Received: by 2002:ab2:6816:0:b0:1f9:5764:f03e with SMTP id t22csp1048556lqo;
        Fri, 17 May 2024 09:09:22 -0700 (PDT)
X-Forwarded-Encrypted: i=3; AJvYcCUM6VOye6UFCwbylTiHx5vK2E6WXWbv2rqA5DLPjpY50NxCc3Ac4LbLzH9a+grw6V1Ncl2vmTW0ovvBvGRRLOsVPWbIXEOS25gVX2C/Lg==
X-Google-Smtp-Source: AGHT+IFBBnRHbddlsfRdoNEpB+EAgr3cbeHGYotyKwrALXtKY5mpHVMJ7Vtun7nSWNG8EVI5kmxz
X-Received: by 2002:ae9:f203:0:b0:793:f38:c483 with SMTP id af79cd13be357-7930f38d017mr315037685a.2.1715962161965;
        Fri, 17 May 2024 09:09:21 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1715962161; cv=pass;
        d=google.com; s=arc-20160816;
        b=xInKyS1mWviRNJQx85UhADIpjEV9odqHJIC9x0/AwaE3A1A8Vkn/Ds5FZasgIyZqOj
         1Z+kEQJS3FIlhMcfD/tkSQ987KbSZN0hjBSQS04DdOFlbnwHsO2N5r0bpUOsllnOlSK2
         vXfH/2KMPycGmykdP4TB2HNU9gc0CUsDlVVoic4+RsL8CPc0Da1iIaZrcCp18H4KqdIF
         cMhmyix3aNTWzYV6rpl0bw+n3q5JUsbowIzKoNMFRM5YgpsoPktn7mb5Sfx/f7eyhJFv
         f7J8OdwbaTzeVPmlbmD6/rlKw5998q0nZnTEy+Bwug2m8DEy4Aai/9P2ya95nnXXQln7
         /3JA==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:in-reply-to:from:content-language
         :references:cc:to:subject:user-agent:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:date:message-id:dkim-signature;
        bh=XwCtufbOmAVczMKPpjMngN0AkHobtXFU2x6VfOu2vRM=;
        fh=uYk1Z+n8BDnlXHKXRfbE+z/29LTR5SlQkke/zWJ1+qg=;
        b=HCmK90ci6yRW2MsHJ+7234McXnESEb16K8MpkmExZZyp21LVBsbBJFevTQw1XPfv/x
         qozrJ6AYyut9vHJmOj65YfsZo67jrrrcHqOGGb0f8xNSiRkZ4cOK6MMqGuTi07DvlmjU
         zQ2iUTUJLpcXYU/lbkaAnJFT8x2U2wsUcPffxXJjhxp6ADaXoew/dw4TVNH6QxqfbcGx
         rVMW4atahE/oZW/4VAWcUwM6RTEfOA4eX+srtfv+Uz4fh8w1QUDyRKbJtG4zD5fw/wK4
         wP3D3EULHn7kDgKFt5X5FV4t3WRN+2b/WAK2pannu5gZDt5ty0CU17i9K0PBZcv7i1SV
         yvaQ==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@ieee.org header.s=google header.b="N1Q/pgHj";
       arc=pass (i=1 spf=pass spfdomain=ieee.org dkim=pass dkdomain=ieee.org dmarc=pass fromdomain=ieee.org);
       spf=pass (google.com: domain of selinux-refpolicy+bounces-13-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="selinux-refpolicy+bounces-13-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=ieee.org
Return-Path: <selinux-refpolicy+bounces-13-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1])
        by mx.google.com with ESMTPS id af79cd13be357-792bf3651f7si300442685a.644.2024.05.17.09.09.21
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 17 May 2024 09:09:21 -0700 (PDT)
Received-SPF: pass (google.com: domain of selinux-refpolicy+bounces-13-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@ieee.org header.s=google header.b="N1Q/pgHj";
       arc=pass (i=1 spf=pass spfdomain=ieee.org dkim=pass dkdomain=ieee.org dmarc=pass fromdomain=ieee.org);
       spf=pass (google.com: domain of selinux-refpolicy+bounces-13-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="selinux-refpolicy+bounces-13-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=ieee.org
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ny.mirrors.kernel.org (Postfix) with ESMTPS id 829DE1C21443
	for <linux.lists.archive@gmail.com>; Fri, 17 May 2024 16:09:21 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id B9D6712F584;
	Fri, 17 May 2024 16:09:18 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=ieee.org header.i=@ieee.org header.b="N1Q/pgHj"
