I am seeing following sepolicy errors in Android-N.
W Binder:3929_E: type=1400 audit(0.0:29): avc: denied { write } for path="/dev/ttyGS0" dev="tmpfs" ino=73461 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:serial_ic:s0 tclass=chr_file permissive=0
I have created directory "vendor/qcom/sepolicy/acm/" and made its entry in BoardConfig.mk as shown below.
# ACM features belong in vendor/qcom/sepolicy
BOARD_SEPOLICY_DIRS := vendor/qcom/sepolicy/acm
Also I have commented in "device/qcom/sepolicy/common/file_contexts"
-/dev/ttyGS0 u:object_r:gadget_serial_device:s0
+#/dev/ttyGS0 u:object_r:gadget_serial_device:s0
I have changed sepolicy in following directories:
[1] vendor/qcom/sepolicy/acm/file_contexts
# These are the ports used to talk.
# We have to relabel these because domain.te has never allow rules that prevent
# any other domain (other than init or ueventd) from accessing these files
/dev/ttyGS0 u:object_r:serial_ic:s0
[2] vendor/qcom/sepolicy/acm/file.te
type serial_ic, dev_type, fs_type;
[3] vendor/qcom/sepolicy/acm/platform_app.te
allow platform_app serial_ic:chr_file { ioctl open read write };
[4] vendor/qcom/sepolicy/acm/system_server.te
#allow for acm node
allow system_server serial_ic:chr_file rw_file_perms;
[5] vendor/qcom/sepolicy/acm/untrusted_app.te
# for serial chat app
allow untrusted_app serial_ic:chr_file ioctl;
allow untrusted_app serial_ic:chr_file { read write };
[6] vendor/qcom/sepolicy/acm/system_app.te
#allow acm node
allow system_app serial_ic:chr_file { ioctl open read write};
Still I am not able to resolve "write" sepolicy error.Whenever from my serial chat application it tries to access node "/dev/ttyGS0" application crashes.
Posting logs for reference
--------- beginning of crash
01-01 07:11:46.954 15292 15292 E AndroidRuntime: FATAL EXCEPTION: main
01-01 07:11:46.954 15292 15292 E AndroidRuntime: Process: com.android.serialchat, PID: 15292
01-01 07:11:46.954 15292 15292 E AndroidRuntime: DeadSystemException: The system died; earlier logs will point to the root cause
01-01 07:11:46.960 3929 8483 W ActivityManager: Force finishing activity com.android.serialchat/.SerialChat
01-01 07:11:46.965 3929 8483 D ActivityTrigger: ActivityTrigger activityPauseTrigger
01-01 07:11:46.949 8597 8597 W Binder:3929_E: type=1400 audit(0.0:29): avc: denied { write } for path="/dev/ttyGS0" dev="tmpfs" ino=73461 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:serial_ic:s0 tclass=chr_file permissive=0
Related
I am trying to make an application with QML and C++ for Android on Qt6. I used a sample code from Qt help segment for checking if the camera works or not (see the code segment). I have implemented C++ just for loading the QML file.
My problem is the camera does not show up in the app, I am using Android 10 phone as test device.
import QtQuick
import QtMultimedia
Item {
width: 640
height: 360
CaptureSession {
camera: Camera {
id: camera
focusMode: Camera.FocusModeAutoNear
customFocusPoint: Qt.point(0.2, 0.2) // Focus relative to top-left corner
}
videoOutput: videoOutput
}
VideoOutput {
id: videoOutput
anchors.fill: parent
}
}
The error I face is following. Please help me with this.
W AdrenoUtils: <ReadGpuID_from_sysfs:194>: Failed to open /sys/class/kgsl/kgsl-3d0/gpu_model
W AdrenoUtils: <ReadGpuID:218>: Failed to read chip ID from gpu_model. Fallback to use the GSL path
W Gralloc3: mapper 3.x is not supported
D ForceDarkHelper: updateByCheckExcludeList: pkg: org.qtproject.example.test activity: org.qtproject.qt.android.bindings.QtActivity#21c7d27
W Qt A11Y : Could not (yet) activate platform accessibility.
