smack-system-setup: Update udev rules

Add rules to correctly tag devices with *.
The most general rule is that devices should be
protected using DAC rules (user and group).

Bug-AGL: SPEC-2006

Change-Id: Ie18f79353f8f7645c2b615a359c65ec3a6984958
Signed-off-by: José Bollo <jose.bollo@iot.bzh>

diff --git a/meta-security/recipes-core/smack-system-setup/files/55-udev-smack-default.rules b/meta-security/recipes-core/smack-system-setup/files/55-udev-smack-default.rules
index 3829019..eca6529 100644 (file)
--- a/meta-security/recipes-core/smack-system-setup/files/55-udev-smack-default.rules
+++ b/meta-security/recipes-core/smack-system-setup/files/55-udev-smack-default.rules
@@ -8,10 +8,14 @@ KERNEL=="video*", SECLABEL{smack}="*"
 KERNEL=="card*", SECLABEL{smack}="*"
 KERNEL=="ptmx", SECLABEL{smack}="*"
 KERNEL=="tty", SECLABEL{smack}="*"
+KERNEL=="rfkill", SECLABEL{smack}="*"
+
+SUBSYSTEM=="most_cdev_aim", SECLABEL{smack}="*"
 
 SUBSYSTEM=="graphics", GROUP="video", SECLABEL{smack}="*"
 SUBSYSTEM=="drm", GROUP="video", SECLABEL{smack}="*"
 SUBSYSTEM=="dvb", GROUP="video", SECLABEL{smack}="*"
+SUBSYSTEM=="sound", GROUP="audio", SECLABEL{smack}="*"
 
 SUBSYSTEM=="tty", KERNEL=="ptmx", GROUP="tty", MODE="0666", SECLABEL{smack}="*"
 SUBSYSTEM=="tty", KERNEL=="tty", GROUP="tty", MODE="0666", SECLABEL{smack}="*"