

+# Use generic "sockets" where the address family is not known
+# to the kernel.
+allow system_server self:socket create_socket_perms;
+
 # Set and get routes directly via netlink.
 allow system_server self:netlink_route_socket nlmsg_write;