diff --git a/private/audioserver.te b/private/audioserver.te
index 471fcbed2c3c36f46c92659f167ef923914e7c64..a82cfecbd7c1950b0151c3e7daa4ed28dc4e2939 100644
--- a/private/audioserver.te
+++ b/private/audioserver.te
@@ -37,7 +37,9 @@ allow audioserver power_service:service_manager find;
allow audioserver scheduling_policy_service:service_manager find;
# Allow read/write access to bluetooth-specific properties
+set_prop(audioserver, bluetooth_a2dp_offload_prop)
set_prop(audioserver, bluetooth_prop)
+set_prop(audioserver, exported_bluetooth_prop)
# Grant access to audio files to audioserver
allow audioserver audio_data_file:dir ra_dir_perms;
diff --git a/private/bluetooth.te b/private/bluetooth.te
index fec94941b0857b85f649ea03d2c1c209867a32ca..d4198553efb16ebb388890881aa44be1e7d1cdf1 100644
--- a/private/bluetooth.te
+++ b/private/bluetooth.te
@@ -39,7 +39,9 @@ allow bluetooth uhid_device:chr_file rw_file_perms;
allow bluetooth proc_bluetooth_writable:file rw_file_perms;
# Allow write access to bluetooth specific properties
+set_prop(bluetooth, bluetooth_a2dp_offload_prop)
set_prop(bluetooth, bluetooth_prop)
+set_prop(bluetooth, exported_bluetooth_prop)
set_prop(bluetooth, pan_result_prop)
allow bluetooth audioserver_service:service_manager find;
diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index 696d630de830d438402786609780f7f2b552b505..36f7eecab86a60a976d87bb0ca776393b362c04f 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -11,6 +11,7 @@
blank_screen
blank_screen_exec
blank_screen_tmpfs
+ bluetooth_a2dp_offload_prop
bpfloader
bpfloader_exec
broadcastradio_service
@@ -18,6 +19,7 @@
crossprofileapps_service
e2fs
e2fs_exec
+ exported_bluetooth_prop
exported_config_prop
exported_dalvik_prop
exported_default_prop
@@ -31,6 +33,7 @@
exported_system_prop
exported_system_radio_prop
exported_vold_prop
+ exported_wifi_prop
exported2_config_prop
exported2_default_prop
exported2_radio_prop
diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index 19d547fa4b25c6b136cdcf8ab23c99722d3427aa..e8ace697b6f9e039603c974a82ace3ba19d4785a 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -10,6 +10,7 @@
blank_screen_exec
blank_screen_tmpfs
bootloader_boot_reason_prop
+ bluetooth_a2dp_offload_prop
bpfloader
bpfloader_exec
cgroup_bpf
@@ -22,6 +23,7 @@
exported3_default_prop
exported3_radio_prop
exported3_system_prop
+ exported_bluetooth_prop
exported_config_prop
exported_dalvik_prop
exported_default_prop
@@ -35,6 +37,7 @@
exported_system_prop
exported_system_radio_prop
exported_vold_prop
+ exported_wifi_prop
fingerprint_vendor_data_file
fs_bpf
hal_authsecret_hwservice
diff --git a/private/priv_app.te b/private/priv_app.te
index 0841c41f6aeb0a7b3aa349b7af789c2056001b4e..99397a5bc418448733678c4b1c56f813d9af4468 100644
--- a/private/priv_app.te
+++ b/private/priv_app.te
@@ -149,6 +149,7 @@ dontaudit priv_app proc_version:file read;
dontaudit priv_app sysfs:dir read;
dontaudit priv_app sysfs_android_usb:file read;
dontaudit priv_app wifi_prop:file read;
+dontaudit priv_app { wifi_prop exported_wifi_prop }:file read;
# allow privileged apps to use UDP sockets provided by the system server but not
# modify them other than to connect
diff --git a/private/system_app.te b/private/system_app.te
index b2f83764f88a171dc3acf36dfb3c6956135ca72b..eb7e050522a8c9695fdd3f2ae14f3674dd3140be 100644
--- a/private/system_app.te
+++ b/private/system_app.te
@@ -31,9 +31,11 @@ allow system_app wallpaper_file:file r_file_perms;
allow system_app icon_file:file r_file_perms;
# Write to properties
+set_prop(system_app, bluetooth_a2dp_offload_prop)
set_prop(system_app, bluetooth_prop)
set_prop(system_app, debug_prop)
set_prop(system_app, system_prop)
+set_prop(system_app, exported_bluetooth_prop)
set_prop(system_app, exported_system_prop)
set_prop(system_app, exported2_system_prop)
set_prop(system_app, exported3_system_prop)
diff --git a/private/webview_zygote.te b/private/webview_zygote.te
index a637a8b043139aaf79f5b6ef6cfc8d3bf650e748..55b268a30305d95a874d14e70cacfaa27107a5cb 100644