W qtMainLoopThrea: type=1400 audit(0.0:11018091): avc: denied { read } for name="u:object_r:camera_prop:s0" dev="tmpfs" ino=17688 scontext=u:r:untrusted_app:s0:c189,c258,c512,c768 tcontext=u:object_r:camera_prop:s0 tclass=file permissive=0
E libc : Access denied finding property "camera.aux.packagelist"
E libc : Access denied finding property "camera.aux.packagelist"
E libc : Access denied finding property "camera.aux.packagelist"
E libc : Access denied finding property "vendor.camera.hal1.packagelist"
E libc : Access denied finding property "camera.aux.packagelist"
E libc : Access denied finding property "camera.aux.packagelist"
E libc : Access denied finding property "camera.aux.packagelist"
E libc : Access denied finding property "vendor.camera.hal1.packagelist"
E libc : Access denied finding property "camera.aux.packagelist"
D ForceDarkHelper: updateByCheckExcludeList: pkg: org.qtproject.example.test activity: org.qtproject.qt.android.bindings.QtActivity#21c7d27
D SurfaceView: UPDATE null, mIsCastMode = false
E libc : Access denied finding property "camera.aux.packagelist"
E libc : Access denied finding property "vendor.camera.hal1.packagelist"
E libc : Access denied finding property "camera.aux.packagelist"
W System.err: java.lang.RuntimeException: setParameters failed
W System.err: at android.hardware.Camera.native_setParameters(Native Method)
W System.err: at android.hardware.Camera.setParameters(Camera.java:2250)
W System.err: java.lang.RuntimeException: setParameters failed
W System.err: at android.hardware.Camera.native_setParameters(Native Method)
W System.err: at android.hardware.Camera.setParameters(Camera.java:2250)
W Gralloc3: allocator 3.x is not supported
I ct.example.tes: ProcessProfilingInfo new_methods=210 is saved saved_to_disk=1 resolve_classes_delay=8000
W IInputConnectionWrapper: getExtractedText on inactive InputConnection
W IInputConnectionWrapper: getTextBeforeCursor on inactive InputConnection
W BpBinder: Slow Binder: BpBinder transact took 340 ms, interface=android.hardware.ICamera, code=6 oneway=false
D Camera : app passed NULL surface
D Camera : app passed NULL surface
W BpBinder: Slow Binder: BpBinder transact took 337 ms, interface=android.hardware.ICamera, code=1 oneway=false
I'm working on HiKey aosp installed running on Linux 16.04, trying to connect v4l2 camera and use it. Currently, I've added the device drivers for v4l2 and usbcamera, and added the camera-hal to ~/(aosp)/device/linaro/hikey/camera directory. media_profiles.xml is contained in this directory.
I'm facing this problem where the camera service provider is killed in the init process and runs infinite loop of the booting process as it constantly tries to start camera service and kill all related processes.
Logcat:
01-01 00:00:14.067 1999 1999 I mediaserver: ServiceManager: 0xf69994c0
01-01 00:00:14.068 1903 1903 E SELinux : avc: denied { add } for service=media.cas pid=1999 uid=1013 scontext=u:r:mediadrmserver:s0 tcontext=u:object_r:default_android_service:s0 tclass=service_manager permissive=0
01-01 00:00:14.069 1903 1903 E ServiceManager: **add_service**('media.cas',3) uid=1013 - **PERMISSION DENIED**
01-01 00:00:14.199 1968 1968 W android.hardwar: type=1400 audit(0.0:61): avc: denied { read write } for name="vndbinder" dev="tmpfs" ino=10306 scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:vndbinder_device:s0 tclass=chr_file permissive=0
01-01 00:00:14.205 1968 1968 I **android.hardware.camera.provider#2.4-service**: Camera provider Service is starting.
01-01 00:00:14.205 1968 1968 W ProcessState: **Opening '/dev/vndbinder' failed: Permission denied**
01-01 00:00:14.205 1968 1968 F **ProcessState: Binder driver could not be opened. Terminating.**
--------- beginning of crash
01-01 00:00:14.205 1968 1968 F libc : Fatal signal 6 (SIGABRT), code -6 in tid 1968 (android.hardwar), pid 1968 (android.hardwar)
01-01 00:00:14.266 2005 2005 I /vendor/bin/hw/android.hardware.media.omx#1.0-service: mediacodecservice starting
01-01 00:00:14.266 2005 2005 I ProcessState: Wonn1e: initWithDriver [1]
01-01 00:00:14.288 2005 2005 W /vendor/bin/hw/android.hardware.media.omx#1.0-service: Could not read additional policy file '/vendor/etc/seccomp_policy/mediacodec.policy'
01-01 00:00:14.288 2005 2005 W /vendor/bin/hw/android.hardware.media.omx#1.0-service: libminijail[2005]: failed to get path of fd 5: No such file or directory
According to the answer given to Start native service at early-init before coldboot done, native service including this camera provider service would not open the /dev/binder because it starts before the coldboot. Also, it uses the passthrough mode. How can I tweak the init process so that camera provider service would run and not kill itself?
I have a sdk which has some native code. I am building the code into the shared libraries manually and copied those .so files to jniLibs folder. And I am using that sdk in an App. It was working fine with 5, 6 but with Nougat, it just got crashed every time I opened the App.
