On wto, 2014-10-28 at 14:51 +0100, Stéphane Desneux wrote: > Also, I'm not sure that the rules for defining the permissions on such > devices should be global.
Because: 1. The security policy is global and it's not to applications to define that. You have 2 packages that write potentially conflicting entries to the same file now (udev input rules). You might as well introduce a third that does something completely different. Not to mention that this is so wrong on the RPM/filesystem consistency level. The files should be provided by RPM and installed together with the package, not created by post scripts. That's why there are config.d directories in the first place. Now you can't even see who added this entry and why. Every script can do as he wishes. A malicious app could add another entry to the file and rpm --verify wouldn't catch that. 2. Because you might have packages on much lower level then X/wayland. I already gave examples. And those could be used on headless installations and want to rely on such permissions (which wouldn't exist without X/wayland installed). Security containers is a live example. > And currently, you'll notice that every > profile is free to define the permissions as needed (because > weston-common or x11-common are packages specific to Tizen:Common, not > supposed to be inherited directly in a Tizen profile. > > Why not specifying the input rules where the 'input' group is defined ? It only means that the input group is defined in the wrong place. -- Lukasz Pawelczyk Samsung R&D Institute Poland Samsung Electronics _______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
