From 4eb063d0ee4fb5dfff06a7cef4d83bf0bf8e51f2 Mon Sep 17 00:00:00 2001
From: xieyao_whu <xieyao7@huawei.com>
Date: Fri, 22 Nov 2024 08:52:07 +0000
Subject: [PATCH 1/2] update sepolicy/base/public/domain.te.

Signed-off-by: xieyao_whu <xieyao7@huawei.com>
---
 sepolicy/base/public/domain.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sepolicy/base/public/domain.te b/sepolicy/base/public/domain.te
index 3cd458161..9049b78e2 100644
--- a/sepolicy/base/public/domain.te
+++ b/sepolicy/base/public/domain.te
@@ -313,7 +313,7 @@ neverallow { domain -appspawn -hiview -hidumper_service -memmgrservice -storage_
 neverallow * self:{ capability cap_userns } sys_pacct;
 neverallow { domain -init -chipset_init -storage_daemon -installs -appspawn -nwebspawn -nativespawn -cjappspawn -netsysnative -file_guard_server debug_only(`-hiprofiler_plugins -hiebpf') updater_only(`-updater') -rgm_violator_ohos_capability_sysadmin -rgm_violator_cap_sysadmin -module_update_service } self:{ capability cap_userns } sys_admin;
 neverallow { domain -init -chipset_init } self:{ capability cap_userns } sys_boot;
-neverallow { domain -render_service -cap_violator_sysnice -composer_host -a2dp_host -appspawn } self:{ capability cap_userns } sys_nice;
+neverallow { domain -render_service -cap_violator_sysnice -composer_host -a2dp_host -appspawn -blue_host } self:{ capability cap_userns } sys_nice;
 neverallow { domain -init -chipset_init -memmgrservice -netsysnative  debug_only(`-hiebpf') } self:{ capability cap_userns } sys_resource;
 neverallow { domain -time_service updater_only(`-updater') } self:{ capability cap_userns } sys_time;
 neverallow * self:{ capability cap_userns } sys_tty_config;
-- 
Gitee


From cbfe01b390bc9a2ea7a99f5d4e09be5550b92a65 Mon Sep 17 00:00:00 2001
From: xieyao_whu <xieyao7@huawei.com>
Date: Fri, 22 Nov 2024 08:53:24 +0000
Subject: [PATCH 2/2] update
 sepolicy/ohos_policy/communication/bluetooth/system/blue_host.te.

Signed-off-by: xieyao_whu <xieyao7@huawei.com>
---
 sepolicy/ohos_policy/communication/bluetooth/system/blue_host.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/sepolicy/ohos_policy/communication/bluetooth/system/blue_host.te b/sepolicy/ohos_policy/communication/bluetooth/system/blue_host.te
index 0b3c70ab1..9fc5cdcfb 100644
--- a/sepolicy/ohos_policy/communication/bluetooth/system/blue_host.te
+++ b/sepolicy/ohos_policy/communication/bluetooth/system/blue_host.te
@@ -85,4 +85,5 @@ allow blue_host data_vendor:dir { add_name write };
 #avc:  denied  { read } for  pid=1007 comm="IPC_3_3026" name="btmac.txt" dev="sdd78" ino=8371 scontext=u:r:blue_host:s0 tcontext=u:object_r:data_vendor:s0 tclass=file permissive=0
 #avc:  denied  { read write } for  pid=1007 comm="IPC_3_3026" name="btmac.txt" dev="sdd78" ino=8371 scontext=u:r:blue_host:s0 tcontext=u:object_r:data_vendor:s0 tclass=file permissive=0
 allow blue_host data_vendor:file { create read write open };
+allow blue_host blue_host:capability { sys_nice };
 
-- 
Gitee