Bug 117369 - /dev/input/event* can be used as input (synaptics) but not mouse_t
/dev/input/event* can be used as input (synaptics) but not mouse_t
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: policy (Show other bugs)
2
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks: FC2Blocker
  Show dependency treegraph
 
Reported: 2004-03-03 07:36 EST by Paul Nasrat
Modified: 2007-11-30 17:10 EST (History)
1 user (show)

See Also:
Fixed In Version: 1.9.1-2
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-03-30 15:26:13 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Paul Nasrat 2004-03-03 07:36:18 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4.1)
Gecko/20031114

Description of problem:
Running in enforcing mode XFree86 fails to start using the synaptics
driver (http://w1.894.telia.com/~u89404340/touchpad/) which takes raw
events from /dev/input/eventN - dmesg snippet 

avc:  denied  { read } for  pid=2028 exe=/usr/X11R6/bin/XFree86
name=event17 dev=hda5 ino=1296402
scontext=system_u:system_r:xdm_xserver_t
tcontext=system_u:object_r:device_t tclass=chr_file

avc:  denied  { read } for  pid=2028 exe=/usr/X11R6/bin/XFree86
name=event18 dev=hda5 ino=1296403
scontext=system_u:system_r:xdm_xserver_t
tcontext=system_u:object_r:device_t tclass=chr_file

XFree86.0.log:

MouseS no synaptics event device found
(**) Option "Device" "/dev/input/mice"
Query no Synaptics: 6003C8
(EE) MouseS no synaptics touchpad detected and no repeater device
(EE) MouseS Unable to query/initialize Synaptics hardware.
(EE) PreInit failed for input device "MouseS"
(II) UnloadModule: "synaptics"
(II) Keyboard "Keyboard0" handled by legacy driver
(**) Option "Protocol" "IMPS/2"
(**) DevInputMice: Protocol: "IMPS/2"
(**) Option "AlwaysCore"
(**) DevInputMice: always reports core events
(**) Option "Device" "/dev/input/mice"
(**) Option "Emulate3Buttons" "no"
(**) Option "ZAxisMapping" "4 5"
(**) DevInputMice: ZAxisMapping: buttons 4 and 5
(**) DevInputMice: Buttons: 5
(WW) No core pointer registered
(II) XINPUT: Adding extended input device "DevInputMice" (type: MOUSE)
(II) DevInputMice: ps2EnableDataReporting: succeeded
No core pointer



Version-Release number of selected component (if applicable):
policy-1.6.16

How reproducible:
Always

Steps to Reproduce:
1. run in enforcing mode (I used setenforce 1)
2. startx on machine using synaptics driver

    

Actual Results:  Fails with above logs

Expected Results:  XFree86 starts

Additional info:

Added

/u?dev/input/.*event.* -c system_u:object_r:mouse_device_t to
file_contexts/types.fc and make relabel fixes.   However as event
devices can be all input devices it might make sense to have
event_device_t maybe.
Comment 1 Aleksey Nogin 2004-03-08 04:10:18 EST
Note that gpm also has this problem if the evdev driver is used in gpm
(which is included in the default distro, BTW). I would also like to
see this problem fixed.
Comment 2 Daniel Walsh 2004-03-18 00:14:58 EST
Is this fixed by policy-1.9-1
Comment 3 Aleksey Nogin 2004-03-19 19:46:25 EST
No. In policy-1.9-3, the event devices are still not marked any
special and I see:

audit(1079743662.488:0): avc:  denied  { read } for  pid=24211
exe=/usr/X11R6/bin/XFree86 name=event0 dev=hda2 ino=4219044
scontext=system_u:system_r:xdm_xserver_t
tcontext=system_u:object_r:device_t tclass=chr_file
audit(1079743662.488:0): avc:  denied  { ioctl } for  pid=24211
exe=/usr/X11R6/bin/XFree86 path=/dev/input/event0 dev=hda2 ino=4219044
scontext=system_u:system_r:xdm_xserver_t
tcontext=system_u:object_r:device_t tclass=chr_file
audit(1079743662.489:0): avc:  denied  { write } for  pid=24211
exe=/usr/X11R6/bin/XFree86 name=event0 dev=hda2 ino=4219044
scontext=system_u:system_r:xdm_xserver_t
tcontext=system_u:object_r:device_t tclass=chr_file
audit(1079743662.618:0): avc:  denied  { getattr } for  pid=24211
exe=/usr/X11R6/bin/XFree86 path=/dev/input/event0 dev=hda2 ino=4219044
scontext=system_u:system_r:xdm_xserver_t
tcontext=system_u:object_r:device_t tclass=chr_file

I see that policy-1.9-3 has a event_device_t type. But if I manually add 

/u?dev/input/.*event.*  -c      system_u:object_r:event_device_t

then X still is not allowed to access them:

audit(1079743543.522:0): avc:  denied  { read } for  pid=23815
exe=/usr/X11R6/bin/XFree86 name=event0 dev=hda2 ino=4219044
scontext=system_u:system_r:xdm_xserver_t
tcontext=system_u:object_r:event_device_t tclass=chr_file
audit(1079743543.522:0): avc:  denied  { ioctl } for  pid=23815
exe=/usr/X11R6/bin/XFree86 path=/dev/input/event0 dev=hda2 ino=4219044
scontext=system_u:system_r:xdm_xserver_t
tcontext=system_u:object_r:event_device_t tclass=chr_file
audit(1079743543.522:0): avc:  denied  { write } for  pid=23815
exe=/usr/X11R6/bin/XFree86 name=event0 dev=hda2 ino=4219044
scontext=system_u:system_r:xdm_xserver_t
tcontext=system_u:object_r:event_device_t tclass=chr_file
audit(1079743546.735:0): avc:  denied  { getattr } for  pid=23815
exe=/usr/X11R6/bin/XFree86 path=/dev/input/event0 dev=hda2 ino=4219044
scontext=system_u:system_r:xdm_xserver_t
tcontext=system_u:object_r:event_device_t tclass=chr_file
audit(1079743629.754:0): avc:  denied  { read } for  pid=24005
exe=/usr/X11R6/bin/XFree86 name=event0 dev=hda2 ino=4219044
scontext=system_u:system_r:xdm_xserver_t
tcontext=system_u:object_r:event_device_t tclass=chr_file
Comment 4 Aleksey Nogin 2004-03-30 15:26:13 EST
Fixed with policy-sources-1.9.1-2

Note You need to log in before you can comment on or make changes to this bug.