projects / platform / core / system / libdevice-node.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c8557ee)
Clean up udev and Smack rules 64/4364/1
authorWilliam Douglas <william.douglas@intel.com>
Fri, 28 Jun 2013 00:30:50 +0000 (17:30 -0700)
committerWilliam Douglas <william.douglas@intel.com>
Fri, 28 Jun 2013 00:38:21 +0000 (17:38 -0700)
Smack rules for device nodes should be applied in the udev package.
Security team should audit permissions for device nodes that are
needed to be changed that were being kept in this package (but again
should be done in the udev package as there were a broad grouping of
devices that may even conflict with default udev rules).

This change is likely a breaking change and will need corresponding
changes to other packages (including udev rules and manifest).

Change-Id: I509035ace21163e24231e825f44a9f96a988c47e
Signed-off-by: William Douglas <william.douglas@intel.com>
CMakeLists.txt patch | blob | history
device-node.sh [deleted file] patch | blob | history
packaging/libdevice-node.manifest patch | blob | history
packaging/libdevice-node.spec patch | blob | history
packaging/smack-device-labeling.service [deleted file] patch | blob | history
smack_device_labeling [deleted file] patch | blob | history
udev/rules.d/51-devices-priv.rules [deleted file] patch | blob | history
udev/rules.d/95-devices.rules [deleted file] patch | blob | history

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 70705b46b6b56e964e047b2ce5348c1301465f15..6c7b887bf6eaee933ebdeb28fbee32ae182a3be6 100644 (file)
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -46,5 +46,3 @@ INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/devman_plugin.pc DESTINATION ${LIB_INS
 FOREACH(hfile ${HEADERS})
        INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/${hfile} DESTINATION include/${PROJECT_NAME})
 ENDFOREACH(hfile)
-
-INSTALL(DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/udev/ DESTINATION lib/udev)
diff --git a/device-node.sh b/device-node.sh
deleted file mode 100755 (executable)
index 74d324b..0000000
--- a/device-node.sh
+++ /dev/null
@@ -1,35 +0,0 @@
-#!/bin/sh
-
-do_start () {
-       # If setting for device is needed, do here
-}
-
-## for setting default brightness
-set_display () {
-       BL_BRT=
-       for file in /sys/class/backlight/*; do
-       #       echo $file
-               if [ -e $file ]; then
-                       BL_BRT=$file/brightness
-                       break
-               fi
-       done
-       /bin/echo `/usr/bin/vconftool get db/setting/Brightness | /usr/bin/awk '{print $4}'` > $BL_BRT
-       /bin/echo 0 > /sys/class/leds/leds-torch/brightness
-}
-
-case "$1" in
-       start)
-               do_start
-               ;;
-       display)
-               set_display
-               ;;
-       *)
-               echo "Usage: $0 start | display"
-               exit 1
-
-esac
-
-exit 0
-
diff --git a/packaging/libdevice-node.manifest b/packaging/libdevice-node.manifest
index 60aaa98fa65f48052dc5e5e56826df3a9c332f65..017d22d3aff3db1cd32736351140c2fed580d1c0 100644 (file)
--- a/packaging/libdevice-node.manifest
+++ b/packaging/libdevice-node.manifest
@@ -1,25 +1,5 @@
 <manifest>
-       <define>
-               <domain name="device"/>
-               <provide>
-                       <label name="device::camera"/>
-                       <label name="device::app_logging"/>
-                       <label name="device::sys_logging"/>
-                       <label name="device::audio"/>
-                       <label name="device::recording"/>
-                       <label name="device::hwcodec"/>
-                       <label name="device::video"/>
-                       <label name="device::radio"/>
-                       <label name="device::bklight"/>
-                       <label name="device::led"/>
-                       <label name="device::mdnie"/>
-                       <label name="device::dialout"/>
-                       <label name="device::printer"/>
-                       <label name="device::nfc"/>
-                       <label name="device::hall"/>
-               </provide>
-       </define>
-       <request>
-               <domain name="_"/>
-       </request>
+ <request>
+    <domain name="_"/>
+ </request>
 </manifest>
diff --git a/packaging/libdevice-node.spec b/packaging/libdevice-node.spec
index 0d2b5bffa605b3b30bf1c5eaa82bdb0c495329b6..b0a7794f306a8296ccd44a64bce58907b9255170 100644 (file)
--- a/packaging/libdevice-node.spec
+++ b/packaging/libdevice-node.spec
@@ -2,11 +2,10 @@ Name:       libdevice-node
 Summary:    Library to control OAL APIs
 Version:    0.1.0
 Release:    1
-Group:      System/Libraries
+Group:      Application Framework/Libraries
 License:    Apache-2.0
 Source0:    %{name}-%{version}.tar.gz
 Source1:    %{name}.manifest
-Source2:    smack-device-labeling.service
 BuildRequires:  cmake
 BuildRequires:  pkgconfig(vconf)
 BuildRequires:  pkgconfig(dlog)
@@ -16,7 +15,6 @@ development package of library to control OAL APIs
 
