From 51156264b4b9ff3bd5a766d17f005eb5d6b4d029 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Tue, 28 Aug 2018 09:12:28 -0700
Subject: [PATCH] shell: remove /dev/input write access

Shell access to existing input devices is an abuse vector.
The shell user can inject events that look like they originate
from the touchscreen etc.

Everyone should have already moved to UiAutomation#injectInputEvent
if they are running instrumentation tests (i.e. CTS), Monkey for
their stress tests, and the input command (adb shell input ...) for
injecting swipes and things.

Remove the write ability for shell users, and add a neverallow assertion
(which is also a CTS test) to prevent regressions.

Bug: 30861057
Test: auditallow statement added in
  f617a404c2d3d43e1146a7237752aa1baab68918 hasn't triggered.
Test: ran getevent, saw correct output, played with device

Change-Id: Ia78eeec05f6015478dd32bd59505b51fef200a99
---
 public/shell.te | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/public/shell.te b/public/shell.te
index 6c9370307..9569d9719 100644
--- a/public/shell.te
+++ b/public/shell.te
@@ -47,11 +47,7 @@ allow shell tty_device:chr_file rw_file_perms;
 allow shell console_device:chr_file rw_file_perms;
 
 allow shell input_device:dir r_dir_perms;
-allow shell input_device:chr_file rw_file_perms;
-# b/30861057: TODO: No shell write access to existing input devices
-userdebug_or_eng(`
-  auditallow shell input_device:chr_file write;
-')
+allow shell input_device:chr_file r_file_perms;
 
 r_dir_file(shell, system_file)
 allow shell system_file:file x_file_perms;
@@ -238,3 +234,12 @@ neverallow shell {
 
 # Limit shell to only getattr on blk devices for host side tests.
 neverallow shell dev_type:blk_file ~getattr;
+
+# b/30861057: Shell access to existing input devices is an abuse
+# vector. The shell user can inject events that look like they
+# originate from the touchscreen etc.
+# Everyone should have already moved to UiAutomation#injectInputEvent
+# if they are running instrumentation tests (i.e. CTS), Monkey for
+# their stress tests, and the input command (adb shell input ...) for
+# injecting swipes and things.
+neverallow shell input_device:chr_file no_w_file_perms;
-- 
GitLab