--- a/private/webview_zygote.te
+++ b/private/webview_zygote.te
@@ -133,4 +133,8 @@ neverallow webview_zygote domain:{
# Do not allow access to Bluetooth-related system properties.
# neverallow rules for Bluetooth-related data files are listed above.
-neverallow webview_zygote bluetooth_prop:file create_file_perms;
+neverallow webview_zygote {
+ bluetooth_a2dp_offload_prop
+ bluetooth_prop
+ exported_bluetooth_prop
+}:file create_file_perms;
diff --git a/private/zygote.te b/private/zygote.te
index 0a1a7c6b97a8d446d3074abf547c12f9a82669bd..4f26bd0157e10be20e4a06ca01cccb3a6008f115 100644
--- a/private/zygote.te
+++ b/private/zygote.te
@@ -136,4 +136,8 @@ neverallow zygote {
}:file no_x_file_perms;
# Do not allow access to Bluetooth-related system properties and files
-neverallow zygote bluetooth_prop:file create_file_perms;
+neverallow zygote {
+ bluetooth_a2dp_offload_prop
+ bluetooth_prop
+ exported_bluetooth_prop
+}:file create_file_perms;
diff --git a/public/app.te b/public/app.te
index 2a32695aef6e9c3b4ab6ac90911b3e323094f94b..580311ae793b5582ae56a87ebb279a820a676108 100644
--- a/public/app.te
+++ b/public/app.te
@@ -558,7 +558,7 @@ neverallow {
appdomain
-bluetooth
-system_app
-} bluetooth_prop:file create_file_perms;
+} { bluetooth_a2dp_offload_prop bluetooth_prop exported_bluetooth_prop }:file create_file_perms;
# Apps cannot access proc_uid_time_in_state
neverallow appdomain proc_uid_time_in_state:file *;
diff --git a/public/hal_audio.te b/public/hal_audio.te
index 8d9d9328c1e16a829ba9a88dfcc52ab43ff1a041..037066ea8bcb6c989cbb3b7c78298c8b0c7d9084 100644
--- a/public/hal_audio.te
+++ b/public/hal_audio.te
@@ -34,3 +34,5 @@ neverallow hal_audio_server domain:{ tcp_socket udp_socket rawip_socket } *;
# Only audio HAL may directly access the audio hardware
neverallow { halserverdomain -hal_audio_server } audio_device:chr_file *;
+
+get_prop(hal_audio, bluetooth_a2dp_offload_prop)
diff --git a/public/hal_bluetooth.te b/public/hal_bluetooth.te
index 461523bdca988a6c132c5d909bfff8ec462adf03..373dbec6bf6829f803db996b01467209c95d57fd 100644
--- a/public/hal_bluetooth.te
+++ b/public/hal_bluetooth.te
@@ -21,7 +21,9 @@ allow hal_bluetooth sysfs_bluetooth_writable:file rw_file_perms;
allow hal_bluetooth self:global_capability2_class_set wake_alarm;
# Allow write access to bluetooth-specific properties
+set_prop(hal_bluetooth, bluetooth_a2dp_offload_prop)
set_prop(hal_bluetooth, bluetooth_prop)
+set_prop(hal_bluetooth, exported_bluetooth_prop)
# /proc access (bluesleep etc.).
allow hal_bluetooth proc_bluetooth_writable:file rw_file_perms;
diff --git a/public/hal_wifi.te b/public/hal_wifi.te
index 78823d0025f00f7efbbb1351e6422b1bc8b03e78..7cea7c7401125ad367e85de8545267ead0002021 100644
--- a/public/hal_wifi.te
+++ b/public/hal_wifi.te
@@ -8,6 +8,7 @@ allow hal_wifi_client hal_wifi_hwservice:hwservice_manager find;
r_dir_file(hal_wifi, proc_net)
r_dir_file(hal_wifi, sysfs_type)
+set_prop(hal_wifi, exported_wifi_prop)
set_prop(hal_wifi, wifi_prop)
# allow hal wifi set interfaces up and down
diff --git a/public/property.te b/public/property.te
index 6fa85dc902d22e5b4782f95c06d7389f8cd19a5e..804536834d7d9631aab019b72a1a8e04f3692202 100644
--- a/public/property.te
+++ b/public/property.te
@@ -1,5 +1,6 @@
type audio_prop, property_type, core_property_type;
type boottime_prop, property_type;
+type bluetooth_a2dp_offload_prop, property_type;
type bluetooth_prop, property_type;
type bootloader_boot_reason_prop, property_type;
type config_prop, property_type, core_property_type;
@@ -56,6 +57,7 @@ type wifi_prop, property_type;
type vendor_security_patch_level_prop, property_type;
# Properties for whitelisting
+type exported_bluetooth_prop, property_type;
type exported_config_prop, property_type;
type exported_dalvik_prop, property_type;
type exported_default_prop, property_type;
@@ -68,6 +70,7 @@ type exported_radio_prop, property_type;
type exported_system_prop, property_type;
type exported_system_radio_prop, property_type;
type exported_vold_prop, property_type;
+type exported_wifi_prop, property_type;
