From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.0 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 26C77C43219 for ; Thu, 25 Apr 2019 16:58:30 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 9627320684 for ; Thu, 25 Apr 2019 16:58:30 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726065AbfDYQ63 (ORCPT ); Thu, 25 Apr 2019 12:58:29 -0400 Received: from mx1.redhat.com ([209.132.183.28]:47294 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726026AbfDYQ63 (ORCPT ); Thu, 25 Apr 2019 12:58:29 -0400 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id D269F356E8 for ; Thu, 25 Apr 2019 16:58:28 +0000 (UTC) Received: from [10.43.12.151] (unknown [10.43.12.151]) by smtp.corp.redhat.com (Postfix) with ESMTP id 5034A5D705 for ; Thu, 25 Apr 2019 16:58:28 +0000 (UTC) To: selinux-refpolicy@vger.kernel.org From: Lukas Vrabec Openpgp: preference=signencrypt Autocrypt: addr=lvrabec@redhat.com; keydata= mQINBFqX9fsBEACvMZuLfMn8Fj1XFIir6sXAec5zg1ND0GqmcQM6CnvIPPtD9CDS8W4ppywB w/QoFHLH9XrrqNONXu/MfxerGvRu1SRtxDkQGphtR1saTZ+0WFn6b8JwrQRzn1zL3bEB55AB 5APHcxJ+0MLJSCczbWnZ4DymuPBiEigI5yogYx7XTnbCqgsiECEWId4epatX8fyIEfensCjq Gc613QCppKkCABzjvR0ivu5csHvN3ZZB56h4EXiZupqzJXric4NnyqO2kDnErKzzzpB1ILiR UWbOogO0prR9jgeITWA3baACcjg/+byTCClp19PE5eu6e9LSlJAC0qsTFJC+XbMhDLuieCmB kso3uLV8Icka3IOspTp/jXwJY+jZ4vLvVWbBmNM6vBZ8sZIOXBT9L4SieYyvPb/fy5SukV/0 LzXIKoCNC757AG51TiBLFML87qbys7+5ug5J6lAvYVbmCxSmTPTcB20MJWwUsRlXMG9l55mW kDs5VlPm7brq28FCebh+l5K+IKt+D3PkQlrQKa3YYgL/2QPnd65nUHBL4UfX+1vO3yBqUE7O hz5RZ7e5MlxirTPea9GMTfv6/QWyLF+szlFgbdqF5yICa0sn0kjHFjD5NQlmIEdmXD44RACP VMTnQhJ4trZ7cCiFnDtliAa9Glqedn8nmWQzS+AiMYLnrJ91fQARAQABtCFMdWthcyBWcmFi ZWMgPGx2cmFiZWNAcmVkaGF0LmNvbT6JAk4EEwEIADgWIQTHh3QCUBS0Ag7mUIaM2mOtYz9p VQUCWpf1+wIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRCM2mOtYz9pVclWD/9ijfua XSv8CndLbMJWzmOvfjkQPBM9txIK81KgP7pj3bCQg+toQndmsNRp6KSr4hSBz33qqMZ2i7IV 20FWxxSgvNatjs+YGSRBEmrsTmWc2fJkU8tYSL6ksEaFt0Te7N2QhpflSp72oVXM4v05vuGQ P2rMFibDXaP7bUk61+vUkD1N3Rwc/Kmhubk3smYXuA0PEJqs9XFEn4nF4ps4FKmsdGcSrbjJ RO/QMjYGQcWjynnBlneOugTY7dPkxti8yVKVE5O7zd69E6yQoqc1ydEuX78HqtbhiJGZRV1Z sEVBhJQX6mAVPMNyEAW56Tc3TH4w9WPcOyWUpYDfGyzcCcxeh/kcL5qDlf9nIjzeuzM9x75m mZ8Cp2LmN6IFEgeetnoHWmozg6+juZIIxs18fkLqWcnSUO/Eh9Yfk9U5wfQuUy4nb7aLu5f0 vfllo7ViPXxXu6mMHhda4xKAlVbQtZU1tP/mS4H/pNXSzW5stpQzb2Ohw5G+0rslH6hSbm85 WKWYLahSq1kETfAgsv/z+QqrDNEHXa0OSKtS4JGS1A/D4+nAComd2SwlfR34TqcyAPaB/21c zpeE/JoN5jGdA6UHHHXGPk495ke25rjokAK8LvEz00fpNpuaQf8W7YAjc1AJUiZ6EJBOqgpq F/K8WQ+G2So7c6E9J4xO8ZpfDMh+RLkBDQRal/bsAQgAzOxD4ZICqWi+OTf2luLCHk76yShx