1 files changed, 0 insertions, 88 deletions
diff --git a/recipes-security/refpolicy/refpolicy/0040-policy-modules-services-bluetooth-fix-bluetoothd-sta.patch b/recipes-security/refpolicy/refpolicy/0040-policy-modules-services-bluetooth-fix-bluetoothd-sta.patch
deleted file mode 100644
index 8532a24..0000000
--- a/recipes-security/refpolicy/refpolicy/0040-policy-modules-services-bluetooth-fix-bluetoothd-sta.patch
+++ /dev/null
@@ -1,88 +0,0 @@
-From 21c60a1ed37aef0427dbd49f602896b09b875bca Mon Sep 17 00:00:00 2001
-From: Yi Zhao <yi.zhao@windriver.com>
-Date: Tue, 23 Jun 2020 08:54:20 +0800
-Subject: [PATCH] policy/modules/services/bluetooth: fix bluetoothd startup
- failures
-* Allow bluetooth_t to create and use bluetooth_socket
-* Allow bluetooth_t to create alg_socket
-* Allow bluetooth_t to send and receive messages from systemd hostnamed
-  over dbus
-Fixes:
-avc: denied { create } for pid=324 comm="bluetoothd"
-scontext=system_u:system_r:bluetooth_t
-tcontext=system_u:system_r:bluetooth_t tclass=bluetooth_socket
-permissive=0
-avc: denied { bind } for pid=324 comm="bluetoothd"
-scontext=system_u:system_r:bluetooth_t
-tcontext=system_u:system_r:bluetooth_t tclass=bluetooth_socket
-permissive=0
-avc: denied { write } for pid=324 comm="bluetoothd"
-scontext=system_u:system_r:bluetooth_t
-tcontext=system_u:system_r:bluetooth_t tclass=bluetooth_socket
-permissive=0
-avc: denied { getattr } for pid=324 comm="bluetoothd"
-path="socket:[11771]" dev="sockfs" ino=11771
-scontext=system_u:system_r:bluetooth_t
-tcontext=system_u:system_r:bluetooth_t tclass=bluetooth_socket
-permissive=0
-avc: denied { listen } for pid=324 comm="bluetoothd"
-scontext=system_u:system_r:bluetooth_t
-tcontext=system_u:system_r:bluetooth_t tclass=bluetooth_socket
-permissive=0
-avc: denied { read } for pid=324 comm="bluetoothd" path="socket:[11771]"
-dev="sockfs" ino=11771 scontext=system_u:system_r:bluetooth_t
-tcontext=system_u:system_r:bluetooth_t tclass=bluetooth_socket
-permissive=0
-avc:  denied  { create } for  pid=268 comm="bluetoothd"
-scontext=system_u:system_r:bluetooth_t:s0-s15:c0.c1023
-tcontext=system_u:system_r:bluetooth_t:s0-s15:c0.c1023 tclass=alg_socket
-permissive=0
-avc:  denied  { send_msg } for msgtype=method_call
-interface=org.freedesktop.DBus.Properties member=GetAll
-dest=org.freedesktop.hostname1 spid=266 tpid=312
-scontext=system_u:system_r:bluetooth_t:s0-s15:c0.c1023
-tcontext=system_u:system_r:systemd_hostnamed_t:s0-s15:c0.c1023
-tclass=dbus permissive=0
-Upstream-Status: Inappropriate [embedded specific]
-Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
---
- policy/modules/services/bluetooth.te | 5 +++++
- 1 file changed, 5 insertions(+)
-diff --git a/policy/modules/services/bluetooth.te b/policy/modules/services/bluetooth.te
-index 69a38543e..b3df695db 100644
--- a/policy/modules/services/bluetooth.te
-+++ b/policy/modules/services/bluetooth.te
-@@ -60,6 +60,8 @@ allow bluetooth_t self:socket create_stream_socket_perms;
- allow bluetooth_t self:unix_stream_socket { accept connectto listen };
- allow bluetooth_t self:tcp_socket { accept listen };
- allow bluetooth_t self:netlink_kobject_uevent_socket create_socket_perms;
-+allow bluetooth_t self:bluetooth_socket create_stream_socket_perms;
-+allow bluetooth_t self:alg_socket create;
- 
- read_files_pattern(bluetooth_t, bluetooth_conf_t, bluetooth_conf_t)
- 
-@@ -127,6 +129,9 @@ userdom_dontaudit_use_unpriv_user_fds(bluetooth_t)
- userdom_dontaudit_use_user_terminals(bluetooth_t)
- userdom_dontaudit_search_user_home_dirs(bluetooth_t)
- 
-+init_dbus_send_script(bluetooth_t)
-+systemd_dbus_chat_hostnamed(bluetooth_t)
-+
- optional_policy(`
-        dbus_system_bus_client(bluetooth_t)
-        dbus_connect_system_bus(bluetooth_t)
-- 
-2.17.1

