This leaves only the existence of bluetoothdomain attribute as public
API. All other rules are implementation details of this attribute's
policy and are thus now private.

Test: No change to policy according to sesearch, except for
      disappearance of all allow bluetoothdomain bluetooth_current
      rule (as expected).
Bug: 31364497

Change-Id: I0edfc30d98e1cd9fb4f41a2900954d9cdbb4db14

Divide policy into public and private components.  This is the first
step in splitting the policy creation for platform and non-platform
policies.  The policy in the public directory will be exported for use
in non-platform policy creation.  Backwards compatibility with it will
be achieved by converting the exported policy into attribute-based
policy when included as part of the non-platform policy and a mapping
file will be maintained to be included with the platform policy that
maps exported attributes of previous versions to the current platform
version.

Eventually we would like to create a clear interface between the
platform and non-platform device components so that the exported policy,
and the need for attributes is minimal.  For now, almost all types and
avrules are left in public.

Test: Tested by building policy and running on device.

Change-Id: Idef796c9ec169259787c3f9d8f423edf4ce27f8c

An auditallow has been in place since commit
cb835a28 but nothing has been triggered.
Remove the rule.

Bug: 25768265
Change-Id: Ia9f35c41feabc9ccf5eb5c6dae09c68dc4f465ff

Yes, it's being used.

  type=1400 audit(0.0:19391): avc: granted { read write } for comm="Binder_4" path="socket:[1354209]" dev="sockfs" ino=1354209 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:r:bluetooth:s0 tclass=unix_stream_socket
  type=1400 audit(0.0:19392): avc: granted { read } for comm="pandora.android" scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:r:bluetooth:s0 tclass=unix_stream_socket
  type=1400 audit(0.0:19393): avc: granted { read } for comm="TransportReader" scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:r:bluetooth:s0 tclass=unix_stream_socket
  type=1400 audit(0.0:19398): avc: granted { shutdown } for comm="AppLinkBluetoot" scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:r:bluetooth:s0 tclass=unix_stream_socket
  type=1400 audit(0.0:19400): avc: granted { getopt } for comm="AppLinkBluetoot" scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:r:bluetooth:s0 tclass=unix_stream_socket
  type=1400 audit(0.0:12517): avc: granted { write } for comm="MultiQueueWrite" scontext=u:r:priv_app:s0:c512,c768 tcontext=u:r:bluetooth:s0 tclass=unix_stream_socket
  type=1400 audit(0.0:12563): avc: granted { read } for comm="WearableReader" scontext=u:r:priv_app:s0:c512,c768 tcontext=u:r:bluetooth:s0 tclass=unix_stream_socket

and a lot more...

Bug: 25767747
Change-Id: I15f89be1f44eef471e432e6d9f9ecb60a43801f8

Let's see if it's safe to get rid of them.

Bug: 25768265
Bug: 25767747
Change-Id: Iaf022b4dafe1cc9eab871c8d7ec5afd3cf20bf96

Don't mix bluetooth rules with bluetoothdomain. The bluetoothdomain
rules are used by several other SELinux domains, not just bluetooth,
and keeping them in the same file is confusing.

Change-Id: I487251ab1c1392467a39c7a87328cdaf802fc1f8