diff options
| author |   Raghavender Reddy Bujala <quic_rbujala@quicinc.com> | 2024-06-27 14:10:40 +0530 |
|---|---|---|
| committer |   Jason Zaman <perfinion@gentoo.org> | 2024-09-21 15:28:29 -0700 |
| commit | 285c6ade83c9a75429d4e67659fa2322dcb03386 (patch) | |
| tree | 9a7c80daf41e7dbc92a1dc5e23b69399f8e7dccc | |
| parent | systemd: allow logind to use locallogin pidfds (diff) | |
| download | hardened-refpolicy-285c6ade83c9a75429d4e67659fa2322dcb03386.tar.gz hardened-refpolicy-285c6ade83c9a75429d4e67659fa2322dcb03386.tar.bz2 hardened-refpolicy-285c6ade83c9a75429d4e67659fa2322dcb03386.zip | |
Adding Sepolicy rules to allow pulseaudio to access bluetooth sockets.
pulseaudio uses bluetooth sockets for HFP-AG and
HSP-HS profile to do SLC and SCO connection with
remote.
avc: denied { create } for pid=1271 comm="pulseaudio" scontext=system_u:system_r:pulseaudio_t:s0-s15:c0.c1023 tcontext=system_u:system_r:pulseaudio_t:s0-s15:c0.c1023 tclass=bluetooth_socket permissive=1
avc: denied { bind } for pid=1271 comm="pulseaudio" scontext=system_u:system_r:pulseaudio_t:s0-s15:c0.c1023 tcontext=system_u:system_r:pulseaudio_t:s0-s15:c0.c1023 tclass=bluetooth_socket permissive=1
avc: denied { listen } for pid=1271 comm="pulseaudio" scontext=system_u:system_r:pulseaudio_t:s0-s15:c0.c1023 tcontext=system_u:system_r:pulseaudio_t:s0-s15:c0.c1023 tclass=bluetooth_socket permissive=1
avc: denied { accept } for pid=1271 comm="pulseaudio" scontext=system_u:system_r:pulseaudio_t:s0-s15:c0.c1023 tcontext=system_u:system_r:pulseaudio_t:s0-s15:c0.c1023 tclass=bluetooth_socket permissive=1
avc: denied { getopt } for pid=1271 comm="bluetooth" scontext=system_u:system_r:pulseaudio_t:s0-s15:c0.c1023 tcontext=system_u:system_r:pulseaudio_t:s0-s15:c0.c1023 tclass=bluetooth_socket permissive=1
avc: denied { setopt } for pid=1271 comm="bluetooth" scontext=system_u:system_r:pulseaudio_t:s0-s15:c0.c1023 tcontext=system_u:system_r:pulseaudio_t:s0-s15:c0.c1023 tclass=bluetooth_socket permissive=1
avc: denied { read } for pid=1271 comm="bluetooth" scontext=system_u:system_r:pulseaudio_t:s0-s15:c0.c1023 tcontext=system_u:system_r:pulseaudio_t:s0-s15:c0.c1023 tclass=bluetooth_socket permissive=1
avc: denied { write } for pid=1271 comm="bluetooth" scontext=system_u:system_r:pulseaudio_t:s0-s15:c0.c1023 tcontext=system_u:system_r:pulseaudio_t:s0-s15:c0.c1023 tclass=bluetooth_socket permissive=1
avc: denied { shutdown } for pid=137606 comm="pulseaudio" scontext=system_u:system_r:pulseaudio_t:s0-s15:c0.c1023 tcontext=system_u:system_r:pulseaudio_t:s0-s15:c0.c1023 tclass=bluetooth_socket permissive=1
avc: denied { connect } for pid=137606 comm="pulseaudio" scontext=system_u:system_r:pulseaudio_t:s0-s15:c0.c1023 tcontext=system_u:system_r:pulseaudio_t:s0-s15:c0.c1023 tclass=bluetooth_socket permissive=1
Signed-off-by: Raghavender Reddy Bujala <quic_rbujala@quicinc.com>
Signed-off-by: Jason Zaman <perfinion@gentoo.org>
| -rw-r--r-- | policy/modules/apps/pulseaudio.te | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/policy/modules/apps/pulseaudio.te b/policy/modules/apps/pulseaudio.te index 789c58289..3319abd68 100644 --- a/policy/modules/apps/pulseaudio.te +++ b/policy/modules/apps/pulseaudio.te @@ -64,6 +64,7 @@ allow pulseaudio_t self:unix_stream_socket { accept connectto listen }; allow pulseaudio_t self:unix_dgram_socket sendto; allow pulseaudio_t self:bluetooth_socket shutdown; allow pulseaudio_t self:netlink_kobject_uevent_socket create_socket_perms; +allow pulseaudio_t self:bluetooth_socket create_stream_socket_perms; allow pulseaudio_t pulseaudio_home_t:dir manage_dir_perms; allow pulseaudio_t pulseaudio_home_t:file mmap_manage_file_perms; @@ -319,3 +320,4 @@ optional_policy(` optional_policy(` unconfined_signull(pulseaudio_client) ') + |