type exported2_config_prop, property_type;
type exported2_default_prop, property_type;
type exported2_radio_prop, property_type;
diff --git a/public/property_contexts b/public/property_contexts
index 12bcd1fd182cb464f93bfb4b2c21917fda96212b..51def45811a9d19f3cc2ae1d705ba926a8a9e6fa 100644
--- a/public/property_contexts
+++ b/public/property_contexts
@@ -61,6 +61,8 @@ dalvik.vm.zygote.max-boot-retry u:object_r:exported_dalvik_prop:s0 exact int
drm.service.enabled u:object_r:exported3_default_prop:s0 exact bool
keyguard.no_require_sim u:object_r:exported3_default_prop:s0 exact bool
media.recorder.show_manufacturer_and_model u:object_r:exported3_default_prop:s0 exact bool
+persist.bluetooth.a2dp_offload.cap u:object_r:bluetooth_a2dp_offload_prop:s0 exact string
+persist.bluetooth.a2dp_offload.enable u:object_r:bluetooth_a2dp_offload_prop:s0 exact bool
persist.config.calibration_fac u:object_r:exported3_default_prop:s0 exact string
persist.dbg.volte_avail_ovr u:object_r:exported3_default_prop:s0 exact int
persist.dbg.vt_avail_ovr u:object_r:exported3_default_prop:s0 exact int
@@ -69,6 +71,7 @@ persist.radio.multisim.config u:object_r:exported3_radio_prop:s0 exact string
persist.sys.dalvik.vm.lib.2 u:object_r:exported2_system_prop:s0 exact string
persist.sys.sf.color_saturation u:object_r:exported2_system_prop:s0 exact string
persist.sys.sf.native_mode u:object_r:exported2_system_prop:s0 exact bool
+persist.vendor.bluetooth.a2dp_offload.enable u:object_r:bluetooth_a2dp_offload_prop:s0 exact bool
pm.dexopt.ab-ota u:object_r:exported_pm_prop:s0 exact string
pm.dexopt.bg-dexopt u:object_r:exported_pm_prop:s0 exact string
pm.dexopt.boot u:object_r:exported_pm_prop:s0 exact string
@@ -77,6 +80,7 @@ pm.dexopt.install u:object_r:exported_pm_prop:s0 exact string
ro.audio.monitorRotation u:object_r:exported3_default_prop:s0 exact bool
ro.boot.vendor.overlay.theme u:object_r:exported_overlay_prop:s0 exact string
ro.boot.wificountrycode u:object_r:exported3_default_prop:s0 exact string
+ro.bt.bdaddr_path u:object_r:exported_bluetooth_prop:s0 exact string
ro.camera.notify_nfc u:object_r:exported3_default_prop:s0 exact int
ro.com.android.dataroaming u:object_r:exported3_default_prop:s0 exact bool
ro.com.android.prov_mobiledata u:object_r:exported3_default_prop:s0 exact bool
@@ -113,6 +117,7 @@ sys.usb.state u:object_r:exported2_system_prop:s0 exact string
telephony.lteOnCdmaDevice u:object_r:exported3_default_prop:s0 exact int
tombstoned.max_tombstone_count u:object_r:exported3_default_prop:s0 exact int
vold.post_fs_data_done u:object_r:exported2_vold_prop:s0 exact int
+wlan.driver.status u:object_r:exported_wifi_prop:s0 exact enum ok unloaded
# vendor-init-readable|vendor-init-actionable
dev.bootcomplete u:object_r:exported3_system_prop:s0 exact bool
diff --git a/public/vendor_init.te b/public/vendor_init.te
index dee2006a8c721e4d3992ef554d428c4f7b37c00d..027392509796b8cb44075b3bacd3bd498a1b0781 100644
--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@@ -159,7 +159,9 @@ not_compatible_property(`
})
')
+set_prop(vendor_init, bluetooth_a2dp_offload_prop)
set_prop(vendor_init, debug_prop)
+set_prop(vendor_init, exported_bluetooth_prop)
set_prop(vendor_init, exported_config_prop)
set_prop(vendor_init, exported_dalvik_prop)
set_prop(vendor_init, exported_default_prop)
@@ -168,6 +170,7 @@ set_prop(vendor_init, exported_overlay_prop)
set_prop(vendor_init, exported_pm_prop)
set_prop(vendor_init, exported_radio_prop)
set_prop(vendor_init, exported_system_radio_prop)
+set_prop(vendor_init, exported_wifi_prop)
set_prop(vendor_init, exported2_config_prop)
set_prop(vendor_init, exported2_system_prop)
set_prop(vendor_init, exported2_vold_prop)
diff --git a/public/wificond.te b/public/wificond.te
index 1f0936e7901762598821b6ade7a0b12bb4860d76..9e4dc7d32478f63a00631cf42d7f5c66260ea7c7 100644
--- a/public/wificond.te
+++ b/public/wificond.te
@@ -7,6 +7,7 @@ binder_call(wificond, system_server)
add_service(wificond, wificond_service)
+set_prop(wificond, exported_wifi_prop)
set_prop(wificond, wifi_prop)
set_prop(wificond, ctl_default_prop)