auditallow shell input_device:chr_file

Test to see if anyone is writing to /dev/input from the shell. Bug: 30861057 Test: device boots and no avc granted messages. Change-Id: Ia3499ef9436f83cf13c633525348b63edd95990f

auditallow shell input_device:chr_file
f617a404 · Nick Kralevich · 7ecc8b13 · f617a404
Commit f617a404 authored 6 years ago by Nick Kralevich
--- a/public/shell.te
+++ b/public/shell.te
@@ -45,8 +45,14 @@ unix_socket_connect(shell, dumpstate, dumpstate)
 allow shell devpts:chr_file rw_file_perms;
 allow shell tty_device:chr_file rw_file_perms;
 allow shell console_device:chr_file rw_file_perms;
+
 allow shell input_device:dir r_dir_perms;
 allow shell input_device:chr_file rw_file_perms;
+# b/30861057: TODO: No shell write access to existing input devices
+userdebug_or_eng(`
+  auditallow shell input_device:chr_file write;
+')
+
 r_dir_file(shell, system_file)
 allow shell system_file:file x_file_perms;
 allow shell toolbox_exec:file rx_file_perms;