selinux-policy/strict/domains/program/bluetooth.te

49 lines
1.3 KiB
Plaintext
Raw Normal View History

2005-04-29 17:45:15 +00:00
#DESC Bluetooth
#
# Authors: Dan Walsh
# RH-Packages: Bluetooth
#
#################################
#
# Rules for the bluetooth_t domain.
#
daemon_domain(bluetooth)
file_type_auto_trans(bluetooth_t, var_run_t, bluetooth_var_run_t, sock_file)
tmp_domain(bluetooth)
# Use capabilities.
allow bluetooth_t self:capability { net_admin net_raw sys_tty_config };
lock_domain(bluetooth)
2005-04-29 17:45:15 +00:00
# Use the network.
can_network_server(bluetooth_t)
can_ypbind(bluetooth_t)
ifdef(`dbusd.te', `
dbusd_client(system, bluetooth)
allow bluetooth_t system_dbusd_t:dbus send_msg;
')
allow bluetooth_t self:socket create_stream_socket_perms;
2005-04-29 17:45:15 +00:00
allow bluetooth_t self:unix_dgram_socket create_socket_perms;
allow bluetooth_t self:unix_stream_socket create_stream_socket_perms;
dontaudit bluetooth_t sysadm_devpts_t:chr_file { read write };
# bluetooth_conf_t is the type of the /etc/bluetooth dir.
type bluetooth_conf_t, file_type, sysadmfile;
# Read /etc/bluetooth
allow bluetooth_t bluetooth_conf_t:dir search;
allow bluetooth_t bluetooth_conf_t:file { getattr read ioctl };
#/usr/sbin/hid2hci causes the following
allow initrc_t usbfs_t:file { getattr read };
allow bluetooth_t usbfs_t:dir r_dir_perms;
allow bluetooth_t usbfs_t:file rw_file_perms;
2005-09-16 13:36:26 +00:00
allow bluetooth_t bin_t:dir search;
can_exec(bluetooth_t, bin_t)