From 1de5b57908769952b6aca32851e70589b972823e Mon Sep 17 00:00:00 2001
From: jonerlin <jonerlin@google.com>
Date: Thu, 24 Oct 2024 02:27:40 +0000
Subject: [PATCH] add bluetooth common hal sepolicy rules for bt subsystem
 crash info files

10-28 14:58:24.744000  1002   894   894 I auditd  : type=1400 audit(0.0:131): avc:  denied  { write } for  comm="binder:894_2" name="ssrdump" dev="dm-52" ino=425 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=1
10-28 14:58:24.744000  1002   894   894 I binder:894_2: type=1400 audit(0.0:131): avc:  denied  { write } for  name="ssrdump" dev="dm-52" ino=425 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=1
10-28 14:58:24.744000  1002   894   894 I auditd  : type=1400 audit(0.0:132): avc:  denied  { add_name } for  comm="binder:894_2" name="crashinfo_bt_2024-10-28_14-58-24.txt" scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=1
10-28 14:58:24.744000  1002   894   894 I binder:894_2: type=1400 audit(0.0:132): avc:  denied  { add_name } for  name="crashinfo_bt_2024-10-28_14-58-24.txt" scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=1
10-28 14:58:24.744000  1002   894   894 I auditd  : type=1400 audit(0.0:133): avc:  denied  { create } for  comm="binder:894_2" name="crashinfo_bt_2024-10-28_14-58-24.txt" scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=file permissive=1
10-28 14:58:24.744000  1002   894   894 I binder:894_2: type=1400 audit(0.0:133): avc:  denied  { create } for  name="crashinfo_bt_2024-10-28_14-58-24.txt" scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=file permissive=1
10-28 14:58:24.748000  1002   894   894 I auditd  : type=1400 audit(0.0:134): avc:  denied  { read write open } for  comm="binder:894_2" path="/data/vendor/ssrdump/crashinfo_bt_2024-10-28_14-58-24.txt" dev="dm-52" ino=15503 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=file permissive=1
10-28 14:58:24.748000  1002   894   894 I binder:894_2: type=1400 audit(0.0:134): avc:  denied  { read write open } for  path="/data/vendor/ssrdump/crashinfo_bt_2024-10-28_14-58-24.txt" dev="dm-52" ino=15503 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=file permissive=1
10-28 14:58:24.748000  1002   894   894 I auditd  : type=1400 audit(0.0:135): avc:  denied  { setattr } for  comm="binder:894_2" name="crashinfo_bt_2024-10-28_14-58-24.txt" dev="dm-52" ino=15503 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=file permissive=1
10-28 14:58:24.748000  1002   894   894 I binder:894_2: type=1400 audit(0.0:135): avc:  denied  { setattr } for  name="crashinfo_bt_2024-10-28_14-58-24.txt" dev="dm-52" ino=15503 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=file permissive=1
10-28 14:59:54.572000  1002   894   894 I auditd  : type=1400 audit(0.0:2065): avc:  denied  { open } for  comm="binder:894_2" path="/data/vendor/ssrdump" dev="dm-52" ino=425 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=1
10-28 14:59:54.572000  1002   894   894 I binder:894_2: type=1400 audit(0.0:2065): avc:  denied  { open } for  path="/data/vendor/ssrdump" dev="dm-52" ino=425 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=1
10-28 14:59:54.572000  1002   894   894 I auditd  : type=1400 audit(0.0:2066): avc:  denied  { read } for  comm="binder:894_2" name="crashinfo_bt_2024-10-28_14-58-24.txt" dev="dm-52" ino=15503 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=file permissive=1
10-28 14:59:54.572000  1002   894   894 I binder:894_2: type=1400 audit(0.0:2066): avc:  denied  { read } for  name="crashinfo_bt_2024-10-28_14-58-24.txt" dev="dm-52" ino=15503 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=file permissive=1
10-28 14:59:54.572000  1002   894   894 I auditd  : type=1400 audit(0.0:2067): avc:  denied  { open } for  comm="binder:894_2" path="/data/vendor/ssrdump/crashinfo_bt_2024-10-28_14-58-24.txt" dev="dm-52" ino=15503 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=file permissive=1
10-28 14:59:54.572000  1002   894   894 I binder:894_2: type=1400 audit(0.0:2067): avc:  denied  { open } for  path="/data/vendor/ssrdump/crashinfo_bt_2024-10-28_14-58-24.txt" dev="dm-52" ino=15503 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=file permissive=1
10-28 14:59:54.572000  1002   894   894 I auditd  : type=1400 audit(0.0:2068): avc:  denied  { getattr } for  comm="binder:894_2" path="/data/vendor/ssrdump/crashinfo_bt_2024-10-28_14-58-24.txt" dev="dm-52" ino=15503 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=file permissive=1
10-28 14:59:54.572000  1002   894   894 I binder:894_2: type=1400 audit(0.0:2068): avc:  denied  { getattr } for  path="/data/vendor/ssrdump/crashinfo_bt_2024-10-28_14-58-24.txt" dev="dm-52" ino=15503 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=file permissive=1
10-23 13:34:22.912   873   873 I binder:873_3: type=1400 audit(0.0:5105): avc:  denied  { read } for  name="ssrdump" dev="dm-52" ino=425 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=1
[  354.876922] type=1400 audit(1729656523.440:124): avc:  denied  { search } for  comm="binder:873_2" name="ssrdump" dev="dm-52" ino=425 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=1
[  738.332303] type=1400 audit(1729656906.896:2087): avc:  denied  { read } for  comm="binder:873_3" name="ssrdump" dev="dm-52" ino=425 scontext=u:r:hal_bluetooth_btlinux:s0 tcontext=u:object_r:sscoredump_vendor_data_crashinfo_file:s0 tclass=dir permissive=1

Bug: 374695851
Test: build pass, make bt crash and get the bugreport
Flag: EXEMPT, internal cleanup.
Change-Id: If9c4064fe71bfc0b1055bc953a1b2e22978e1938
---
 bluetooth/sepolicy/hal_bluetooth_btlinux.te | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/bluetooth/sepolicy/hal_bluetooth_btlinux.te b/bluetooth/sepolicy/hal_bluetooth_btlinux.te
index a893102..0c85cb0 100644
--- a/bluetooth/sepolicy/hal_bluetooth_btlinux.te
+++ b/bluetooth/sepolicy/hal_bluetooth_btlinux.te
@@ -9,7 +9,8 @@ binder_call(hal_bluetooth_btlinux, hal_power_stats_default)
 
 # bt firmware dump
 allow hal_bluetooth_btlinux aconfig_storage_metadata_file:dir search;
-allow hal_bluetooth_btlinux sscoredump_vendor_data_crashinfo_file:dir { read search };
+allow hal_bluetooth_btlinux sscoredump_vendor_data_crashinfo_file:dir rw_dir_perms;
+allow hal_bluetooth_btlinux sscoredump_vendor_data_crashinfo_file:file rw_file_perms;
 
 userdebug_or_eng(`
   allow hal_bluetooth_btlinux sscoredump_vendor_data_coredump_file:dir create_dir_perms;