From d1680c9618922b821cd6685d530d58fd1df1cb4b Mon Sep 17 00:00:00 2001
From: Ted Wang <tedwang@google.com>
Date: Tue, 2 May 2023 12:58:06 +0000
Subject: [PATCH 1/3] Add sepolicy for aidl bt extension hal

Bug: 274906319
Test: make sepolicy and manual test
Change-Id: I56981543acbfeaefed51d27dfbb1b27734404372
(cherry picked from commit a3ef1066030e4dbdb7980c48060912501ff27059)
---
 cheetah/cccdk_timesync_app.te | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 cheetah/cccdk_timesync_app.te

diff --git a/cheetah/cccdk_timesync_app.te b/cheetah/cccdk_timesync_app.te
new file mode 100644
index 0000000..1a4264d
--- /dev/null
+++ b/cheetah/cccdk_timesync_app.te
@@ -0,0 +1 @@
+allow vendor_cccdktimesync_app hal_bluetooth_coexistence_service:service_manager find;

From 96c3e98e10411b219418e34655a9da7fb37a331d Mon Sep 17 00:00:00 2001
From: Ted Wang <tedwang@google.com>
Date: Sat, 6 May 2023 04:21:20 +0000
Subject: [PATCH 2/3] Add sepolicy for aidl bt extension hal in grilservice app

Bug: 280970790
Test: make sepolicy and manual test
Change-Id: Iafe62679c7e4a725ac5ec7e8dababb0cd6579874
---
 cheetah/grilservice_app.te | 1 +
 panther/grilservice_app.te | 1 +
 2 files changed, 2 insertions(+)
 create mode 100644 cheetah/grilservice_app.te
 create mode 100644 panther/grilservice_app.te

diff --git a/cheetah/grilservice_app.te b/cheetah/grilservice_app.te
new file mode 100644
index 0000000..ad0a779
--- /dev/null
+++ b/cheetah/grilservice_app.te
@@ -0,0 +1 @@
+allow grilservice_app hal_bluetooth_coexistence_service:service_manager find;
diff --git a/panther/grilservice_app.te b/panther/grilservice_app.te
new file mode 100644
index 0000000..ad0a779
--- /dev/null
+++ b/panther/grilservice_app.te
@@ -0,0 +1 @@
+allow grilservice_app hal_bluetooth_coexistence_service:service_manager find;

From b4fe0cfb7fe866110de2d399d2f7b3599e2edb6a Mon Sep 17 00:00:00 2001
From: Patty Huang <plhuang@google.com>
Date: Wed, 5 Jul 2023 20:41:39 +0800
Subject: [PATCH 3/3] Allow bthal to access vendor bluetooth folder

Bug: 289055382
Test: enable vendor debug log and check the vendor snoop log contain the vendor log
Change-Id: Ia8980791438b653930a866f038b19fd58b3d3ffd
---
 cheetah/file.te                  | 3 +++
 cheetah/file_contexts            | 2 ++
 cheetah/hal_bluetooth_btlinux.te | 3 +++
 panther/file.te                  | 3 +++
 panther/file_contexts            | 2 ++
 panther/hal_bluetooth_btlinux.te | 3 +++
 6 files changed, 16 insertions(+)
 create mode 100644 cheetah/file.te
 create mode 100644 cheetah/hal_bluetooth_btlinux.te
 create mode 100644 panther/file.te
 create mode 100644 panther/hal_bluetooth_btlinux.te

diff --git a/cheetah/file.te b/cheetah/file.te
new file mode 100644
index 0000000..6e3395b
--- /dev/null
+++ b/cheetah/file.te
@@ -0,0 +1,3 @@
+# BT
+type vendor_bt_data_file, file_type, data_file_type;
+
diff --git a/cheetah/file_contexts b/cheetah/file_contexts
index cae0049..65e3bb6 100644
--- a/cheetah/file_contexts
+++ b/cheetah/file_contexts
@@ -2,3 +2,5 @@
 /dev/ttySAC18                       u:object_r:hci_attach_dev:s0
 /dev/logbuffer_btlpm                u:object_r:logbuffer_device:s0
 /dev/logbuffer_tty18                u:object_r:logbuffer_device:s0
+
+/data/vendor/bluetooth(/.*)?        u:object_r:vendor_bt_data_file:s0
diff --git a/cheetah/hal_bluetooth_btlinux.te b/cheetah/hal_bluetooth_btlinux.te
new file mode 100644
index 0000000..851dc89
--- /dev/null
+++ b/cheetah/hal_bluetooth_btlinux.te
@@ -0,0 +1,3 @@
+allow hal_bluetooth_btlinux vendor_bt_data_file:dir rw_dir_perms;
+allow hal_bluetooth_btlinux vendor_bt_data_file:file create_file_perms;
+
diff --git a/panther/file.te b/panther/file.te
new file mode 100644
index 0000000..6e3395b
--- /dev/null
+++ b/panther/file.te
@@ -0,0 +1,3 @@
+# BT
+type vendor_bt_data_file, file_type, data_file_type;
+
diff --git a/panther/file_contexts b/panther/file_contexts
index cae0049..a671f68 100644
--- a/panther/file_contexts
+++ b/panther/file_contexts
@@ -2,3 +2,5 @@
 /dev/ttySAC18                       u:object_r:hci_attach_dev:s0
 /dev/logbuffer_btlpm                u:object_r:logbuffer_device:s0
 /dev/logbuffer_tty18                u:object_r:logbuffer_device:s0
+
+/data/vendor/bluetooth(/.*)?        u:object_r:vendor_bt_data_file:s0
\ No newline at end of file
diff --git a/panther/hal_bluetooth_btlinux.te b/panther/hal_bluetooth_btlinux.te
new file mode 100644
index 0000000..851dc89
--- /dev/null
+++ b/panther/hal_bluetooth_btlinux.te
@@ -0,0 +1,3 @@
+allow hal_bluetooth_btlinux vendor_bt_data_file:dir rw_dir_perms;
+allow hal_bluetooth_btlinux vendor_bt_data_file:file create_file_perms;
+