Thanks for the reply. I was able to get it working by changing the permissions in the on boot segment for /sys/class/gpio to 0666 instead of 0660 and now I can control the GPIO from user space.
SELINUX was in permissive mode so the messages I was seeing where for debugging only. Didn't spot that at first. Oops. I did have an issue with one of the GPIO pins but checking /sys/kernel/debug/gpio I found that the camera was taking that for the flash trigger control. Changing the XML sorted that one out. There is no camera flash anyway. On Wednesday, 27 May 2020 22:05:46 UTC+7, Channing You wrote: > > The kernel message "permissive=1" shows that the selinux is running in > permissive mode, so it may not be selinux that block your operation. > > For sepolicy conflict, the build error message should looked like this: > > *libsepol.report failure: neverallow on line 489 of > system/sepolicy/private/app.te (or line 22022 of policy.conf) violated by > allow system_app sysfs:file { write ); * > *libsepol.check_assertions: 1 neverallow failures occurred * > *Error while expanding policy* > > which tells you the exact location of neverallow rules you broke, then you > could remove app domain from the rule if you insist, like this: > neverallow { -appdomain -bluetooth -nfc } sysfs:dir_file_class_set write; > > Or just disable selinux for test. > > > On Tuesday, May 26, 2020 at 10:55:31 PM UTC+8, Dave McLaughlin wrote: >> >> I can set the GPIO manually from the command line through the debug port >> by going to SU mode. >> >> I can't get access to the GPIO from the Android JNI. I get permission >> denied in the debug output. Setting the GPIO in export works as the new >> GPIO folder for that pin appears in /sys/class/gpio but any attempt to >> access the underlying directories to set the direction of value has >> permission denied. >> >> I've even tried to create the GPIO in the init.rc file and setting >> suitable access but this still fails to work. Selinux seems to be the >> culprit. >> >> The following is the output from debug when I try to export GPIO32 and >> then set direction. >> >> [ 532.695168] type=1400 audit(1590299645.070:43): avc: denied { read >> write } for pid=4246 comm="on.torquelogger" name="export" dev="sysfs" >> ino=3800 scontext=u:r:untrusted_app:s0:c512,c768 >> tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 >> [ 532.695984] type=1400 audit(1590299645.070:43): avc: denied { read >> write } for pid=4246 comm="on.torquelogger" name="export" dev="sysfs" >> ino=3800 scontext=u:r:untrusted_app:s0:c512,c768 >> tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 >> [ 532.696053] type=1400 audit(1590299645.070:44): avc: denied { open } >> for pid=4246 comm="on.torquelogger" path="/sys/class/gpio/export" >> dev="sysfs" ino=3800 scontext=u:r:untrusted_app:s0:c512,c768 >> tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 >> >> I tried to add the following to untrsusted_app.te but it fails to build. >> Using the >> >> allow untrusted_app sysfs:file {read write open}; >> >> This gives a build error (neverallow base_typeattr_197 sysfs (file >> (write)) >> >> Any clues on how to create the policy to allow GPIO access from the user >> program. This will run on dedicated hardware and not user phones. >> > -- -- unsubscribe: android-porting+unsubscr...@googlegroups.com website: http://groups.google.com/group/android-porting --- You received this message because you are subscribed to the Google Groups "android-porting" group. To unsubscribe from this group and stop receiving emails from it, send an email to android-porting+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/android-porting/ae429a50-8e46-4305-b22a-3f66cdaf3604%40googlegroups.com.