sepolicy: update BT Se linux policy rule

- Remove vendor_bluetooth_prop rule for unused wcnss_filter
  & hal_audio
- Add persist.vendor.qcom.bluetooth. &
  vendor.qcom.bluetooth. into vendor_bluetooth_prop context.
- Allow qipcrtr_socket perms for user builds as well.
- Allow BT process accessing persist.vendor.bt_logger.log_mask

Change-Id: I44065536f313e900fa08848c3309391f3817e05c

generic/vendor/common/file_contexts

@@ -126,7 +126,6 @@
 /vendor/bin/netmgrd             u:object_r:netmgrd_exec:s0
 /vendor/bin/port-bridge         u:object_r:port-bridge_exec:s0
 /vendor/bin/qti                 u:object_r:qti_exec:s0
-/vendor/bin/wcnss_filter        u:object_r:wcnss_filter_exec:s0
 /vendor/bin/loc_launcher        u:object_r:location_exec:s0
 /vendor/bin/lowi-server         u:object_r:location_exec:s0
 /vendor/bin/xtra-daemon         u:object_r:location_exec:s0

generic/vendor/common/hal_audio_default.te

@@ -56,6 +56,3 @@ allow hal_audio sysfs_audio:dir r_dir_perms ;
 
 # audio properties
 get_prop(hal_audio, vendor_audio_prop)
-
-# bluetooth properties
-get_prop(hal_audio, vendor_bluetooth_prop)

generic/vendor/common/hal_bluetooth_default.te

@@ -26,8 +26,6 @@
 # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 allow hal_bluetooth_default bt_device:chr_file rw_file_perms;
 
-allow hal_bluetooth_default wcnss_filter:unix_stream_socket connectto;
-
 # talk to system_server to set priority
 allow hal_bluetooth fwk_scheduler_hwservice:hwservice_manager find;
 allow hal_bluetooth system_server:binder call;
@@ -40,8 +38,11 @@ r_dir_file(hal_bluetooth_default, bt_firmware_file)
 
 allow hal_bluetooth_default persist_bluetooth_file:dir r_dir_perms;
 allow hal_bluetooth_default persist_bluetooth_file:file r_file_perms;
+#For QMI socket
+allow hal_bluetooth_default self:{ qipcrtr_socket } create_socket_perms_no_ioctl;
 
 userdebug_or_eng(`
+diag_use(hal_bluetooth)
 allow hal_bluetooth_default ramdump_vendor_data_file:file create_file_perms;
 allow hal_bluetooth_default ramdump_vendor_data_file:dir create_dir_perms;
 
@@ -51,6 +52,7 @@ allow hal_bluetooth_default debugfs_ipc:file rw_file_perms;
 allow hal_bluetooth_default debugfs_ipc:dir  rw_dir_perms;
 allow hal_bluetooth_default vendor_bt_data_file:dir ra_dir_perms;
 allow hal_bluetooth_default vendor_bt_data_file:file create_file_perms;
+allow hal_bluetooth_default self:{ socket } create_socket_perms_no_ioctl;
 ')
 
 r_dir_file(hal_bluetooth_default, mnt_vendor_file)

generic/vendor/common/property_contexts

@@ -28,7 +28,8 @@ persist.vendor.service.bdroid.       u:object_r:vendor_bluetooth_prop:s0
 persist.vendor.bluetooth.            u:object_r:vendor_bluetooth_prop:s0
 ro.vendor.bluetooth.                 u:object_r:vendor_bluetooth_prop:s0
 persist.vendor.bluetooth.a2dp.       u:object_r:vendor_bluetooth_prop:s0
-persist.vendor.bt.a2dp_offload_cap   u:object_r:vendor_bluetooth_prop:s0
+persist.vendor.qcom.bluetooth.       u:object_r:vendor_bluetooth_prop:s0
+vendor.qcom.bluetooth.               u:object_r:vendor_bluetooth_prop:s0
 vendor.wc_transport.       u:object_r:vendor_bluetooth_prop:s0
 ctl.vendor.msm_irqbalance  u:object_r:msm_irqbalance_prop:s0
 ctl.vendor.netmgrd         u:object_r:ctl_netmgrd_prop:s0

generic/vendor/common/wcnss_filter.te

@@ -1,42 +0,0 @@
-# Copyright (c) 2018, The Linux Foundation. All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions are
-# met:
-#     * Redistributions of source code must retain the above copyright
-#       notice, this list of conditions and the following disclaimer.
-#     * Redistributions in binary form must reproduce the above
-#       copyright notice, this list of conditions and the following
-#       disclaimer in the documentation and/or other materials provided
-#       with the distribution.
-#     * Neither the name of The Linux Foundation nor the names of its
-#       contributors may be used to endorse or promote products derived
-#       from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
-# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
-# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
-# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
-# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
-# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-type wcnss_filter, domain;
-type wcnss_filter_exec, exec_type, vendor_file_type, file_type;
-
-init_daemon_domain(wcnss_filter)
-
-allow wcnss_filter hci_attach_dev:chr_file rw_file_perms;
-
-userdebug_or_eng(`
-  allow wcnss_filter diag_device:chr_file rw_file_perms;
-  allow wcnss_filter ramdump_vendor_data_file:dir create_dir_perms;
-  allow wcnss_filter ramdump_vendor_data_file:file create_file_perms;
-  r_dir_file(wcnss_filter, debugfs_ipc)
-')
-
-# allow wcnss to set threads to RT priority
-allow wcnss_filter self:capability sys_nice;

qva/private/property_contexts

@@ -29,7 +29,7 @@ persist.vendor.dpm.                        u:object_r:persist_dpm_prop:s0
 persist.vendor.btstack                     u:object_r:bluetooth_prop:s0
 persist.vendor.bluetooth.emailaccountcount u:object_r:bluetooth_prop:s0
 persist.vendor.bt.a2dp                     u:object_r:bluetooth_prop:s0
-
+persist.vendor.bt_logger.                  u:object_r:bluetooth_prop:s0
 persist.vendor.service.bt.                 u:object_r:bluetooth_prop:s0
 ro.vendor.btstack.                         u:object_r:bluetooth_prop:s0
 vendor.pts.                                u:object_r:bluetooth_prop:s0