search

SELinuxProject / refpolicy

SELinux Reference Policy v2
https://github.com/SELinuxProject/refpolicy/wiki
GNU General Public License v2.0
304 stars 135 forks source link

Adding SE Policy rules to allow usage of unix stream sockets by dbus … #804

Closed pebenito closed 2 months ago

pebenito commented 2 months ago

…and bluetooth contexts when Gatt notifications are turned on by remote.

Below are the avc denials that are resolved -

  1. AVC avc: denied { use } for pid=916 comm="dbus-daemon" path="socket:[71126]" dev="sockfs" ino=71126 scontext=system_u:system_r:system_dbusd_t:s0-s15:c0.c1023 tcontext=system_u:system_r:bluetooth_helper_t:s0-s15:c0.c1023 tclass=fd permissive=0

  2. AVC avc: denied { read write } for pid=913 comm="dbus-daemon" path="socket:[25037]" dev="sockfs" ino=25037 scontext=system_u:system_r:system_dbusd_t:s0-s15:c0.c1023 tcontext=system_u:system_r:bluetooth_helper_t:s0-s15:c0.c1023 tclass=unix_stream_socket permissive=0

  3. AVC avc: denied { use } for pid=910 comm="bluetoothd" path="socket:[23966]" dev="sockfs" ino=23966 scontext=system_u:system_r:bluetooth_t:s0-s15:c0.c1023 tcontext=system_u:system_r:bluetooth_helper_t:s0-s15:c0.c1023 tclass=fd permissive=0

  4. AVC avc: denied { read write } for pid=2229 comm="bluetoothd" path="socket:[27264]" dev="sockfs" ino=27264 scontext=system_u:system_r:bluetooth_t:s0-s15:c0.c1023 tcontext=system_u:system_r:bluetooth_helper_t:s0-s15:c0.c1023 tclass=unix_stream_socket permissive=0