writing sepolicy for ttyHSL1

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

writing sepolicy for ttyHSL1

richu cj

Hi All,
I am trying to add permission for ttyHSL1 in the application layer.

diff --git a/common/device.te b/common/device.te
index 2217974…94e9d61 100644
— a/common/device.te
+++ b/common/device.te
@@ -107,6 +107,9 @@ type qdss_device, dev_type;
#Define Gadget serial device
type gadget_serial_device, dev_type;

+#self-Defined serial device
+type selfdefined_device, dev_type;
+
#energy-awareness device
type pta_device, dev_type;

diff --git a/common/device.te~ b/common/device.te~
index 2217974…94e9d61 100644
— a/common/device.te~
+++ b/common/device.te~
@@ -107,6 +107,9 @@ type qdss_device, dev_type;
#Define Gadget serial device
type gadget_serial_device, dev_type;

+#self-Defined serial device
+type selfdefined_device, dev_type;
+
#energy-awareness device
type pta_device, dev_type;

diff --git a/common/file_contexts b/common/file_contexts
index a009042…8e27239 100644
— a/common/file_contexts
+++ b/common/file_contexts
@@ -30,6 +30,7 @@
/dev/smd.* u:object_r:smd_device:s0
/dev/smem_log u:object_r:smem_log_device:s0
/dev/ttyHSL0 u:object_r:console_device:s0
+/dev/ttyHSL1 u:object_r:selfdefined_device:s0
/dev/ttyMSM0 u:object_r:console_device:s0
/dev/ttyHS[0-9]* u:object_r:serial_device:s0
/dev/ttyGS0 u:object_r:gadget_serial_device:s0
diff --git a/common/file_contexts~ b/common/file_contexts~
index a009042…8e27239 100644
— a/common/file_contexts~
+++ b/common/file_contexts~
@@ -30,6 +30,7 @@
/dev/smd.* u:object_r:smd_device:s0
/dev/smem_log u:object_r:smem_log_device:s0
/dev/ttyHSL0 u:object_r:console_device:s0
+/dev/ttyHSL1 u:object_r:selfdefined_device:s0
/dev/ttyMSM0 u:object_r:console_device:s0
/dev/ttyHS[0-9]* u:object_r:serial_device:s0
/dev/ttyGS0 u:object_r:gadget_serial_device:s0
diff --git a/common/system_app.te b/common/system_app.te
index 25b05dc…ca9e0e1 100644
— a/common/system_app.te
+++ b/common/system_app.te
@@ -199,4 +199,7 @@ unix_socket_connect(system_app, ims, ims)

access to qseeproxy domain

allow system_app qseeproxy:unix_dgram_socket sendto;

+#allow access to ttyHSL1
+allow system_app selfdefined_device:chr_file rw_file_perms;
+

diff --git a/common/system_server.te b/common/system_server.te
index ac8937d…f8b72d8 100644
— a/common/system_server.te
+++ b/common/system_server.te
@@ -166,3 +166,5 @@ allow system_server omadm_service:service_manager add;
allow system_server dmclient_data_file:file create_file_perms;
allow system_server dmclient_data_file:dir rw_dir_perms;

+#allow access to ttyHSL1
+allow system_server selfdefined_device:chr_file rw_file_perms;
diff --git a/common/system_server.te~ b/common/system_server.te~
index 690d944…f8b72d8 100644
— a/common/system_server.te~
+++ b/common/system_server.te~
@@ -167,4 +167,4 @@ allow system_server dmclient_data_file:file create_file_perms;
allow system_server dmclient_data_file:dir rw_dir_perms;

#allow access to ttyHSL1
-allow system_server selfdefined_device:chr_file rw_file_perms;
\ No newline at end of file
+allow system_server selfdefined_device:chr_file rw_file_perms;


these are the patches that I made still it is showing denials in enforcing mode this is the denial

01-01 01:18:45.127 15268 15268 D ModemTool: item_value = /dev/ttyHSL1 01-01 01:18:45.127 15268 15268 E ModemTool: uartOpen()-->:deviceName = /dev/ttyHSL1 01-01 01:18:45.127 15268 15268 E ModemTool: uartOpen()-->:fd open failure 01-01 01:18:45.127 15268 15268 D ModemTool: mint = -1 01-01 01:18:45.119 15268 15268 W w.serialjnidemo: type=1400 audit(0.0:6658): avc: denied { write } for name="ttyHSL1" dev="tmpfs" ino=7553 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:selfdefined_device:s0 tclass=chr_file permissive=0



--
You received this message because you are subscribed to the Google Groups "android-platform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/android-platform/460790d0-f0c9-4325-a46d-6c19497c374en%40googlegroups.com.
Reply | Threaded
Open this post in threaded view
|

Re: writing sepolicy for ttyHSL1

kiran kadam
Hi 


Please add below permission into platform_app.te (vendor) file and check results.


allow platform_app selfdefined_device:chr_file {write};

