SE Policy prevents access of serial ports by android application (by default).
I added "allow" to untrusted_app.te
allow untrusted_app tty_device:chr_file rw_file_perms;
However, still the avc denial message comes up that untrusted_app not permitted to write to tty_device.
How can this be resolved ?
I have struggled this issue for 2 days with the same symptom as yours...and finally, I solved this issue with SELINUX on.
============================= My Solution =========================================
type tty_device, dev_type;
type tty_device, dev_type, mlstrustedobject;
All the above solution is coming from the ideas of the link: SELinux 添加一个权限 - 大大世界 - 简书
However, I am not really uncertain why this action solved this issue...
Hi Diego,
I am trying to access serial port (ttymxc1) from my app. A simple open followed by a read.
I do not have a separate test app. I believe a simple app which just opens and reads ttymxc1 or ttymxc2 will be sufficient to reproduce the issue.
If required, I can create one.
Regards,
Arindam
Hello Arindam,
You can try to set this boot targets during the boot process.
setenv bootargs 'console=ttymxc2,115200 init=/init video=mxcfb0:dev=ldb,1024x768M@60,bpp=32 video=mxcfb1:off video=mxcfb2:off video=mxcfb3:off vmalloc=400M androidboot.console=ttymxc2 consoleblank=0 androidboot.hardware=freescale cma=384M androidboot.selinux=disabled androidboot.dm_verity=disabled no_console_suspend'
I haven't tested this configuration with an app. But I can write to the serial ports thought shell commands.
I hope this can solve your problem.
Best Regards,
Diego.
Hi Diego,
I do not want to disable SELINUX.
Regards,
Arindam Ghosh Roy
Principal Firmware Engineer | Renal Care Solutions
India Medtronic Pvt. Ltd.
Prestige Shantiniketan, Tower B, 11th Floor | Whitefield, Bangalore – 560048 | INDIA
Office +91 80 6715 7351 | Mobile + 91 70220 24759| Fax +91 80 6715 7498
arindam.g.roy@medtronic.com<mailto:arindam.g.roy@medtronic.com>
medtronic.com<http://www.medtronic.com/> | Facebook<https://www.facebook.com/Medtronic> | LinkedIn<https://www.linkedin.com/company/medtronic?trk=biz-companies-cym> | Twitter<https://twitter.com/Medtronic> | YouTube <https://www.youtube.com/user/MedtronicCorp>
LET’S TAKE HEALTHCARE
FURTHER, TOGETHER
Hello Arindam,
I am trying to build the image with the new configurations. But I am getting some errors that I am trying to solve on the go.
I will notify you, If I can successfully build the image.
Best Regards,
Diego.
Hello Arindam,
I found this web-page that can help you with your problem. I haven't tested the solution, but you can try it and see if it works.
Android* Security Customization with SEAndroid - CodeProject
Best Regards,
Diego.
Hi Diego,
Thank you for the reply.
I did use the rule ( as specified in the link also ):
allow untrusted_app tty_device:chr_file rw_file_perms;
and ttymxc1 and ttymxc2 falls under the category tty_device.
I am using Sabre SDP and Android Marshmallow.
Could you reproduce in to the board ?
Regards,
Arindam