85708ec4f9
There is some overlap between socket rules in app.te and the net.te rules, but they aren't quite identical since not all app domains presently include the net_domain() macro and because the rules in app.te allow more permissions for netlink_route_socket and allow rawip_socket permissions for ping. The current app.te rules prevent one from ever creating a non-networked app domain. Resolve this overlap by: 1) Adding the missing permissions allowed by app.te to net.te for netlink_route_socket and rawip_socket. 2) Adding net_domain() calls to all existing app domains that do not already have it. 3) Deleting the redundant socket rules from app.te. Then we'll have no effective change in what is allowed for apps but allow one to define app domains in the future that are not allowed network access. Also cleanup net.te to use the create_socket_perms macro rather than * and add macros for stream socket permissions. Change-Id: I6e80d65b0ccbd48bd2b7272c083a4473e2b588a9 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
62 lines
2.0 KiB
Plaintext
62 lines
2.0 KiB
Plaintext
# bluetooth subsystem
|
|
type bluetooth, domain;
|
|
app_domain(bluetooth)
|
|
net_domain(bluetooth)
|
|
|
|
# Data file accesses.
|
|
allow bluetooth bluetooth_data_file:dir create_dir_perms;
|
|
allow bluetooth bluetooth_data_file:notdevfile_class_set create_file_perms;
|
|
|
|
# Socket creation under /data/misc/bluedroid.
|
|
type_transition bluetooth bluetooth_data_file:sock_file bluetooth_socket;
|
|
allow bluetooth bluetooth_socket:sock_file create_file_perms;
|
|
|
|
# bluetooth factory file accesses.
|
|
r_dir_file(bluetooth, bluetooth_efs_file)
|
|
|
|
# Device accesses.
|
|
allow bluetooth { tun_device uhid_device hci_attach_dev }:chr_file rw_file_perms;
|
|
|
|
# Other domains that can create and use bluetooth sockets.
|
|
# SELinux does not presently define a specific socket class for
|
|
# bluetooth sockets, nor does it distinguish among the bluetooth protocols.
|
|
allow bluetoothdomain self:socket *;
|
|
|
|
# sysfs access.
|
|
allow bluetooth sysfs_bluetooth_writable:file rw_file_perms;
|
|
allow bluetooth self:capability net_admin;
|
|
|
|
# Allow clients to use a socket provided by the bluetooth app.
|
|
allow bluetoothdomain bluetooth:unix_stream_socket { read write shutdown };
|
|
|
|
# tethering
|
|
allow bluetooth self:{ tun_socket udp_socket } { ioctl create };
|
|
allow bluetooth efs_file:dir search;
|
|
|
|
# Talk to init over the property socket.
|
|
unix_socket_connect(bluetooth, property, init)
|
|
|
|
# proc access.
|
|
allow bluetooth proc_bluetooth_writable:file rw_file_perms;
|
|
|
|
# bluetooth file transfers
|
|
allow bluetooth sdcard_internal:dir create_dir_perms;
|
|
allow bluetooth sdcard_internal:file create_file_perms;
|
|
|
|
# Allow reading of media_rw_data_file file descriptors
|
|
# passed to bluetooth
|
|
allow bluetooth media_rw_data_file:file { read getattr };
|
|
|
|
# Allow write access to bluetooth specific properties
|
|
allow bluetooth bluetooth_prop:property_service set;
|
|
|
|
###
|
|
### Neverallow rules
|
|
###
|
|
### These are things that the bluetooth app should NEVER be able to do
|
|
###
|
|
|
|
# Superuser capabilities.
|
|
# bluetooth requires net_admin.
|
|
neverallow { bluetooth -unconfineddomain } self:capability ~net_admin;
|