Merge pull request #450 from yizhao1/fixes

2022-01-04 11:00:03 -05:00 · 2022-01-04 11:00:03 -05:00 · 57eafae3f7
parent 51dca5c89a 91d32c2162
commit 57eafae3f7
3 changed files with 6 additions and 0 deletions
--- a/policy/modules/admin/su.if
+++ b/policy/modules/admin/su.if
@ -164,6 +164,7 @@ template(`su_role_template',`
 	kernel_read_kernel_sysctls($1_su_t)
 	kernel_search_key($1_su_t)
 	kernel_link_key($1_su_t)
+	kernel_dontaudit_getattr_proc($1_su_t)

 	# for SSP
 	dev_read_urand($1_su_t)
@ -172,6 +173,7 @@ template(`su_role_template',`

 	# needed for pam_rootok
 	selinux_compute_access_vector($1_su_t)
+	selinux_use_status_page($1_su_t)

 	auth_domtrans_chk_passwd($1_su_t)
 	auth_dontaudit_read_shadow($1_su_t)
--- a/policy/modules/services/bluetooth.te
+++ b/policy/modules/services/bluetooth.te
@ -61,6 +61,7 @@ allow bluetooth_t self:unix_stream_socket { accept connectto listen };
 allow bluetooth_t self:tcp_socket { accept listen };
 allow bluetooth_t self:netlink_kobject_uevent_socket create_socket_perms;
 allow bluetooth_t self:bluetooth_socket create_stream_socket_perms;
+allow bluetooth_t self:alg_socket create_stream_socket_perms;

 read_files_pattern(bluetooth_t, bluetooth_conf_t, bluetooth_conf_t)

--- a/policy/modules/system/systemd.te
+++ b/policy/modules/system/systemd.te
@ -512,6 +512,9 @@ sysnet_manage_config(systemd_hostnamed_t)

 systemd_log_parse_environment(systemd_hostnamed_t)

+# Allow reading /run/udev/data/+dmi:id
+udev_read_runtime_files(systemd_hostnamed_t)
+
 optional_policy(`
 	dbus_connect_system_bus(systemd_hostnamed_t)
 	dbus_system_bus_client(systemd_hostnamed_t)