diff --git a/recipes-security/refpolicy/refpolicy/0040-policy-modules-services-bluetooth-fix-bluetoothd-sta.patch b/recipes-security/refpolicy/refpolicy/0040-policy-modules-services-bluetooth-fix-bluetoothd-sta.patch deleted file mode 100644 index 8532a24..0000000 --- a/recipes-security/refpolicy/refpolicy/0040-policy-modules-services-bluetooth-fix-bluetoothd-sta.patch +++ /dev/null
@@ -1,88 +0,0 @@
1	From 21c60a1ed37aef0427dbd49f602896b09b875bca Mon Sep 17 00:00:00 2001
2	From: Yi Zhao <yi.zhao@windriver.com>
3	Date: Tue, 23 Jun 2020 08:54:20 +0800
4	Subject: [PATCH] policy/modules/services/bluetooth: fix bluetoothd startup
5	failures
6
7	* Allow bluetooth_t to create and use bluetooth_socket
8	* Allow bluetooth_t to create alg_socket
9	* Allow bluetooth_t to send and receive messages from systemd hostnamed
10	over dbus
11
12	Fixes:
13	avc: denied { create } for pid=324 comm="bluetoothd"
14	scontext=system_u:system_r:bluetooth_t
15	tcontext=system_u:system_r:bluetooth_t tclass=bluetooth_socket
16	permissive=0
17
18	avc: denied { bind } for pid=324 comm="bluetoothd"
19	scontext=system_u:system_r:bluetooth_t
20	tcontext=system_u:system_r:bluetooth_t tclass=bluetooth_socket
21	permissive=0
22
23	avc: denied { write } for pid=324 comm="bluetoothd"
24	scontext=system_u:system_r:bluetooth_t
25	tcontext=system_u:system_r:bluetooth_t tclass=bluetooth_socket
26	permissive=0
27
28	avc: denied { getattr } for pid=324 comm="bluetoothd"
29	path="socket:[11771]" dev="sockfs" ino=11771
30	scontext=system_u:system_r:bluetooth_t
31	tcontext=system_u:system_r:bluetooth_t tclass=bluetooth_socket
32	permissive=0
33
34	avc: denied { listen } for pid=324 comm="bluetoothd"
35	scontext=system_u:system_r:bluetooth_t
36	tcontext=system_u:system_r:bluetooth_t tclass=bluetooth_socket
37	permissive=0
38
39	avc: denied { read } for pid=324 comm="bluetoothd" path="socket:[11771]"
40	dev="sockfs" ino=11771 scontext=system_u:system_r:bluetooth_t
41	tcontext=system_u:system_r:bluetooth_t tclass=bluetooth_socket
42	permissive=0
43
44	avc: denied { create } for pid=268 comm="bluetoothd"
45	scontext=system_u:system_r:bluetooth_t:s0-s15:c0.c1023
46	tcontext=system_u:system_r:bluetooth_t:s0-s15:c0.c1023 tclass=alg_socket
47	permissive=0
48
49	avc: denied { send_msg } for msgtype=method_call
50	interface=org.freedesktop.DBus.Properties member=GetAll
51	dest=org.freedesktop.hostname1 spid=266 tpid=312
52	scontext=system_u:system_r:bluetooth_t:s0-s15:c0.c1023
53	tcontext=system_u:system_r:systemd_hostnamed_t:s0-s15:c0.c1023
54	tclass=dbus permissive=0
55
56	Upstream-Status: Inappropriate [embedded specific]
57
58	Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
59	---
60	policy/modules/services/bluetooth.te \| 5 +++++
61	1 file changed, 5 insertions(+)
62
63	diff --git a/policy/modules/services/bluetooth.te b/policy/modules/services/bluetooth.te
64	index 69a38543e..b3df695db 100644
65	--- a/policy/modules/services/bluetooth.te
66	+++ b/policy/modules/services/bluetooth.te
67	@@ -60,6 +60,8 @@ allow bluetooth_t self:socket create_stream_socket_perms;
68	allow bluetooth_t self:unix_stream_socket { accept connectto listen };
69	allow bluetooth_t self:tcp_socket { accept listen };
70	allow bluetooth_t self:netlink_kobject_uevent_socket create_socket_perms;
71	+allow bluetooth_t self:bluetooth_socket create_stream_socket_perms;
72	+allow bluetooth_t self:alg_socket create;
73
74	read_files_pattern(bluetooth_t, bluetooth_conf_t, bluetooth_conf_t)
75
76	@@ -127,6 +129,9 @@ userdom_dontaudit_use_unpriv_user_fds(bluetooth_t)
77	userdom_dontaudit_use_user_terminals(bluetooth_t)
78	userdom_dontaudit_search_user_home_dirs(bluetooth_t)
79
80	+init_dbus_send_script(bluetooth_t)
81	+systemd_dbus_chat_hostnamed(bluetooth_t)
82	+
83	optional_policy(`
84	dbus_system_bus_client(bluetooth_t)
85	dbus_connect_system_bus(bluetooth_t)
86	--
87	2.17.1
88