From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.0 required=3.0 tests=DKIM_ADSP_DISCARD, DKIM_INVALID,DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, MENTIONS_GIT_HOSTING,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2FB1EC43218 for ; Fri, 26 Apr 2019 00:04:19 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 158E52084F for ; Fri, 26 Apr 2019 00:04:18 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=coker.com.au header.i=@coker.com.au header.b="cfXlc33T" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726065AbfDZAES (ORCPT ); Thu, 25 Apr 2019 20:04:18 -0400 Received: from smtp.sws.net.au ([46.4.88.250]:46580 "EHLO smtp.sws.net.au" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726039AbfDZAES (ORCPT ); Thu, 25 Apr 2019 20:04:18 -0400 Received: from [10.63.174.182] (unknown [1.136.189.168]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: russell@coker.com.au) by smtp.sws.net.au (Postfix) with ESMTPSA id 78095EB15; Fri, 26 Apr 2019 10:04:14 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=coker.com.au; s=2008; t=1556237055; bh=y86OHfwlMHDPApEL+f+vHrZbqzXq+p0nqgZcrTPn+a4=; l=1313; h=Date:In-Reply-To:References:Subject:To:From:From; b=cfXlc33Tl+kxMTagX0UpBlSZMtXtv4JJm46D+OTbEw8WQjD9DpYYHT/2WRzcniBpX 3oqnzX9so1xrvloCBdHVBoTGFCrgzy9LKTBcgfevKqSEKSiOyCxXFrknZXwGG0ip7n u3WJqPr29W0g/gtpiMA4XNa6a0kptDx/50Do9ovo= Date: Fri, 26 Apr 2019 10:04:11 +1000 User-Agent: K-9 Mail for Android In-Reply-To: <87799eb7-b987-3e0a-f3e7-dcd6ddc2bc2d@redhat.com> References: <87799eb7-b987-3e0a-f3e7-dcd6ddc2bc2d@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Autocrypt: addr=russell@coker.com.au; keydata= mQGNBFrXA44BDADapoKLvoDy0JYhghKaxxHcQzft5FevbKwtwzNdP0s5CtHZtNvjjzf3hZUESyNW WA0pZfnrfB1aAjRGN5A0q8MRHC7X6lb/91r52OUoLHiZrqW4qxCiHBlDoiUmSSuTQD4reWPrHEPs F5EErLg7d9ETA8m/IUbvi2ZGpLFeV5U9wHaUyTQjzoPBgIIx4/Hm5ocpPq4NPNS7uVTp+SMLesQ1 A5vh/cYm0fFgYnwJ4XxNacNKbZYFIQrWJEPzvZHlwKvNLuQhSdWYJFeGmYRryOGGintCDoKqx3Ac jY8A8rQ0TDHiq+Cv2Oig0zMTta/TBUO2UNFQ99YhvqnfDETNF1D3FcujxtCuP5jZfmoAJLzy8L4J IycHbq1RyP/PSldSW1VVnU5nukWx/SZNCAlUWgId+w5rLpPmpqxqoVTwMgITMeQLAHkdwVGGKSkU DIeMrsUtcMbTEcDM+0NZBW13AxpClkbIfMxPmmzQUA09UPKdz2LHy07FRKN+dxTGsf44gOMAEQEA AbQqUnVzc2VsbCBDb2tlciBQaG9uZSA8cnVzc2VsbEBjb2tlci5jb20uYXU+iQGwBBMBCgAaBAsJ CAcCFQoCFgECGQEFglrXA44CngECmwEACgkQmDK/WUwry/WsBQwAjUbJslv3kQSCINhZJSNoXcQI 4LeRApUm5v9ClH25TM9L+pp6RTNiYnnKrc1HzyV6U5tujN9BEfDeXr2QP+h8ZLunBg4pDUaje/Xt