bluetooth app requires net_admin for enabling bluetooth.

Change-Id: I571731169036a3203d0145af67f45b3d9eb6366b Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

bluetooth app requires net_admin for enabling bluetooth.
346cae27 · Stephen Smalley · Gerrit Code Review · cf141426 · 346cae27 · 346cae27
Commit 346cae27 authored 12 years ago by Stephen Smalley Committed by Gerrit Code Review 12 years ago
--- a/assert.te
+++ b/assert.te
@@ -5,7 +5,8 @@
 # Superuser capabilities.
 # Only exception is sys_nice for binder, might not be necessary.
-neverallow appdomain self:capability ~sys_nice;
+neverallow { appdomain -bluetooth } self:capability ~sys_nice;
+neverallow bluetooth self:capability ~{ sys_nice net_admin };
 neverallow appdomain self:capability2 *;
 # Block device access.

--- a/bluetooth.te
+++ b/bluetooth.te
@@ -15,7 +15,7 @@ allow bluetooth input_device:chr_file write;
 # sysfs access.
 allow bluetooth sysfs_bluetooth_writable:file rw_file_perms;
-dontaudit bluetooth self:capability net_admin;
+allow bluetooth self:capability net_admin;
 # Other domains that can create and use bluetooth sockets.
 # SELinux does not presently define a specific socket class for