Hi all.
I'm in the same boat as himanshu but with serial port /dev/ttyXXX. Although
I'm able to use the uart with setenfoce 0, I can't get rid of the sysfs
prohibition.
AOSP wouldn't build if I permit untrusted_app (app running trough android
studio/pushed trough adb) or priv_app (apk included in the aosp build).
(I still can't manage to make the source of the app compile within AOSP
build. Maybe that's the only step missing)
AOSP 7.12
What I've done (not in order... I think):
- defined the device for the uart, on "device.te":
type my_device, dev_type;
- registered ttyXXX as my_device in "file_contexts":
/dev/ttyXXX u:object_r:my_device:s0
- created the permissions for untrusted_app.te or priv_app.te (xxxx on the
lines below) with the help of "audit2allow"
allow xxxx my_device:chr_file {read write} # this do not pose a
problem but it does not solve it either
#allow xxxx sysfs:file {read write} # -> AOSP do not permit
those apps to write on sysfs. error in compilation (neverallow rule)
(commented out)
- I even manage to create a new group/permission to android so the app and
the file belong to the same group:
This step get rid of the need of making a chmod 777 on the device to make
the avc_ denied to appear in the logcat but it does not get rid of the
problem.
* in "frameworks/base/core/res/AndroidManifest.xml": ...
"permission
android:name="android.permission.UART_PERMISSION" ... etc, etc
* in "frameworks/base/data/etc/platform.xml": ...
"<permission
name="android.permission.UART_PERMISSION" > \ <group gid="uart_grp" />...
etc, etc...
* in "system/core/include/private/android_filesystem_config.h": ...
"#define
AID_UART_GRP 2901"... ..." { "uart_grp", AID_UART_GRP, },
* in "system/core/rootdir/ueventd.rx": ... "/
dev/ttyXXX 0660 system uart_grp" # tried with
uart_grp:uart_grp too = same luck
* in the manifest of the app: ... "<
uses-permission android:name="android.permission.UART_PERMISSION"/>
All the above is useless in the end.
I do have managed to create a system service for an i2c test, so I can make
that now too, but making the app "independent" of the custom framework is a
nice way to get rid of the lib dependencies.
I know that the security is really important, but man... making something
as easy as an UART comm work is a pain in the ass with all the shackles the
OS chains you with.
Have a nice day guys.
Thank you in advance.
El lunes, 21 de mayo de 2018, 10:56:43 (UTC-4), Renjith Rajagopal escribió:
>
> You need .te file for your module even though it is permissive mode.
> Also try move app to /system/priv-app/ which will remove untrusted_app erro
>
> On Monday, April 3, 2017 at 6:00:05 PM UTC+2, himanshu wrote:
>>
>> Android application in java having permission issues when accessing sysfs
>> entry.
>>
>> try{
>> FileOutputStream fos = new
>> FileOutputStream("/sys/class/shift_reg/shift_reg/value");
>> byte mybyte = 1;
>> fos.write(mybyte);
>> fos.close();} catch ( Exception e) {
>> Log.d(TAG, "Failed in writing to Shift Register"); <------- I am
>> always getting this exception.}
>>
>>
>> 1) Have tried putting 'setenforce 0'. Does't work. Even though enforce
>> level is permissive.
>>
>> 2) Do I have to access using JNI way: ( android-app -> jni -> driver )
>>
>> 3) I have set file permission as 0777 for the sysfs node file.
>>
>>
>> Dmesg Error message:
>>
>> [ 417.176302] type=1400 audit(418.589:63): avc: denied { write } for
>> pid=3164 comm="com.android.cam" name="value" dev="sysfs" ino=9749
>> scontext=u:r:untrusted_app:s0 tcontext=u:object_r:sysfs:s0 tclass=file
>> permissive=1
>>
>> ps -Z
>>
>> u:r:untrusted_app:s0 u0_a67 4360 333
>> com.android.cam
>>
>>
--
--
unsubscribe: android-porting+unsubscr...@googlegroups.com
website: http://groups.google.com/group/android-porting
---
You received this message because you are subscribed to the Google Groups
"android-porting" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to android-porting+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