Note: I have updated the target version to 25 in the build.gradle file.
This is the error Log:
03-31 16:02:32.553 2050-2050/com.vinoth.sampleApp W/s.sampleApp: type=1400 audit(0.0:152): avc: denied { create } for uid=10156 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:r:untrusted_app:s0:c512,c768 tclass=netlink_kobject_uevent_socket permissive=0
03-31 16:02:32.553 2050-2050/com.vinoth.sampleApp W/s.sampleApp: type=1400 audit(0.0:153): avc: denied { read } for uid=10156 name="devices" dev="sysfs" ino=6380 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:sysfs:s0 tclass=dir permissive=0
[ 03-31 16:02:32.563 382: 382 W/ ]
debuggerd: handling request: pid=2050 uid=10156 gid=10156 tid=2050
I have searched about this but ended up with no clue.
Someone please help. Thanks in advance.
First of all, there's no problem with iOS, but the problem occurs when the app is running on Androids.
There's a BLE device that does pair / notification / write / read.
It seems all good until other bluetooth devices are connected and paired or synced.
For example, if the android phone is restarted (or Bluetooth is off and on again), my BLE device works great with the app.
If I open fitbit app and sync a fitbit device, then my device cannot connect anymore. (and not pairing as well)
Not only for fitbit but also for samsung smart watch, the same thing happens.
Anyone recommendation will be appreciated.
Tested with Android 6. Samsung GS6 and Nexus 5.
Update 1:
After synced with fitbit, I get the following messages from my app when connecting to my device.
11-11 09:02:41.811 781 1599 I ActivityManager: Killing 21073:com.android.chrome:privileged_process0/u0a34 (adj 13): empty #17
11-11 09:02:41.822 21010 21010 W cr_ChildProcessConnect: onServiceDisconnected (crash or killed by oom): pid=21073
11-11 09:02:41.838 781 952 D ActivityManager: cleanUpApplicationRecord -- 21073
11-11 09:02:41.838 781 952 W ActivityManager: Scheduling restart of crashed service com.android.chrome/org.chromium.content.app.PrivilegedProcessService0 in 1000ms
11-11 09:02:41.857 781 1226 I ActivityManager: Start proc 23634:com.android.chrome:privileged_process1/u0a34 for service com.android.chrome/org.chromium.content.app.PrivilegedProcessService1
11-11 09:02:41.902 21010 21010 W .android.chrome: type=1400 audit(0.0:21068): avc: denied { ioctl } for path="socket:[1799361]" dev="sockfs" ino=1799361 ioctlcmd=7704 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:r:untrusted_app:s0:c512,c768 tclass=unix_stream_socket permissive=0
11-11 09:02:41.902 23644 23644 W Binder_1: type=1400 audit(0.0:21069): avc: denied { ioctl } for path="socket:[1799361]" dev="sockfs" ino=1799361 ioctlcmd=7704 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:r:untrusted_app:s0:c512,c768 tclass=unix_stream_socket permissive=0
11-11 09:02:41.902 23644 23644 W Binder_1: type=1400 audit(0.0:21070): avc: denied { ioctl } for path="socket:[1799361]" dev="sockfs" ino=1799361 ioctlcmd=7704 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:r:untrusted_app:s0:c512,c768 tclass=unix_stream_socket permissive=0
11-11 09:02:41.905 23634 23634 I cr_ChildProcessService: Creating new ChildProcessService pid=23634
11-11 09:02:41.908 781 2450 I ActivityManager: Killing 21102:com.android.chrome:sandboxed_process0/u0a34i52 (adj 13): empty #17
11-11 09:02:41.912 21010 21010 W .android.chrome: type=1400 audit(0.0:21071): avc: denied { ioctl } for path="socket:[1799361]" dev="sockfs" ino=1799361 ioctlcmd=7704 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:r:untrusted_app:s0:c512,c768 tclass=unix_stream_socket permissive=0
11-11 09:02:41.919 23634 23644 I cr_LibraryLoader: Using linker: org.chromium.base.library_loader.ModernLinker
11-11 09:02:41.920 21010 21010 W cr_ChildProcessConnect: onServiceDisconnected (crash or killed by oom): pid=21102
11-11 09:02:41.941 23634 23646 I cr_LibraryLoader: Loading chrome from within /data/app/com.android.chrome-1/base.apk
11-11 09:02:41.965 22521 22521 I System.out: writeCharacteristic(4, 8, AQAAAA==)
11-11 09:02:41.967 781 1226 D ActivityManager: cleanUpApplicationRecord -- 21102
11-11 09:02:41.967 781 1226 W ActivityManager: Scheduling restart of crashed service com.android.chrome/org.chromium.content.app.SandboxedProcessService0 in 1000ms
11-11 09:02:42.016 23634 23646 I cr_LibraryLoader: Time to load native libraries: 95 ms (timestamps 5253-5348)
11-11 09:02:42.016 23634 23646 I cr_LibraryLoader: Expected native library version number "54.0.2840.85", actual native library version number "54.0.2840.85"
11-11 09:02:42.016 23634 23646 I chromium: [INFO:library_loader_hooks.cc(151)] Chromium logging enabled: level = 0, default verbosity = 0
11-11 09:02:42.027 23634 23646 E libEGL : validate_display:255 error 3008 (EGL_BAD_DISPLAY)
11-11 09:02:42.028 23634 23646 I Adreno-EGL: <qeglDrvAPI_eglInitialize:379>: QUALCOMM Build: 10/21/15, 369a2ea, I96aee987eb
After this, it does one more reading then disconnected.
