Bluetooth patch from Dan Walsh.

policy/modules/services/bluetooth.if

@@ -37,6 +37,27 @@ interface(`bluetooth_role',`
 	manage_files_pattern($2, bluetooth_helper_tmpfs_t, bluetooth_helper_tmpfs_t)
 ')
 
+#####################################
+## <summary>
+##	Connect to bluetooth over a unix domain
+##	stream socket.
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`bluetooth_stream_connect',`
+	gen_require(`
+		type bluetooth_t, bluetooth_var_run_t;
+	')
+
+	files_search_pids($1)
+	allow $1 bluetooth_t:socket rw_socket_perms;
+	stream_connect_pattern($1, bluetooth_var_run_t, bluetooth_var_run_t, bluetooth_t)
+')
+
 ########################################
 ## <summary>
 ##	Execute bluetooth in the bluetooth domain.

policy/modules/services/bluetooth.te

@@ -1,5 +1,5 @@
 
-policy_module(bluetooth, 3.2.0)
+policy_module(bluetooth, 3.2.1)
 
 ########################################
 #
@@ -54,9 +54,9 @@ files_pid_file(bluetooth_var_run_t)
 # Bluetooth services local policy
 #
 
-allow bluetooth_t self:capability { dac_override net_bind_service net_admin net_raw sys_tty_config ipc_lock };
+allow bluetooth_t self:capability { dac_override net_bind_service net_admin net_raw setpcap sys_tty_config ipc_lock };
 dontaudit bluetooth_t self:capability sys_tty_config;
-allow bluetooth_t self:process { getsched signal_perms };
+allow bluetooth_t self:process { getcap setcap getsched signal_perms };
 allow bluetooth_t self:fifo_file rw_fifo_file_perms;
 allow bluetooth_t self:shm create_shm_perms;
 allow bluetooth_t self:socket create_stream_socket_perms;
@@ -64,6 +64,7 @@ allow bluetooth_t self:unix_dgram_socket create_socket_perms;
 allow bluetooth_t self:unix_stream_socket { connectto create_stream_socket_perms };
 allow bluetooth_t self:tcp_socket create_stream_socket_perms;
 allow bluetooth_t self:udp_socket create_socket_perms;
+allow bluetooth_t self:netlink_kobject_uevent_socket create_socket_perms;
 
 read_files_pattern(bluetooth_t, bluetooth_conf_t, bluetooth_conf_t)
 
@@ -94,6 +95,7 @@ files_pid_filetrans(bluetooth_t, bluetooth_var_run_t, { file sock_file })
 kernel_read_kernel_sysctls(bluetooth_t)
 kernel_read_system_state(bluetooth_t)
 kernel_read_network_state(bluetooth_t)
+kernel_request_load_module(bluetooth_t)
 
 corenet_all_recvfrom_unlabeled(bluetooth_t)
 corenet_all_recvfrom_netlabel(bluetooth_t)
@@ -111,6 +113,7 @@ dev_rw_usbfs(bluetooth_t)
 dev_rw_generic_usb_dev(bluetooth_t)
 dev_read_urand(bluetooth_t)
 dev_rw_input_dev(bluetooth_t)
+dev_rw_wireless(bluetooth_t)
 
 fs_getattr_all_fs(bluetooth_t)
 fs_search_auto_mountpoints(bluetooth_t)
@@ -153,6 +156,10 @@ optional_policy(`
 		hal_dbus_chat(bluetooth_t)
 	')
 
+	optional_policy(`
+		networkmanager_dbus_chat(bluetooth_t)
+	')
+
 	optional_policy(`
 		pulseaudio_dbus_chat(bluetooth_t)
 	')