Description of problem: audit(1139969214.916:4): avc: denied { read write } for pid=2118 comm="hid2hci" name="001" dev=tmpfs ino=4115 scontext=system_u:system_r:bluetooth_t:s0 tcontext=system_u:object_r:device_t:s0 tclass=chr_file reading /dev/bus/usb/001/001, or similar. Looking at the policy, it says: # # usb_device_t is the type for /dev/bus/usb/[0-9]+/[0-9]+ # type usb_device_t; dev_node(usb_device_t) but the nodes aren't labeled as that, as you can see.
Could this be a udev problem? matchpathcon /dev/bus/usb/001/001 /dev/bus/usb/001/001 system_u:object_r:usb_device_t
Ah, I had old policy. With current policy, the only audit errors I get come out as needing (through audit2allow): allow bluetooth_t usb_device_t:chr_file ioctl; which makes sense. Assinging back to policy.
Fixed in selinux-policy 2.2.15-3
Bluetooth isn't working for me, and audit2allow says: allow bluetooth_t usb_device_t:chr_file ioctl; This is with selinux-policy-targeted-2.2.20-1.
Fixed in selinux-policy-targeted-2.2.21-7.