Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 117369 - /dev/input/event* can be used as input (synaptics) but not mouse_t
Summary: /dev/input/event* can be used as input (synaptics) but not mouse_t
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: policy
Version: 2
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: FC2Blocker
TreeView+ depends on / blocked
 
Reported: 2004-03-03 12:36 UTC by Paul Nasrat
Modified: 2007-11-30 22:10 UTC (History)
1 user (show)

Fixed In Version: 1.9.1-2
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2004-03-30 20:26:13 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Paul Nasrat 2004-03-03 12:36:18 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4.1)
Gecko/20031114

Description of problem:
Running in enforcing mode XFree86 fails to start using the synaptics
driver (http://w1.894.telia.com/~u89404340/touchpad/) which takes raw
events from /dev/input/eventN - dmesg snippet 

avc:  denied  { read } for  pid=2028 exe=/usr/X11R6/bin/XFree86
name=event17 dev=hda5 ino=1296402
scontext=system_u:system_r:xdm_xserver_t
tcontext=system_u:object_r:device_t tclass=chr_file

avc:  denied  { read } for  pid=2028 exe=/usr/X11R6/bin/XFree86
name=event18 dev=hda5 ino=1296403
scontext=system_u:system_r:xdm_xserver_t
tcontext=system_u:object_r:device_t tclass=chr_file

XFree86.0.log:

MouseS no synaptics event device found
(**) Option "Device" "/dev/input/mice"
Query no Synaptics: 6003C8
(EE) MouseS no synaptics touchpad detected and no repeater device
(EE) MouseS Unable to query/initialize Synaptics hardware.
(EE) PreInit failed for input device "MouseS"
(II) UnloadModule: "synaptics"
(II) Keyboard "Keyboard0" handled by legacy driver
(**) Option "Protocol" "IMPS/2"
(**) DevInputMice: Protocol: "IMPS/2"
(**) Option "AlwaysCore"
(**) DevInputMice: always reports core events
(**) Option "Device" "/dev/input/mice"
(**) Option "Emulate3Buttons" "no"
(**) Option "ZAxisMapping" "4 5"
(**) DevInputMice: ZAxisMapping: buttons 4 and 5
(**) DevInputMice: Buttons: 5
(WW) No core pointer registered
(II) XINPUT: Adding extended input device "DevInputMice" (type: MOUSE)
(II) DevInputMice: ps2EnableDataReporting: succeeded
No core pointer



Version-Release number of selected component (if applicable):
policy-1.6.16

How reproducible:
Always

Steps to Reproduce:
1. run in enforcing mode (I used setenforce 1)
2. startx on machine using synaptics driver

    

Actual Results:  Fails with above logs

Expected Results:  XFree86 starts

Additional info:

Added

/u?dev/input/.*event.* -c system_u:object_r:mouse_device_t to
file_contexts/types.fc and make relabel fixes.   However as event
devices can be all input devices it might make sense to have
event_device_t maybe.
Comment 1 Aleksey Nogin 2004-03-08 09:10:18 UTC 
Note that gpm also has this problem if the evdev driver is used in gpm
(which is included in the default distro, BTW). I would also like to
see this problem fixed.
Comment 2 Daniel Walsh 2004-03-18 05:14:58 UTC 
Is this fixed by policy-1.9-1
Comment 3 Aleksey Nogin 2004-03-20 00:46:25 UTC 
No. In policy-1.9-3, the event devices are still not marked any
special and I see:

audit(1079743662.488:0): avc:  denied  { read } for  pid=24211
exe=/usr/X11R6/bin/XFree86 name=event0 dev=hda2 ino=4219044
scontext=system_u:system_r:xdm_xserver_t
tcontext=system_u:object_r:device_t tclass=chr_file
audit(1079743662.488:0): avc:  denied  { ioctl } for  pid=24211
exe=/usr/X11R6/bin/XFree86 path=/dev/input/event0 dev=hda2 ino=4219044
scontext=system_u:system_r:xdm_xserver_t
tcontext=system_u:object_r:device_t tclass=chr_file
audit(1079743662.489:0): avc:  denied  { write } for  pid=24211
exe=/usr/X11R6/bin/XFree86 name=event0 dev=hda2 ino=4219044
scontext=system_u:system_r:xdm_xserver_t
tcontext=system_u:object_r:device_t tclass=chr_file
audit(1079743662.618:0): avc:  denied  { getattr } for  pid=24211
exe=/usr/X11R6/bin/XFree86 path=/dev/input/event0 dev=hda2 ino=4219044
scontext=system_u:system_r:xdm_xserver_t
tcontext=system_u:object_r:device_t tclass=chr_file

I see that policy-1.9-3 has a event_device_t type. But if I manually add 

/u?dev/input/.*event.*  -c      system_u:object_r:event_device_t

then X still is not allowed to access them:

audit(1079743543.522:0): avc:  denied  { read } for  pid=23815
exe=/usr/X11R6/bin/XFree86 name=event0 dev=hda2 ino=4219044
scontext=system_u:system_r:xdm_xserver_t
tcontext=system_u:object_r:event_device_t tclass=chr_file
audit(1079743543.522:0): avc:  denied  { ioctl } for  pid=23815
exe=/usr/X11R6/bin/XFree86 path=/dev/input/event0 dev=hda2 ino=4219044
scontext=system_u:system_r:xdm_xserver_t
tcontext=system_u:object_r:event_device_t tclass=chr_file
audit(1079743543.522:0): avc:  denied  { write } for  pid=23815
exe=/usr/X11R6/bin/XFree86 name=event0 dev=hda2 ino=4219044
scontext=system_u:system_r:xdm_xserver_t
tcontext=system_u:object_r:event_device_t tclass=chr_file
audit(1079743546.735:0): avc:  denied  { getattr } for  pid=23815
exe=/usr/X11R6/bin/XFree86 path=/dev/input/event0 dev=hda2 ino=4219044
scontext=system_u:system_r:xdm_xserver_t
tcontext=system_u:object_r:event_device_t tclass=chr_file
audit(1079743629.754:0): avc:  denied  { read } for  pid=24005
exe=/usr/X11R6/bin/XFree86 name=event0 dev=hda2 ino=4219044
scontext=system_u:system_r:xdm_xserver_t
tcontext=system_u:object_r:event_device_t tclass=chr_file
Comment 4 Aleksey Nogin 2004-03-30 20:26:13 UTC 
Fixed with policy-sources-1.9.1-2
Note You need to log in before you can comment on or make changes to this bug.