X-Original-To: selinux-refpolicy@vger.kernel.org
Received: from mail-qv1-f47.google.com (mail-qv1-f47.google.com [209.85.219.47])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id EEA312EAE1
	for <selinux-refpolicy@vger.kernel.org>; Fri, 17 May 2024 16:09:15 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.47
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1715962158; cv=none; b=UY34ToNSMzaccwml75MDL3ktROvosi8utR8SI1VfEHeWmGUfQYFcU8wQy/AkUHA6UxkijMn8PjLgO9VdVduffxvqboFTkzaekSA1YZx+VExoBbCTqXcQqmdbgXIhvD+kQfTfirD5tTLathmPALHn00LzSDyVIPJM5Pdaumwyo7o=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1715962158; c=relaxed/simple;
	bh=dNnDiZJWchtHqdwCcKZr+b14KvlaVeU4GlB0fwemmC8=;
	h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From:
	 In-Reply-To:Content-Type; b=JnYiOr/UHMzFAG7b0llFdH6IRwVjrGEwRQzb2qpEPRULKzHDnq1Wgnyje76iWU8HwVIi3T4KNvfeoM1NFVauMoIwbvMpoGvHbfQQvmABpiiZ3sFc9uH5f7GDletNP/b8li1kWkX1/XMSTsW/2oag8qgvVFun3NKUsw0+gcB7zAk=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=ieee.org; spf=pass smtp.mailfrom=ieee.org; dkim=pass (1024-bit key) header.d=ieee.org header.i=@ieee.org header.b=N1Q/pgHj; arc=none smtp.client-ip=209.85.219.47
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=ieee.org
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=ieee.org
Received: by mail-qv1-f47.google.com with SMTP id 6a1803df08f44-6a3652a74f9so4349896d6.2
        for <selinux-refpolicy@vger.kernel.org>; Fri, 17 May 2024 09:09:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=ieee.org; s=google; t=1715962155; x=1716566955; darn=vger.kernel.org;
        h=content-transfer-encoding:in-reply-to:from:content-language
         :references:cc:to:subject:user-agent:mime-version:date:message-id
         :from:to:cc:subject:date:message-id:reply-to;
        bh=XwCtufbOmAVczMKPpjMngN0AkHobtXFU2x6VfOu2vRM=;
        b=N1Q/pgHjafok5CLJ2nXoWGpUoGGCtzjaKEaU4OHFmDw5c7wXX+SWPtVF2pqm+94dtw
         LtlKauHnrYnMz7MQ2eAHniF3oKaVXcvPLkqYxlGMlXbM6U3i/GgjDGCVblIULt/5U+Df
         8audL9p8KLUAbD3DmqR5iBbDsvrq65NzC0Nig=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1715962155; x=1716566955;
        h=content-transfer-encoding:in-reply-to:from:content-language
         :references:cc:to:subject:user-agent:mime-version:date:message-id
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=XwCtufbOmAVczMKPpjMngN0AkHobtXFU2x6VfOu2vRM=;
        b=bx16GA3tAnL5jIVtNo9nb9HtHW96kKmMQLDZSIyVYAdf+pYvO9uhz24DmeN6GZ25PD
         rvK/y0rP0KFqyrPWPk5/GFakfi5rjlCCZwaBu2DbabtHU6t8Gp2PCVrAhVhi2FeDCmzk
         mbcg39gdwT9GaLKO6FXQA4LOpkSgTBQTr+3hQPdAlIJwSSFL2iBcAvIv1LwbaUdoWhRA
         okTDxjZLQHI8F3dOl9VUY7PRiVRAeSFOEIrjj+ksutavPuQBsFsc5/tv54FjXUDIJC/X
         /gheyU0yxYxHAF45Fd+BlpIIGGkRy53MgnYbQytMbBUMpxDds62u9+zw4GLvRhvO5OtE
         TMMA==
X-Forwarded-Encrypted: i=1; AJvYcCXdUwNyLkB6VGHQI6a0q7qRuY/t6XgOR17UBcBSd6r9x29AP9/LzkRDGAotrINphjbk1I9PmTfLTiI6QWpbrRD9j/Wr7uGjWD1aYeh+LG20s9o=
X-Gm-Message-State: AOJu0YzW2DLJ7oT15lqCZXepkHmkVVelZ/3jm32DsdSDyhW5G+sqHckp
	xDVgQwUJEpcMLPxZfhjBQF0Zz8TJDp6x8NyZ4nmFUQIm6Td5Ngf26vOjcjjsUw==
X-Received: by 2002:a05:6214:5885:b0:6a0:7d91:8752 with SMTP id 6a1803df08f44-6a16825d75bmr257732936d6.58.1715962154746;
        Fri, 17 May 2024 09:09:14 -0700 (PDT)
Received: from ?IPV6:2601:145:c200:2c70:196e:b9f8:60bb:98de? ([2601:145:c200:2c70:196e:b9f8:60bb:98de])
