Only allow system to write to existing input nodes.

This prevents the shell user from injecting input as if it were coming from an existing input device, which in turn makes it easier for malware / abuse analysis to detect when someone is injecting input via the command line vs a real user using a device. (cherrypick of 95637eb2a332b9a09914b1bf32c10fccfba4a175.) Bug: 30861057 Test: ran getevent, saw correct output, played with device Change-Id: Ib53eea1b7767f25510b5d36fe6109101a9fad8e0
2017-01-19 12:56:06 +00:00 · 2017-01-19 12:56:06 +00:00 · 344e929e6d
commit 344e929e6d
parent 01b25ab149
2 changed files with 2 additions and 2 deletions
--- a/rootdir/ueventd.rc
+++ b/rootdir/ueventd.rc
@ -46,7 +46,7 @@ subsystem adf
 /dev/tty0                 0660   root       system
 /dev/graphics/*           0660   root       graphics
 /dev/msm_hw3dm            0660   system     graphics
-/dev/input/*              0660   root       input
+/dev/input/*              0640   system     input
 /dev/eac                  0660   root       audio
 /dev/cam                  0660   root       camera
 /dev/pmem                 0660   system     graphics
--- a/toolbox/getevent.c
+++ b/toolbox/getevent.c
@ -321,7 +321,7 @@ static int open_device(const char *device, int print_flags)
    char idstr[80];
    struct input_id id;

-    fd = open(device, O_RDWR);
+    fd = open(device, O_RDONLY);
    if(fd < 0) {
        if(print_flags & PRINT_DEVICE_ERRORS)
            fprintf(stderr, "could not open %s, %s\n", device, strerror(errno));