android: Provide SELinux policy files

This adds required policy files and updates documentation with more SELinux information.
author: Szymon Janc <szymon.janc@tieto.com> 2014-12-23 12:46:21 +0100
committer: Szymon Janc <szymon.janc@tieto.com> 2014-12-24 11:01:53 +0100
commit: cba67bc1923a7701d70dd93944077e02b7504a03 (patch)
tree: c31bbccea5e3d85e9cb0f4ec641d32fabdcaf181 /android/bluetoothd_snoop.te
parent: 3fc5cbdaa01d7e00132f93e6acbfdb202539c6e5 (diff)
download: bluez-cba67bc1923a7701d70dd93944077e02b7504a03.tar.gz
1 files changed, 17 insertions, 0 deletions
diff --git a/android/bluetoothd_snoop.te b/android/bluetoothd_snoop.te
new file mode 100644
index 000000000..ef817b5bc
--- /dev/null
+++ b/android/bluetoothd_snoop.te
@@ -0,0 +1,17 @@
+type bluetoothd_snoop, domain;
+type bluetoothd_snoop_exec, exec_type, file_type;
+
+# Start bluetoothd_snoop from init
+init_daemon_domain(bluetoothd_snoop)
+
+# directory search and read caps
+allow bluetoothd_snoop self:capability dac_read_search;
+# use raw and packet sockets caps
+allow bluetoothd_snoop self:capability net_raw;
+
+# monitor socket access
+allow bluetoothd_snoop self:socket { create bind setopt read };
+
+# sdcard access
+allow bluetoothd_snoop fuse:dir w_dir_perms;
+allow bluetoothd_snoop fuse:file create_file_perms;
author	Szymon Janc <szymon.janc@tieto.com>	2014-12-23 12:46:21 +0100
committer	Szymon Janc <szymon.janc@tieto.com>	2014-12-24 11:01:53 +0100
commit	cba67bc1923a7701d70dd93944077e02b7504a03 (patch)
tree	c31bbccea5e3d85e9cb0f4ec641d32fabdcaf181 /android/bluetoothd_snoop.te
parent	3fc5cbdaa01d7e00132f93e6acbfdb202539c6e5 (diff)
download	bluez-cba67bc1923a7701d70dd93944077e02b7504a03.tar.gz