yDsSLJ+z14WHggRuQFHSXgesONCi3xk0/U1D1m2byr54X9vKXoabfdLv611IemcICERNjS1N1Fdc V1E1hSCm9Svcy92TFiMswj3zhQBy7kbr6mScTZp5MBRRzer+QbkebaBx+UOvlkj5LBWMjPLYEC54 H15nljiZIlacT3Code570Vq3yqFoPWDys9r6AOmPR/Znpy2ODxSQJ8wSeeEciivuOhJCyOEa7XBN jMvY9+U6O9Z4SN9FhmWHYOYznuO7i2ROpgyOb+W7qV4ekiB44T9LMuoL8+KJmpFNFZ6uQSSM1DyO 9DZLHVyVpnAarL5EVMlf5I/3pHMR+jfOIRLCz2/QwMPWKWKMTUkKbHkeHRuDno7YyE6R4tpoP6Hi FLHhalleP2RIaCm2PS5kz2aPywagTa1cuQGNBFrXA44BDAC/FT5fMehSsongB3z01T11AaJ/epQq 7TdIlV2C6BsYY/U+q7fexUIeK83pYZP6kU6owsWryHRnxVk8PEkQQR+2GkL+7j9P/MFU+ZmxT8Ko lR2hCmQ3LV2kQRCqeWQ9Imk5SRA98aoPaijF/HB/EMP5a90vpMF0mNpjPr29UYodwWIvgHV/0dUk RkqbJFH5bS60YjlmxOD/xb4ThdP3zmlghf32lBOi1//QPHvM+rpHUvBQcE/y0wzvbSHgfZD2rsiI jUkHwKI38KbMf+hlNxcRtgBQH+dEsW10qlzZPcskyF6g5CbD1aAqhWs1lWG1aPJQ9h1g7ogxLKL2 ar3Hs8kWHEapuobW2B1+R0ZqLvNH729MwouDs8tmI0ieQjmhg5lsujz3mOO3vn4G2bX3YfoAcRXv C6nOfmUMFhvfFbbxVLJozyMA3DDTE0QmLr92Hbi3jPgK+cd7lhq0UCGyuEnw2d/pRA0uQ1mpftlM swHSwPIeryWcmh7l5Bbns8TVsDMAEQEAAYkBnwQYAQoACQWCWtcDjgKbDAAKCRCYMr9ZTCvL9bUZ DADO02t05jvPEiWglW96WXZJ2yzGiQMYSTyYe6Ac8X626lLeu2CpFk29CJPdfMW8Fn0xZPZ4aesg 0S1FsRBKK2S1KNyaOK9wVs/F8JSrPTOLmV621+CG6Q3vTP7dm3PzveNK3oc+UHdaOxvQAPRlDLKR CTddxrHES7MYpGCF0XPDjfj/lAyUethHdkQ3F40OM3MiYZjO/VP/7iSMjvaCyB6NdlhVRqZfJMVS Os7pcHRUNTvctmznfJ4bx5yv58YBjlAmVNlcFhmMKEjBOsRbrm+qpwJ4+O0grAbC3nixVdCIzKRr 0P+7CrIyRcUpJqYIxfs06BRfPDnV3LxlShgoS23V36AlFblK8+BleGQ/XZ5U+nkjF/LIqYh3Zfc/ aqiipfl4y1e5LE3HW/cpvgVGc/lNnrNb28ZGx8ES13kfDu5hOQie6Y+EVbVNcl7Mk8SoBEIkvp6J rtFXwA89ptK4QEHyRFY1EV4QDX/2zbDHBQT37OaGsiza4tYxc5FM3D687jW5AY0EWtcDjgEMAJ3J So9YDXq2kzOFAYal5qd/S8mieLYIypx2PrjbT9HSI5MbJsxhLRSxyJLpI0PRrm2yOPv0JKlN3wSL 4DYGqtP/ozCkza5qWETVP/9Jl2hv23XfQ6fsOBgASJkoNXEolKgSXfykDy8qIivWrRNyXs7uRVqg itp7sq/VN9EUxgMCHGIJryPEskypNy6GRfweuWJ0jQbDqWCzBEw68t5BxGivZq7epN/fddxTamg4 J7hp7iOw9lq0qGUQaNZwE6XJGx7oGO/UrOiYBj8NpZkl5cHklyAzX7hJFN2igifnah2ILyvGOXd3 /UFWfkN2dSZeHOwp4HYUEWSCEN1kbvCYWxIEBhwuSsT9UXQWG8g4QaK9nydVRVL4dIGXNU3CzqnN REnf92BkjLIUfLRkB9c1zbxVYsE5c+tr9dYq2FjFkTEvqsSf0p4bo8lTv3NZa9bhnXxVAPhlS6Mz UTxhDxJTsSXhg80NbD0dbwTcRTOchLoir2YGY00UGB2Tbllxz7thYQARAQABiQM+BBgBCgAJBYJa 1wOOApsCAakJEJgyv1lMK8v1wN2gBBkBCgAGBQJa1wOOAAoJEBza2d+WHDIYZ6QL/2FObYj3NyIg cm9+VzcIccrb04Q6motaINd+ec6R/5B3YL4nGvsgil2A9AvmXwrj4YIE0zcN7VZAyJnTASU1smQi uAnSgcw976r3icA4FzsSQBM0ZjBItv3N64JY6hTz6cwJXPHs7PqnOCSxvGoJROBzCbPRfiosETqU 6dmMHnHB4sFi4n3mgvXOLPB9XgMcnhrqQEAVGdX1bXm/umu0uo49U56L0OtV75EOOUNLEcUhGyxm