Resolve selinux permission for ofono:
[pulseaudio] backend-ofono.c: Failed to register as a handsfree audio agent with ofono: org.freedesktop.DBus.Error.AccessDenied: An SELinux policy prevents this sender from sending this message to this recipient, 0 matched rules; type="method_call", sender=":1.14" (uid=989 pid=1937 comm="/usr/bin/pulseaudio --system --daemonize=no -v" label="system_u:system_r:pulseaudio_t:s0-s15:c0.c1023") interface="org.ofono.HandsfreeAudioManager" member="Register" error name="(unset)" requested_reply="0" destination="org.ofono" (uid=0 pid=942 comm="/usr/sbin/ofonod -n" label="system_u:system_r:initrc_t:s0-s15:c0.c1023")
Resolve these AVC denials for native HSP:
avc: denied { create } for pid=1271 comm="pulseaudio" scontext=system_u:system_r:pulseaudio_t:s0-s15:c0.c1023 tcontext=system_u:system_r:pulseaudio_t:s0-s15:c0.c1023 tclass=bluetooth_socket permissive=1
avc: denied { bind } for pid=1271 comm="pulseaudio" scontext=system_u:system_r:pulseaudio_t:s0-s15:c0.c1023 tcontext=system_u:system_r:pulseaudio_t:s0-s15:c0.c1023 tclass=bluetooth_socket permissive=1
avc: denied { listen } for pid=1271 comm="pulseaudio" scontext=system_u:system_r:pulseaudio_t:s0-s15:c0.c1023 tcontext=system_u:system_r:pulseaudio_t:s0-s15:c0.c1023 tclass=bluetooth_socket permissive=1
avc: denied { accept } for pid=1271 comm="pulseaudio" scontext=system_u:system_r:pulseaudio_t:s0-s15:c0.c1023 tcontext=system_u:system_r:pulseaudio_t:s0-s15:c0.c1023 tclass=bluetooth_socket permissive=1
avc: denied { getopt } for pid=1271 comm="bluetooth" scontext=system_u:system_r:pulseaudio_t:s0-s15:c0.c1023 tcontext=system_u:system_r:pulseaudio_t:s0-s15:c0.c1023 tclass=bluetooth_socket permissive=1
avc: denied { setopt } for pid=1271 comm="bluetooth" scontext=system_u:system_r:pulseaudio_t:s0-s15:c0.c1023 tcontext=system_u:system_r:pulseaudio_t:s0-s15:c0.c1023 tclass=bluetooth_socket permissive=1
avc: denied { read } for pid=1271 comm="bluetooth" scontext=system_u:system_r:pulseaudio_t:s0-s15:c0.c1023 tcontext=system_u:system_r:pulseaudio_t:s0-s15:c0.c1023 tclass=bluetooth_socket permissive=1
avc: denied { write } for pid=1271 comm="bluetooth" scontext=system_u:system_r:pulseaudio_t:s0-s15:c0.c1023 tcontext=system_u:system_r:pulseaudio_t:s0-s15:c0.c1023 tclass=bluetooth_socket permissive=1
Signed-off-by: Raghavender Reddy Bujala<quic_rbujala@xxxxxxxxxxx>
---
policy/modules/apps/pulseaudio.te | 4 ++++
policy/modules/services/dbus.te | 1 +
policy/modules/system/init.if | 18 ++++++++++++++++++
3 files changed, 23 insertions(+)
diff --git a/policy/modules/apps/pulseaudio.te b/policy/modules/apps/pulseaudio.te
index 65b9a7428..a2ff85c8a 100644
--- a/policy/modules/apps/pulseaudio.te
+++ b/policy/modules/apps/pulseaudio.te
@@ -318,3 +318,7 @@ optional_policy(`
optional_policy(`
unconfined_signull(pulseaudio_client)
')
+
+init_dbus_chat_script(pulseaudio_t)
+init_bt_socket_manage(pulseaudio_t)
+allow pulseaudio_t self:bluetooth_socket { create accept bind getopt listen read setopt write };
diff --git a/policy/modules/services/dbus.te b/policy/modules/services/dbus.te
index 2d1d09d71..9e1288b77 100644
--- a/policy/modules/services/dbus.te
+++ b/policy/modules/services/dbus.te
@@ -391,3 +391,4 @@ optional_policy(`
allow dbusd_unconfined { dbusd_session_bus_client dbusd_system_bus_client }:dbus send_msg;
allow dbusd_unconfined { system_dbusd_t session_bus_type }:dbus all_dbus_perms;
+init_bt_socket_manage(system_dbusd_t)
diff --git a/policy/modules/system/init.if b/policy/modules/system/init.if
index 4891301ad..3ae6bced3 100644
--- a/policy/modules/system/init.if
+++ b/policy/modules/system/init.if
@@ -3920,3 +3920,21 @@ interface(`init_search_keys',`
allow $1 init_t:key search;
')
+
+########################################
+## <summary>
+## Read, Write and manage options for bluetooth socket
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+#
+
+interface(`init_bt_socket_manage',`
+ gen_require(`
+ type initrc_t;
+ ')
+ allow $1 initrc_t:bluetooth_socket { getopt read setopt write };
+')
--
2.17.1
