117369 – /dev/input/event* can be used as input (synaptics) but not mouse_t

Bug 117369 - /dev/input/event* can be used as input (synaptics) but not mouse_t

Summary: /dev/input/event* can be used as input (synaptics) but not mouse_t

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	policy
Sub Component:
Version:	2
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Daniel Walsh
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	FC2Blocker
TreeView+	depends on / blocked

Reported:	2004-03-03 12:36 UTC by Paul Nasrat
Modified:	2007-11-30 22:10 UTC (History)
CC List:	1 user (show)
Fixed In Version:	1.9.1-2
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2004-03-30 20:26:13 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Paul Nasrat 2004-03-03 12:36:18 UTC

From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4.1)
Gecko/20031114

Description of problem:
Running in enforcing mode XFree86 fails to start using the synaptics
driver (http://w1.894.telia.com/~u89404340/touchpad/) which takes raw
events from /dev/input/eventN - dmesg snippet 

avc:  denied  { read } for  pid=2028 exe=/usr/X11R6/bin/XFree86
name=event17 dev=hda5 ino=1296402
scontext=system_u:system_r:xdm_xserver_t
tcontext=system_u:object_r:device_t tclass=chr_file

avc:  denied  { read } for  pid=2028 exe=/usr/X11R6/bin/XFree86
name=event18 dev=hda5 ino=1296403
scontext=system_u:system_r:xdm_xserver_t
tcontext=system_u:object_r:device_t tclass=chr_file

XFree86.0.log:

MouseS no synaptics event device found
(**) Option "Device" "/dev/input/mice"
Query no Synaptics: 6003C8
(EE) MouseS no synaptics touchpad detected and no repeater device
(EE) MouseS Unable to query/initialize Synaptics hardware.
(EE) PreInit failed for input device "MouseS"
(II) UnloadModule: "synaptics"
(II) Keyboard "Keyboard0" handled by legacy driver
(**) Option "Protocol" "IMPS/2"
(**) DevInputMice: Protocol: "IMPS/2"
(**) Option "AlwaysCore"
(**) DevInputMice: always reports core events
(**) Option "Device" "/dev/input/mice"
(**) Option "Emulate3Buttons" "no"
(**) Option "ZAxisMapping" "4 5"
(**) DevInputMice: ZAxisMapping: buttons 4 and 5
(**) DevInputMice: Buttons: 5
(WW) No core pointer registered
(II) XINPUT: Adding extended input device "DevInputMice" (type: MOUSE)
(II) DevInputMice: ps2EnableDataReporting: succeeded
No core pointer



Version-Release number of selected component (if applicable):
policy-1.6.16

How reproducible:
Always

Steps to Reproduce:
1. run in enforcing mode (I used setenforce 1)
2. startx on machine using synaptics driver

    

Actual Results:  Fails with above logs

Expected Results:  XFree86 starts

Additional info:

Added

/u?dev/input/.*event.* -c system_u:object_r:mouse_device_t to
file_contexts/types.fc and make relabel fixes.   However as event
devices can be all input devices it might make sense to have
event_device_t maybe.

Comment 1 Aleksey Nogin 2004-03-08 09:10:18 UTC

Note that gpm also has this problem if the evdev driver is used in gpm
(which is included in the default distro, BTW). I would also like to
see this problem fixed.

Comment 2 Daniel Walsh 2004-03-18 05:14:58 UTC

Is this fixed by policy-1.9-1

Comment 3 Aleksey Nogin 2004-03-20 00:46:25 UTC

No. In policy-1.9-3, the event devices are still not marked any
special and I see:

audit(1079743662.488:0): avc:  denied  { read } for  pid=24211
exe=/usr/X11R6/bin/XFree86 name=event0 dev=hda2 ino=4219044
scontext=system_u:system_r:xdm_xserver_t
tcontext=system_u:object_r:device_t tclass=chr_file
audit(1079743662.488:0): avc:  denied  { ioctl } for  pid=24211
exe=/usr/X11R6/bin/XFree86 path=/dev/input/event0 dev=hda2 ino=4219044
scontext=system_u:system_r:xdm_xserver_t
tcontext=system_u:object_r:device_t tclass=chr_file
audit(1079743662.489:0): avc:  denied  { write } for  pid=24211
exe=/usr/X11R6/bin/XFree86 name=event0 dev=hda2 ino=4219044
scontext=system_u:system_r:xdm_xserver_t
tcontext=system_u:object_r:device_t tclass=chr_file
audit(1079743662.618:0): avc:  denied  { getattr } for  pid=24211
exe=/usr/X11R6/bin/XFree86 path=/dev/input/event0 dev=hda2 ino=4219044
scontext=system_u:system_r:xdm_xserver_t
tcontext=system_u:object_r:device_t tclass=chr_file

I see that policy-1.9-3 has a event_device_t type. But if I manually add 

/u?dev/input/.*event.*  -c      system_u:object_r:event_device_t

then X still is not allowed to access them:

audit(1079743543.522:0): avc:  denied  { read } for  pid=23815
exe=/usr/X11R6/bin/XFree86 name=event0 dev=hda2 ino=4219044
scontext=system_u:system_r:xdm_xserver_t
tcontext=system_u:object_r:event_device_t tclass=chr_file
audit(1079743543.522:0): avc:  denied  { ioctl } for  pid=23815
exe=/usr/X11R6/bin/XFree86 path=/dev/input/event0 dev=hda2 ino=4219044
scontext=system_u:system_r:xdm_xserver_t
tcontext=system_u:object_r:event_device_t tclass=chr_file
audit(1079743543.522:0): avc:  denied  { write } for  pid=23815
exe=/usr/X11R6/bin/XFree86 name=event0 dev=hda2 ino=4219044
scontext=system_u:system_r:xdm_xserver_t
tcontext=system_u:object_r:event_device_t tclass=chr_file
audit(1079743546.735:0): avc:  denied  { getattr } for  pid=23815
exe=/usr/X11R6/bin/XFree86 path=/dev/input/event0 dev=hda2 ino=4219044
scontext=system_u:system_r:xdm_xserver_t
tcontext=system_u:object_r:event_device_t tclass=chr_file
audit(1079743629.754:0): avc:  denied  { read } for  pid=24005
exe=/usr/X11R6/bin/XFree86 name=event0 dev=hda2 ino=4219044
scontext=system_u:system_r:xdm_xserver_t
tcontext=system_u:object_r:event_device_t tclass=chr_file

Comment 4 Aleksey Nogin 2004-03-30 20:26:13 UTC

Fixed with policy-sources-1.9.1-2

Note You need to log in before you can comment on or make changes to this bug.