From a2e4e2656bfdd0bb002123c0e1da893831a47b82 Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Wed, 11 Jun 2014 12:09:15 -0400
Subject: [PATCH] Allow shell to read/search /dev/input directory.

Resolves denials such as:
avc: denied { read } for pid=16758 comm="getevent" name="input" dev="tmpfs" ino=6018 scontext=u:r:shell:s0 tcontext=u:object_r:input_device:s0 tclass=dir

Change-Id: I709bd20a03a5271382b191393d55a34b0b8e4e0c
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 shell.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/shell.te b/shell.te
index 6df9c852a..aa02ce5fc 100644
--- a/shell.te
+++ b/shell.te
@@ -29,6 +29,7 @@ allow shell rootfs:dir r_dir_perms;
 allow shell devpts:chr_file rw_file_perms;
 allow shell tty_device:chr_file rw_file_perms;
 allow shell console_device:chr_file rw_file_perms;
+allow shell input_device:dir r_dir_perms;
 allow shell input_device:chr_file rw_file_perms;
 allow shell system_file:file x_file_perms;
 allow shell shell_exec:file rx_file_perms;
-- 
GitLab