We shouldn't be able to restrict events like Expose, etc. with device based ACLs. So we just ignore all non-input events when checking for permissions.
dix: New file access.c to handle all access control for devices.