summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJosé Bollo <jose.bollo@iot.bzh>2018-12-12 14:24:11 +0100
committerJosé Bollo <jose.bollo@iot.bzh>2018-12-18 10:53:07 +0100
commitc888e1c4dce2ee70521b7cf6e8ec8ec60a7aeea1 (patch)
tree3f8230200afa458e326ec4d3aa0b3fde5b8e10f2
parent6fc5ad52250e6dc63b40b17376668f40a016926e (diff)
smack-system-setup: Update udev rules
Add rules to correctly tag devices with *. The most general rule is that devices should be protected using DAC rules (user and group). Bug-AGL: SPEC-2006 Change-Id: Ie18f79353f8f7645c2b615a359c65ec3a6984958 Signed-off-by: José Bollo <jose.bollo@iot.bzh>
-rw-r--r--meta-security/recipes-core/smack-system-setup/files/55-udev-smack-default.rules4
1 files changed, 4 insertions, 0 deletions
diff --git a/meta-security/recipes-core/smack-system-setup/files/55-udev-smack-default.rules b/meta-security/recipes-core/smack-system-setup/files/55-udev-smack-default.rules
index 3829019de..eca65292f 100644
--- a/meta-security/recipes-core/smack-system-setup/files/55-udev-smack-default.rules
+++ b/meta-security/recipes-core/smack-system-setup/files/55-udev-smack-default.rules
@@ -8,10 +8,14 @@ KERNEL=="video*", SECLABEL{smack}="*"
KERNEL=="card*", SECLABEL{smack}="*"
KERNEL=="ptmx", SECLABEL{smack}="*"
KERNEL=="tty", SECLABEL{smack}="*"
+KERNEL=="rfkill", SECLABEL{smack}="*"
+
+SUBSYSTEM=="most_cdev_aim", SECLABEL{smack}="*"
SUBSYSTEM=="graphics", GROUP="video", SECLABEL{smack}="*"
SUBSYSTEM=="drm", GROUP="video", SECLABEL{smack}="*"
SUBSYSTEM=="dvb", GROUP="video", SECLABEL{smack}="*"
+SUBSYSTEM=="sound", GROUP="audio", SECLABEL{smack}="*"
SUBSYSTEM=="tty", KERNEL=="ptmx", GROUP="tty", MODE="0666", SECLABEL{smack}="*"
SUBSYSTEM=="tty", KERNEL=="tty", GROUP="tty", MODE="0666", SECLABEL{smack}="*"