bluetooth app requires net_admin for enabling bluetooth. Change-Id: I571731169036a3203d0145af67f45b3d9eb6366b Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

commit: 346cae27813c803d3254871825e64c3805076d04 [log] [tgz]
author: Stephen Smalley <sds@tycho.nsa.gov> Wed Mar 13 09:58:15 2013 -0400
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Thu Mar 21 21:01:57 2013 +0000
tree: 18abc2823b3ad735ab92057ca44ab1eddf2582e5
parent: cf141426d45067f4a9709d3cf79eef3609d63ab1 [diff]
diff --git a/assert.te b/assert.te
index 85cb48b..6e43519 100644
--- a/assert.te
+++ b/assert.te

@@ -5,7 +5,8 @@
 
 # Superuser capabilities.
 # Only exception is sys_nice for binder, might not be necessary.
-neverallow appdomain self:capability ~sys_nice;
+neverallow { appdomain -bluetooth } self:capability ~sys_nice;
+neverallow bluetooth self:capability ~{ sys_nice net_admin };
 neverallow appdomain self:capability2 *;
 
 # Block device access.

diff --git a/bluetooth.te b/bluetooth.te
index ac7233f..102ee20 100644
--- a/bluetooth.te
+++ b/bluetooth.te

@@ -15,7 +15,7 @@
 
 # sysfs access.
 allow bluetooth sysfs_bluetooth_writable:file rw_file_perms;
-dontaudit bluetooth self:capability net_admin;
+allow bluetooth self:capability net_admin;
 
 # Other domains that can create and use bluetooth sockets.
 # SELinux does not presently define a specific socket class for
commit	346cae27813c803d3254871825e64c3805076d04	[log] [tgz]
author	Stephen Smalley <sds@tycho.nsa.gov>	Wed Mar 13 09:58:15 2013 -0400
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Thu Mar 21 21:01:57 2013 +0000
tree	18abc2823b3ad735ab92057ca44ab1eddf2582e5
parent	cf141426d45067f4a9709d3cf79eef3609d63ab1 [diff]