xocl udev rules are too liberal

[keryell]

The /etc/udev/rules.d/99-xocl.rules has a rule:

KERNEL=="renderD*",MODE="0666"

to make the DRM control file usable by anybody. But it changes all these files on the system, like the one for my AMD and Nvidia GPU on my machine to mode 0666 instead of 0660, not only the ones controlled by xocl. /usr/lib/udev/rules.d/50-udev-default.rules defines a rule for the renderD files to set the mode to 0660, which means that it requires to be root or group render to use this. A minimal change could be

KERNEL=="renderD*", DRIVERS=="xocl", MODE="0666"

This has been experimented on Ubuntu 22.04:

udevadm test $(udevadm info --query=path --name=/dev/dri/renderD130) |& grep MODE

At the end, while I understand the comfort of 0666, I am unsure about the security impact for FPGA, compared to restricting it to some user groups. Of course there is no bug in our software, so we are safe. :-) At least we should not change the security model for other devices.