bluetoothdomain.te: drop bluetooth unix_stream_socket auditallow
Yes, it's being used.
type=1400 audit(0.0:19391): avc: granted { read write } for comm="Binder_4" path="socket:[1354209]" dev="sockfs" ino=1354209 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:r:bluetooth:s0 tclass=unix_stream_socket
type=1400 audit(0.0:19392): avc: granted { read } for comm="pandora.android" scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:r:bluetooth:s0 tclass=unix_stream_socket
type=1400 audit(0.0:19393): avc: granted { read } for comm="TransportReader" scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:r:bluetooth:s0 tclass=unix_stream_socket
type=1400 audit(0.0:19398): avc: granted { shutdown } for comm="AppLinkBluetoot" scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:r:bluetooth:s0 tclass=unix_stream_socket
type=1400 audit(0.0:19400): avc: granted { getopt } for comm="AppLinkBluetoot" scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:r:bluetooth:s0 tclass=unix_stream_socket
type=1400 audit(0.0:12517): avc: granted { write } for comm="MultiQueueWrite" scontext=u:r:priv_app:s0:c512,c768 tcontext=u:r:bluetooth:s0 tclass=unix_stream_socket
type=1400 audit(0.0:12563): avc: granted { read } for comm="WearableReader" scontext=u:r:priv_app:s0:c512,c768 tcontext=u:r:bluetooth:s0 tclass=unix_stream_socket
and a lot more...
Bug: 25767747
Change-Id: I15f89be1f44eef471e432e6d9f9ecb60a43801f8
diff --git a/bluetoothdomain.te b/bluetoothdomain.te
index a84ddf8..7fed3ae 100644
--- a/bluetoothdomain.te
+++ b/bluetoothdomain.te
@@ -8,6 +8,4 @@
auditallow { bluetoothdomain -system_server } self:socket create_socket_perms;
# Allow clients to use a socket provided by the bluetooth app.
-# TODO: See if this is still required under bluedroid. (b/25767747)
allow bluetoothdomain bluetooth:unix_stream_socket { getopt setopt getattr read write ioctl shutdown };
-auditallow bluetoothdomain bluetooth:unix_stream_socket { getopt setopt getattr read write ioctl shutdown };
