Comment 11 for bug 1569582

Ok, I examined all the policy and created a very broad profile called "bluetooth": http://bazaar.launchpad.net/~ubuntu-security/apparmor-easyprof-ubuntu/trunk/view/head:/data/policygroups/ubuntu/1.3/bluetooth

This gives all access to bluez and is therefore reserved. I was able to successfully transfer a file to my laptop from the device using the shareapp from click #1. I was also able to run both the client and the server of click #2 without denials (but the apps couldn't communicate after connecting (unrelated to apparmor)).

In addition, for future reference and so the investigation is not lost, I committed 'bluetooth-net' and 'bluetooth-file-transfer' in the 'pending/' directory: http://bazaar.launchpad.net/~ubuntu-security/apparmor-easyprof-ubuntu/trunk/files/head:/pending/policygroups/

This policy is not read for consumption-- we need trust-store integration in bluez for these to become 'common', but again, wanted to capture the work somewhere in case it is useful in the future.

I'll work on getting these things landed in silos, etc next.