lm8+kqbUPKTvZSU6zqOZWnpPwgLf//b+TlRJrVT68SkM28gKwRfwh4Sg6sgwxppn6jlb6Q7i//LI jAo+PoDqyfIMw2Z9OrnuE0N525S18r+NoTXwKbcwIzIBSdaATaqhYrtO9zQ7NSNE21e9zD8t0wf6 U7rb0D4qHR8RONIoe51zYCaSGtAOMMkYZrbCoEdL3D6ktoZf7ulDXKNDmO7MIWGx0QO3g6T/lcQk rdr2KXSeoZHz+a8SHkWprU38WBXEuUuKSJhsOzvpZdeB9PdmDADGqCV7WaoAq4K9Dl/sNcqwTqta LO7JcdjBCHhNZW5M47wd7RfAE4WVtDiNfsb3DFvSoqmYhCV896UD5c5cN1c149dvTM0SLtpJ6p1V 3zN/sUAyLBFayAjyiZ1UtczYNtQZSNPtGok0QOXAluQF2/A04BvXJVIhNROmlbV3DoVvdhujXco6 z6/3++fHG/EwC+Z9/Wzynwd4SzEO+w/i+BGV31+rZTgoA9na5U/SElEpZBZU9xUnEOzJ57QnMEA+ QWZAKdRlUBt1UMbpnX1Bc8tM6GC1OhLnI4sQ0apHzOjil/0hYzZNdUCl4zObD8zCg9sHEKw0tC4/ 1x7rTUvSgwrqsB+UBQop6HY03ItXgptwslrkT/XE6KI3qa8QL8ACe8Z2JPO4VgfGZx6JoQnxrSnc vkvUI2BpcCax0+7GOdYXQdBppGNgC6dav4PYXXxR4iuAh+114bcrzx//wNpeV7kVn3uL+cFpt8rG M/EAeJlmNNrw3VlU5soxvQhaCIArsNI= Subject: Re: New boolean for using bluetooth To: Lukas Vrabec , selinux-refpolicy@vger.kernel.org From: Russell Coker Message-ID: <9B155157-AD74-4349-82E0-C40A1E6DFEF1@coker.com.au> X-Virus-Scanned: clamav-milter 0.101.2 at swssmtp X-Virus-Status: Clean Sender: selinux-refpolicy-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux-refpolicy@vger.kernel.org SE Linux is based on a default deny model=2E So failing to allow something = means denying it at the lowest levels of policy=2E So probably a deny boole= an is a bad idea=2E As for writing a patch, is Fedora still way different from upstream? If so= you need to separately do the patch for upstream=2E On 26 April 2019 2:58:27 am AEST, Lukas Vrabec wrot= e: >Hi All, > >I added new SELinux boolean[1][2] to Fedora SELinux policy called >deny_bluetooth=2E > >I would like to push it also to refpolicy, however, refpolicy is not >using bluetooth_socket at all, it's defined in policy but not used by >any SELinux domain=2E Can I create patch also with adding these rules >from >Fedora policy? And also, for some reason my colleagues didn't follow >name conventions of global booleans with refpolicy (I didn't find any >deny_* boolean in refpolicy)=2E So if it make sense to add these kind of >boolean also to refpolicy, should I defined it as allow_bluetooth ? > >[1]https://github=2Ecom/fedora-selinux/selinux-policy/commit/54c05f2645a6= 60c545ec406558b42687df2552a7 >[2] >https://github=2Ecom/fedora-selinux/selinux-policy-contrib/commit/5a0561d= 7b67ae8403d4e1a44acfc8db40ee269a5 > >Thanks, >Lukas=2E --=20 Sent from my Huawei Mate 9 with K-9 Mail=2E