From 495e9d12b97cfaf3d6efb007b7b68217c2b94ba8 Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Tue, 4 Mar 2014 13:34:54 -0500
Subject: [PATCH] Allow getopt / getattr to bluetooth unix_stream_socket.

Resolve denials such as:

avc:  denied  { getattr } for  pid=16226 comm="Thread-2096" path="socket:[414657]" dev="sockfs" ino=414657 scontext=u:r:untrusted_app:s0 tcontext=u:r:bluetooth:s0 tclass=unix_stream_socket

avc:  denied  { getopt } for  pid=5890 comm="FinalizerDaemon" scontext=u:r:untrusted_app:s0 tcontext=u:r:bluetooth:s0 tclass=unix_stream_socket

Change-Id: Iea7790aa4f8e24f3ec0d2c029933a3902333472e
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 bluetooth.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bluetooth.te b/bluetooth.te
index 16e7b0b85..474ca433e 100644
--- a/bluetooth.te
+++ b/bluetooth.te
@@ -31,7 +31,7 @@ allow bluetooth self:capability net_admin;
 
 # Allow clients to use a socket provided by the bluetooth app.
 # TODO:  See if this is still required under bluedroid.
-allow bluetoothdomain bluetooth:unix_stream_socket { read write shutdown };
+allow bluetoothdomain bluetooth:unix_stream_socket { getopt getattr read write shutdown };
 
 # tethering
 allow bluetooth self:tun_socket create_socket_perms;
-- 
GitLab