From e1b00f392a30865e02e144b2cf33134bc787f389 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Mon, 22 Aug 2016 17:29:46 -0700
Subject: [PATCH] fix build: exclude bluetooth from neverallow restriction

Bluetooth is sometimes started from init.

Addresses the following compiler error:

  libsepol.report_failure: neverallow on line 489 of
  system/sepolicy/domain.te (or line 9149 of policy.conf) violated by
  allow init bluetooth:process { transition };
  libsepol.check_assertions: 1 neverallow failures occurred
  Error while expanding policy

(cherry-picked from commit 7e3802162387b0ddcc641bc9061dbaf75e42298b)

Change-Id: I2bc1e15217892e1ba2a62c9683af0f3c0aa16b86
---
 domain.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/domain.te b/domain.te
index 778c07ce8..7da234092 100644
--- a/domain.te
+++ b/domain.te
@@ -519,7 +519,7 @@ neverallow {
 
 # Only domains spawned from zygote and runas may have the appdomain attribute.
 neverallow { domain -runas -zygote } {
-  appdomain -shell userdebug_or_eng(`-su')
+  appdomain -shell userdebug_or_eng(`-su') -bluetooth
 }:process { transition dyntransition };
 
 # Minimize read access to shell- or app-writable symlinks.
-- 
GitLab