Restrict access to Bluetooth system properties

This removes access to Bluetooth system properties from arbitrary SELinux domains. Access remains granted to init, bluetooth, and system_app domains. neverallow rules / CTS enforce that access is not granted to Zygote and processes spawned from Zygote expcept for system_app and bluetooth. The reason is that some of these properties may leak persistent identifiers not resettable by the user. Test: Bluetooth pairing and data transfer works Bug: 33700679 Change-Id: Icdcb3927a423c4011a62942340a498cc1b302472

Restrict access to Bluetooth system properties
This removes access to Bluetooth system properties from arbitrary SELinux domains. Access remains granted to init, bluetooth, and system_app domains. neverallow rules / CTS enforce that access is not granted to Zygote and processes spawned from Zygote expcept for system_app and bluetooth. The reason is that some of these properties may leak persistent identifiers not resettable by the user. Test: Bluetooth pairing and data transfer works Bug: 33700679 Change-Id: Icdcb3927a423c4011a62942340a498cc1b302472
6e4508e6 · Alex Klyubin · 0555222d · 6e4508e6 · 6e4508e6 · 6e4508e6
Commit 6e4508e6 authored 8 years ago by Alex Klyubin
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -61,7 +61,9 @@ persist.vendor.overlay.  u:object_r:overlay_prop:s0
 ro.boot.vendor.overlay.  u:object_r:overlay_prop:s0
 ro.boottime.             u:object_r:boottime_prop:s0
 ro.serialno             u:object_r:serialno_prop:s0
+ro.boot.btmacaddr       u:object_r:bluetooth_prop:s0
 ro.boot.serialno        u:object_r:serialno_prop:s0
+ro.bt.                  u:object_r:bluetooth_prop:s0
 # Boolean property set by system server upon boot indicating
 # if device owner is provisioned.

--- a/public/app.te
+++ b/public/app.te
@@ -468,3 +468,11 @@ neverallow {
  appdomain
  -shell # bugreport
 } input_device:chr_file ~getattr;
+# Do not allow access to Bluetooth-related system properties except for a few whitelisted domains.
+# neverallow rules for access to Bluetooth-related data files are above.
+neverallow {
+  appdomain
+  -bluetooth
+  -system_app
+} bluetooth_prop:file create_file_perms;
--- a/public/property.te
+++ b/public/property.te
 type audio_prop, property_type, core_property_type;
 type boottime_prop, property_type;
-type bluetooth_prop, property_type, core_property_type;
+type bluetooth_prop, property_type;
 type config_prop, property_type, core_property_type;
 type cppreopt_prop, property_type, core_property_type;
 type ctl_bootanim_prop, property_type;
@@ -61,7 +61,6 @@ allow property_type tmpfs:filesystem associate;
 neverallow * {
  core_property_type
  -audio_prop
-  -bluetooth_prop
  -config_prop
  -cppreopt_prop
  -dalvik_prop

--- a/public/webview_zygote.te
+++ b/public/webview_zygote.te
@@ -102,3 +102,7 @@ neverallow webview_zygote domain:{
  netlink_fib_lookup_socket netlink_connector_socket netlink_netfilter_socket
  netlink_generic_socket netlink_scsitransport_socket netlink_rdma_socket netlink_crypto_socket
 } *;
+# Do not allow access to Bluetooth-related system properties.
+# neverallow rules for Bluetooth-related data files are listed above.
+neverallow webview_zygote bluetooth_prop:file create_file_perms;
--- a/public/zygote.te
+++ b/public/zygote.te
@@ -123,3 +123,6 @@ neverallow zygote {
  data_file_type
  -dalvikcache_data_file # map PROT_EXEC
 }:file no_x_file_perms;
+# Do not allow access to Bluetooth-related system properties and files
+neverallow zygote bluetooth_prop:file create_file_perms;