From 2f8691b64f1fa1afa115fa6d2c1bb58bc4b0cb50 Mon Sep 17 00:00:00 2001
From: Pauli Virtanen <pav@iki.fi>
Date: Thu, 10 Nov 2022 19:13:07 +0200
Subject: [PATCH] bluez5: add comments on possible SELinux + BLE MIDI issues

---
 spa/plugins/bluez5/README-MIDI.md | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 spa/plugins/bluez5/README-MIDI.md

diff --git a/spa/plugins/bluez5/README-MIDI.md b/spa/plugins/bluez5/README-MIDI.md
new file mode 100644
index 000000000..76a224665
--- /dev/null
+++ b/spa/plugins/bluez5/README-MIDI.md
@@ -0,0 +1,25 @@
+## BLE MIDI & SELinux
+
+The SELinux configuration on Fedora 37 (as of 2022-11-10) does not
+permit access to the bluetoothd APIs needed for BLE MIDI.
+
+As a workaround, hopefully to be not necessary in future, you can
+permit such access by creating a file `blemidi.te` with contents:
+
+    policy_module(blemidi, 1.0);
+
+    require {
+        type system_dbusd_t;
+        type unconfined_t;
+        type unconfined_service_t;
+        type bluetooth_t;
+    }
+
+    allow system_dbusd_t unconfined_service_t:unix_stream_socket { read write };
+    allow system_dbusd_t bluetooth_t:unix_stream_socket { read write };
+
+Then having package `selinux-policy-devel` installed, running
+`make -f /usr/share/selinux/devel/Makefile blemidi.pp`, and finally
+to insert the rules via `sudo semodule -i blemidi.pp`.
+
+The policy change can be removed by `sudo semodule -r blemidi`.