Bug 181538 - bluetooth policy isn't right, or labeling isn't right
bluetooth policy isn't right, or labeling isn't right
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Depends On:
  Show dependency treegraph
Reported: 2006-02-14 16:10 EST by Bill Nottingham
Modified: 2014-03-16 22:58 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-12-21 22:07:30 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Bill Nottingham 2006-02-14 16:10:34 EST
Description of problem:

audit(1139969214.916:4): avc:  denied  { read write } for  pid=2118
comm="hid2hci" name="001" dev=tmpfs ino=4115
scontext=system_u:system_r:bluetooth_t:s0 tcontext=system_u:object_r:device_t:s0

reading /dev/bus/usb/001/001, or similar.

Looking at the policy, it says:

# usb_device_t is the type for /dev/bus/usb/[0-9]+/[0-9]+
type usb_device_t;

but the nodes aren't labeled as that, as you can see.
Comment 1 Daniel Walsh 2006-02-14 16:37:53 EST
Could this be a udev problem?

matchpathcon /dev/bus/usb/001/001
/dev/bus/usb/001/001    system_u:object_r:usb_device_t
Comment 2 Bill Nottingham 2006-02-14 17:13:09 EST
Ah, I had old policy.

With current policy, the only audit errors I get come out as needing (through

allow bluetooth_t usb_device_t:chr_file ioctl;

which makes sense.

Assinging back to policy.
Comment 3 Daniel Walsh 2006-02-14 17:19:38 EST
Fixed in selinux-policy 2.2.15-3
Comment 4 Chris Adams 2006-02-24 15:48:34 EST
Bluetooth isn't working for me, and audit2allow says:

allow bluetooth_t usb_device_t:chr_file ioctl;

This is with selinux-policy-targeted-2.2.20-1.
Comment 5 Daniel Walsh 2006-02-24 15:59:18 EST
Fixed in selinux-policy-targeted-2.2.21-7.

Note You need to log in before you can comment on or make changes to this bug.