pipewire/spa/plugins/bluez5/README-MIDI.md

## BLE MIDI & SELinux

The SELinux configuration on Fedora 37 (as of 2022-11-10) does not
permit access to the bluetoothd APIs needed for BLE MIDI.

As a workaround, hopefully to be not necessary in future, you can
permit such access by creating a file `blemidi.te` with contents:

    policy_module(blemidi, 1.0);

    require {
        type system_dbusd_t;
        type unconfined_t;
        type bluetooth_t;
    }

    allow bluetooth_t unconfined_t:unix_stream_socket { read write };
    allow system_dbusd_t bluetooth_t:unix_stream_socket { read write };

Then having package `selinux-policy-devel` installed, running
`make -f /usr/share/selinux/devel/Makefile blemidi.pp`, and finally
to insert the rules via `sudo semodule -i blemidi.pp`.

The policy change can be removed by `sudo semodule -r blemidi`.
bluez5: add comments on possible SELinux + BLE MIDI issues 2022-11-10 19:13:07 +02:00			`## BLE MIDI & SELinux`

			`The SELinux configuration on Fedora 37 (as of 2022-11-10) does not`
			`permit access to the bluetoothd APIs needed for BLE MIDI.`

			`As a workaround, hopefully to be not necessary in future, you can`
			permit such access by creating a file `blemidi.te` with contents:

			`policy_module(blemidi, 1.0);`

			`require {`
			`type system_dbusd_t;`
			`type unconfined_t;`
			`type bluetooth_t;`
			`}`

bluez5: fixup BLE MIDI selinux README The SELinux configuration should allow passing sockets also from PW to bluetoothd. 2022-11-20 18:52:57 +02:00			`allow bluetooth_t unconfined_t:unix_stream_socket { read write };`
bluez5: add comments on possible SELinux + BLE MIDI issues 2022-11-10 19:13:07 +02:00			`allow system_dbusd_t bluetooth_t:unix_stream_socket { read write };`

			Then having package `selinux-policy-devel` installed, running
			`make -f /usr/share/selinux/devel/Makefile blemidi.pp`, and finally
			to insert the rules via `sudo semodule -i blemidi.pp`.

			The policy change can be removed by `sudo semodule -r blemidi`.