Clean up udev and Smack rules

Smack rules for device nodes should be applied in the udev package.
Security team should audit permissions for device nodes that are
needed to be changed that were being kept in this package (but again
should be done in the udev package as there were a broad grouping of
devices that may even conflict with default udev rules).

This change is likely a breaking change and will need corresponding
changes to other packages (including udev rules and manifest).

Change-Id: I509035ace21163e24231e825f44a9f96a988c47e
Signed-off-by: William Douglas <william.douglas@intel.com>

8 files changed, 4 insertions, 195 deletions

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 70705b4..6c7b887 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -46,5 +46,3 @@ INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/devman_plugin.pc DESTINATION ${LIB_INS
 FOREACH(hfile ${HEADERS})
 	INSTALL(FILES ${CMAKE_CURRENT_SOURCE_DIR}/${hfile} DESTINATION include/${PROJECT_NAME})
 ENDFOREACH(hfile)
-
-INSTALL(DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/udev/ DESTINATION lib/udev)
diff --git a/device-node.sh b/device-node.sh
deleted file mode 100755
index 74d324b..0000000
--- a/device-node.sh
+++ /dev/null
@@ -1,35 +0,0 @@
-#!/bin/sh
-
-do_start () {
-	# If setting for device is needed, do here
-}
-
-## for setting default brightness
-set_display () {
-	BL_BRT=
-	for file in /sys/class/backlight/*; do
-	#	echo $file
-		if [ -e $file ]; then
-			BL_BRT=$file/brightness
-			break
-		fi
-	done
-	/bin/echo `/usr/bin/vconftool get db/setting/Brightness | /usr/bin/awk '{print $4}'` > $BL_BRT
-	/bin/echo 0 > /sys/class/leds/leds-torch/brightness
-}
-
-case "$1" in
-	start)
-		do_start
-		;;
-	display)
-		set_display
-		;;
-	*)
-		echo "Usage: $0 start | display"
-		exit 1
-
-esac
-
-exit 0
-
diff --git a/packaging/libdevice-node.manifest b/packaging/libdevice-node.manifest
index 60aaa98..017d22d 100644
--- a/packaging/libdevice-node.manifest
+++ b/packaging/libdevice-node.manifest
@@ -1,25 +1,5 @@
 <manifest>
-	<define>
-		<domain name="device"/>
-		<provide>
-			<label name="device::camera"/>
-			<label name="device::app_logging"/>
-			<label name="device::sys_logging"/>
-			<label name="device::audio"/>
-			<label name="device::recording"/>
-			<label name="device::hwcodec"/>
-			<label name="device::video"/>
-			<label name="device::radio"/>
-			<label name="device::bklight"/>
-			<label name="device::led"/>
-			<label name="device::mdnie"/>
-			<label name="device::dialout"/>
-			<label name="device::printer"/>
-			<label name="device::nfc"/>
-			<label name="device::hall"/>
-		</provide>
-	</define>
-	<request>
-		<domain name="_"/>
-	</request>
+ <request>
+    <domain name="_"/>
+ </request>
 </manifest>
diff --git a/packaging/libdevice-node.spec b/packaging/libdevice-node.spec
index 0d2b5bf..b0a7794 100644
--- a/packaging/libdevice-node.spec
+++ b/packaging/libdevice-node.spec
@@ -2,11 +2,10 @@ Name:       libdevice-node
 Summary:    Library to control OAL APIs
 Version:    0.1.0
 Release:    1
-Group:      System/Libraries
+Group:      Application Framework/Libraries
 License:    Apache-2.0
 Source0:    %{name}-%{version}.tar.gz
 Source1:    %{name}.manifest
-Source2:    smack-device-labeling.service
 BuildRequires:  cmake
 BuildRequires:  pkgconfig(vconf)
 BuildRequires:  pkgconfig(dlog)
@@ -16,7 +15,6 @@ development package of library to control OAL APIs
 
 %package devel
 Summary:	Control OAL APIs (devel)
-Group:		Development/Libraries
 Requires:	%{name} = %{version}-%{release}
 
 %description devel
@@ -33,21 +31,11 @@ make %{?jobs:-j%jobs}
 %install
 %make_install
 
-mkdir -p %{buildroot}%{_unitdir}/basic.target.wants
-install -m 644 %{SOURCE2} %{buildroot}%{_unitdir}/
-ln -s ../smack-device-labeling.service %{buildroot}%{_unitdir}/basic.target.wants/
-mkdir -p %{buildroot}/lib/firmware/mdnie
-
-
 %post -p /sbin/ldconfig
 %postun -p /sbin/ldconfig
 
