From 95054cefbe612ca2c1df7b6acf46d83e541ce1ae Mon Sep 17 00:00:00 2001
From: Alexander Shashkevych <alex@stunpix.com>
Date: Tue, 2 Dec 2014 20:13:01 +0200
Subject: udev-extraconf: restrict access to graphic buffers

For security reasons fb and galcore devices must be only accessible by root user and/or video group.
All other users must not have access to graphic buffers.

Signed-off-by: Alexander Shashkevich <alex@stunpix.com>
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
---
 recipes-core/udev/udev-extraconf/10-imx.rules | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/recipes-core/udev/udev-extraconf/10-imx.rules b/recipes-core/udev/udev-extraconf/10-imx.rules
index 202bf04..6afc1e8 100644
--- a/recipes-core/udev/udev-extraconf/10-imx.rules
+++ b/recipes-core/udev/udev-extraconf/10-imx.rules
@@ -16,10 +16,8 @@ KERNEL=="mc13783_connectiv*",  NAME="mc13783_connectivity"
 KERNEL=="mxc_iim",  MODE="0444", SYMLINK+="mxc_mem"
 KERNEL=="mxs_viim", MODE="0444", SYMLINK+="mxc_mem"
 KERNEL=="mxc_ipu",  MODE="0666"
-KERNEL=="fb0",      MODE="0666"
-KERNEL=="fb1",      MODE="0666"
-KERNEL=="fb2",      MODE="0666"
 KERNEL=="mxc_vpu",  MODE="0666"
-SUBSYSTEM=="video", MODE="0666"
-KERNEL=="gsl_kmod", MODE="0666"
-KERNEL=="galcore",  MODE="0666"
+SUBSYSTEM=="video", MODE="0660"
+KERNEL=="fb[0-9]",  MODE="0660", GROUP="video"
+KERNEL=="gsl_kmod", MODE="0660", GROUP="video"
+KERNEL=="galcore",  MODE="0660", GROUP="video"
-- 
cgit v1.2.3-54-g00ecf