diff options
| author |   Naga Bhavani Akella <quic_nakella@quicinc.com> | 2024-08-16 10:54:24 +0530 |
|---|---|---|
| committer |   Jason Zaman <perfinion@gentoo.org> | 2024-09-21 15:28:29 -0700 |
| commit | 4b469439447303847f750af5853231ea880985dc (patch) | |
| tree | ccc6509ef6a0f069a86ade5f7006e15dffeb12c0 /policy/modules/contrib | |
| parent | kubernetes: allow kubelet to connect all TCP ports (diff) | |
| download | hardened-refpolicy-4b469439447303847f750af5853231ea880985dc.tar.gz hardened-refpolicy-4b469439447303847f750af5853231ea880985dc.tar.bz2 hardened-refpolicy-4b469439447303847f750af5853231ea880985dc.zip | |
Adding SE Policy rules to allow usage of unix stream sockets by dbus and bluetooth contexts when Gatt notifications are turned on by remote.
Below are the avc denials that are resolved -
1. AVC avc: denied { use } for pid=916 comm="dbus-daemon"
path="socket:[71126]" dev="sockfs" ino=71126
scontext=system_u:system_r:system_dbusd_t:s0-s15:c0.c1023
tcontext=system_u:system_r:bluetooth_helper_t:s0-s15:c0.c1023
tclass=fd permissive=0
2. AVC avc: denied { read write } for pid=913 comm="dbus-daemon"
path="socket:[25037]" dev="sockfs" ino=25037
scontext=system_u:system_r:system_dbusd_t:s0-s15:c0.c1023
tcontext=system_u:system_r:bluetooth_helper_t:s0-s15:c0.c1023
tclass=unix_stream_socket permissive=0
3. AVC avc: denied { use } for pid=910 comm="bluetoothd"
path="socket:[23966]" dev="sockfs" ino=23966
scontext=system_u:system_r:bluetooth_t:s0-s15:c0.c1023
tcontext=system_u:system_r:bluetooth_helper_t:s0-s15:c0.c1023
tclass=fd permissive=0
4. AVC avc: denied { read write } for pid=2229 comm="bluetoothd"
path="socket:[27264]" dev="sockfs" ino=27264
scontext=system_u:system_r:bluetooth_t:s0-s15:c0.c1023
tcontext=system_u:system_r:bluetooth_helper_t:s0-s15:c0.c1023
tclass=unix_stream_socket permissive=0
Signed-off-by: Naga Bhavani Akella <quic_nakella@quicinc.com>
Signed-off-by: Jason Zaman <perfinion@gentoo.org>
Diffstat (limited to 'policy/modules/contrib')
0 files changed, 0 insertions, 0 deletions