From ff1e01849968388c12b7a7aa6ecfd25defd8bec0 Mon Sep 17 00:00:00 2001
From: Jeff Vander Stoep <jeffv@google.com>
Date: Thu, 13 Apr 2017 07:51:36 -0700
Subject: [PATCH] bluetooth: Remove domain_deprecated

Remove domain_deprecated from bluetooth. This removes some unnecessarily
permissive rules.

Bug: 25433265
Test: All of the permissions being removed were being audited. Verify
      that no audited (granted) avc messages for bluetooth exist in
      in the logs.

Change-Id: Ifa12a0f1533edcb623bbb9631f88f1ff1d6d7085
---
 private/bluetooth.te        | 3 +--
 public/domain_deprecated.te | 3 ---
 2 files changed, 1 insertion(+), 5 deletions(-)

diff --git a/private/bluetooth.te b/private/bluetooth.te
index 628f9714c..8b25eccab 100644
--- a/private/bluetooth.te
+++ b/private/bluetooth.te
@@ -1,7 +1,6 @@
-# bluetooth subsystem
+# bluetooth app
 
 typeattribute bluetooth coredomain;
-typeattribute bluetooth domain_deprecated;
 
 app_domain(bluetooth)
 net_domain(bluetooth)
diff --git a/public/domain_deprecated.te b/public/domain_deprecated.te
index aa6ec4e7e..5702aced2 100644
--- a/public/domain_deprecated.te
+++ b/public/domain_deprecated.te
@@ -217,7 +217,6 @@ auditallow {
 } proc:lnk_file { open ioctl lock }; # getattr read granted in domain
 auditallow {
   domain_deprecated
-  -bluetooth
   -fingerprintd
   -healthd
   -netd
@@ -231,7 +230,6 @@ auditallow {
 } sysfs:dir { open getattr read ioctl lock }; # search granted in domain
 auditallow {
   domain_deprecated
-  -bluetooth
   -fingerprintd
   -healthd
   -netd
@@ -245,7 +243,6 @@ auditallow {
 } sysfs:file r_file_perms;
 auditallow {
   domain_deprecated
-  -bluetooth
   -fingerprintd
   -healthd
   -netd
-- 
GitLab