Thanks

On Wed, 21 Oct, 2020, 8:31 pm richucj, <[hidden email]> wrote:

Hi All,
I am trying to add permission for ttyHSL1 in the application layer.

diff --git a/common/device.te b/common/device.te
index 2217974…94e9d61 100644
— a/common/device.te
+++ b/common/device.te
@@ -107,6 +107,9 @@ type qdss_device, dev_type;
#Define Gadget serial device
type gadget_serial_device, dev_type;

+#self-Defined serial device
+type selfdefined_device, dev_type;
+
#energy-awareness device
type pta_device, dev_type;

diff --git a/common/device.te~ b/common/device.te~
index 2217974…94e9d61 100644
— a/common/device.te~
+++ b/common/device.te~
@@ -107,6 +107,9 @@ type qdss_device, dev_type;
#Define Gadget serial device
type gadget_serial_device, dev_type;

+#self-Defined serial device
+type selfdefined_device, dev_type;
+
#energy-awareness device
type pta_device, dev_type;

diff --git a/common/file_contexts b/common/file_contexts
index a009042…8e27239 100644
— a/common/file_contexts
+++ b/common/file_contexts
@@ -30,6 +30,7 @@
/dev/smd.* u:object_r:smd_device:s0
/dev/smem_log u:object_r:smem_log_device:s0
/dev/ttyHSL0 u:object_r:console_device:s0
+/dev/ttyHSL1 u:object_r:selfdefined_device:s0
/dev/ttyMSM0 u:object_r:console_device:s0
/dev/ttyHS[0-9]* u:object_r:serial_device:s0
/dev/ttyGS0 u:object_r:gadget_serial_device:s0
diff --git a/common/file_contexts~ b/common/file_contexts~
index a009042…8e27239 100644
— a/common/file_contexts~
+++ b/common/file_contexts~
@@ -30,6 +30,7 @@
/dev/smd.* u:object_r:smd_device:s0
/dev/smem_log u:object_r:smem_log_device:s0
/dev/ttyHSL0 u:object_r:console_device:s0
+/dev/ttyHSL1 u:object_r:selfdefined_device:s0
/dev/ttyMSM0 u:object_r:console_device:s0
/dev/ttyHS[0-9]* u:object_r:serial_device:s0
/dev/ttyGS0 u:object_r:gadget_serial_device:s0
diff --git a/common/system_app.te b/common/system_app.te
index 25b05dc…ca9e0e1 100644
— a/common/system_app.te
+++ b/common/system_app.te
@@ -199,4 +199,7 @@ unix_socket_connect(system_app, ims, ims)

access to qseeproxy domain

allow system_app qseeproxy:unix_dgram_socket sendto;

+#allow access to ttyHSL1
+allow system_app selfdefined_device:chr_file rw_file_perms;
+

diff --git a/common/system_server.te b/common/system_server.te
index ac8937d…f8b72d8 100644
— a/common/system_server.te
+++ b/common/system_server.te
@@ -166,3 +166,5 @@ allow system_server omadm_service:service_manager add;
allow system_server dmclient_data_file:file create_file_perms;
allow system_server dmclient_data_file:dir rw_dir_perms;

+#allow access to ttyHSL1
+allow system_server selfdefined_device:chr_file rw_file_perms;
diff --git a/common/system_server.te~ b/common/system_server.te~
index 690d944…f8b72d8 100644
— a/common/system_server.te~
+++ b/common/system_server.te~
@@ -167,4 +167,4 @@ allow system_server dmclient_data_file:file create_file_perms;
allow system_server dmclient_data_file:dir rw_dir_perms;

#allow access to ttyHSL1
-allow system_server selfdefined_device:chr_file rw_file_perms;
\ No newline at end of file
+allow system_server selfdefined_device:chr_file rw_file_perms;


these are the patches that I made still it is showing denials in enforcing mode this is the denial

01-01 01:18:45.127 15268 15268 D ModemTool: item_value = /dev/ttyHSL1 01-01 01:18:45.127 15268 15268 E ModemTool: uartOpen()-->:deviceName = /dev/ttyHSL1 01-01 01:18:45.127 15268 15268 E ModemTool: uartOpen()-->:fd open failure 01-01 01:18:45.127 15268 15268 D ModemTool: mint = -1 01-01 01:18:45.119 15268 15268 W w.serialjnidemo: type=1400 audit(0.0:6658): avc: denied { write } for name="ttyHSL1" dev="tmpfs" ino=7553 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:selfdefined_device:s0 tclass=chr_file permissive=0



--
You received this message because you are subscribed to the Google Groups "android-platform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/android-platform/460790d0-f0c9-4325-a46d-6c19497c374en%40googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "android-platform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/android-platform/CAM6B-E7pKfzcevMjsp4K4mJ8GLuLY%2BJe0dxH8gwrQ8xtDf4HZA%40mail.gmail.com.