From 95637eb2a332b9a09914b1bf32c10fccfba4a175 Mon Sep 17 00:00:00 2001 From: Michael Wright Date: Thu, 19 Jan 2017 12:56:06 +0000 Subject: [PATCH] Only allow system to write to existing input nodes. This prevents the shell user from injecting input as if it were coming from an existing input device, which in turn makes it easier for malware / abuse analysis to detect when someone is injecting input via the command line vs a real user using a device. Bug: 30861057 Test: ran getevent, saw correct output, played with device Change-Id: Ib53eea1b7767f25510b5d36fe6109101a9fad8e0 --- rootdir/ueventd.rc | 2 +- toolbox/getevent.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/rootdir/ueventd.rc b/rootdir/ueventd.rc index 0633a68a3..3b64f6de6 100644 --- a/rootdir/ueventd.rc +++ b/rootdir/ueventd.rc @@ -46,7 +46,7 @@ subsystem adf /dev/tty0 0660 root system /dev/graphics/* 0660 root graphics /dev/msm_hw3dm 0660 system graphics -/dev/input/* 0660 root input +/dev/input/* 0640 system input /dev/eac 0660 root audio /dev/cam 0660 root camera /dev/pmem 0660 system graphics diff --git a/toolbox/getevent.c b/toolbox/getevent.c index e6def6bae..1fb315cb5 100644 --- a/toolbox/getevent.c +++ b/toolbox/getevent.c @@ -321,7 +321,7 @@ static int open_device(const char *device, int print_flags) char idstr[80]; struct input_id id; - fd = open(device, O_RDWR); + fd = open(device, O_RDONLY); if(fd < 0) { if(print_flags & PRINT_DEVICE_ERRORS) fprintf(stderr, "could not open %s, %s\n", device, strerror(errno));