 %package devel
 Summary:       Control OAL APIs (devel)
-Group:         Development/Libraries
 Requires:      %{name} = %{version}-%{release}
 
 %description devel
@@ -33,21 +31,11 @@ make %{?jobs:-j%jobs}
 %install
 %make_install
 
-mkdir -p %{buildroot}%{_unitdir}/basic.target.wants
-install -m 644 %{SOURCE2} %{buildroot}%{_unitdir}/
-ln -s ../smack-device-labeling.service %{buildroot}%{_unitdir}/basic.target.wants/
-mkdir -p %{buildroot}/lib/firmware/mdnie
-
-
 %post -p /sbin/ldconfig
 %postun -p /sbin/ldconfig
 
 %files
 %{_libdir}/*.so.*
-%{_prefix}/lib/udev/rules.d/*
-%{_unitdir}/smack-device-labeling.service
-%{_unitdir}/basic.target.wants/smack-device-labeling.service
-/lib/firmware/mdnie
 %manifest %{name}.manifest
 
 %files devel
diff --git a/packaging/smack-device-labeling.service b/packaging/smack-device-labeling.service
deleted file mode 100644 (file)
index 3ae6377..0000000
--- a/packaging/smack-device-labeling.service
+++ /dev/null
@@ -1,13 +0,0 @@
-[Unit]
-Description=Default SMACK labeling
-DefaultDependencies=no
-Requires=smack.service local-fs.target
-After=smack.service local-fs.target
-Before=basic.target
-
-[Service]
-Type=oneshot
-ExecStart=/etc/rc.d/init.d/smack_device_labeling
-
-[Install]
-WantedBy=basic.target
diff --git a/smack_device_labeling b/smack_device_labeling
deleted file mode 100755 (executable)
index 952783e..0000000
--- a/smack_device_labeling
+++ /dev/null
@@ -1,14 +0,0 @@
-#!/bin/sh
-
-# Set device node permissions for security
-chsmack -a 'device::bklight' /sys/class/backlight/*/brightness
-chsmack -a 'device::led' /sys/class/camera/flash/rear_flash
-chsmack -a 'device::led' /sys/class/camera/flash/max_brightness
-chsmack -a 'device::mdnie' /sys/class/extension/mdnie/mode
-chsmack -a 'device::mdnie' /sys/class/extension/mdnie/scenario
-chsmack -a 'device::mdnie' /sys/class/extension/mdnie/tone
-chsmack -a 'device::mdnie' /sys/class/extension/mdnie/outdoor
-chsmack -a 'device::mdnie' /sys/class/extension/mdnie/tune
-chsmack -a 'device::haptic' /sys/class/haptic/motor/level
-chsmack -a 'device::haptic' /sys/class/haptic/motor/enable
-chsmack -a 'device::haptic' /sys/class/haptic/motor/oneshot
diff --git a/udev/rules.d/51-devices-priv.rules b/udev/rules.d/51-devices-priv.rules
deleted file mode 100644 (file)
index a4b3741..0000000
--- a/udev/rules.d/51-devices-priv.rules
+++ /dev/null
@@ -1,28 +0,0 @@
-# this part is extracted from 50-udev-default.rules file only to add smack label
-
-SUBSYSTEM=="tty", KERNEL=="ptmx", SMACK="*"
-SUBSYSTEM=="tty", KERNEL=="tty", SMACK="*"
-SUBSYSTEM=="tty", KERNEL=="tty[0-9]*", SMACK="*"
-SUBSYSTEM=="vc", KERNEL=="vcs*|vcsa*", SMACK="*"
-
-# serial
-KERNEL=="tty[A-Z]*[0-9]|pppox[0-9]*|ircomm[0-9]*|noz[0-9]*|rfcomm[0-9]*", SMACK="*"
-
-# video4linux
-SUBSYSTEM=="video4linux", SMACK="*"
-
-# graphics
-SUBSYSTEM=="drm", MODE="0666", SMACK="*"
-
-# 'libusb' device nodes
-SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device", SMACK="*"
-
-KERNEL=="fuse", SMACK="*"
-
-# this part is high priority udev rules
-
-KERNEL=="null|zero|full|random|urandom", SMACK="*"
-KERNEL=="uinput", MODE="0666", SMACK="*"
-KERNEL=="ump", MODE="0666", SMACK="*"
-KERNEL=="mali", MODE="0666", SMACK="*"
-KERNEL=="slp_global_lock", MODE="0666", SMACK="*"
diff --git a/udev/rules.d/95-devices.rules b/udev/rules.d/95-devices.rules
