From 02d9d21dcb41f82ebfe99d60725fc77dc0e89730 Mon Sep 17 00:00:00 2001
From: Myles Watson <mylesgw@google.com>
Date: Wed, 29 Mar 2017 14:02:08 -0700
Subject: [PATCH] Disallow HAL access to Bluetooth data files

Devices that store their BT MAC address in /data/misc/bluedroid/ need
to find another place for that file.

Bug: 36602160
Test: Restart Bluetooth, check for selinux denials/files in /data/misc
Change-Id: Ib8d610f201a8c35f95b464c24857c6639205bc66
Merged-In: Ib8d610f201a8c35f95b464c24857c6639205bc66
---
 public/hal_bluetooth.te         | 3 ---
 vendor/hal_bluetooth_default.te | 4 ----
 2 files changed, 7 deletions(-)

diff --git a/public/hal_bluetooth.te b/public/hal_bluetooth.te
index e9679de5c..46fd9d718 100644
--- a/public/hal_bluetooth.te
+++ b/public/hal_bluetooth.te
@@ -12,9 +12,6 @@ r_dir_file(hal_bluetooth, bluetooth_efs_file)
 
 allow hal_bluetooth { uhid_device hci_attach_dev }:chr_file rw_file_perms;
 
-# Access to config files to look for a Bluetooth address
-r_dir_file(hal_bluetooth, bluetooth_data_file)
-
 # sysfs access.
 r_dir_file(hal_bluetooth, sysfs_type)
 allow hal_bluetooth sysfs_bluetooth_writable:file rw_file_perms;
diff --git a/vendor/hal_bluetooth_default.te b/vendor/hal_bluetooth_default.te
index d22015b72..e32770dc8 100644
--- a/vendor/hal_bluetooth_default.te
+++ b/vendor/hal_bluetooth_default.te
@@ -3,7 +3,3 @@ hal_server_domain(hal_bluetooth_default, hal_bluetooth)
 
 type hal_bluetooth_default_exec, exec_type, file_type;
 init_daemon_domain(hal_bluetooth_default)
-
-# Logging for backward compatibility
-allow hal_bluetooth_default bluetooth_data_file:dir ra_dir_perms;
-allow hal_bluetooth_default bluetooth_data_file:file create_file_perms;
-- 
GitLab