Bluetooth patch (sys_admin and debugfs) from Dan Walsh

Added comments to reference redhat bugs
This commit is contained in:
Jeremy Solt 2010-03-24 11:54:10 -04:00 committed by Chris PeBenito
parent 4c05dff3d1
commit 84ce9c3333

View File

@ -54,7 +54,8 @@ files_pid_file(bluetooth_var_run_t)
# Bluetooth services local policy # Bluetooth services local policy
# #
allow bluetooth_t self:capability { dac_override net_bind_service net_admin net_raw setpcap sys_tty_config ipc_lock }; #sys_admin capability - redhat bug 573015
allow bluetooth_t self:capability { dac_override net_bind_service net_admin net_raw setpcap sys_admin sys_tty_config ipc_lock };
dontaudit bluetooth_t self:capability sys_tty_config; dontaudit bluetooth_t self:capability sys_tty_config;
allow bluetooth_t self:process { getcap setcap getsched signal_perms }; allow bluetooth_t self:process { getcap setcap getsched signal_perms };
allow bluetooth_t self:fifo_file rw_fifo_file_perms; allow bluetooth_t self:fifo_file rw_fifo_file_perms;
@ -96,6 +97,8 @@ kernel_read_kernel_sysctls(bluetooth_t)
kernel_read_system_state(bluetooth_t) kernel_read_system_state(bluetooth_t)
kernel_read_network_state(bluetooth_t) kernel_read_network_state(bluetooth_t)
kernel_request_load_module(bluetooth_t) kernel_request_load_module(bluetooth_t)
#search debugfs - redhat bug 548206
kernel_search_debugfs(bluetooth_t)
corenet_all_recvfrom_unlabeled(bluetooth_t) corenet_all_recvfrom_unlabeled(bluetooth_t)
corenet_all_recvfrom_netlabel(bluetooth_t) corenet_all_recvfrom_netlabel(bluetooth_t)