From 5fba8e11a98310cfdf32ff89641099b197088a3a Mon Sep 17 00:00:00 2001
From: Erik Kline <ek@google.com>
Date: Thu, 18 Feb 2016 20:52:22 +0900
Subject: [PATCH] Permit bluetooth to run DhcpClient

Requires net_raw and net_bind_service.

Bug: 26991160
Change-Id: I4cdd23f0d0c94c9b5126c821464aadc67cdb90c9
---
 bluetooth.te | 6 ++++--
 netd.te      | 9 ---------
 2 files changed, 4 insertions(+), 11 deletions(-)

diff --git a/bluetooth.te b/bluetooth.te
index 6a329b70c..18178202a 100644
--- a/bluetooth.te
+++ b/bluetooth.te
@@ -24,6 +24,8 @@ allow bluetooth self:capability net_admin;
 allow bluetooth self:capability2 wake_alarm;
 
 # tethering
+allow bluetooth self:packet_socket create_socket_perms;
+allow bluetooth self:capability { net_admin net_raw net_bind_service };
 allow bluetooth self:tun_socket create_socket_perms;
 allow bluetooth efs_file:dir search;
 
@@ -59,6 +61,6 @@ allow bluetooth shell_data_file:file read;
 ###
 
 # Superuser capabilities.
-# bluetooth requires net_admin, wake_alarm and block_suspend
-neverallow bluetooth self:capability ~net_admin;
+# bluetooth requires net_{admin,raw,bind_service} and wake_alarm and block_suspend.
+neverallow bluetooth self:capability ~{ net_admin net_raw net_bind_service };
 neverallow bluetooth self:capability2 ~{ wake_alarm block_suspend };
diff --git a/netd.te b/netd.te
index 2c0fb15ce..3c612a4be 100644
--- a/netd.te
+++ b/netd.te
@@ -30,15 +30,6 @@ allow netd proc_net:file write;
 # XXX Split into its own type.
 allow netd sysfs:file write;
 
-# Set dhcp lease for PAN connection
-set_prop(netd, dhcp_prop)
-set_prop(netd, system_prop)
-auditallow netd system_prop:property_service set;
-
-# Connect to PAN
-domain_auto_trans(netd, dhcp_exec, dhcp)
-allow netd dhcp:process signal;
-
 # Needed to update /data/misc/wifi/hostapd.conf
 # TODO: See what we can do to reduce the need for
 # these capabilities
-- 
GitLab