        by smtp.gmail.com with ESMTPSA id 6a1803df08f44-6a15f1ce896sm87085846d6.92.2024.05.17.09.09.13
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Fri, 17 May 2024 09:09:14 -0700 (PDT)
Message-ID: <c96cd6ea-eba5-4844-a2e0-ee2f69a2c46d@ieee.org>
Date: Fri, 17 May 2024 12:09:11 -0400
Precedence: bulk
X-Mailing-List: selinux-refpolicy@vger.kernel.org
List-Id: <selinux-refpolicy.vger.kernel.org>
List-Subscribe: <mailto:selinux-refpolicy+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:selinux-refpolicy+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: [PATCH v1] Need bluetooth socket permission for pulseaudio.
To: Raghavender Reddy Bujala <quic_rbujala@quicinc.com>,
 selinux-refpolicy@vger.kernel.org, ofono@ofono.org
Cc: quic_mohamull@quicinc.com, quic_hbandi@quicinc.com,
 quic_anubhavg@quicinc.com
References: <20240510055019.27778-1-quic_rbujala@quicinc.com>
 <f72fe764-0b76-43a7-940e-fdd8269fa8fe@ieee.org>
 <73450767-2bb9-4b49-9a47-5074a31f7190@quicinc.com>
Content-Language: en-US
From: Chris PeBenito <pebenito@ieee.org>
In-Reply-To: <73450767-2bb9-4b49-9a47-5074a31f7190@quicinc.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit

On 5/15/2024 11:52 PM, Raghavender Reddy Bujala wrote:
> 
> 
> On 5/15/2024 1:37 AM, Chris PeBenito wrote:
>> On 5/10/2024 1:50 AM, Raghavender Reddy Bujala wrote:
>>> Resolve selinux permission for ofono:
>>>
>>> [pulseaudio] backend-ofono.c: Failed to register as a handsfree audio 
>>> agent with ofono: org.freedesktop.DBus.Error.AccessDenied: An SELinux 
>>> policy prevents this sender from sending this message to this 
>>> recipient, 0 matched rules; type="method_call", sender=":1.14" 
>>> (uid=989 pid=1937 comm="/usr/bin/pulseaudio --system --daemonize=no 
>>> -v" label="system_u:system_r:pulseaudio_t:s0-s15:c0.c1023") 
>>> interface="org.ofono.HandsfreeAudioManager" member="Register" error 
>>> name="(unset)" requested_reply="0" destination="org.ofono" (uid=0 
>>> pid=942 comm="/usr/sbin/ofonod -n" 
>>> label="system_u:system_r:initrc_t:s0-s15:c0.c1023")
>>
>> It looks like we need a domain for ofonod.  Your system has it running 
>> is in the initrc_t domain, which is intended only for init scripts and 
>> the like.  It's not intended to be used for long-running processes.
>>
> 
> Thanks for suggestion.
> But we didn't found any particular domain for ofono and no sepolicy 
> files are available for this service.
> so, we have added these changes to make functionality work properly with 
> ofono.
> 
> and we haven't observed any sepolicy issue on ubuntu and rpi os for 
> ofono. Because sepolicy is not enabled for these os.
> output of ps -eZ command on ubuntu machine is:
> LABEL                               PID TTY          TIME CMD
> unconfined                        11528 ?        00:00:00 ofono
> 
> So, Is there any plan from upstream to add domain for ofono or add 
> sepolicies for this service.
> 
> Please let us know, is there any alternative to way proceed further.

I'm not aware of anyone creating an ofono domain for the SELinux policy. 
  Unfortunately your patch cannot be upstreamed in its current form, so 
it'll have to remain your local fix.  I'd expect an ofono domain to fix 
this access, since a telephony service would need audio output from 
pulseaudio or similar type service.


-- 
Chris PeBenito