Merge pull request #791 from pebenito/quic_nakella-bluetoothctl

Setting bluetooth helper domain for bluetoothctl

policy/modules/services/bluetooth.fc

@@ -7,6 +7,7 @@
 
 /usr/bin/blue.*pin	--	gen_context(system_u:object_r:bluetooth_helper_exec_t,s0)
 /usr/bin/bluetoothd	--	gen_context(system_u:object_r:bluetooth_exec_t,s0)
+/usr/bin/bluetoothctl	--	gen_context(system_u:object_r:bluetooth_helper_exec_t,s0)
 /usr/bin/dund	--	gen_context(system_u:object_r:bluetooth_exec_t,s0)
 /usr/bin/hciattach	--	gen_context(system_u:object_r:bluetooth_exec_t,s0)
 /usr/bin/hcid	--	gen_context(system_u:object_r:bluetooth_exec_t,s0)

policy/modules/services/bluetooth.te

@@ -19,6 +19,7 @@ files_type(bluetooth_conf_rw_t)
 
 type bluetooth_helper_t;
 type bluetooth_helper_exec_t;
+init_system_domain(bluetooth_helper_t, bluetooth_helper_exec_t)
 userdom_user_application_domain(bluetooth_helper_t, bluetooth_helper_exec_t)
 role bluetooth_helper_roles types bluetooth_helper_t;
 
@@ -176,6 +177,8 @@ allow bluetooth_helper_t self:shm create_shm_perms;
 allow bluetooth_helper_t self:unix_stream_socket { accept connectto listen };
 
 allow bluetooth_helper_t bluetooth_t:socket { read write };
+allow bluetooth_helper_t bluetooth_t:fd use;
+allow bluetooth_helper_t bluetooth_t:unix_stream_socket rw_socket_perms;
 
 manage_dirs_pattern(bluetooth_helper_t, bluetooth_helper_tmp_t, bluetooth_helper_tmp_t)
 manage_files_pattern(bluetooth_helper_t, bluetooth_helper_tmp_t, bluetooth_helper_tmp_t)
@@ -204,6 +207,8 @@ term_dontaudit_use_all_ttys(bluetooth_helper_t)
 
 auth_use_nsswitch(bluetooth_helper_t)
 
+init_use_script_ptys(bluetooth_helper_t)
+
 locallogin_dontaudit_use_fds(bluetooth_helper_t)
 
 logging_send_syslog_msg(bluetooth_helper_t)