Skip to content
Snippets Groups Projects
Commit df8af76f authored by Stephen Smalley's avatar Stephen Smalley
Browse files

Add an exception for bluetooth to the sysfs neverallow rule. 


This is required for the grouper sepolicy, where we must allow
bluetooth domain to write to the base sysfs type due to a kernel bug.

Change-Id: I14b0530387edce1097387223f0def9b59e4292e0
Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
parent 06a0d786
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 1 addition and 1 deletion
app.te
+ 1
1
View file @ df8af76f
...@@ -344,7 +344,7 @@ neverallow { appdomain -unconfineddomain } ...@@ -344,7 +344,7 @@ neverallow { appdomain -unconfineddomain }
efs_file:dir_file_class_set { read write }; efs_file:dir_file_class_set { read write };
# Write to various pseudo file systems. # Write to various pseudo file systems.
neverallow { appdomain -nfc -unconfineddomain } neverallow { appdomain -bluetooth -nfc -unconfineddomain }
sysfs:dir_file_class_set write; sysfs:dir_file_class_set write;
neverallow { appdomain -unconfineddomain } neverallow { appdomain -unconfineddomain }
proc:dir_file_class_set write; proc:dir_file_class_set write;
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment