Allow getopt / getattr to bluetooth unix_stream_socket.

Resolve denials such as: avc: denied { getattr } for pid=16226 comm="Thread-2096" path="socket:[414657]" dev="sockfs" ino=414657 scontext=u:r:untrusted_app:s0 tcontext=u:r:bluetooth:s0 tclass=unix_stream_socket avc: denied { getopt } for pid=5890 comm="FinalizerDaemon" scontext=u:r:untrusted_app:s0 tcontext=u:r:bluetooth:s0 tclass=unix_stream_socket (cherry picked from commit 495e9d12) Change-Id: Ie38979416b36b4452375d58baff46f14b78f1bad Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

Allow getopt / getattr to bluetooth unix_stream_socket.
Resolve denials such as: avc: denied { getattr } for pid=16226 comm="Thread-2096" path="socket:[414657]" dev="sockfs" ino=414657 scontext=u:r:untrusted_app:s0 tcontext=u:r:bluetooth:s0 tclass=unix_stream_socket avc: denied { getopt } for pid=5890 comm="FinalizerDaemon" scontext=u:r:untrusted_app:s0 tcontext=u:r:bluetooth:s0 tclass=unix_stream_socket (cherry picked from commit 495e9d12) Change-Id: Ie38979416b36b4452375d58baff46f14b78f1bad Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
f8c96056 · Stephen Smalley · Nick Kralevich · 320e0ec7 · f8c96056
Commit f8c96056 authored 11 years ago by Stephen Smalley Committed by Nick Kralevich 11 years ago
--- a/bluetooth.te
+++ b/bluetooth.te
@@ -26,7 +26,8 @@ allow bluetooth sysfs_bluetooth_writable:file rw_file_perms;
 allow bluetooth self:capability net_admin;
 # Allow clients to use a socket provided by the bluetooth app.
-allow bluetoothdomain bluetooth:unix_stream_socket { read write shutdown };
+# TODO:  See if this is still required under bluedroid.
+allow bluetoothdomain bluetooth:unix_stream_socket { getopt getattr read write shutdown };
 # tethering
 allow bluetooth self:{ tun_socket udp_socket } { ioctl create };