Ok, I examined all the policy and created a very broad profile called "bluetooth": http://bazaar.launchpad.net/~ubuntu-security/apparmor- easyprof-ubuntu/trunk/view/head:/data/policygroups/ubuntu/1.3/bluetooth
This gives all access to bluez and is therefore reserved. I was able to successfully transfer a file to my laptop from the device using the shareapp from click #1. I was also able to run both the client and the server of click #2 without denials (but the apps couldn't communicate after connecting (unrelated to apparmor)). In addition, for future reference and so the investigation is not lost, I committed 'bluetooth-net' and 'bluetooth-file-transfer' in the 'pending/' directory: http://bazaar.launchpad.net/~ubuntu-security /apparmor-easyprof-ubuntu/trunk/files/head:/pending/policygroups/ This policy is not read for consumption-- we need trust-store integration in bluez for these to become 'common', but again, wanted to capture the work somewhere in case it is useful in the future. I'll work on getting these things landed in silos, etc next. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1569582 Title: Add Bluetooth apparmor policy To manage notifications about this bug go to: https://bugs.launchpad.net/canonical-devices-system-image/+bug/1569582/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
