]> code.ossystems Code Review - meta-freescale.git/commitdiff
Code Review / meta-freescale.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 9665676)
udev-extraconf: restrict access to graphic buffers
authorAlexander Shashkevych <alex@stunpix.com>
Tue, 2 Dec 2014 18:13:01 +0000 (20:13 +0200)
committerOtavio Salvador <otavio@ossystems.com.br>
Tue, 2 Dec 2014 21:13:40 +0000 (19:13 -0200)
For security reasons fb and galcore devices must be only accessible by root user and/or video group.
All other users must not have access to graphic buffers.

Signed-off-by: Alexander Shashkevich <alex@stunpix.com>
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
meta-fsl-arm/recipes-core/udev/udev-extraconf/10-imx.rules patch | blob | history

diff --git a/meta-fsl-arm/recipes-core/udev/udev-extraconf/10-imx.rules b/meta-fsl-arm/recipes-core/udev/udev-extraconf/10-imx.rules
index 202bf0458b466ac71d35f71f0ddd007e78f09600..6afc1e8e2ed7b4f38fdcf86c69b7d117713f8bf4 100644 (file)
--- a/meta-fsl-arm/recipes-core/udev/udev-extraconf/10-imx.rules
+++ b/meta-fsl-arm/recipes-core/udev/udev-extraconf/10-imx.rules
@@ -16,10 +16,8 @@ KERNEL=="mc13783_connectiv*",  NAME="mc13783_connectivity"
 KERNEL=="mxc_iim",  MODE="0444", SYMLINK+="mxc_mem"
 KERNEL=="mxs_viim", MODE="0444", SYMLINK+="mxc_mem"
 KERNEL=="mxc_ipu",  MODE="0666"
-KERNEL=="fb0",      MODE="0666"
-KERNEL=="fb1",      MODE="0666"
-KERNEL=="fb2",      MODE="0666"
 KERNEL=="mxc_vpu",  MODE="0666"
-SUBSYSTEM=="video", MODE="0666"
-KERNEL=="gsl_kmod", MODE="0666"
-KERNEL=="galcore",  MODE="0666"
+SUBSYSTEM=="video", MODE="0660"
+KERNEL=="fb[0-9]",  MODE="0660", GROUP="video"
+KERNEL=="gsl_kmod", MODE="0660", GROUP="video"
+KERNEL=="galcore",  MODE="0660", GROUP="video"