Bug 117369

Summary: /dev/input/event* can be used as input (synaptics) but not mouse_t
Product: [Fedora] Fedora Reporter: Paul Nasrat <nobody+pnasrat>
Component: policyAssignee: Daniel Walsh <dwalsh>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 2CC: aleksey
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 1.9.1-2 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2004-03-30 20:26:13 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 114961    

Description Paul Nasrat 2004-03-03 12:36:18 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4.1)
Gecko/20031114

Description of problem:
Running in enforcing mode XFree86 fails to start using the synaptics
driver (http://w1.894.telia.com/~u89404340/touchpad/) which takes raw
events from /dev/input/eventN - dmesg snippet 

avc:  denied  { read } for  pid=2028 exe=/usr/X11R6/bin/XFree86
name=event17 dev=hda5 ino=1296402
scontext=system_u:system_r:xdm_xserver_t
tcontext=system_u:object_r:device_t tclass=chr_file

avc:  denied  { read } for  pid=2028 exe=/usr/X11R6/bin/XFree86
name=event18 dev=hda5 ino=1296403
scontext=system_u:system_r:xdm_xserver_t
tcontext=system_u:object_r:device_t tclass=chr_file

XFree86.0.log:

MouseS no synaptics event device found
(**) Option "Device" "/dev/input/mice"
Query no Synaptics: 6003C8
(EE) MouseS no synaptics touchpad detected and no repeater device
(EE) MouseS Unable to query/initialize Synaptics hardware.
(EE) PreInit failed for input device "MouseS"
(II) UnloadModule: "synaptics"
(II) Keyboard "Keyboard0" handled by legacy driver
(**) Option "Protocol" "IMPS/2"
(**) DevInputMice: Protocol: "IMPS/2"
(**) Option "AlwaysCore"
(**) DevInputMice: always reports core events
(**) Option "Device" "/dev/input/mice"
(**) Option "Emulate3Buttons" "no"
(**) Option "ZAxisMapping" "4 5"
(**) DevInputMice: ZAxisMapping: buttons 4 and 5
(**) DevInputMice: Buttons: 5
(WW) No core pointer registered
(II) XINPUT: Adding extended input device "DevInputMice" (type: MOUSE)
(II) DevInputMice: ps2EnableDataReporting: succeeded
No core pointer



Version-Release number of selected component (if applicable):
policy-1.6.16

How reproducible:
Always

Steps to Reproduce:
1. run in enforcing mode (I used setenforce 1)
2. startx on machine using synaptics driver

    

Actual Results:  Fails with above logs

Expected Results:  XFree86 starts

Additional info:

Added

/u?dev/input/.*event.* -c system_u:object_r:mouse_device_t to
file_contexts/types.fc and make relabel fixes.   However as event
devices can be all input devices it might make sense to have
event_device_t maybe.
Comment 1 Aleksey Nogin 2004-03-08 09:10:18 UTC 
Note that gpm also has this problem if the evdev driver is used in gpm
(which is included in the default distro, BTW). I would also like to
see this problem fixed.
Comment 2 Daniel Walsh 2004-03-18 05:14:58 UTC 
Is this fixed by policy-1.9-1
Comment 3 Aleksey Nogin 2004-03-20 00:46:25 UTC 
No. In policy-1.9-3, the event devices are still not marked any
special and I see:

audit(1079743662.488:0): avc:  denied  { read } for  pid=24211
exe=/usr/X11R6/bin/XFree86 name=event0 dev=hda2 ino=4219044
scontext=system_u:system_r:xdm_xserver_t
tcontext=system_u:object_r:device_t tclass=chr_file
audit(1079743662.488:0): avc:  denied  { ioctl } for  pid=24211
exe=/usr/X11R6/bin/XFree86 path=/dev/input/event0 dev=hda2 ino=4219044
scontext=system_u:system_r:xdm_xserver_t
tcontext=system_u:object_r:device_t tclass=chr_file
audit(1079743662.489:0): avc:  denied  { write } for  pid=24211
exe=/usr/X11R6/bin/XFree86 name=event0 dev=hda2 ino=4219044
scontext=system_u:system_r:xdm_xserver_t
tcontext=system_u:object_r:device_t tclass=chr_file
audit(1079743662.618:0): avc:  denied  { getattr } for  pid=24211
exe=/usr/X11R6/bin/XFree86 path=/dev/input/event0 dev=hda2 ino=4219044
scontext=system_u:system_r:xdm_xserver_t
tcontext=system_u:object_r:device_t tclass=chr_file

I see that policy-1.9-3 has a event_device_t type. But if I manually add 

/u?dev/input/.*event.*  -c      system_u:object_r:event_device_t

then X still is not allowed to access them:

audit(1079743543.522:0): avc:  denied  { read } for  pid=23815
exe=/usr/X11R6/bin/XFree86 name=event0 dev=hda2 ino=4219044
scontext=system_u:system_r:xdm_xserver_t
tcontext=system_u:object_r:event_device_t tclass=chr_file
audit(1079743543.522:0): avc:  denied  { ioctl } for  pid=23815
exe=/usr/X11R6/bin/XFree86 path=/dev/input/event0 dev=hda2 ino=4219044
scontext=system_u:system_r:xdm_xserver_t
tcontext=system_u:object_r:event_device_t tclass=chr_file
audit(1079743543.522:0): avc:  denied  { write } for  pid=23815
exe=/usr/X11R6/bin/XFree86 name=event0 dev=hda2 ino=4219044
scontext=system_u:system_r:xdm_xserver_t
tcontext=system_u:object_r:event_device_t tclass=chr_file
audit(1079743546.735:0): avc:  denied  { getattr } for  pid=23815
exe=/usr/X11R6/bin/XFree86 path=/dev/input/event0 dev=hda2 ino=4219044
scontext=system_u:system_r:xdm_xserver_t
tcontext=system_u:object_r:event_device_t tclass=chr_file
audit(1079743629.754:0): avc:  denied  { read } for  pid=24005
exe=/usr/X11R6/bin/XFree86 name=event0 dev=hda2 ino=4219044
scontext=system_u:system_r:xdm_xserver_t
tcontext=system_u:object_r:event_device_t tclass=chr_file
Comment 4 Aleksey Nogin 2004-03-30 20:26:13 UTC 
Fixed with policy-sources-1.9.1-2