Hi All,
I am trying to add permission for ttyHSL1 in the application layer.
but during build i am getting error:
out/target/product/msm8909/obj/ETC/file_contexts.bin_intermediates/file_contexts.concat.tmp: Multiple different specifications for /dev/ttyHSL1 (u:object_r:selfdefined_device:s0 and u:object_r:tty_device:s0)
how to solve this?
hi,pls show me your code change,thx.
diff --git a/common/device.te b/common/device.te
index 2217974…94e9d61 100644
— a/common/device.te
+++ b/common/device.te
@@ -107,6 +107,9 @@ type qdss_device, dev_type;
#Define Gadget serial device
type gadget_serial_device, dev_type;
+#self-Defined serial device
+type selfdefined_device, dev_type;
+
#energy-awareness device
type pta_device, dev_type;
diff --git a/common/device.te~ b/common/device.te~
index 2217974…94e9d61 100644
— a/common/device.te~
+++ b/common/device.te~
@@ -107,6 +107,9 @@ type qdss_device, dev_type;
#Define Gadget serial device
type gadget_serial_device, dev_type;
+#self-Defined serial device
+type selfdefined_device, dev_type;
+
#energy-awareness device
type pta_device, dev_type;
diff --git a/common/file_contexts b/common/file_contexts
index a009042…8e27239 100644
— a/common/file_contexts
+++ b/common/file_contexts
@@ -30,6 +30,7 @@
/dev/smd.* u:object_r:smd_device:s0
/dev/smem_log u:object_r:smem_log_device:s0
/dev/ttyHSL0 u:object_r:console_device:s0
+/dev/ttyHSL1 u:object_r:selfdefined_device:s0
/dev/ttyMSM0 u:object_r:console_device:s0
/dev/ttyHS[0-9]* u:object_r:serial_device:s0
/dev/ttyGS0 u:object_r:gadget_serial_device:s0
diff --git a/common/file_contexts~ b/common/file_contexts~
index a009042…8e27239 100644
— a/common/file_contexts~
+++ b/common/file_contexts~
@@ -30,6 +30,7 @@
/dev/smd.* u:object_r:smd_device:s0
/dev/smem_log u:object_r:smem_log_device:s0
/dev/ttyHSL0 u:object_r:console_device:s0
+/dev/ttyHSL1 u:object_r:selfdefined_device:s0
/dev/ttyMSM0 u:object_r:console_device:s0
/dev/ttyHS[0-9]* u:object_r:serial_device:s0
/dev/ttyGS0 u:object_r:gadget_serial_device:s0
diff --git a/common/system_app.te b/common/system_app.te
index 25b05dc…ca9e0e1 100644
— a/common/system_app.te
+++ b/common/system_app.te
@@ -199,4 +199,7 @@ unix_socket_connect(system_app, ims, ims)
allow system_app qseeproxy:unix_dgram_socket sendto;
+#allow access to ttyHSL1
+allow system_app selfdefined_device:chr_file rw_file_perms;
+
diff --git a/common/system_server.te b/common/system_server.te
index ac8937d…f8b72d8 100644
— a/common/system_server.te
+++ b/common/system_server.te
@@ -166,3 +166,5 @@ allow system_server omadm_service:service_manager add;
allow system_server dmclient_data_file:file create_file_perms;
allow system_server dmclient_data_file:dir rw_dir_perms;
+#allow access to ttyHSL1
+allow system_server selfdefined_device:chr_file rw_file_perms;
diff --git a/common/system_server.te~ b/common/system_server.te~
index 690d944…f8b72d8 100644
— a/common/system_server.te~
+++ b/common/system_server.te~
@@ -167,4 +167,4 @@ allow system_server dmclient_data_file:file create_file_perms;
allow system_server dmclient_data_file:dir rw_dir_perms;
#allow access to ttyHSL1
-allow system_server selfdefined_device:chr_file rw_file_perms;
\ No newline at end of file
+allow system_server selfdefined_device:chr_file rw_file_perms;
The change looks like ok,we can veiify it from the flow points,
1,make clean ,and then build all; 2,ensure exsit only one sepcification about ttyHSL1; 3,firstly change device.te and file_contexts files,check whether can build success,if ok , change system_server.te.
hi Rony,
still getting the same errors
Pls check whether have others change, i do these change in my code,and it build success.
Hi Rooney ,
issue solved there is another declaration for ttyHSL1 in system
Hi Rooney,
I am bit confused in writing sepolicy
I am getting avc denied
avc: denied { write } for name=“ttyHSL1” dev=“tmpfs” ino=6901 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:selfdefined_device:s0 tclass=chr_file permissive=0
for this I have added the following line in device/qcom/sepolicy/common/platform_app.te
allow platform_app selfdefined_device:chr_file { write };
but I cant remove this
please support
hi,pls check weather only one avc denied? Sometimes an avc is caused by another one.The line you added is correct. By the way,how the build fail issue solved?
Hi Rooney,
The build failure occurred since there was another specification about ttyHSL1 in /system
I removed that.
Hi Rooney,
This is the log:
https://paste.ubuntu.com/p/CyHfzbybDz/
I cant find any avc denied message other than that related to ttyHSL1
@Anas_Abo_Hyleh
still the problem persist
i have tried these patch also. but nothing changes
diff --git a/device/qcom/sepolicy/vendor/common/file_contexts b/device/qcom/sepolicy/vendor/common/file_contexts
index 04e82ca…78ee3d6 100755
— a/device/qcom/sepolicy/vendor/common/file_contexts
+++ b/device/qcom/sepolicy/vendor/common/file_contexts
@@ -33,6 +33,7 @@
/dev/sensors u:object_r:sensors_device:s0
/dev/smd.* u:object_r:smd_device:s0
/dev/smem_log u:object_r:smem_log_device:s0
+/dev/ttyHSL1 u:object_r:quec_device:s0
/dev/ttyHSL0 u:object_r:console_device:s0
/dev/ttyMSM0 u:object_r:console_device:s0
/dev/ttyHS[0-9]* u:object_r:serial_device:s0
diff --git a/device/qcom/sepolicy/vendor/common/platform_app.te b/device/qcom/sepolicy/vendor/common/platform_app.te
index a8995aa…9ea900e 100644
— a/device/qcom/sepolicy/vendor/common/platform_app.te
+++ b/device/qcom/sepolicy/vendor/common/platform_app.te
@@ -4,6 +4,7 @@ binder_call(platform_app, dtseagleservice)
binder_call(platform_app, fidodaemon)
+allow {system_server untrusted_app shell system_app platform_app} quec_device:chr_file {read write open ioctl } ;
allow platform_app secotad_service:service_manager find;
binder_call(platform_app, secotad)