Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / external / sepolicy / 1601132086b054adc70e7f8f38ed24574c90bc37^! / . / bluetooth.te
commit1601132086b054adc70e7f8f38ed24574c90bc37[log] [tgz]
authorStephen Smalley <sds@tycho.nsa.gov>Mon Feb 24 15:06:11 2014 -0500
committerStephen Smalley <sds@tycho.nsa.gov>Tue Feb 25 12:41:23 2014 -0500
treef56a30d82df78952b6cb537a5535e54baa9d40d2
parent85708ec4f91fd70b215dc69e00b80e0e7a7d4686 [diff] [blame]
Clean up socket rules.

Replace * or any permission set containing create with
create_socket_perms or create_stream_socket_perms.

Add net_domain() to all domains using network sockets and
delete rules already covered by domain.te or net.te.

For netlink_route_socket, only nlmsg_write needs to be separately
granted to specific domains that are permitted to modify the routing
table.   Clarification:  read/write permissions are just ability to
perform read/recv() or write/send() on the socket, whereas nlmsg_read/
nlmsg_write permissions control ability to observe or modify the
underlying kernel state accessed via the socket.
See security/selinux/nlmsgtab.c in the kernel for the mapping of
netlink message types to nlmsg_read or nlmsg_write.

Delete legacy rule for b/12061011.

This change does not touch any rules where only read/write were allowed
to a socket created by another domain (inherited across exec or
received across socket or binder IPC).  We may wish to rewrite some or all
of those rules with the rw_socket_perms macro but that is a separate
change.

Change-Id: Ib0637ab86f6d388043eff928e5d96beb02e5450e
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

diff --git a/bluetooth.te b/bluetooth.te
index d1fed20..16e7b0b 100644
--- a/bluetooth.te
+++ b/bluetooth.te

@@ -20,17 +20,21 @@
 # Other domains that can create and use bluetooth sockets.
 # SELinux does not presently define a specific socket class for
 # bluetooth sockets, nor does it distinguish among the bluetooth protocols.
-allow bluetoothdomain self:socket *;
+# TODO: This should no longer be needed with bluedroid for bluetooth
+# but may be getting used for other non-bluetooth sockets that has no
+# specific class defined.  Consider taking to specific domains.
+allow bluetoothdomain self:socket create_socket_perms;
 
 # sysfs access.
 allow bluetooth sysfs_bluetooth_writable:file rw_file_perms;
 allow bluetooth self:capability net_admin;
 
 # Allow clients to use a socket provided by the bluetooth app.
+# TODO:  See if this is still required under bluedroid.
 allow bluetoothdomain bluetooth:unix_stream_socket { read write shutdown };
 
 # tethering
-allow bluetooth self:{ tun_socket udp_socket } { ioctl create };
+allow bluetooth self:tun_socket create_socket_perms;
 allow bluetooth efs_file:dir search;
 
 # Talk to init over the property socket.