The kernel message "permissive=1" shows that the selinux is running in
permissive mode, so it may not be selinux that block your operation.
For sepolicy conflict, the build error message should looked like this:
*libsepol.report failure: neverallow on line 489 of
system/sepolicy/private/app.te (or line 22022 of policy.conf) violated by
allow system_app sysfs:file { write ); *
*libsepol.check_assertions: 1 neverallow failures occurred *
*Error while expanding policy*
which tells you the exact location of neverallow rules you broke, then you
could remove app domain from the rule if you insist, like this:
neverallow { -appdomain -bluetooth -nfc } sysfs:dir_file_class_set write;
Or just disable selinux for test.
On Tuesday, May 26, 2020 at 10:55:31 PM UTC+8, Dave McLaughlin wrote:
>
> I can set the GPIO manually from the command line through the debug port
> by going to SU mode.
>
> I can't get access to the GPIO from the Android JNI. I get permission
> denied in the debug output. Setting the GPIO in export works as the new
> GPIO folder for that pin appears in /sys/class/gpio but any attempt to
> access the underlying directories to set the direction of value has
> permission denied.
>
> I've even tried to create the GPIO in the init.rc file and setting
> suitable access but this still fails to work. Selinux seems to be the
> culprit.
>
> The following is the output from debug when I try to export GPIO32 and
> then set direction.
>
> [ 532.695168] type=1400 audit(1590299645.070:43): avc: denied { read
> write } for pid=4246 comm="on.torquelogger" name="export" dev="sysfs"
> ino=3800 scontext=u:r:untrusted_app:s0:c512,c768
> tcontext=u:object_r:sysfs:s0 tclass=file permissive=1
> [ 532.695984] type=1400 audit(1590299645.070:43): avc: denied { read
> write } for pid=4246 comm="on.torquelogger" name="export" dev="sysfs"
> ino=3800 scontext=u:r:untrusted_app:s0:c512,c768
> tcontext=u:object_r:sysfs:s0 tclass=file permissive=1
> [ 532.696053] type=1400 audit(1590299645.070:44): avc: denied { open }
> for pid=4246 comm="on.torquelogger" path="/sys/class/gpio/export"
> dev="sysfs" ino=3800 scontext=u:r:untrusted_app:s0:c512,c768
> tcontext=u:object_r:sysfs:s0 tclass=file permissive=1
>
> I tried to add the following to untrsusted_app.te but it fails to build.
> Using the
>
> allow untrusted_app sysfs:file {read write open};
>
> This gives a build error (neverallow base_typeattr_197 sysfs (file (write))
>
> Any clues on how to create the policy to allow GPIO access from the user
> program. This will run on dedicated hardware and not user phones.
>
--
--
unsubscribe: [email protected]
website: http://groups.google.com/group/android-porting
---
You received this message because you are subscribed to the Google Groups
"android-porting" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/android-porting/ef880502-66dd-4965-a13a-36de941843da%40googlegroups.com.
