From 346cae27813c803d3254871825e64c3805076d04 Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Wed, 13 Mar 2013 09:58:15 -0400
Subject: [PATCH] bluetooth app requires net_admin for enabling bluetooth.

Change-Id: I571731169036a3203d0145af67f45b3d9eb6366b
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 assert.te    | 3 ++-
 bluetooth.te | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/assert.te b/assert.te
index 85cb48be8..6e43519c8 100644
--- a/assert.te
+++ b/assert.te
@@ -5,7 +5,8 @@
 
 # Superuser capabilities.
 # Only exception is sys_nice for binder, might not be necessary.
-neverallow appdomain self:capability ~sys_nice;
+neverallow { appdomain -bluetooth } self:capability ~sys_nice;
+neverallow bluetooth self:capability ~{ sys_nice net_admin };
 neverallow appdomain self:capability2 *;
 
 # Block device access.
diff --git a/bluetooth.te b/bluetooth.te
index ac7233f10..102ee20e8 100644
--- a/bluetooth.te
+++ b/bluetooth.te
@@ -15,7 +15,7 @@ allow bluetooth input_device:chr_file write;
 
 # sysfs access.
 allow bluetooth sysfs_bluetooth_writable:file rw_file_perms;
-dontaudit bluetooth self:capability net_admin;
+allow bluetooth self:capability net_admin;
 
 # Other domains that can create and use bluetooth sockets.
 # SELinux does not presently define a specific socket class for
-- 
GitLab