Confine hci_attach, but leave it permissive for now. Change-Id: I4b6cacf70805065ad6fd9678417283c25a53b51b Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

commit: e14a51dd31f407e3463a95b1667fd44201405110 [log] [tgz]
author: Stephen Smalley <sds@tycho.nsa.gov> Tue Oct 29 14:42:36 2013 -0400
committer: Stephen Smalley <sds@tycho.nsa.gov> Tue Oct 29 14:46:32 2013 -0400
tree: 7de94286dc56b2a0278f378a46a3fed73136b934
parent: fd22922d596d6816adf2f4eee050d3cac3e9ce16 [diff] [blame]
diff --git a/hci_attach.te b/hci_attach.te
index 40e3150..2a55d51 100644
--- a/hci_attach.te
+++ b/hci_attach.te

@@ -1,5 +1,10 @@
 type hci_attach, domain;
+permissive hci_attach;
 type hci_attach_exec, exec_type, file_type;
 
 init_daemon_domain(hci_attach)
-unconfined_domain(hci_attach)
+
+allow hci_attach kernel:system module_request;
+allow hci_attach hci_attach_dev:chr_file rw_file_perms;
+allow hci_attach bluetooth_efs_file:dir r_dir_perms;
+allow hci_attach bluetooth_efs_file:file r_file_perms;
commit	e14a51dd31f407e3463a95b1667fd44201405110	[log] [tgz]
author	Stephen Smalley <sds@tycho.nsa.gov>	Tue Oct 29 14:42:36 2013 -0400
committer	Stephen Smalley <sds@tycho.nsa.gov>	Tue Oct 29 14:46:32 2013 -0400
tree	7de94286dc56b2a0278f378a46a3fed73136b934
parent	fd22922d596d6816adf2f4eee050d3cac3e9ce16 [diff] [blame]