Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 344e929e authored by Michael Wright's avatar Michael Wright Committed by Elliott Hughes
Browse files

Only allow system to write to existing input nodes. 

This prevents the shell user from injecting input as if it were coming
from an existing input device, which in turn makes it easier for malware
/ abuse analysis to detect when someone is injecting input via the
command line vs a real user using a device.

(cherrypick of 95637eb2.)

Bug: 30861057
Test: ran getevent, saw correct output, played with device
Change-Id: Ib53eea1b7767f25510b5d36fe6109101a9fad8e0
parent 01b25ab1

rootdir/ueventd.rc

+1 −1
Original line number Diff line number Diff line
@@ -46,7 +46,7 @@ subsystem adf 
/dev/tty0                 0660   root       system

/dev/graphics/*           0660   root       graphics

/dev/msm_hw3dm            0660   system     graphics

/dev/input/*              0660   root       input

/dev/input/*              0640   system     input

/dev/eac                  0660   root       audio

/dev/cam                  0660   root       camera

/dev/pmem                 0660   system     graphics

toolbox/getevent.c

+1 −1
Original line number Diff line number Diff line
@@ -321,7 +321,7 @@ static int open_device(const char *device, int print_flags) 
    char idstr[80];

    struct input_id id;



    fd = open(device, O_RDWR);

    fd = open(device, O_RDONLY);

    if(fd < 0) {

        if(print_flags & PRINT_DEVICE_ERRORS)

            fprintf(stderr, "could not open %s, %s\n", device, strerror(errno));