From e14a51dd31f407e3463a95b1667fd44201405110 Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Tue, 29 Oct 2013 14:42:36 -0400
Subject: [PATCH] Confine hci_attach, but leave it permissive for now.

Change-Id: I4b6cacf70805065ad6fd9678417283c25a53b51b
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 hci_attach.te | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/hci_attach.te b/hci_attach.te
index 40e315085..2a55d512b 100644
--- a/hci_attach.te
+++ b/hci_attach.te
@@ -1,5 +1,10 @@
 type hci_attach, domain;
+permissive hci_attach;
 type hci_attach_exec, exec_type, file_type;
 
 init_daemon_domain(hci_attach)
-unconfined_domain(hci_attach)
+
+allow hci_attach kernel:system module_request;
+allow hci_attach hci_attach_dev:chr_file rw_file_perms;
+allow hci_attach bluetooth_efs_file:dir r_dir_perms;
+allow hci_attach bluetooth_efs_file:file r_file_perms;
-- 
GitLab