sepolicy/bluetooth_loader.te

# Bluetooth executables and scripts
type bluetooth_loader, domain;
type bluetooth_loader_exec, exec_type, file_type;

# Start bdAddrLoader from init
init_daemon_domain(bluetooth_loader)

# Run init.qcom.bt.sh
allow bluetooth_loader shell_exec:file { entrypoint read };
allow bluetooth_loader bluetooth_loader_exec:file { getattr open execute_no_trans };

# init.qcom.bt.sh needs /system/bin/log access
allow bluetooth_loader devpts:chr_file rw_file_perms;

# Run hci_qcomm_init from init.qcom.bt.sh
domain_auto_trans(bluetooth_loader, hci_attach_exec, hci_attach)
allow hci_attach bluetooth_loader:fd use;

# Read mac address from persist partition
allow bluetooth_loader persist_file:dir search;
r_dir_file(bluetooth_loader, bluetooth_data_file)
allow bluetooth_loader self:capability { dac_override dac_read_search chown };

# It may write a random mac here
allow bluetooth_loader persist_file:dir { add_name write };
allow bluetooth_loader persist_file:file { create_file_perms };

# Talk to init over the property socket
unix_socket_connect(bluetooth_loader, property, init)
# Set persist.service.bdroid.* and bluetooth.* property values
allow bluetooth_loader bluetooth_prop:property_service set;

# Allow getprop/setprop for init.qcom.bt.sh
allow bluetooth_loader system_file:file execute_no_trans;

# Access the smd device
allow bluetooth_loader hci_attach_dev:chr_file rw_file_perms;

# And qmuxd
allow bluetooth_loader qmuxd_socket:dir { write add_name remove_name search };
allow bluetooth_loader qmuxd_socket:sock_file { create setattr getattr write unlink };
allow bluetooth_loader qmuxd:unix_stream_socket { connectto };
#