feat: Add audit-secureblue checks for flatpak bluetooth and ptrace access (#438)

* Add check for bluetooth and ptrace

* Add check for flatpak bluetooth and ptrace access

files/system/usr/share/ublue-os/just/70-secureblue.just

@@ -418,6 +418,7 @@ audit-secureblue:
         print_status "$SYSCTL_TEST_STRING" "$STATUS_SUCCESS"
     else
         print_status "$SYSCTL_TEST_STRING" "$STATUS_FAILURE"
+        bluetooth_loaded=true
     fi
 
     SYSCTL_TEST_STRING="Ensuring ptrace is forbidden"
@@ -425,6 +426,7 @@ audit-secureblue:
         print_status "$SYSCTL_TEST_STRING" "$STATUS_SUCCESS"
     else
         print_status "$SYSCTL_TEST_STRING" "$STATUS_FAILURE"
+        ptrace_allowed=true
     fi
 
     AUTHSELECT_TEST_STRING="Ensuring no authselect overrides"
@@ -598,6 +600,14 @@ audit-secureblue:
                 status="$STATUS_FAILURE"
                 warnings+=("> $f is not using hardened_malloc!")
             fi
+            if [[ "$bluetooth_loaded" == "true" ]] && hasPermission "$permissions" "features" "bluetooth"; then
+                status="$STATUS_FAILURE"
+                warnings+=("> $f has bluetooth access!")
+            fi
+            if [[ "$ptrace_allowed" == "true" ]] && hasPermission "$permissions" "features" "devel"; then
+                status="$STATUS_FAILURE"
+                warnings+=("> $f has ptrace access!")
+            fi
             flatpak_test_string="Auditing $f"
             print_status "$flatpak_test_string" "$status"
             for warning in "${warnings[@]}"; do