On 5/29/2024 9:08 AM, Amisha Jain wrote:
Resolve selinux premission for HID
Below avc denials that are fixed with this patch -
avc: denied { read write } for pid=656 comm="bluetoothd" name="uhid" dev="devtmpfs" ino=841 scontext=system_u:system_r:bluetooth_t:s0-s15:c0.c1023 tcontext=system_u:object_r:uhid_device_t:s0 tclass=chr_file permissive=0
Signed-off-by: Amisha Jain <quic_amisjain@xxxxxxxxxxx>
---
policy/modules/services/bluetooth.te | 1 +
1 file changed, 1 insertion(+)
diff --git a/policy/modules/services/bluetooth.te b/policy/modules/services/bluetooth.te
index f23a979de..b2d6a9685 100644
--- a/policy/modules/services/bluetooth.te
+++ b/policy/modules/services/bluetooth.te
@@ -104,6 +104,7 @@ dev_rw_generic_usb_dev(bluetooth_t)
dev_read_urand(bluetooth_t)
dev_rw_input_dev(bluetooth_t)
dev_rw_wireless(bluetooth_t)
+uhid_device_rw(bluetooth_t)
This interface doesn't exist in refpolicy. It would need to be in the
devces module, probably named "device_rw_uhid".
--
Chris PeBenito
