[iMX8QM-MEK] LPUART4 cannot be used on Android Automotive

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

[iMX8QM-MEK] LPUART4 cannot be used on Android Automotive

Jump to solution
668 Views
sushi_happy
Contributor III

Hi, all.

 

I’m having trouble using ttyLP4 on Android_Automotive.
It looks like permission is denied, what do I need to do?

 

I made the following changes:
Solved: Re: [iMX8QM-MEK] LPUART4 settings - NXP Community

In addition to the above, I changed the following files:
・untrusted_app.te (device/nxp/imx8q/sepolicy_car)
allow untrusted_app tty_device:chr_file rw_file_perms;
#allow untrusted_app tty_device:chr_file { read write open ioctl getattr };
#allow untrusted_app opencl_cache_file:dir { read write open };

 

However, ttyLP4 remains unusable, and following log is output at the end.
[ 220.737786] type=1400 audit(1660212560.044:31): avc: denied { write } for comm="stty" name="ttyLP4" dev="tmpfs" ino=310 scontext=u:r:untrusted_app:s0:c140,c256,c522,c768 tcontext=u:object_r:tty_device:s0 tclass=chr_file permissive=0

 

A prompt reply will be greatly appreciated.

sushi.

0 Kudos
1 Solution
627 Views
sushi_happy
Contributor III

I solved it by making the following changes.

1.
Modified based on board-imx8qm.c in vendor/nxp/fsl-proprietary/uboot-firmware/imx8q_car.scfw-tcm_changed.pngRename the scfw-tcm.bin generated by building to scfw-tcm_car.bin and place it in vendor/nxp-opensource/imx-mkimage/iMX8QM.
Change all descriptions of "scfw-tcm.bin" in soc.mak, android.mak, autobuild.mak and m4.mak in the same folder to "scfw-tcm_car.bin".

2.
Refer to Android SELinux security mechanism - lack of operation permission (cdmana.com)
Add the following two files to device/nxp/imx8q/sepolicy_car.
untrusted_app.te
  allow untrusted_app tty_device_m:chr_file rw_file_perms;
  allow untrusted_app app_data_file:dir rw_file_perms;
  allow untrusted_app opencl_cache_file:dir rw_file_perms;

untrusted_app_25.te
  allow untrusted_app_25 tty_device_m:chr_file rw_file_perms;
  allow untrusted_app_25 app_data_file:dir rw_file_perms;
  allow untrusted_app_25 opencl_cache_file:dir rw_file_perms;

3.
Refer to How to access serial port from Android MM applicat... - NXP Community
Add code to device.te in device/nxp/imx8q/sepolicy.
  type tty_device_m, dev_type, mlstrustedobject;
Also, change all descriptions of "tty_device" in ***.mk files under device/nxp/imx8q to "tty_device_m".

View solution in original post

0 Kudos
1 Reply
628 Views
sushi_happy
Contributor III

I solved it by making the following changes.

1.
Modified based on board-imx8qm.c in vendor/nxp/fsl-proprietary/uboot-firmware/imx8q_car.scfw-tcm_changed.pngRename the scfw-tcm.bin generated by building to scfw-tcm_car.bin and place it in vendor/nxp-opensource/imx-mkimage/iMX8QM.
Change all descriptions of "scfw-tcm.bin" in soc.mak, android.mak, autobuild.mak and m4.mak in the same folder to "scfw-tcm_car.bin".

2.
Refer to Android SELinux security mechanism - lack of operation permission (cdmana.com)
Add the following two files to device/nxp/imx8q/sepolicy_car.
untrusted_app.te
  allow untrusted_app tty_device_m:chr_file rw_file_perms;
  allow untrusted_app app_data_file:dir rw_file_perms;
  allow untrusted_app opencl_cache_file:dir rw_file_perms;

untrusted_app_25.te
  allow untrusted_app_25 tty_device_m:chr_file rw_file_perms;
  allow untrusted_app_25 app_data_file:dir rw_file_perms;
  allow untrusted_app_25 opencl_cache_file:dir rw_file_perms;

3.
Refer to How to access serial port from Android MM applicat... - NXP Community
Add code to device.te in device/nxp/imx8q/sepolicy.
  type tty_device_m, dev_type, mlstrustedobject;
Also, change all descriptions of "tty_device" in ***.mk files under device/nxp/imx8q to "tty_device_m".

0 Kudos