From c888e1c4dce2ee70521b7cf6e8ec8ec60a7aeea1 Mon Sep 17 00:00:00 2001
From: José Bollo <jose.bollo@iot.bzh>
Date: Wed, 12 Dec 2018 14:24:11 +0100
Subject: smack-system-setup: Update udev rules
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Add rules to correctly tag devices with *.
The most general rule is that devices should be
protected using DAC rules (user and group).

Bug-AGL: SPEC-2006

Change-Id: Ie18f79353f8f7645c2b615a359c65ec3a6984958
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
---
 .../recipes-core/smack-system-setup/files/55-udev-smack-default.rules | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/meta-security/recipes-core/smack-system-setup/files/55-udev-smack-default.rules b/meta-security/recipes-core/smack-system-setup/files/55-udev-smack-default.rules
index 3829019de..eca65292f 100644
--- a/meta-security/recipes-core/smack-system-setup/files/55-udev-smack-default.rules
+++ b/meta-security/recipes-core/smack-system-setup/files/55-udev-smack-default.rules
@@ -8,10 +8,14 @@ KERNEL=="video*", SECLABEL{smack}="*"
 KERNEL=="card*", SECLABEL{smack}="*"
 KERNEL=="ptmx", SECLABEL{smack}="*"
 KERNEL=="tty", SECLABEL{smack}="*"
+KERNEL=="rfkill", SECLABEL{smack}="*"
+
+SUBSYSTEM=="most_cdev_aim", SECLABEL{smack}="*"
 
 SUBSYSTEM=="graphics", GROUP="video", SECLABEL{smack}="*"
 SUBSYSTEM=="drm", GROUP="video", SECLABEL{smack}="*"
 SUBSYSTEM=="dvb", GROUP="video", SECLABEL{smack}="*"
+SUBSYSTEM=="sound", GROUP="audio", SECLABEL{smack}="*"
 
 SUBSYSTEM=="tty", KERNEL=="ptmx", GROUP="tty", MODE="0666", SECLABEL{smack}="*"
 SUBSYSTEM=="tty", KERNEL=="tty", GROUP="tty", MODE="0666", SECLABEL{smack}="*"
-- 
cgit 1.2.3-korg