deleted file mode 100644 (file)
index 36b9860..0000000
--- a/udev/rules.d/95-devices.rules
+++ /dev/null
@@ -1,67 +0,0 @@
-ACTION=="remove", GOTO="devices_end"
-
-KERNEL=="fb[0-9]", MODE="0660", GROUP="video", SMACK="_"
-KERNEL=="s3c-mem", MODE="0660", GROUP="video", SMACK="_"
-KERNEL=="umts_csd", MODE="0660", GROUP="video_tel", SMACK="*"
-KERNEL=="s3c-jpeg", MODE="0660", GROUP="camera", SMACK="_"
-KERNEL=="s5p-jpeg", MODE="0660", GROUP="camera", SMACK="_"
-KERNEL=="s3c-jpg", MODE="0660", GROUP="camera", SMACK="_"
-KERNEL=="srp", MODE="0660", GROUP="hwcodec", SMACK="*"
-KERNEL=="s3c-mfc", MODE="0660", GROUP="hwcodec", SMACK="_"
-KERNEL=="s5p-mfc", MODE="0660", GROUP="hwcodec", SMACK="*"
-KERNEL=="radio[0-9]", MODE="0660", GROUP="radio", SMACK="_"
-KERNEL=="pcmC[0-9]D[0-9]c", MODE="0660", GROUP="recording", SMACK="_"
-KERNEL=="pcmC[0-9]D[0-9]p", MODE="0660", GROUP="audio", SMACK="_"
-KERNEL=="controlC[0-9]", MODE="0660", GROUP="audio", SMACK="_"
-KERNEL=="timer", SUBSYSTEM=="sound", MODE="0660", GROUP="audio", SMACK="_"
-
-KERNEL=="log_main", MODE="0660", GROUP="app_logging", SMACK="_"
-KERNEL=="log_events", MODE="0660", GROUP="app_logging", SMACK="_"
-KERNEL=="log_radio", MODE="0660", GROUP="app_logging", SMACK="_"
-KERNEL=="log_system", MODE="0660", GROUP="sys_logging", SMACK="_"
-
-KERNEL=="pvrsrvkm", MODE="0666", SMACK="*"
-KERNEL=="usb_mtp_gadget", MODE="0666", SMACK="*"
-KERNEL=="usb_accessory", MODE="0666", SMACK="*"
-
-# Marvell
-KERNEL=="uio[0-9]", MODE="0666", SMACK="*"
-
-# Brightness control
-SUBSYSTEM=="leds", ATTR{brightness}=="?*", RUN+="/bin/chmod 0664 %S/%p/brightness", RUN+="/bin/chown :system_torch %S/%p/brightness"
-SUBSYSTEM=="backlight", ATTR{brightness}=="?*", RUN+="/bin/chmod 0664 %S/%p/brightness", RUN+="/bin/chown :system_bklight %S/%p/brightness"
-
-# flash (7/16 added)
-SUBSYSTEM=="camera", RUN+="/bin/chmod 0666 %S/%p/rear_flash"
-SUBSYSTEM=="camera", RUN+="/bin/chmod 0666 %S/%p/max_brightness"
-
-# mDNIe
-DRIVER=="mdnie", RUN+="/bin/chmod 0666 %S/%p/mode"
-DRIVER=="mdnie", RUN+="/bin/chmod 0666 %S/%p/scenario"
-DRIVER=="mdnie", RUN+="/bin/chmod 0666 %S/%p/tone"
-DRIVER=="mdnie", RUN+="/bin/chmod 0666 %S/%p/outdoor"
-DRIVER=="mdnie", RUN+="/bin/chmod 0666 %S/%p/tune"
-
-# haptic
-SUBSYSTEM=="haptic", RUN+="/bin/chmod 0666 %S/%p/level"
-SUBSYSTEM=="haptic", RUN+="/bin/chmod 0666 %S/%p/enable"
-SUBSYSTEM=="haptic", RUN+="/bin/chmod 0666 %S/%p/oneshot"
-
-# Video4Linux
-SUBSYSTEM!="video4linux", GOTO="v4l_end"
-IMPORT{program}="uname_env kernel-release"
-
-KERNEL=="video0", ENV{UNAME_KERNEL_RELEASE}=="3.0.*", GROUP="camera", MODE="0660", SMACK="_", GOTO="v4l_end"
-KERNEL=="video1", ENV{UNAME_KERNEL_RELEASE}=="3.4.*", GROUP="camera", MODE="0660", SMACK="_", GOTO="v4l_end"
-KERNEL=="video3", ENV{UNAME_KERNEL_RELEASE}=="3.4.*", GROUP="camera", MODE="0660", SMACK="_", GOTO="v4l_end"
-
-# Remaining video devices
-KERNEL=="video[0-9]", MODE="0660", GROUP="video", SMACK="_"
-LABEL="v4l_end"
-
-KERNEL=="video1", GROUP="camera", MODE="0660", SMACK="_"
-KERNEL=="video[6-7]", GROUP="hwcodec", MODE="0660", SMACK="_"
-KERNEL=="video11", GROUP="hwcodec", MODE="0660", SMACK="_"
-KERNEL=="video12", GROUP="hwcodec", MODE="0660", SMACK="_"
-
-LABEL="devices_end"
Domain: System / System Framework Device Management;