From 58b3344c7aa5ade1f70361a50c9409832e0f771d Mon Sep 17 00:00:00 2001
From: Adam Shih <adamshih@google.com>
Date: Wed, 10 Mar 2021 10:36:45 +0800
Subject: [PATCH] label kernel modules and grant bt permission

Bug: 182320300
Bug: 182320258
Test: boot to home and connect to bluetooth headset under enforcing mode
Change-Id: I6f6e8359d03eb4205268d56a1fcd50ce1445f442
---
 tracking_denials/hal_bluetooth_btlinux.te          | 2 --
 tracking_denials/init-insmod-sh.te                 | 9 ---------
 whitechapel/vendor/google/file_contexts            | 1 +
 whitechapel/vendor/google/hal_bluetooth_btlinux.te | 1 +
 4 files changed, 2 insertions(+), 11 deletions(-)

diff --git a/tracking_denials/hal_bluetooth_btlinux.te b/tracking_denials/hal_bluetooth_btlinux.te
index 0136730b..7a2c4f88 100644
--- a/tracking_denials/hal_bluetooth_btlinux.te
+++ b/tracking_denials/hal_bluetooth_btlinux.te
@@ -1,4 +1,2 @@
 # b/182320300
-dontaudit hal_bluetooth_btlinux servicemanager:binder { call };
-dontaudit hal_bluetooth_btlinux servicemanager:binder { call };
 dontaudit hal_bluetooth_btlinux default_android_service:service_manager { find };
diff --git a/tracking_denials/init-insmod-sh.te b/tracking_denials/init-insmod-sh.te
index ca69d4cb..9f615fab 100644
--- a/tracking_denials/init-insmod-sh.te
+++ b/tracking_denials/init-insmod-sh.te
@@ -2,12 +2,3 @@
 dontaudit init-insmod-sh vendor_regmap_debugfs:dir { search };
 dontaudit init-insmod-sh vendor_regmap_debugfs:dir { search };
 dontaudit init-insmod-sh vendor_regmap_debugfs:dir { search };
-# b/182320258
-dontaudit init-insmod-sh vendor_file:system { module_load };
-dontaudit init-insmod-sh vendor_file:system { module_load };
-dontaudit init-insmod-sh vendor_file:system { module_load };
-dontaudit init-insmod-sh vendor_file:system { module_load };
-dontaudit init-insmod-sh vendor_file:system { module_load };
-dontaudit init-insmod-sh vendor_file:system { module_load };
-dontaudit init-insmod-sh vendor_file:system { module_load };
-dontaudit init-insmod-sh vendor_file:system { module_load };
diff --git a/whitechapel/vendor/google/file_contexts b/whitechapel/vendor/google/file_contexts
index 68bcf67f..5c3908d6 100644
--- a/whitechapel/vendor/google/file_contexts
+++ b/whitechapel/vendor/google/file_contexts
@@ -356,6 +356,7 @@
 
 # Vendor_kernel_modules
 /vendor/lib/modules/.*\.ko                                                    u:object_r:vendor_kernel_modules:s0
+/vendor_dlkm/lib/modules/.*\.ko                                               u:object_r:vendor_kernel_modules:s0
 
 # Display
 /vendor/lib(64)?/libion_google\.so                                               u:object_r:same_process_hal_file:s0
diff --git a/whitechapel/vendor/google/hal_bluetooth_btlinux.te b/whitechapel/vendor/google/hal_bluetooth_btlinux.te
index 4e61c620..f7096836 100644
--- a/whitechapel/vendor/google/hal_bluetooth_btlinux.te
+++ b/whitechapel/vendor/google/hal_bluetooth_btlinux.te
@@ -4,6 +4,7 @@ allow hal_bluetooth_btlinux sysfs_bluetooth_writable:file rw_file_perms;
 allow hal_bluetooth_btlinux proc_bluetooth_writable:file rw_file_perms;
 allow hal_bluetooth_btlinux hci_attach_dev:chr_file rw_file_perms;
 allow hal_bluetooth_btlinux wb_coexistence_dev:chr_file rw_file_perms;
+binder_call(hal_bluetooth_btlinux, servicemanager)
 
 # power stats
 vndbinder_use(hal_bluetooth_btlinux)