nnd/selinux-refpolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

bluetooth: fixes for bluetoothd

Browse Source 
* Allow bluetooth_t to create and use bluetooth_socket.
* Allow bluetooth_t to send messages to init scripts over dbus.
* Allow bluetooth_t to send messages from systemd hostnamed over dbus.

Fixes:
avc: denied { create } for pid=377 comm="bluetoothd"
scontext=system_u:system_r:bluetooth_t
tcontext=system_u:system_r:bluetooth_t tclass=bluetooth_socket
permissive=1

avc: denied { bind } for pid=377 comm="bluetoothd"
scontext=system_u:system_r:bluetooth_t
tcontext=system_u:system_r:bluetooth_t tclass=bluetooth_socket
permissive=1

avc: denied { write } for pid=377 comm="bluetoothd"
scontext=system_u:system_r:bluetooth_t
tcontext=system_u:system_r:bluetooth_t tclass=bluetooth_socket
permissive=1

avc: denied { getattr } for pid=377 comm="bluetoothd"
path="socket:[12424]" dev="sockfs" ino=12424
scontext=system_u:system_r:bluetooth_t
tcontext=system_u:system_r:bluetooth_t tclass=bluetooth_socket
permissive=1

avc: denied { listen } for pid=377 comm="bluetoothd"
scontext=system_u:system_r:bluetooth_t
tcontext=system_u:system_r:bluetooth_t tclass=bluetooth_socket
permissive=1

avc: denied { read } for pid=377 comm="bluetoothd" path="socket:[12424]"
dev="sockfs" ino=12424 scontext=system_u:system_r:bluetooth_t
tcontext=system_u:system_r:bluetooth_t tclass=bluetooth_socket
permissive=1

avc: denied { send_msg } for msgtype=method_return dest=:1.2 spid=377
tpid=431 scontext=system_u:system_r:bluetooth_t
tcontext=system_u:system_r:initrc_t tclass=dbus permissive=1

avc: denied { send_msg } for msgtype=signal
interface=org.freedesktop.DBus.ObjectManager member=InterfacesAdded
dest=org.freedesktop.DBus spid=319 tpid=241
scontext=system_u:system_r:bluetooth_t
tcontext=system_u:system_r:initrc_t tclass=dbus permissive=1

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
This commit is contained in:
Yi Zhao 2020-06-23 08:54:20 +08:00
parent e9ee912643
commit 017a321811
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
policy/modules/services/bluetooth.te
View File

@ -60,6 +60,7 @@ allow bluetooth_t self:socket create_stream_socket_perms;
allow bluetooth_t self:unix_stream_socket { accept connectto listen };
allow bluetooth_t self:tcp_socket { accept listen };
allow bluetooth_t self:netlink_kobject_uevent_socket create_socket_perms;
allow bluetooth_t self:bluetooth_socket create_stream_socket_perms;
read_files_pattern(bluetooth_t, bluetooth_conf_t, bluetooth_conf_t)
@ -130,6 +131,7 @@ userdom_dontaudit_search_user_home_dirs(bluetooth_t)
optional_policy(`
dbus_system_bus_client(bluetooth_t)
dbus_connect_system_bus(bluetooth_t)
init_dbus_send_script(bluetooth_t)
optional_policy(`
cups_dbus_chat(bluetooth_t)
@ -146,6 +148,10 @@ optional_policy(`
optional_policy(`
pulseaudio_dbus_chat(bluetooth_t)
')
optional_policy(`
systemd_dbus_chat_hostnamed(bluetooth_t)
')
')
optional_policy(`