 %files
 %{_libdir}/*.so.*
-%{_prefix}/lib/udev/rules.d/*
-%{_unitdir}/smack-device-labeling.service
-%{_unitdir}/basic.target.wants/smack-device-labeling.service
-/lib/firmware/mdnie
 %manifest %{name}.manifest
 
 %files devel
diff --git a/packaging/smack-device-labeling.service b/packaging/smack-device-labeling.service
deleted file mode 100644
index 3ae6377..0000000
--- a/packaging/smack-device-labeling.service
+++ /dev/null
@@ -1,13 +0,0 @@
-[Unit]
-Description=Default SMACK labeling
-DefaultDependencies=no
-Requires=smack.service local-fs.target
-After=smack.service local-fs.target
-Before=basic.target
-
-[Service]
-Type=oneshot
-ExecStart=/etc/rc.d/init.d/smack_device_labeling
-
-[Install]
-WantedBy=basic.target
diff --git a/smack_device_labeling b/smack_device_labeling
deleted file mode 100755
index 952783e..0000000
--- a/smack_device_labeling
+++ /dev/null
@@ -1,14 +0,0 @@
-#!/bin/sh
-
-# Set device node permissions for security
-chsmack -a 'device::bklight' /sys/class/backlight/*/brightness
-chsmack -a 'device::led' /sys/class/camera/flash/rear_flash
-chsmack -a 'device::led' /sys/class/camera/flash/max_brightness
-chsmack -a 'device::mdnie' /sys/class/extension/mdnie/mode
-chsmack -a 'device::mdnie' /sys/class/extension/mdnie/scenario
-chsmack -a 'device::mdnie' /sys/class/extension/mdnie/tone
-chsmack -a 'device::mdnie' /sys/class/extension/mdnie/outdoor
-chsmack -a 'device::mdnie' /sys/class/extension/mdnie/tune
-chsmack -a 'device::haptic' /sys/class/haptic/motor/level
-chsmack -a 'device::haptic' /sys/class/haptic/motor/enable
-chsmack -a 'device::haptic' /sys/class/haptic/motor/oneshot
diff --git a/udev/rules.d/51-devices-priv.rules b/udev/rules.d/51-devices-priv.rules
deleted file mode 100644
index a4b3741..0000000
--- a/udev/rules.d/51-devices-priv.rules
+++ /dev/null
@@ -1,28 +0,0 @@
-# this part is extracted from 50-udev-default.rules file only to add smack label
-
-SUBSYSTEM=="tty", KERNEL=="ptmx", SMACK="*"
-SUBSYSTEM=="tty", KERNEL=="tty", SMACK="*"
-SUBSYSTEM=="tty", KERNEL=="tty[0-9]*", SMACK="*"
-SUBSYSTEM=="vc", KERNEL=="vcs*|vcsa*", SMACK="*"
-
-# serial
-KERNEL=="tty[A-Z]*[0-9]|pppox[0-9]*|ircomm[0-9]*|noz[0-9]*|rfcomm[0-9]*", SMACK="*"
-
-# video4linux
-SUBSYSTEM=="video4linux", SMACK="*"
-
-# graphics
-SUBSYSTEM=="drm", MODE="0666", SMACK="*"
-
-# 'libusb' device nodes
-SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device", SMACK="*"
-
-KERNEL=="fuse", SMACK="*"
-
-# this part is high priority udev rules
-
-KERNEL=="null|zero|full|random|urandom", SMACK="*"
-KERNEL=="uinput", MODE="0666", SMACK="*"
-KERNEL=="ump", MODE="0666", SMACK="*"
-KERNEL=="mali", MODE="0666", SMACK="*"
-KERNEL=="slp_global_lock", MODE="0666", SMACK="*"
diff --git a/udev/rules.d/95-devices.rules b/udev/rules.d/95-devices.rules
deleted file mode 100644
index 36b9860..0000000
--- a/udev/rules.d/95-devices.rules
+++ /dev/null
@@ -1,67 +0,0 @@
-ACTION=="remove", GOTO="devices_end"
-
-KERNEL=="fb[0-9]", MODE="0660", GROUP="video", SMACK="_"
