diff options
Diffstat (limited to 'recipes-security/refpolicy/refpolicy/0040-policy-modules-services-bluetooth-fix-bluetoothd-sta.patch')
-rw-r--r-- | recipes-security/refpolicy/refpolicy/0040-policy-modules-services-bluetooth-fix-bluetoothd-sta.patch | 88 |
1 files changed, 0 insertions, 88 deletions
diff --git a/recipes-security/refpolicy/refpolicy/0040-policy-modules-services-bluetooth-fix-bluetoothd-sta.patch b/recipes-security/refpolicy/refpolicy/0040-policy-modules-services-bluetooth-fix-bluetoothd-sta.patch deleted file mode 100644 index 8532a24..0000000 --- a/recipes-security/refpolicy/refpolicy/0040-policy-modules-services-bluetooth-fix-bluetoothd-sta.patch +++ /dev/null | |||
@@ -1,88 +0,0 @@ | |||
1 | From 21c60a1ed37aef0427dbd49f602896b09b875bca Mon Sep 17 00:00:00 2001 | ||
2 | From: Yi Zhao <yi.zhao@windriver.com> | ||
3 | Date: Tue, 23 Jun 2020 08:54:20 +0800 | ||
4 | Subject: [PATCH] policy/modules/services/bluetooth: fix bluetoothd startup | ||
5 | failures | ||
6 | |||
7 | * Allow bluetooth_t to create and use bluetooth_socket | ||
8 | * Allow bluetooth_t to create alg_socket | ||
9 | * Allow bluetooth_t to send and receive messages from systemd hostnamed | ||
10 | over dbus | ||
11 | |||
12 | Fixes: | ||
13 | avc: denied { create } for pid=324 comm="bluetoothd" | ||
14 | scontext=system_u:system_r:bluetooth_t | ||
15 | tcontext=system_u:system_r:bluetooth_t tclass=bluetooth_socket | ||
16 | permissive=0 | ||
17 | |||
18 | avc: denied { bind } for pid=324 comm="bluetoothd" | ||
19 | scontext=system_u:system_r:bluetooth_t | ||
20 | tcontext=system_u:system_r:bluetooth_t tclass=bluetooth_socket | ||
21 | permissive=0 | ||
22 | |||
23 | avc: denied { write } for pid=324 comm="bluetoothd" | ||
24 | scontext=system_u:system_r:bluetooth_t | ||
25 | tcontext=system_u:system_r:bluetooth_t tclass=bluetooth_socket | ||
26 | permissive=0 | ||
27 | |||
28 | avc: denied { getattr } for pid=324 comm="bluetoothd" | ||
29 | path="socket:[11771]" dev="sockfs" ino=11771 | ||
30 | scontext=system_u:system_r:bluetooth_t | ||
31 | tcontext=system_u:system_r:bluetooth_t tclass=bluetooth_socket | ||
32 | permissive=0 | ||
33 | |||
34 | avc: denied { listen } for pid=324 comm="bluetoothd" | ||
35 | scontext=system_u:system_r:bluetooth_t | ||
36 | tcontext=system_u:system_r:bluetooth_t tclass=bluetooth_socket | ||
37 | permissive=0 | ||
38 | |||
39 | avc: denied { read } for pid=324 comm="bluetoothd" path="socket:[11771]" | ||
40 | dev="sockfs" ino=11771 scontext=system_u:system_r:bluetooth_t | ||
41 | tcontext=system_u:system_r:bluetooth_t tclass=bluetooth_socket | ||
42 | permissive=0 | ||
43 | |||
44 | avc: denied { create } for pid=268 comm="bluetoothd" | ||
45 | scontext=system_u:system_r:bluetooth_t:s0-s15:c0.c1023 | ||
46 | tcontext=system_u:system_r:bluetooth_t:s0-s15:c0.c1023 tclass=alg_socket | ||
47 | permissive=0 | ||
48 | |||
49 | avc: denied { send_msg } for msgtype=method_call | ||
50 | interface=org.freedesktop.DBus.Properties member=GetAll | ||
51 | dest=org.freedesktop.hostname1 spid=266 tpid=312 | ||
52 | scontext=system_u:system_r:bluetooth_t:s0-s15:c0.c1023 | ||
53 | tcontext=system_u:system_r:systemd_hostnamed_t:s0-s15:c0.c1023 | ||
54 | tclass=dbus permissive=0 | ||
55 | |||
56 | Upstream-Status: Inappropriate [embedded specific] | ||
57 | |||
58 | Signed-off-by: Yi Zhao <yi.zhao@windriver.com> | ||
59 | --- | ||
60 | policy/modules/services/bluetooth.te | 5 +++++ | ||
61 | 1 file changed, 5 insertions(+) | ||
62 | |||
63 | diff --git a/policy/modules/services/bluetooth.te b/policy/modules/services/bluetooth.te | ||
64 | index 69a38543e..b3df695db 100644 | ||
65 | --- a/policy/modules/services/bluetooth.te | ||
66 | +++ b/policy/modules/services/bluetooth.te | ||
67 | @@ -60,6 +60,8 @@ allow bluetooth_t self:socket create_stream_socket_perms; | ||
68 | allow bluetooth_t self:unix_stream_socket { accept connectto listen }; | ||
69 | allow bluetooth_t self:tcp_socket { accept listen }; | ||
70 | allow bluetooth_t self:netlink_kobject_uevent_socket create_socket_perms; | ||
71 | +allow bluetooth_t self:bluetooth_socket create_stream_socket_perms; | ||
72 | +allow bluetooth_t self:alg_socket create; | ||
73 | |||
74 | read_files_pattern(bluetooth_t, bluetooth_conf_t, bluetooth_conf_t) | ||
75 | |||
76 | @@ -127,6 +129,9 @@ userdom_dontaudit_use_unpriv_user_fds(bluetooth_t) | ||
77 | userdom_dontaudit_use_user_terminals(bluetooth_t) | ||
78 | userdom_dontaudit_search_user_home_dirs(bluetooth_t) | ||
79 | |||
80 | +init_dbus_send_script(bluetooth_t) | ||
81 | +systemd_dbus_chat_hostnamed(bluetooth_t) | ||
82 | + | ||
83 | optional_policy(` | ||
84 | dbus_system_bus_client(bluetooth_t) | ||
85 | dbus_connect_system_bus(bluetooth_t) | ||
86 | -- | ||
87 | 2.17.1 | ||
88 | |||