From b3c48b66bcc9dad62a461fdc3595a70c07ff8fd3 Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Wed, 23 Oct 2013 13:50:19 -0400
Subject: [PATCH] Change the type on /dev/uinput to match /dev/uhid.

/dev/uinput is accessed in the same way as /dev/uhid,
and unlike /dev/input/*.  bluetooth requires access to
the former and not to the latter, while shell requires access
to the latter and not the former.  This is also consistent
with their DAC group ownerships (net_bt_stack for /dev/uinput
and /dev/uhid vs input for /dev/input/*).

Change-Id: I0059d832a7fe036ed888c91e1fb96f3e6e0bd2d4
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 bluetooth.te  | 2 +-
 file_contexts | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/bluetooth.te b/bluetooth.te
index 32ee842dc..a6e0c4e4d 100644
--- a/bluetooth.te
+++ b/bluetooth.te
@@ -11,7 +11,7 @@ allow bluetooth bluetooth_data_file:notdevfile_class_set create_file_perms;
 r_dir_file(bluetooth, bluetooth_efs_file)
 
 # Device accesses.
-allow bluetooth { tun_device uhid_device hci_attach_dev input_device }:chr_file rw_file_perms;
+allow bluetooth { tun_device uhid_device hci_attach_dev }:chr_file rw_file_perms;
 
 # Other domains that can create and use bluetooth sockets.
 # SELinux does not presently define a specific socket class for
diff --git a/file_contexts b/file_contexts
index 5a9f1e209..89a8cf7b1 100644
--- a/file_contexts
+++ b/file_contexts
@@ -100,7 +100,7 @@
 /dev/ttyS[0-9]*		u:object_r:serial_device:s0
 /dev/tun		u:object_r:tun_device:s0
 /dev/uhid		u:object_r:uhid_device:s0
-/dev/uinput		u:object_r:input_device:s0
+/dev/uinput		u:object_r:uhid_device:s0
 /dev/urandom		u:object_r:urandom_device:s0
 /dev/usb_accessory	u:object_r:usbaccessory_device:s0
 /dev/vcs[0-9a-z]*	u:object_r:vcs_device:s0
-- 
GitLab