commit 09f6a99b667c63cb4084583df10b13cde9b1e78a
author Stephen Smalley <sds@tycho.nsa.gov> Mon Jan 13 09:14:15 2014 -0500
committer Stephen Smalley <sds@tycho.nsa.gov> Thu Jan 16 18:35:28 2014 +0000
tree 1d18c624744df5b4a0862f003f3cfdabd9806fe2
parent 94f322e016883f09fecedc0408171338a09f47aa

Allow mediaserver to connect to bluetooth.

Re-purpose the existing bluetooth_socket type, originally
for /dev/socket/bluetooth used by bluetoothd in the old
bluetooth stack, for sockets created by bluedroid under
/data/misc/bluedroid, and allow mediaserver to connect
to such sockets.  This is required for playing audio
on paired BT devices.

Based on b/12417855.

Change-Id: I24ecdf407d066e7c4939ed2a0edb97222a1879f6
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

app.te

diff --git a/app.te b/app.te
index 14f3430..1ee3075 100644
--- a/app.te
+++ b/app.te
@@ -249,7 +249,6 @@
 
 # Unix domain sockets.
 neverallow { appdomain -unconfineddomain } adbd_socket:sock_file write;
-neverallow { appdomain -unconfineddomain } bluetooth_socket:sock_file write;
 neverallow { appdomain -unconfineddomain } installd_socket:sock_file write;
 neverallow { appdomain -bluetooth -radio -shell -system_app -unconfineddomain }
     property_socket:sock_file write;

bluetooth.te

diff --git a/bluetooth.te b/bluetooth.te
index 6b48ed4..a46ace8 100644
--- a/bluetooth.te
+++ b/bluetooth.te
@@ -7,6 +7,10 @@
 allow bluetooth bluetooth_data_file:dir create_dir_perms;
 allow bluetooth bluetooth_data_file:notdevfile_class_set create_file_perms;
 
+# Socket creation under /data/misc/bluedroid.
+type_transition bluetooth bluetooth_data_file:sock_file bluetooth_socket;
+allow bluetooth bluetooth_socket:sock_file create_file_perms;
+
 # bluetooth factory file accesses.
 r_dir_file(bluetooth, bluetooth_efs_file)
 

file_contexts

diff --git a/file_contexts b/file_contexts
index c0d7e65..f593f6d 100644
--- a/file_contexts
+++ b/file_contexts
@@ -75,7 +75,6 @@
 /dev/snd(/.*)?		u:object_r:audio_device:s0
 /dev/socket(/.*)?	u:object_r:socket_device:s0
 /dev/socket/adbd	u:object_r:adbd_socket:s0
-/dev/socket/bluetooth	u:object_r:bluetooth_socket:s0
 /dev/socket/dnsproxyd	u:object_r:dnsproxyd_socket:s0
 /dev/socket/dumpstate	u:object_r:dumpstate_socket:s0
 /dev/socket/gps		u:object_r:gps_socket:s0

mediaserver.te

diff --git a/mediaserver.te b/mediaserver.te
index 7589ee8..46a9587 100644
--- a/mediaserver.te
+++ b/mediaserver.te
@@ -66,3 +66,7 @@
 # Needed on some devices for playing DRM protected content,
 # but seems expected and appropriate for all devices.
 unix_socket_connect(mediaserver, drmserver, drmserver)
+
+# Needed on some devices for playing audio on paired BT device,
+# but seems appropriate for all devices.
+unix_socket_connect(mediaserver, bluetooth, bluetooth)