If I goto bluetooth app and 'clear data', then it works fine again.
I'm developing on Android 5.0 now, and I get these logs several times just after the device rebooted in low-power state(I'm not sure if low-power is relevant here).
I don't familiar with SQLite, but I have gone through the flow of ext4 file create, read, and how does selinux label the inode, and I don't see how can a ext4 file inode's xattr be corrupted.
In normal, it should appear like this:
u:object_r:system_data_file:s0 locksettings.db-shm
u:object_r:system_data_file:s0 locksettings.db-wal
I'll paste logs later.
Any help is appreciated..Thank you
---Scenario 1:--
**kmsg:**
<12>[ 26.034851s][pid:2758,cpu3,logd.auditd]type=1400 audit(1425430396.379:7):
avc: denied { write } for pid=3244 comm="system_server" name="locksettings.db- shm" dev="mmcblk0p40" ino=430823 scontext=u:r:system_server:s0 tcontext=u:object_r:unlabeled:s0 tclass=file permissive=0
**logcat:**
08:53:16.369 3244 3244 E SQLiteLog: (14) cannot open file at line 28606 of [9491ba7d73]
E SQLiteLog: (14) os_unix.c:28606: (13) open(/data/system/locksettings.db-shm) -
E SQLiteLog: (14) unable to open database file
E SQLiteLog: (14) cannot open file at line 28606 of [9491ba7d73]
E SQLiteLog: (14) os_unix.c:28606: (13) open(/data/system/locksettings.db-shm) -
E SQLiteDatabase: Failed to open database '/data/system/locksettings.db'.
E SQLiteDatabase: android.database.sqlite.SQLiteCantOpenDatabaseException: unable to open database file(Sqlite code 14): , while compiling: PRAGMA journal_mode,(OS error - 13:Permission denied)
E SQLiteDatabase: at android.database.sqlite.SQLiteConnection.nativePrepareStatement(Native Method)
E SQLiteDatabase: at android.database.sqlite.SQLiteConnection.acquirePreparedStatement(SQLiteConnection.java:889)
E SQLiteDatabase: at android.database.sqlite.SQLiteConnection.executeForString(SQLiteConnection.java:634)
E SQLiteDatabase: at android.database.sqlite.SQLiteConnection.setJournalMode(SQLiteConnection.java:320)
E SQLiteDatabase: at android.database.sqlite.SQLiteConnection.setWalModeFromConfiguration(SQLiteConnection.java:291)
E SQLiteDatabase: at android.database.sqlite.SQLiteConnection.open(SQLiteConnection.java:215)
--Scenario 2:--
**kmsg:**
11:58:55.334 <6>[ 26.980468s][pid:3299,cpu4,system_server]SELinux: Context is not valid (left unmapped).
11:58:55.334 <12>[ 26.980743s][pid:2844,cpu0,logd.auditd]type=1400 audit(1425009535.319:5): avc: denied { write } for pid=3299 comm="system_server" name="locksettings.db-wal" dev="mmcblk0p40" ino=16423 scontext=u:r:system_server:s0 tcontext=u:object_r:unlabeled:s0 tclass=file permissive=0
11:58:55.334 <12>[ 26.986572s][pid:2844,cpu0,logd.auditd]type=1400 audit(1425009535.319:6): avc: denied { write } for pid=3299 comm="system_server" name="locksettings.db-wal" dev="mmcblk0p40" ino=16423 scontext=u:r:system_server:s0 tcontext=u:object_r:unlabeled:s0 tclass=file permissive=0
**logcat:**
11:58:55.319 3299 3299 E SQLiteLog: (283) recovered 10 frames from WAL file /data/system/locksettings.db-wal