From 12c9f9a83572423185455dbfee5d2083cbf826df Mon Sep 17 00:00:00 2001
From: Darren Hart <dvhart@linux.intel.com>
Date: Wed, 3 Apr 2013 12:49:41 -0700
Subject: xserver-nodm-init: Add xuser to input group

Fixes [YOCTO 4164](3/3)

Input devices come and go, so a single chmod in this init script is not
adequate to ensure rootless X servers can use input devices.

The o+rw method also introduces a security hole.

The newly added input group and input udev rule address this in a secure
way. Ensure the xuser is added to the input group.

(From OE-Core rev: 150b7ac8e1c0f029b90f63424867ee5347821cf7)

Signed-off-by: Darren Hart <dvhart@linux.intel.com>
Cc: Saul Wold <sgw@linux.intel.com>
Cc: Laurentiu Palcu <laurentiu.palcu@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 meta/recipes-graphics/x11-common/xserver-nodm-init.bb           | 4 ++--
 meta/recipes-graphics/x11-common/xserver-nodm-init/xserver-nodm | 1 -
 2 files changed, 2 insertions(+), 3 deletions(-)

(limited to 'meta/recipes-graphics/x11-common')

diff --git a/meta/recipes-graphics/x11-common/xserver-nodm-init.bb b/meta/recipes-graphics/x11-common/xserver-nodm-init.bb
index eab76c597b..d2797a99d1 100644
--- a/meta/recipes-graphics/x11-common/xserver-nodm-init.bb
+++ b/meta/recipes-graphics/x11-common/xserver-nodm-init.bb
@@ -2,7 +2,7 @@ DESCRIPTION = "Simple Xserver Init Script (no dm)"
 LICENSE = "GPLv2"
 LIC_FILES_CHKSUM = "file://COPYING;md5=751419260aa954499f7abaabaa882bbe"
 SECTION = "x11"
-PR = "r30"
+PR = "r31"
 RDEPENDS_${PN} = "sudo"
 
 SRC_URI = "file://xserver-nodm \
@@ -34,6 +34,6 @@ INITSCRIPT_PARAMS = "start 9 5 2 . stop 20 0 1 6 ."
 # USERADD_PARAM is in sync with the one in connman.inc
 USERADD_PACKAGES = "${PN}"
 USERADD_PARAM_${PN} = "--create-home \
-                       --groups video,tty,audio \
+                       --groups video,tty,audio,input \
                        --user-group xuser"
 
diff --git a/meta/recipes-graphics/x11-common/xserver-nodm-init/xserver-nodm b/meta/recipes-graphics/x11-common/xserver-nodm-init/xserver-nodm
index e790fb0921..f6692a814b 100755
--- a/meta/recipes-graphics/x11-common/xserver-nodm-init/xserver-nodm
+++ b/meta/recipes-graphics/x11-common/xserver-nodm-init/xserver-nodm
@@ -33,7 +33,6 @@ case "$1" in
            # setting for rootless X
            chmod o+w /var/log
            chmod g+r /dev/tty[0-3]
-           chmod o+rw /dev/input/*
            # hidraw device is probably needed
            if [ -e /dev/hidraw0 ]; then
                chmod o+rw /dev/hidraw*
-- 
cgit v1.2.3-54-g00ecf