1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-22 17:35:35 +03:00
systemd/rules.d/70-uaccess.rules.in

101 lines
3.4 KiB
Plaintext
Raw Normal View History

# SPDX-License-Identifier: LGPL-2.1-or-later
#
2011-05-26 04:21:16 +04:00
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or
2011-05-26 04:21:16 +04:00
# (at your option) any later version.
ACTION=="remove", GOTO="uaccess_end"
ENV{MAJOR}=="", GOTO="uaccess_end"
# PTP/MTP protocol devices, cameras, portable media players
SUBSYSTEM=="usb", ENV{ID_USB_INTERFACES}=="*:060101:*", TAG+="uaccess"
# Digicams with proprietary protocol
ENV{ID_GPHOTO2}=="?*", TAG+="uaccess"
2011-05-26 04:21:16 +04:00
# SCSI and USB scanners
ENV{libsane_matched}=="yes", TAG+="uaccess"
# HPLIP devices (necessary for ink level check and HP tool maintenance)
ENV{ID_HPLIP}=="1", TAG+="uaccess"
# optical drives
SUBSYSTEM=="block", ENV{ID_CDROM}=="1", TAG+="uaccess"
SUBSYSTEM=="scsi_generic", SUBSYSTEMS=="scsi", ATTRS{type}=="4|5", TAG+="uaccess"
# Sound devices
SUBSYSTEM=="sound", TAG+="uaccess", \
OPTIONS+="static_node=snd/timer", OPTIONS+="static_node=snd/seq"
2011-05-26 04:21:16 +04:00
# Webcams, frame grabber, TV cards
SUBSYSTEM=="video4linux", TAG+="uaccess"
SUBSYSTEM=="dvb", TAG+="uaccess"
SUBSYSTEM=="media", TAG+="uaccess"
2011-05-26 04:21:16 +04:00
# industrial cameras, some webcams, camcorders, set-top boxes, TV sets, audio devices, and more
hwdb: add hardware database for unit of IEEE 1394 Current udev rules configures group owner of firewire character device to video group, corresponding to nodes in IEEE 1394 in below cases: 1.the node with any unit for any minor version of IIDC version 1 specification defined by 1394 Trading Association 2.the node with any unit for specification defined by Point Grey Research 3.the node with any unit for AV/C device v1.0 defined by 1394 Trading Association 4.the node with any unit for vendor-unique protocol defined by 1394 Trading Association Nevertheless, case 3 and 4 can cover the node with any unit for audio function as well. In the cases, it's convenient to assign audio group. Additionally, some nodes are known to have layout different from the specification defined by 1394 Trading Association. In the case, it's required to add rules specific to them. Furthermore, some nodes have no fields for vendor name and model name in configuration ROM. In the case, it's required to add entries to hardware database for users convenience. For the above reasons, this commit adds rules to use information in hardware database for known units in IEEE 1394. One database entry corresponds to one unit. Two types of key are used to match the unit; customized key from node context, kernel modalias of unit context. The entry has the type of function, at least. Supplementally, it has vendor and model names. For your information, below statements with Python pyparsing module are expected to parse all of the custom key and module alias in the list: ``` subsystem_prefix = pp.Literal('ieee1394:').suppress() hex_to_int = lambda a: int(a[0], 16) node_prefix = pp.Literal('node:').suppress() prefixed_lower_hex = pp.Combine(pp.Literal('0x') + pp.Word(pp.srange('[a-z0-9]'), exact=6)).setParseAction(hex_to_int) ven_in_node = pp.dictOf(pp.Literal('ven'), prefixed_lower_hex) mo_in_node = pp.dictOf(pp.Literal('mo'), prefixed_lower_hex) unit_in_node = pp.Group(prefixed_lower_hex + pp.Literal(':').suppress() + prefixed_lower_hex) units_in_node = pp.Group(pp.Literal('units') + pp.ZeroOrMore(pp.Literal('*')).suppress() + unit_in_node + pp.ZeroOrMore(pp.Literal('*')).suppress()) node_parser = subsystem_prefix + node_prefix + ven_in_node + pp.Optional(mo_in_node) + units_in_node higher_hex = pp.Word(pp.srange('[A-Z0-9]'), exact=8).setParseAction(hex_to_int) ven_in_unit = pp.dictOf(pp.Literal('ven'), higher_hex) mo_literal_in_unit = pp.dictOf(pp.Literal('mo'), higher_hex) mo_in_unit = pp.dictOf(pp.Literal('mo'), higher_hex ^ pp.Literal('*')) sp_in_unit = pp.dictOf(pp.Literal('sp'), higher_hex) ver_in_unit = pp.dictOf(pp.Literal('ver'), higher_hex) unit_parser = subsystem_prefix + ven_in_unit + mo_in_unit + sp_in_unit + ver_in_unit key_parser = node_parser ^ unit_parser ``` Signed-off-by: Takashi Sakamoto <o-takashi@sakamocchi.jp>
2021-04-07 05:49:22 +03:00
SUBSYSTEM=="firewire", TEST=="units", ENV{IEEE1394_UNIT_FUNCTION_MIDI}=="1", TAG+="uaccess"
SUBSYSTEM=="firewire", TEST=="units", ENV{IEEE1394_UNIT_FUNCTION_AUDIO}=="1", TAG+="uaccess"
SUBSYSTEM=="firewire", TEST=="units", ENV{IEEE1394_UNIT_FUNCTION_VIDEO}=="1", TAG+="uaccess"
