GitLab

SELinux defines various classes for various socket types, including
tcp_socket, udp_socket, rawip_socket, netlink_socket, etc. Socket
classes not known to the SELinux kernel code get lumped into the generic
"socket" class. In particular, this includes the AF_MSM_IPC socket
class.

Bluetooth using apps were granted access to this generic socket class at
one point in 2012. In 16011320,
a TODO was added indicating that this access was likely unnecessary. In
cb835a28, an auditallow was added to
test to see if this rule was actually used, and in master branch
d0113ae0, this rule was completely
deleted.

Revoke access to the generic socket class for isolated_app,
untrusted_app, and shell for older Android releases. This is
conceptually a backport of d0113ae0, but
affecting fewer domains to avoid potential breakage.

Add a neverallow...