Bug 117369 - /dev/input/event* can be used as input (synaptics) but not mouse_t
Summary: /dev/input/event* can be used as input (synaptics) but not mouse_t
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: policy   
(Show other bugs)
Version: 2
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks: FC2Blocker
TreeView+ depends on / blocked
 
Reported: 2004-03-03 12:36 UTC by Paul Nasrat
Modified: 2007-11-30 22:10 UTC (History)
1 user (show)

Fixed In Version: 1.9.1-2
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-03-30 20:26:13 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Paul Nasrat 2004-03-03 12:36:18 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4.1)
Gecko/20031114

Description of problem:
Running in enforcing mode XFree86 fails to start using the synaptics
driver (http://w1.894.telia.com/~u89404340/touchpad/) which takes raw
events from /dev/input/eventN - dmesg snippet 

avc:  denied  { read } for  pid=2028 exe=/usr/X11R6/bin/XFree86
name=event17 dev=hda5 ino=1296402
scontext=system_u:system_r:xdm_xserver_t
tcontext=system_u:object_r:device_t tclass=chr_file

avc:  denied  { read } for  pid=2028 exe=/usr/X11R6/bin/XFree86
name=event18 dev=hda5 ino=1296403
scontext=system_u:system_r:xdm_xserver_t
tcontext=system_u:object_r:device_t tclass=chr_file

XFree86.0.log:

MouseS no synaptics event device found
(**) Option "Device" "/dev/input/mice"
Query no Synaptics: 6003C8
(EE) MouseS no synaptics touchpad detected and no repeater device
(EE) MouseS Unable to query/initialize Synaptics hardware.
(EE) PreInit failed for input device "MouseS"
(II) UnloadModule: "synaptics"
(II) Keyboard "Keyboard0" handled by legacy driver
(**) Option "Protocol" "IMPS/2"
(**) DevInputMice: Protocol: "IMPS/2"
(**) Option "AlwaysCore"
(**) DevInputMice: always reports core events
(**) Option "Device" "/dev/input/mice"
(**) Option "Emulate3Buttons" "no"
(**) Option "ZAxisMapping" "4 5"
(**) DevInputMice: ZAxisMapping: buttons 4 and 5
(**) DevInputMice: Buttons: 5
(WW) No core pointer registered
(II) XINPUT: Adding extended input device "DevInputMice" (type: MOUSE)
(II) DevInputMice: ps2EnableDataReporting: succeeded
No core pointer



Version-Release number of selected component (if applicable):
policy-1.6.16

How reproducible:
Always

Steps to Reproduce:
1. run in enforcing mode (I used setenforce 1)
2. startx on machine using synaptics driver

    

Actual Results:  Fails with above logs

Expected Results:  XFree86 starts

Additional info:

Added

/u?dev/input/.*event.* -c system_u:object_r:mouse_device_t to
file_contexts/types.fc and make relabel fixes.   However as event
devices can be all input devices it might make sense to have
event_device_t maybe.

Comment 1 Aleksey Nogin 2004-03-08 09:10:18 UTC
Note that gpm also has this problem if the evdev driver is used in gpm
(which is included in the default distro, BTW). I would also like to
see this problem fixed.

Comment 2 Daniel Walsh 2004-03-18 05:14:58 UTC
Is this fixed by policy-1.9-1

Comment 3 Aleksey Nogin 2004-03-20 00:46:25 UTC
No. In policy-1.9-3, the event devices are still not marked any
special and I see:

audit(1079743662.488:0): avc:  denied  { read } for  pid=24211
exe=/usr/X11R6/bin/XFree86 name=event0 dev=hda2 ino=4219044
scontext=system_u:system_r:xdm_xserver_t
tcontext=system_u:object_r:device_t tclass=chr_file
audit(1079743662.488:0): avc:  denied  { ioctl } for  pid=24211
exe=/usr/X11R6/bin/XFree86 path=/dev/input/event0 dev=hda2 ino=4219044
scontext=system_u:system_r:xdm_xserver_t
tcontext=system_u:object_r:device_t tclass=chr_file
audit(1079743662.489:0): avc:  denied  { write } for  pid=24211
exe=/usr/X11R6/bin/XFree86 name=event0 dev=hda2 ino=4219044
scontext=system_u:system_r:xdm_xserver_t
tcontext=system_u:object_r:device_t tclass=chr_file
audit(1079743662.618:0): avc:  denied  { getattr } for  pid=24211
exe=/usr/X11R6/bin/XFree86 path=/dev/input/event0 dev=hda2 ino=4219044
scontext=system_u:system_r:xdm_xserver_t
tcontext=system_u:object_r:device_t tclass=chr_file

I see that policy-1.9-3 has a event_device_t type. But if I manually add 

/u?dev/input/.*event.*  -c      system_u:object_r:event_device_t

then X still is not allowed to access them:

audit(1079743543.522:0): avc:  denied  { read } for  pid=23815
exe=/usr/X11R6/bin/XFree86 name=event0 dev=hda2 ino=4219044
scontext=system_u:system_r:xdm_xserver_t
tcontext=system_u:object_r:event_device_t tclass=chr_file
audit(1079743543.522:0): avc:  denied  { ioctl } for  pid=23815
exe=/usr/X11R6/bin/XFree86 path=/dev/input/event0 dev=hda2 ino=4219044
scontext=system_u:system_r:xdm_xserver_t
tcontext=system_u:object_r:event_device_t tclass=chr_file
audit(1079743543.522:0): avc:  denied  { write } for  pid=23815
exe=/usr/X11R6/bin/XFree86 name=event0 dev=hda2 ino=4219044
scontext=system_u:system_r:xdm_xserver_t
tcontext=system_u:object_r:event_device_t tclass=chr_file
audit(1079743546.735:0): avc:  denied  { getattr } for  pid=23815
exe=/usr/X11R6/bin/XFree86 path=/dev/input/event0 dev=hda2 ino=4219044
scontext=system_u:system_r:xdm_xserver_t
tcontext=system_u:object_r:event_device_t tclass=chr_file
audit(1079743629.754:0): avc:  denied  { read } for  pid=24005
exe=/usr/X11R6/bin/XFree86 name=event0 dev=hda2 ino=4219044
scontext=system_u:system_r:xdm_xserver_t
tcontext=system_u:object_r:event_device_t tclass=chr_file


Comment 4 Aleksey Nogin 2004-03-30 20:26:13 UTC
Fixed with policy-sources-1.9.1-2


Note You need to log in before you can comment on or make changes to this bug.