From a43209ebd3e678f869fe47d254e0ef43046e8350 Mon Sep 17 00:00:00 2001
From: Jeff Vander Stoep <jeffv@google.com>
Date: Thu, 24 Aug 2017 14:33:41 -0700
Subject: [PATCH] Fix label on /dev/input

Commit 780a71e7 changed ueventd's selinux label lookup from /dev/input/
to /dev/input which no longer matches the regex in core policy
file_contexts. Fix the regex to match /dev/input and /dev/input/.

avc: denied { read } for name="input" dev="tmpfs" ino=14092
scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:device:s0
tclass=dir
avc: denied { open } for path="/dev/input" dev="tmpfs"
ino=14092 scontext=u:r:hal_camera_default:s0
tcontext=u:object_r:device:s0 tclass=dir

Change-Id: I8f42f5cd96fc8353bf21d3ee6c3de9e2872f229f
Fixes: 64997761
Fixes: 64954704
Test: no camera HAL denials
---
 private/file_contexts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/private/file_contexts b/private/file_contexts
index 7f9f5129e..75fd94a37 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -89,7 +89,7 @@
 /dev/hw_random		u:object_r:hw_random_device:s0
 /dev/hwbinder		u:object_r:hwbinder_device:s0
 /dev/i2c-[0-9]+		u:object_r:i2c_device:s0
-/dev/input(/.*)		u:object_r:input_device:s0
+/dev/input(/.*)?	u:object_r:input_device:s0
 /dev/iio:device[0-9]+   u:object_r:iio_device:s0
 /dev/ion		u:object_r:ion_device:s0
 /dev/keychord   u:object_r:keychord_device:s0
-- 
GitLab