SerialChat avc permission error on Android

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

SerialChat avc permission error on Android

Sathya-2
Hi,

I am trying to use SerialChat application located at frameworks/base/tests/SerialChat for accessing serial port (/dev/ttyHSL1) from Android Java application layer. But when I launch application, it throws exception related to permission. I have verified whether the serial_service is included in the selinux policy.

I have verified in the service_context at out directory of android build.
serial                                    u:object_r:serial_service:s0

In file_contexts at out directory of android build.
/dev/ttyHSL1                                    u:object_r:serial_device:s0

In /obj/ETC/sepolicy_intermediates/policy.conf at out directory of android build.
type serial_device, dev_type;
type serial_service, system_api_service, system_server_service, service_manager_type;
allow system_app serial_service: service_manager find;
allow system_server serial_device:chr_file { { getattr open read ioctl lock } { open append write } };
allow untrusted_app serial_service: service_manager find;


Logcat when I keep SELinux in enforce mode, following is the log.

01-01 00:03:15.509   799   972 I ActivityManager: START u0 {act=android.intent.action.MAIN cat=[android.intent.category.LAUNCHER] flg=0x10000000 pkg=com.android.serialchat cmp=com.android.serialchat/.SerialChat} from uid 10011 on display 0
01-01 00:03:15.570   799  1346 I ActivityManager: Start proc 1960:com.android.serialchat/u0a54 for activity com.android.serialchat/.SerialChat
[  193.544684] type=1400 audit(195.699:301): avc: denied { read write } for pid=1308 comm="Binder_5" path="/dev/ttyHSL1" dev="tmpfs" ino=8663 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:serial_device:s0 tclass=chr_file permissive=0 xb853c5f8
01-01 00:03:15.649  1960  1960 W System  : ClassLoader referenced unknown path: /data/app/com.android.serialchat-1/lib/arm
01-01 00:03:15.709  1960  1960 E SerialManager: SerialManager.openSerialPort name is /dev/ttyHSL1 speed is 115200
01-01 00:03:15.717  1960  1960 E JavaBinder: !!! FAILED BINDER TRANSACTION !!!  (parcel size = 104)
01-01 00:03:15.719  1960  1960 E SerialManager: exception in SerialManager.openSerialPort
01-01 00:03:15.719  1960  1960 E SerialManager: android.os.DeadObjectException: Transaction failed on small parcel; remote process probably died
01-01 00:03:15.719  1960  1960 E SerialManager:         at android.os.BinderProxy.transactNative(Native Method)
01-01 00:03:15.719  1960  1960 E SerialManager:         at android.os.BinderProxy.transact(Binder.java:503)
01-01 00:03:15.719  1960  1960 E SerialManager:         at android.hardware.ISerialManager$Stub$Proxy.openSerialPort(ISerialManager.java:115)
01-01 00:03:15.719  1960  1960 E SerialManager:         at android.hardware.SerialManager.openSerialPort(SerialManager.java:69)
01-01 00:03:15.719  1960  1960 E SerialManager:         at com.android.serialchat.SerialChat.onResume(SerialChat.java:81)
01-01 00:03:15.719  1960  1960 E SerialManager:         at android.app.Instrumentation.callActivityOnResume(Instrumentation.java:1259)
01-01 00:03:15.719  1960  1960 E SerialManager:         at android.app.Activity.performResume(Activity.java:6361)
01-01 00:03:15.719  1960  1960 E SerialManager:         at android.app.ActivityThread.performResumeActivity(ActivityThread.java:3092)
01-01 00:03:15.719  1960  1960 E SerialManager:         at android.app.ActivityThread.handleResumeActivity(ActivityThread.java:3134)
01-01 00:03:15.719  1960  1960 E SerialManager:         at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:2481)
01-01 00:03:15.719  1960  1960 E SerialManager:         at android.app.ActivityThread.access$900(ActivityThread.java:150)
01-01 00:03:15.719  1960  1960 E SerialManager:         at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1344)
01-01 00:03:15.719  1960  1960 E SerialManager:         at android.os.Handler.dispatchMessage(Handler.java:102)
01-01 00:03:15.719  1960  1960 E SerialManager:         at android.os.Looper.loop(Looper.java:148)
01-01 00:03:15.719  1960  1960 E SerialManager:         at android.app.ActivityThread.main(ActivityThread.java:5417)
01-01 00:03:15.719  1960  1960 E SerialManager:         at java.lang.reflect.Method.invoke(Native Method)
01-01 00:03:15.719  1960  1960 E SerialManager:         at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:726)
01-01 00:03:15.719  1960  1960 E SerialManager:         at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:616)
01-01 00:03:15.727  1960  1973 D OpenGLRenderer: Use EGL_SWAP_BEHAVIOR_PRESERVED: true
01-01 00:03:18.833  1308  1308 W Binder_5: type=1400 audit(0.0:301): avc: denied { read write } for path="/dev/ttyHSL1" dev="tmpfs" ino=8663 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:serial_device:s0 tclass=chr_file permissive=0
01-01 00:03:16.005   799   843 I ActivityManager: Displayed com.android.serialchat/.SerialChat: +452ms


Logcat when I keep SELinux in permissive mode using setenforce 0, following is the log.

