From e9db430f94d4ebbaf4fb5bfda32213f26cd809b5 Mon Sep 17 00:00:00 2001
From: Alexander Shashkevych <alex@stunpix.com>
Date: Tue, 2 Dec 2014 20:13:01 +0200
Subject: [PATCH] udev-extraconf: restrict access to graphic buffers

For security reasons fb and galcore devices must be only accessible by root user and/or video group.
All other users must not have access to graphic buffers.

Signed-off-by: Alexander Shashkevich <alex@stunpix.com>
Signed-off-by: Otavio Salvador <otavio@ossystems.com.br>
---
 .../recipes-core/udev/udev-extraconf/10-imx.rules      | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/meta-fsl-arm/recipes-core/udev/udev-extraconf/10-imx.rules b/meta-fsl-arm/recipes-core/udev/udev-extraconf/10-imx.rules
index 202bf045..6afc1e8e 100644
--- a/meta-fsl-arm/recipes-core/udev/udev-extraconf/10-imx.rules
+++ b/meta-fsl-arm/recipes-core/udev/udev-extraconf/10-imx.rules
@@ -16,10 +16,8 @@ KERNEL=="mc13783_connectiv*",  NAME="mc13783_connectivity"
 KERNEL=="mxc_iim",  MODE="0444", SYMLINK+="mxc_mem"
 KERNEL=="mxs_viim", MODE="0444", SYMLINK+="mxc_mem"
 KERNEL=="mxc_ipu",  MODE="0666"
-KERNEL=="fb0",      MODE="0666"
-KERNEL=="fb1",      MODE="0666"
-KERNEL=="fb2",      MODE="0666"
 KERNEL=="mxc_vpu",  MODE="0666"
-SUBSYSTEM=="video", MODE="0666"
-KERNEL=="gsl_kmod", MODE="0666"
-KERNEL=="galcore",  MODE="0666"
+SUBSYSTEM=="video", MODE="0660"
+KERNEL=="fb[0-9]",  MODE="0660", GROUP="video"
+KERNEL=="gsl_kmod", MODE="0660", GROUP="video"
+KERNEL=="galcore",  MODE="0660", GROUP="video"
-- 
2.40.1