NRj6+DOJJUo31xoFRhgThqAKrSrVdTZT9ZOPyRWcN0hvzrbywOcSXBQE8B76vJipXtG2sGsl EfwWUmAObYPxLDtbI5FTZ8tdduDfuk8QMbCJptWHTS01tJKnClSdfApL27qSxOLmsRNxhP4h t0Q19bBGHdYaKiZenUc+MmPR/zSLgz4IxzMVBS9VNF069NVDKEOsrDeRNnYAbEf52X/sgDl1 CFmG1GSEVamteKni3i2o4TT6uLVzSpOq45MjIx1ALCxqKZjrpt+Rv7FnBFi3HLHz978DF9vQ iJ0n1jero77zt+3vLVtZ/f97kQARAQABiQNsBBgBCAAgFiEEx4d0AlAUtAIO5lCGjNpjrWM/ aVUFAlqX9uwCGwIBQAkQjNpjrWM/aVXAdCAEGQEIAB0WIQTfCs/cCtejJiABLstHIBrELynO BgUCWpf27AAKCRBHIBrELynOBsUoB/9lookAkdhDRhqv3I2tECBBszKt7Fo1d8vhHC7NGGfm 3yDAUO4hXB4sobrhDPfpv6lL7QtdlhgTRku6TruT1qLtjaV+IrGB1A+Y1B5w6WO0RXi197gh 5TlufeRWFOimK+xV2lJt5HXJRO/6Oh+54kdhE/49mx7oLy8flOvxRNC4RXTUZMKKT5ptsuYf wYXpmCcqEzPhejhyZnmY9+UTMEENjsV72l+B6BGfPY8lUZdRdumqAF5tWkh5vHT+aH+hpPOY YUz7ne7ueyVFoCH9fwNA3o7r5/AGDroMpr+2uu94c/YF04+kZJ/H6dsnekJA9JgeoxyNVTUX BrsOJ8DcINucr64P/09kfT9VePExSWppVLt7zM0yt/35WodBpJayoS6lQ/BFip3u7BZwz4y4 gzTfovKOj1ktwJyxeaPaIbJnCtgDRF8drkfrTTDwFy9RnJz76WKOyGNARVtr9OStI14wGQKo RaAePn8uhkbv7zvzvYkse6Gr2uhoFL0/UeWbT48huZhAlzf81yT46nErrT03h+CDDuWaF/sd qHNeSNNr2OPE22A1mFLtkYaylpv+l8NUy4TDTPKyK2O3yQCqurJx/2jKVSFojnmpYNmAmVci YMiL8dF5wzr2RJUqsVx3X007Tbx4F0x7KD4+9Q9XI2Mw+yHCMZ0HpCZc9QUzE5oSdUCd2N53 qStoziLp3kJlrCeXEKIE7lV6aoN/BOSEN1NFU0jtR8pHpvZoyZA/3Dm1vKqHjBDoGNr33Yk5 37Rx8lnkoF513us3FxtWQDzxteQDq24SqfrOOir6dSLHatCOV8cX2Yw1+PHuIx5utLXaLMXH vbkaa2Qf3sUY0hvGT2quw+fACkQ+4FA0yLP969E4tfenlQVX1wt8QH5VY4KixL4ReDoCS5Y0 7cO0wkzI1EYPS4iS4QTcQLNP7EKh3NreV9/hszggrdXnj5p6T2uK1AMCy6wftJBwUx1XoJjo dxEY08huxMYJtbY8gIK+Tg2/4eDp3bSWzHU8nTumbUbpf5VcMkvYuQENBFqX9wsBCADIMwny vUHLXR+CRcCW93/8zMrtRRNxRVyMuMVWrmBEArSun3sAw+lpmN8FKSkmpD8SO2SYdE0jiAU4 7OJ7mHL4A1YAqXh3EOjf+GaClcjie46Vb61kR4N7tCymk9wVLxNlrPDb2cxQ9xm8t186z/e9 RuUfaH/RIBhWUUBAWxdfTuwqX5RbfoOl8+2I5q+C06r56VvgT/fzC3tNtl/fB4+8Cc0iKXi9 pRGKTEQOfbhxTSogbm4GD4rPs9q4v3CQT3czjSyhrL4uboYGUf82UjQ2ae+XLclDnaUnYfjp VrregsW12c5KPN0uuc3Fepvn0G4eQfNhwqqGA9zZqCVJMkDjABEBAAGJAjYEGAEIACAWIQTH h3QCUBS0Ag7mUIaM2mOtYz9pVQUCWpf3CwIbDAAKCRCM2mOtYz9pVYeoD/sH++dZ8QLMb3JN QiW6mEIKoEmZH5FrOP7t7UWuUmpAlTcUJ87n1221pLcdr/56uFBRIdvpp0YC5rB9ACaqD6gx oiNQmR0MkLzN25GWSeD8+bs2thO2SZecO0r+/dAvwgnU3rs+LdVqLcUGPfFwebRH94ZQiPjg Y/Ci6LkV6CNDP/rg9odtfYQnL5EHs9yWZdi5f/kLewdrYOAen+i5Sw0oZOiM6tSNOTt59yd3 LPi6NKDb3rVnul7UU9KkvV7NxZykvs+hyYmUbwnS5UAvFyC40B/dgK9uYongPlzVb4MQmaB0 rimSlHMMsHRBMnPxNr/F9kpFkYnbIqQwAYIf3FoQ0QuwCn3YljTEJYdbMM3ivl5woclVI6M1 JytwpFGq6VX3sRhctk+Xe3JOk8Rxt6cvjKeoSmaaxg+kVt4a50LYysh0n3VoETg8d1Gq9NnW fhEFtJ0rNy01aZLO28gyDy4sSJiudkSFo17UtabrhcP/hv5ocvaGSzTfXEyYaw4Su23A0RC8 ska1wAtlZpTYmZ6Mumw2vAkc6bOeh7npcrAfduWSaXtHrUxjuxy6sVCl58IOo2+2AMJaFdMq