-KERNEL=="s3c-mem", MODE="0660", GROUP="video", SMACK="_"
-KERNEL=="umts_csd", MODE="0660", GROUP="video_tel", SMACK="*"
-KERNEL=="s3c-jpeg", MODE="0660", GROUP="camera", SMACK="_"
-KERNEL=="s5p-jpeg", MODE="0660", GROUP="camera", SMACK="_"
-KERNEL=="s3c-jpg", MODE="0660", GROUP="camera", SMACK="_"
-KERNEL=="srp", MODE="0660", GROUP="hwcodec", SMACK="*"
-KERNEL=="s3c-mfc", MODE="0660", GROUP="hwcodec", SMACK="_"
-KERNEL=="s5p-mfc", MODE="0660", GROUP="hwcodec", SMACK="*"
-KERNEL=="radio[0-9]", MODE="0660", GROUP="radio", SMACK="_"
-KERNEL=="pcmC[0-9]D[0-9]c", MODE="0660", GROUP="recording", SMACK="_"
-KERNEL=="pcmC[0-9]D[0-9]p", MODE="0660", GROUP="audio", SMACK="_"
-KERNEL=="controlC[0-9]", MODE="0660", GROUP="audio", SMACK="_"
-KERNEL=="timer", SUBSYSTEM=="sound", MODE="0660", GROUP="audio", SMACK="_"
-
-KERNEL=="log_main", MODE="0660", GROUP="app_logging", SMACK="_"
-KERNEL=="log_events", MODE="0660", GROUP="app_logging", SMACK="_"
-KERNEL=="log_radio", MODE="0660", GROUP="app_logging", SMACK="_"
-KERNEL=="log_system", MODE="0660", GROUP="sys_logging", SMACK="_"
-
-KERNEL=="pvrsrvkm", MODE="0666", SMACK="*"
-KERNEL=="usb_mtp_gadget", MODE="0666", SMACK="*"
-KERNEL=="usb_accessory", MODE="0666", SMACK="*"
-
-# Marvell
-KERNEL=="uio[0-9]", MODE="0666", SMACK="*"
-
-# Brightness control
-SUBSYSTEM=="leds", ATTR{brightness}=="?*", RUN+="/bin/chmod 0664 %S/%p/brightness", RUN+="/bin/chown :system_torch %S/%p/brightness"
-SUBSYSTEM=="backlight", ATTR{brightness}=="?*", RUN+="/bin/chmod 0664 %S/%p/brightness", RUN+="/bin/chown :system_bklight %S/%p/brightness"
-
-# flash (7/16 added)
-SUBSYSTEM=="camera", RUN+="/bin/chmod 0666 %S/%p/rear_flash"
-SUBSYSTEM=="camera", RUN+="/bin/chmod 0666 %S/%p/max_brightness"
-
-# mDNIe
-DRIVER=="mdnie", RUN+="/bin/chmod 0666 %S/%p/mode"
-DRIVER=="mdnie", RUN+="/bin/chmod 0666 %S/%p/scenario"
-DRIVER=="mdnie", RUN+="/bin/chmod 0666 %S/%p/tone"
-DRIVER=="mdnie", RUN+="/bin/chmod 0666 %S/%p/outdoor"
-DRIVER=="mdnie", RUN+="/bin/chmod 0666 %S/%p/tune"
-
-# haptic
-SUBSYSTEM=="haptic", RUN+="/bin/chmod 0666 %S/%p/level"
-SUBSYSTEM=="haptic", RUN+="/bin/chmod 0666 %S/%p/enable"
-SUBSYSTEM=="haptic", RUN+="/bin/chmod 0666 %S/%p/oneshot"
-
-# Video4Linux
-SUBSYSTEM!="video4linux", GOTO="v4l_end"
-IMPORT{program}="uname_env kernel-release"
-
-KERNEL=="video0", ENV{UNAME_KERNEL_RELEASE}=="3.0.*", GROUP="camera", MODE="0660", SMACK="_", GOTO="v4l_end"
-KERNEL=="video1", ENV{UNAME_KERNEL_RELEASE}=="3.4.*", GROUP="camera", MODE="0660", SMACK="_", GOTO="v4l_end"
-KERNEL=="video3", ENV{UNAME_KERNEL_RELEASE}=="3.4.*", GROUP="camera", MODE="0660", SMACK="_", GOTO="v4l_end"
-
-# Remaining video devices
-KERNEL=="video[0-9]", MODE="0660", GROUP="video", SMACK="_"
-LABEL="v4l_end"
-
-KERNEL=="video1", GROUP="camera", MODE="0660", SMACK="_"
-KERNEL=="video[6-7]", GROUP="hwcodec", MODE="0660", SMACK="_"
-KERNEL=="video11", GROUP="hwcodec", MODE="0660", SMACK="_"
-KERNEL=="video12", GROUP="hwcodec", MODE="0660", SMACK="_"
-
-LABEL="devices_end"