Revert "rules: allow users to access frame buffer devices" (#3333) This reverts commit 483d8bbb4c0190f419bf9fba57fb0feb1a56bea6. In [1] Michel Dänzer and Daniel Vetter wrote: >> The scenario you describe isn't possible if the Wayland compositor >> directly uses the KMS API of /dev/dri/card*, but it may be possible if >> the Wayland compositor uses the fbdev API of /dev/fb* instead (e.g. if >> weston uses its fbdev backend). > > Yeah, if both weston and your screen grabber uses native fbdev API you can > now screenshot your desktop. And since fbdev has no concept of "current > owner of the display hw" like the drm master, I think this is not fixable. > At least not just in userspace. Also even with native KMS compositors > fbdev still doesn't have the concept of ownership, which is why it doesn't > bother clearing it's buffer before KMS takes over. I agree that this > should be reverted or at least hidden better. TBH, I think that privilege separation between processes running under the same UID is tenuous. Even with drm, in common setups any user process can ptrace the "current owner of the display" and call DROP_MASTER or do whatever. It *is* possible to prevent that, e.g. by disabling ptrace using yama.ptrace_scope, or selinux, and so on, but afaik this is not commonly done. E.g. all Fedora systems pull in elfutils-default-yama-scope.rpm through dependencies which sets yama.ptrace_scope=0. And even assuming that ptrace was disabled, it is trivial to modify files on disk, communicate through dbus, etc; there is just to many ways for a non-sandboxed process to interact maliciously with the display shell to close them all off. To achieve real protection, some sort of sandboxing must be implemented, and in that case there is no need to rely on access mode on the device files, since much more stringent measures have to be implemented anyway. The situation is similar for framebuffer devices. It is common to add framebuffer users to video group to allow them unlimited access to /dev/fb*. Using uaccess would be better solution in that case. Also, since there is no "current owner" limitation like in DRM, processes running under the same UID should be able to access /proc/<pid-of-display-server>/fd/* and gain access to the devices. Nevertheless, weston implements a suid wrapper to access the devices and then drop privileges, and this patch would make this daemon pointless. So if the weston developers feel that this change reduces security, I prefer to revert it. [1] https://lists.freedesktop.org/archives/wayland-devel/2016-May/029017.html
2016-05-24 12:32:30 +03:00
# DRI video devices
SUBSYSTEM=="drm", KERNEL=="card*", TAG+="uaccess"
{% if GROUP_RENDER_UACCESS %}
# DRI render nodes
SUBSYSTEM=="drm", KERNEL=="renderD*", TAG+="uaccess"
{% endif %}
{% if DEV_KVM_UACCESS %}
# KVM
SUBSYSTEM=="misc", KERNEL=="kvm", TAG+="uaccess"
{% endif %}
2011-05-26 04:21:16 +04:00
# smart-card readers
ENV{ID_SMARTCARD_READER}=="?*", TAG+="uaccess"
2011-05-26 04:21:16 +04:00
# (USB) authentication devices
ENV{ID_SECURITY_TOKEN}=="?*", TAG+="uaccess"
2011-05-26 04:21:16 +04:00
# PDA devices
ENV{ID_PDA}=="?*", TAG+="uaccess"
2011-05-26 04:21:16 +04:00
# Programmable remote control
ENV{ID_REMOTE_CONTROL}=="1", TAG+="uaccess"
# joysticks
SUBSYSTEM=="input", ENV{ID_INPUT_JOYSTICK}=="?*", TAG+="uaccess"
# color measurement devices
ENV{COLOR_MEASUREMENT_DEVICE}=="?*", TAG+="uaccess"
2011-05-26 04:21:16 +04:00
# DDC/CI device, usually high-end monitors such as the DreamColor
ENV{DDC_DEVICE}=="?*", TAG+="uaccess"
2011-05-26 04:21:16 +04:00
# media player raw devices (for user-mode drivers, Android SDK, etc.)
SUBSYSTEM=="usb", ENV{ID_MEDIA_PLAYER}=="?*", TAG+="uaccess"
# software-defined radio communication devices
ENV{ID_SOFTWARE_RADIO}=="?*", TAG+="uaccess"
# 3D printers, CNC machines, laser cutters, 3D scanners, etc.
ENV{ID_MAKER_TOOL}=="?*", TAG+="uaccess"
# Protocol analyzers
ENV{ID_SIGNAL_ANALYZER}=="?*", ENV{DEVTYPE}=="usb_device", TAG+="uaccess"
ENV{ID_SIGNAL_ANALYZER}=="?*", KERNEL=="ttyACM[0-9]*", TAG+="uaccess"
# rfkill / radio killswitches
KERNEL=="rfkill", SUBSYSTEM=="misc", TAG+="uaccess"
# AV production controllers
# Most of these devices use HID for the knobs, faders, buttons, encoders, and jog wheels.
SUBSYSTEM=="hidraw", ENV{ID_AV_PRODUCTION_CONTROLLER}=="1", TAG+="uaccess"
# Some devices use vendor defined protocols on USB Bulk endpoints for controllers.
# Other devices transfer graphics to screens on the device through USB Bulk endpoints.
# This also allows accessing HID devices with the libusb backend of hidapi.
SUBSYSTEM=="usb", ENV{ID_AV_PRODUCTION_CONTROLLER}=="1", TAG+="uaccess"
2011-05-26 04:21:16 +04:00
LABEL="uaccess_end"