Hi Jakub, On Friday 21 of November 2014 14:58:21 Jakub Tyszkowski wrote: > This is to get rid of SEPolicy complain about service running without > defined policies. > --- > android/init.bluetooth.rc | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/android/init.bluetooth.rc b/android/init.bluetooth.rc > index af62121..1815fac 100644 > --- a/android/init.bluetooth.rc > +++ b/android/init.bluetooth.rc > @@ -25,6 +25,7 @@ service bluetoothd /system/bin/logwrapper > /system/bin/bluetoothd class main > # init does not yet support setting capabilities so run as root, > # bluetoothd drop uid to bluetooth with the right linux capabilities > + seclabel u:r:bluetoothd:s0 > group bluetooth > disabled > oneshot > @@ -33,6 +34,7 @@ service bluetoothd-snoop /system/bin/logwrapper > /system/bin/bluetoothd-snoop class main > # init does not yet support setting capabilities so run as root, > # bluetoothd-snoop drops unneeded linux capabilities > + seclabel u:r:bluetoothd:s0 > group nobody > disabled > oneshot I think we should have separate policy for snoop service as it requires far less permissions to run. -- BR Szymon Janc -- To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