01-01 00:03:37.582   799  1346 I ActivityManager: START u0 {act=android.intent.action.MAIN cat=[android.intent.category.LAUNCHER] flg=0x10200000 cmp=com.android.serialchat/.SerialChat (has extras)} from uid 10016 on display 0
01-01 00:03:37.668  1960  1960 E SerialManager: SerialManager.openSerialPort name is /dev/ttyHSL1 speed is 115200
01-01 00:03:40.793   985   985 I Binder_4: type=1400 audit(0.0:303): avc: denied { read write } for path="/dev/ttyHSL1" dev="tmpfs" ino=8663 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:serial_device:s0 tclass=chr_file permissive=1
01-01 00:03:40.793  1960  1960 I roid.serialchat: type=1400 audit(0.0:304): avc: denied { ioctl } for path="/dev/ttyHSL1" dev="tmpfs" ino=8663 ioctlcmd=5401 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:serial_device:s0 tclass=chr_file permissive=1
01-01 00:03:37.671  1960  1960 E SerialManager: SerialManager.openSerialPort pfd is not null
01-01 00:03:37.675  1960  2028 D SerialChat: run
01-01 00:03:37.675  1960  2028 D SerialChat: calling read
01-01 00:03:37.754   799   843 I ActivityManager: Displayed com.android.serialchat/.SerialChat: +134ms

Apart from those sepolicy, is there anything else to be added? Or do I miss anything else?

Regards,
Sathya

--
You received this message because you are subscribed to the Google Groups "android-platform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
Visit this group at https://groups.google.com/group/android-platform.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: SerialChat avc permission error on Android

David Escalona
Hello,

I am having exactly the same issue but with an SPI interface. I think I have set all the SE Policy permissions and rules correctly, but I keep getting the denied message followed by the binder transaction failed crash.

Were you able to fix this issue? If so, what was the correct fix?

Thanks in advance!

El viernes, 22 de junio de 2018, 16:39:50 (UTC+2), Sathya escribió:
Hi,

I am trying to use SerialChat application located at frameworks/base/tests/SerialChat for accessing serial port (/dev/ttyHSL1) from Android Java application layer. But when I launch application, it throws exception related to permission. I have verified whether the serial_service is included in the selinux policy.

I have verified in the service_context at out directory of android build.
serial                                    u:object_r:serial_service:s0

In file_contexts at out directory of android build.
/dev/ttyHSL1                                    u:object_r:serial_device:s0

In /obj/ETC/sepolicy_intermediates/policy.conf at out directory of android build.
type serial_device, dev_type;
type serial_service, system_api_service, system_server_service, service_manager_type;
allow system_app serial_service: service_manager find;
allow system_server serial_device:chr_file { { getattr open read ioctl lock } { open append write } };
allow untrusted_app serial_service: service_manager find;


Logcat when I keep SELinux in enforce mode, following is the log.

