From 03713214e23d3b9cd8ca88c091b34286baf101bc Mon Sep 17 00:00:00 2001
From: Kenton Groombridge <me@concord.sh>
Date: Sun, 27 Dec 2020 20:08:43 -0500
Subject: [PATCH] devices: add interface for IOCTL on input devices

Signed-off-by: Kenton Groombridge <me@concord.sh>
---
 policy/modules/kernel/devices.if | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/policy/modules/kernel/devices.if b/policy/modules/kernel/devices.if
index 7040cbe1d..0bf7ac74d 100644
--- a/policy/modules/kernel/devices.if
+++ b/policy/modules/kernel/devices.if
@@ -2187,6 +2187,24 @@ interface(`dev_manage_input_dev',`
 	manage_chr_files_pattern($1, device_t, event_device_t)
 ')
 
+########################################
+## <summary>
+##	IOCTL the input event devices (/dev/input).
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`dev_ioctl_input_dev',`
+	gen_require(`
+		type event_device_t;
+	')
+
+	allow $1 event_device_t:chr_file ioctl;
+')
+
 ########################################
 ## <summary>
 ##	Read and write ipmi devices (/dev/ipmi*).