1 ## <summary>Bluetooth tools and system services.</summary>
3 ########################################
5 ## Role access for bluetooth
12 ## <param name="domain">
14 ## User domain for the role
19 interface(`bluetooth_role',`
21 type bluetooth_helper_t, bluetooth_helper_exec_t;
22 type bluetooth_helper_tmp_t, bluetooth_helper_tmpfs_t;
25 role $1 types bluetooth_helper_t;
27 domtrans_pattern($2, bluetooth_helper_exec_t, bluetooth_helper_t)
29 # allow ps to show cdrecord and allow the user to kill it
30 ps_process_pattern($2, bluetooth_helper_t)
31 allow $2 bluetooth_helper_t:process signal_perms;
33 tunable_policy(`deny_ptrace',`',`
34 allow $2 bluetooth_helper_t:process ptrace;
37 manage_dirs_pattern($2, bluetooth_helper_tmp_t, bluetooth_helper_tmp_t)
38 manage_files_pattern($2, bluetooth_helper_tmp_t, bluetooth_helper_tmp_t)
39 manage_sock_files_pattern($2, bluetooth_helper_tmp_t, bluetooth_helper_tmp_t)
41 manage_dirs_pattern($2, bluetooth_helper_tmpfs_t, bluetooth_helper_tmpfs_t)
42 manage_files_pattern($2, bluetooth_helper_tmpfs_t, bluetooth_helper_tmpfs_t)
44 bluetooth_stream_connect($2)
47 #####################################
49 ## Connect to bluetooth over a unix domain
52 ## <param name="domain">
54 ## Domain allowed access.
58 interface(`bluetooth_stream_connect',`
60 type bluetooth_t, bluetooth_var_run_t;
64 allow $1 bluetooth_t:socket rw_socket_perms;
65 stream_connect_pattern($1, bluetooth_var_run_t, bluetooth_var_run_t, bluetooth_t)
68 ########################################
70 ## Execute bluetooth in the bluetooth domain.
72 ## <param name="domain">
74 ## Domain allowed to transition.
78 interface(`bluetooth_domtrans',`
80 type bluetooth_t, bluetooth_exec_t;
83 domtrans_pattern($1, bluetooth_exec_t, bluetooth_t)
86 ########################################
88 ## Read bluetooth daemon configuration.
90 ## <param name="domain">
92 ## Domain allowed access.
96 interface(`bluetooth_read_config',`
98 type bluetooth_conf_t;
101 allow $1 bluetooth_conf_t:file read_file_perms;
104 ########################################
106 ## Send and receive messages from
107 ## bluetooth over dbus.
109 ## <param name="domain">
111 ## Domain allowed access.
115 interface(`bluetooth_dbus_chat',`
121 allow $1 bluetooth_t:dbus send_msg;
122 allow bluetooth_t $1:dbus send_msg;
125 ########################################
127 ## dontaudit Send and receive messages from
128 ## bluetooth over dbus.
130 ## <param name="domain">
132 ## Domain to not audit.
136 interface(`bluetooth_dontaudit_dbus_chat',`
142 dontaudit $1 bluetooth_t:dbus send_msg;
143 dontaudit bluetooth_t $1:dbus send_msg;
146 ########################################
148 ## Execute bluetooth_helper in the bluetooth_helper domain. (Deprecated)
150 ## <param name="domain">
152 ## Domain allowed to transition.
156 interface(`bluetooth_domtrans_helper',`
157 refpolicywarn(`$0($*) has been deprecated.')
160 ########################################
162 ## Execute bluetooth_helper in the bluetooth_helper domain, and
163 ## allow the specified role the bluetooth_helper domain. (Deprecated)
165 ## <param name="domain">
167 ## Domain allowed to transition.
170 ## <param name="role">
172 ## Role allowed access.
175 ## <param name="terminal">
177 ## The type of the terminal allow the bluetooth_helper domain to use.
182 interface(`bluetooth_run_helper',`
183 refpolicywarn(`$0($*) has been deprecated.')
186 ########################################
188 ## Do not audit attempts to read bluetooth helper state files.
190 ## <param name="domain">
192 ## Domain to not audit.
196 interface(`bluetooth_dontaudit_read_helper_state',`
198 type bluetooth_helper_t;
201 dontaudit $1 bluetooth_helper_t:dir search_dir_perms;
202 dontaudit $1 bluetooth_helper_t:file read_file_perms;
205 ########################################
207 ## All of the rules required to administrate
208 ## an bluetooth environment
210 ## <param name="domain">
212 ## Domain allowed access.
215 ## <param name="role">
217 ## The role to be allowed to manage the bluetooth domain.
222 interface(`bluetooth_admin',`
224 type bluetooth_t, bluetooth_tmp_t, bluetooth_lock_t;
225 type bluetooth_var_lib_t, bluetooth_var_run_t, bluetooth_initrc_exec_t;
226 type bluetooth_conf_t, bluetooth_conf_rw_t;
229 allow $1 bluetooth_t:process signal_perms;
230 ps_process_pattern($1, bluetooth_t)
232 tunable_policy(`deny_ptrace',`',`
233 allow $1 bluetooth_t:process ptrace;
236 init_labeled_script_domtrans($1, bluetooth_initrc_exec_t)
237 domain_system_change_exemption($1)
238 role_transition $2 bluetooth_initrc_exec_t system_r;
242 admin_pattern($1, bluetooth_tmp_t)
245 admin_pattern($1, bluetooth_lock_t)
248 admin_pattern($1, bluetooth_conf_t)
249 admin_pattern($1, bluetooth_conf_rw_t)
251 files_list_var_lib($1)
252 admin_pattern($1, bluetooth_var_lib_t)
255 admin_pattern($1, bluetooth_var_run_t)