ktne5U1i8Lrrt8r507w4sBasTReQXL5i/AhqOnHt+FkhpVT5J1sE79VM5gwszP3AvBqOREcS fhCmGay+X9lHV3XhGE8GWA== Organization: Red Hat, Inc. Subject: New boolean for using bluetooth Message-ID: <87799eb7-b987-3e0a-f3e7-dcd6ddc2bc2d@redhat.com> Date: Thu, 25 Apr 2019 18:58:27 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1 MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="Jlxtz3BuvU5syEobdOKgszFiZgbm8FA5O" X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Thu, 25 Apr 2019 16:58:28 +0000 (UTC) Sender: selinux-refpolicy-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux-refpolicy@vger.kernel.org This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --Jlxtz3BuvU5syEobdOKgszFiZgbm8FA5O Content-Type: multipart/mixed; boundary="gBfDHdFARWvIEQQs8IeIWWprUB1XH1ZcJ"; protected-headers="v1" From: Lukas Vrabec To: selinux-refpolicy@vger.kernel.org Message-ID: <87799eb7-b987-3e0a-f3e7-dcd6ddc2bc2d@redhat.com> Subject: New boolean for using bluetooth --gBfDHdFARWvIEQQs8IeIWWprUB1XH1ZcJ Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable Hi All, I added new SELinux boolean[1][2] to Fedora SELinux policy called deny_bluetooth. I would like to push it also to refpolicy, however, refpolicy is not using bluetooth_socket at all, it's defined in policy but not used by any SELinux domain. Can I create patch also with adding these rules from Fedora policy? And also, for some reason my colleagues didn't follow name conventions of global booleans with refpolicy (I didn't find any deny_* boolean in refpolicy). So if it make sense to add these kind of boolean also to refpolicy, should I defined it as allow_bluetooth ? [1]https://github.com/fedora-selinux/selinux-policy/commit/54c05f2645a660= c545ec406558b42687df2552a7 [2] https://github.com/fedora-selinux/selinux-policy-contrib/commit/5a0561d7b= 67ae8403d4e1a44acfc8db40ee269a5 Thanks, Lukas. --=20 Lukas Vrabec Senior Software Engineer, Security Technologies Red Hat, Inc. --gBfDHdFARWvIEQQs8IeIWWprUB1XH1ZcJ-- --Jlxtz3BuvU5syEobdOKgszFiZgbm8FA5O Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEE3wrP3ArXoyYgAS7LRyAaxC8pzgYFAlzB5zMACgkQRyAaxC8p zgZkzggAlxiEDjHmmQLCwD/+TvwxkSuIUK+PqfzAdPtMQc9tL05Aago/vGMVvEeL FfJQNC7TYGVNNt0QLcQl1fabevEhIyGUeqOpUZp6FPkPwjyV9JGTm6/BDtg8y0hU NKGB7RddfLEoGb8U4UTqrHVW4uYDrHNiqQ4vCI0wIXSl3/kDwKpq/ZYMa+gzMswp ujgKugdaAB0HrIbn+4Y0XzVzckDKNoH4UEwsv1SfchgDg9CwQqMN6qRYWeRPUW2X NhFx1WAJIl3pCl6ytKJiF/3ryduq3BGZTWrPNLdr8WL//ORNirW4yqrARcZe2LaK 7GVNbrPB717GHRH/sjzMAhvD4MrhPg== =qshv -----END PGP SIGNATURE----- --Jlxtz3BuvU5syEobdOKgszFiZgbm8FA5O--