From eab85946a52ceed2e7111e71d7aad6c1c93c6fe3 Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Tue, 11 Mar 2014 08:43:23 -0400
Subject: [PATCH] Allow bluetooth users ioctl access to bluetooth unix stream
 socket.

Resolves denials such as:
avc:  denied  { ioctl } for  pid=6390 comm="m.wimmcompanion" path="socket:[472596]" dev="sockfs" ino=472596 scontext=u:r:untrusted_app:s0 tcontext=u:r:bluetooth:s0 tclass=unix_stream_socket

Change-Id: Idd4fa219fe8674c6e1c40211b3c105d6276cfc5a
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 bluetooth.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bluetooth.te b/bluetooth.te
index 75b0c9759..8869ce6b8 100644
--- a/bluetooth.te
+++ b/bluetooth.te
@@ -31,7 +31,7 @@ allow bluetooth self:capability net_admin;
 
 # Allow clients to use a socket provided by the bluetooth app.
 # TODO:  See if this is still required under bluedroid.
-allow bluetoothdomain bluetooth:unix_stream_socket { getopt getattr read write shutdown };
+allow bluetoothdomain bluetooth:unix_stream_socket { getopt getattr read write ioctl shutdown };
 
 # tethering
 allow bluetooth self:tun_socket create_socket_perms;
-- 
GitLab