From df8af76f2678e3ea63e83701ac4b5afec24adf9f Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Mon, 13 Jan 2014 09:05:01 -0500
Subject: [PATCH] Add an exception for bluetooth to the sysfs neverallow rule.

This is required for the grouper sepolicy, where we must allow
bluetooth domain to write to the base sysfs type due to a kernel bug.

Change-Id: I14b0530387edce1097387223f0def9b59e4292e0
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 app.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app.te b/app.te
index 00af7e76d..14f343072 100644
--- a/app.te
+++ b/app.te
@@ -344,7 +344,7 @@ neverallow { appdomain -unconfineddomain }
     efs_file:dir_file_class_set { read write };
 
 # Write to various pseudo file systems.
-neverallow { appdomain -nfc -unconfineddomain }
+neverallow { appdomain -bluetooth -nfc -unconfineddomain }
     sysfs:dir_file_class_set write;
 neverallow { appdomain -unconfineddomain }
     proc:dir_file_class_set write;
-- 
GitLab