Bug 181538 - bluetooth policy isn't right, or labeling isn't right
Summary: bluetooth policy isn't right, or labeling isn't right
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-02-14 21:10 UTC by Bill Nottingham
Modified: 2014-03-17 02:58 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2006-12-22 03:07:30 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Bill Nottingham 2006-02-14 21:10:34 UTC
Description of problem:

audit(1139969214.916:4): avc:  denied  { read write } for  pid=2118
comm="hid2hci" name="001" dev=tmpfs ino=4115
scontext=system_u:system_r:bluetooth_t:s0 tcontext=system_u:object_r:device_t:s0
tclass=chr_file

reading /dev/bus/usb/001/001, or similar.

Looking at the policy, it says:

#
# usb_device_t is the type for /dev/bus/usb/[0-9]+/[0-9]+
#
type usb_device_t;
dev_node(usb_device_t)

but the nodes aren't labeled as that, as you can see.

Comment 1 Daniel Walsh 2006-02-14 21:37:53 UTC
Could this be a udev problem?

matchpathcon /dev/bus/usb/001/001
/dev/bus/usb/001/001    system_u:object_r:usb_device_t


Comment 2 Bill Nottingham 2006-02-14 22:13:09 UTC
Ah, I had old policy.

With current policy, the only audit errors I get come out as needing (through
audit2allow):

allow bluetooth_t usb_device_t:chr_file ioctl;

which makes sense.

Assinging back to policy.

Comment 3 Daniel Walsh 2006-02-14 22:19:38 UTC
Fixed in selinux-policy 2.2.15-3

Comment 4 Chris Adams 2006-02-24 20:48:34 UTC
Bluetooth isn't working for me, and audit2allow says:

allow bluetooth_t usb_device_t:chr_file ioctl;

This is with selinux-policy-targeted-2.2.20-1.


Comment 5 Daniel Walsh 2006-02-24 20:59:18 UTC
Fixed in selinux-policy-targeted-2.2.21-7.


Note You need to log in before you can comment on or make changes to this bug.