01-01 00:03:15.509   799   972 I ActivityManager: START u0 {act=android.intent.action.MAIN cat=[android.intent.category.LAUNCHER] flg=0x10000000 pkg=com.android.serialchat cmp=com.android.serialchat/.SerialChat} from uid 10011 on display 0
01-01 00:03:15.570   799  1346 I ActivityManager: Start proc 1960:com.android.serialchat/u0a54 for activity com.android.serialchat/.SerialChat
[  193.544684] type=1400 audit(195.699:301): avc: denied { read write } for pid=1308 comm="Binder_5" path="/dev/ttyHSL1" dev="tmpfs" ino=8663 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:serial_device:s0 tclass=chr_file permissive=0 xb853c5f8
01-01 00:03:15.649  1960  1960 W System  : ClassLoader referenced unknown path: /data/app/com.android.serialchat-1/lib/arm
01-01 00:03:15.709  1960  1960 E SerialManager: SerialManager.openSerialPort name is /dev/ttyHSL1 speed is 115200
01-01 00:03:15.717  1960  1960 E JavaBinder: !!! FAILED BINDER TRANSACTION !!!  (parcel size = 104)
01-01 00:03:15.719  1960  1960 E SerialManager: exception in SerialManager.openSerialPort
01-01 00:03:15.719  1960  1960 E SerialManager: android.os.DeadObjectException: Transaction failed on small parcel; remote process probably died
01-01 00:03:15.719  1960  1960 E SerialManager:         at android.os.BinderProxy.transactNative(Native Method)
01-01 00:03:15.719  1960  1960 E SerialManager:         at android.os.BinderProxy.transact(Binder.java:503)
01-01 00:03:15.719  1960  1960 E SerialManager:         at android.hardware.ISerialManager$Stub$Proxy.openSerialPort(ISerialManager.java:115)
01-01 00:03:15.719  1960  1960 E SerialManager:         at android.hardware.SerialManager.openSerialPort(SerialManager.java:69)
01-01 00:03:15.719  1960  1960 E SerialManager:         at com.android.serialchat.SerialChat.onResume(SerialChat.java:81)
01-01 00:03:15.719  1960  1960 E SerialManager:         at android.app.Instrumentation.callActivityOnResume(Instrumentation.java:1259)
01-01 00:03:15.719  1960  1960 E SerialManager:         at android.app.Activity.performResume(Activity.java:6361)
01-01 00:03:15.719  1960  1960 E SerialManager:         at android.app.ActivityThread.performResumeActivity(ActivityThread.java:3092)
01-01 00:03:15.719  1960  1960 E SerialManager:         at android.app.ActivityThread.handleResumeActivity(ActivityThread.java:3134)
01-01 00:03:15.719  1960  1960 E SerialManager:         at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:2481)
01-01 00:03:15.719  1960  1960 E SerialManager:         at android.app.ActivityThread.access$900(ActivityThread.java:150)
01-01 00:03:15.719  1960  1960 E SerialManager:         at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1344)
01-01 00:03:15.719  1960  1960 E SerialManager:         at android.os.Handler.dispatchMessage(Handler.java:102)
01-01 00:03:15.719  1960  1960 E SerialManager:         at android.os.Looper.loop(Looper.java:148)
01-01 00:03:15.719  1960  1960 E SerialManager:         at android.app.ActivityThread.main(ActivityThread.java:5417)
01-01 00:03:15.719  1960  1960 E SerialManager:         at java.lang.reflect.Method.invoke(Native Method)
01-01 00:03:15.719  1960  1960 E SerialManager:         at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:726)
01-01 00:03:15.719  1960  1960 E SerialManager:         at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:616)
01-01 00:03:15.727  1960  1973 D OpenGLRenderer: Use EGL_SWAP_BEHAVIOR_PRESERVED: true
01-01 00:03:18.833  1308  1308 W Binder_5: type=1400 audit(0.0:301): avc: denied { read write } for path="/dev/ttyHSL1" dev="tmpfs" ino=8663 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:serial_device:s0 tclass=chr_file permissive=0
01-01 00:03:16.005   799   843 I ActivityManager: Displayed com.android.serialchat/.SerialChat: +452ms


Logcat when I keep SELinux in permissive mode using setenforce 0, following is the log.

01-01 00:03:37.582   799  1346 I ActivityManager: START u0 {act=android.intent.action.MAIN cat=[android.intent.category.LAUNCHER] flg=0x10200000 cmp=com.android.serialchat/.SerialChat (has extras)} from uid 10016 on display 0
01-01 00:03:37.668  1960  1960 E SerialManager: SerialManager.openSerialPort name is /dev/ttyHSL1 speed is 115200
01-01 00:03:40.793   985   985 I Binder_4: type=1400 audit(0.0:303): avc: denied { read write } for path="/dev/ttyHSL1" dev="tmpfs" ino=8663 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:serial_device:s0 tclass=chr_file permissive=1
01-01 00:03:40.793  1960  1960 I roid.serialchat: type=1400 audit(0.0:304): avc: denied { ioctl } for path="/dev/ttyHSL1" dev="tmpfs" ino=8663 ioctlcmd=5401 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:serial_device:s0 tclass=chr_file permissive=1
01-01 00:03:37.671  1960  1960 E SerialManager: SerialManager.openSerialPort pfd is not null
01-01 00:03:37.675  1960  2028 D SerialChat: run
01-01 00:03:37.675  1960  2028 D SerialChat: calling read
01-01 00:03:37.754   799   843 I ActivityManager: Displayed com.android.serialchat/.SerialChat: +134ms

Apart from those sepolicy, is there anything else to be added? Or do I miss anything else?

Regards,
Sathya

--
You received this message because you are subscribed to the Google Groups "android-platform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
Visit this group at https://groups.google.com/group/android-platform.
For more options, visit https://groups.google.com/d/optout.