Stephen Smalley | 61c80d5 | 2012-11-16 09:06:47 -0500 | [diff] [blame^] | 1 | # bluetooth subsystem |
| 2 | type bluetooth, domain; |
| 3 | app_domain(bluetooth) |
| 4 | |
| 5 | # Data file accesses. |
| 6 | allow bluetooth bluetooth_data_file:dir create_dir_perms; |
| 7 | allow bluetooth bluetooth_data_file:notdevfile_class_set create_file_perms; |
| 8 | |
| 9 | # bluetooth factory file accesses. |
| 10 | r_dir_file(bluetooth, bluetooth_efs_file) |
| 11 | |
| 12 | # Device accesses. |
| 13 | allow bluetooth hci_attach_dev:chr_file rw_file_perms; |
| 14 | allow bluetooth input_device:chr_file write; |
| 15 | |
| 16 | # sysfs access. |
| 17 | allow bluetooth sysfs_bluetooth_writable:file rw_file_perms; |
| 18 | dontaudit bluetooth self:capability net_admin; |
| 19 | |
| 20 | # Other domains that can create and use bluetooth sockets. |
Stephen Smalley | 2dd4e51 | 2012-01-04 12:33:27 -0500 | [diff] [blame] | 21 | # SELinux does not presently define a specific socket class for |
| 22 | # bluetooth sockets, nor does it distinguish among the bluetooth protocols. |
| 23 | allow bluetoothdomain self:socket *; |