diff --git a/refpolicy/policy/modules/kernel/filesystem.if b/refpolicy/policy/modules/kernel/filesystem.if
index a2a105a..e460ebe 100644
--- a/refpolicy/policy/modules/kernel/filesystem.if
+++ b/refpolicy/policy/modules/kernel/filesystem.if
@@ -2531,7 +2531,7 @@ interface(`fs_tmpfs_filetrans',`
#
interface(`fs_dontaudit_rw_tmpfs_files',`
gen_require(`
- type tmp_t;
+ type tmpfs_t;
')
dontaudit $1 tmpfs_t:file { read write };
diff --git a/refpolicy/policy/modules/kernel/filesystem.te b/refpolicy/policy/modules/kernel/filesystem.te
index 12b652f..228f47d 100644
--- a/refpolicy/policy/modules/kernel/filesystem.te
+++ b/refpolicy/policy/modules/kernel/filesystem.te
@@ -1,5 +1,5 @@
-policy_module(filesystem,1.3.1)
+policy_module(filesystem,1.3.2)
########################################
#
diff --git a/refpolicy/policy/modules/services/bluetooth.te b/refpolicy/policy/modules/services/bluetooth.te
index 6576760..daf0c41 100644
--- a/refpolicy/policy/modules/services/bluetooth.te
+++ b/refpolicy/policy/modules/services/bluetooth.te
@@ -1,5 +1,5 @@
-policy_module(bluetooth,1.2.1)
+policy_module(bluetooth,1.2.2)
########################################
#
@@ -195,6 +195,7 @@ domain_read_all_domains_state(bluetooth_helper_t)
files_read_etc_files(bluetooth_helper_t)
files_read_etc_runtime_files(bluetooth_helper_t)
files_read_usr_files(bluetooth_helper_t)
+files_search_tmp(bluetooth_helper_t)
files_dontaudit_list_default(bluetooth_helper_t)
libs_use_ld_so(bluetooth_helper_t)
@@ -205,6 +206,20 @@ logging_send_syslog_msg(bluetooth_helper_t)
miscfiles_read_localization(bluetooth_helper_t)
miscfiles_read_fonts(bluetooth_helper_t)
+ifdef(`targeted_policy',`
+ files_rw_generic_tmp_sockets(bluetooth_helper_t)
+
+ fs_rw_tmpfs_files(bluetooth_helper_t)
+
+ unconfined_stream_connect(bluetooth_helper_t)
+
+ userdom_read_all_users_home_content_files(bluetooth_helper_t)
+
+ optional_policy(`
+ xserver_stream_connect_xdm(bluetooth_helper_t)
+ ')
+')
+
optional_policy(`
dbus_system_bus_client_template(bluetooth_helper,bluetooth_helper_t)
dbus_connect_system_bus(bluetooth_helper_t)
@@ -218,24 +233,3 @@ optional_policy(`
optional_policy(`
xserver_stream_connect_xdm(bluetooth_helper_t)
')
-
-ifdef(`TODO',`
-allow bluetooth_helper_t tmp_t:dir search;
-
-ifdef(`strict_policy',`
- ifdef(`xdm.te',`
- allow bluetooth_helper_t xdm_xserver_tmp_t:sock_file { read write };
- ')
-')
-') dnl end TODO
-
-ifdef(`targeted_policy',`
- files_rw_generic_tmp_sockets(bluetooth_helper_t)
- allow bluetooth_helper_t tmpfs_t:file { read write };
- allow bluetooth_helper_t unconfined_t:unix_stream_socket connectto;
- userdom_read_all_users_home_content_files(bluetooth_helper_t)
-
- optional_policy(`
- xserver_stream_connect_xdm(bluetooth_helper_t)
- ')
-')
diff --git a/refpolicy/policy/modules/system/unconfined.if b/refpolicy/policy/modules/system/unconfined.if
index 79d3af0..52e2f92 100644
--- a/refpolicy/policy/modules/system/unconfined.if
+++ b/refpolicy/policy/modules/system/unconfined.if
@@ -304,6 +304,25 @@ interface(`unconfined_rw_pipes',`
########################################
##
+## Connect to the unconfined domain using
+## a unix domain stream socket.
+##
+##
+##
+## Domain allowed access.
+##
+##
+#
+interface(`unconfined_stream_connect',`
+ gen_require(`
+ type unconfined_t;
+ ')
+
+ allow $1 unconfined_t:unix_stream_socket connectto;
+')
+
+########################################
+##
## Do not audit attempts to read or write
## unconfined domain tcp sockets.
##
diff --git a/refpolicy/policy/modules/system/unconfined.te b/refpolicy/policy/modules/system/unconfined.te
index d6da5b4..e14e278 100644
--- a/refpolicy/policy/modules/system/unconfined.te
+++ b/refpolicy/policy/modules/system/unconfined.te
@@ -1,5 +1,5 @@
-policy_module(unconfined,1.3.1)
+policy_module(unconfined,1.3.2)
########################################
#