Change the type on /dev/uinput to match /dev/uhid.

/dev/uinput is accessed in the same way as /dev/uhid, and unlike /dev/input/*. bluetooth requires access to the former and not to the latter, while shell requires access to the latter and not the former. This is also consistent with their DAC group ownerships (net_bt_stack for /dev/uinput and /dev/uhid vs input for /dev/input/*). Change-Id: I0059d832a7fe036ed888c91e1fb96f3e6e0bd2d4 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

Change the type on /dev/uinput to match /dev/uhid.
/dev/uinput is accessed in the same way as /dev/uhid, and unlike /dev/input/*. bluetooth requires access to the former and not to the latter, while shell requires access to the latter and not the former. This is also consistent with their DAC group ownerships (net_bt_stack for /dev/uinput and /dev/uhid vs input for /dev/input/*). Change-Id: I0059d832a7fe036ed888c91e1fb96f3e6e0bd2d4 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
b3c48b66 · Stephen Smalley · Nick Kralevich · 8c302d0f · b3c48b66 · b3c48b66
Commit b3c48b66 authored 11 years ago by Stephen Smalley Committed by Nick Kralevich 11 years ago
--- a/bluetooth.te
+++ b/bluetooth.te
@@ -11,7 +11,7 @@ allow bluetooth bluetooth_data_file:notdevfile_class_set create_file_perms;
 r_dir_file(bluetooth, bluetooth_efs_file)
 # Device accesses.
-allow bluetooth { tun_device uhid_device hci_attach_dev input_device }:chr_file rw_file_perms;
+allow bluetooth { tun_device uhid_device hci_attach_dev }:chr_file rw_file_perms;
 # Other domains that can create and use bluetooth sockets.
 # SELinux does not presently define a specific socket class for

--- a/file_contexts
+++ b/file_contexts
@@ -100,7 +100,7 @@
 /dev/ttyS[0-9]*		u:object_r:serial_device:s0
 /dev/tun		u:object_r:tun_device:s0
 /dev/uhid		u:object_r:uhid_device:s0
-/dev/uinput		u:object_r:input_device:s0
+/dev/uinput		u:object_r:uhid_device:s0
 /dev/urandom		u:object_r:urandom_device:s0
 /dev/usb_accessory	u:object_r:usbaccessory_device:s0
 /dev/vcs[0-9a-z]*	u:object_r:vcs_device:s0