[DESCRIPTION]
在L版本上Msensor 要正常工作,可能会遇到一些与SElinux限制问题,导致msensor的deamon进程不能正常运行
[SOLUTION]
下面以型号为akm09911的msensor为例,可能出现的log总结如下
<1> [ 16.727421].(0)[1:init]avc: denied { set } for property=ctl.akmd09911
scontext=u:r:msensord:s0 tcontext=u:object_r:ctl_default_prop:s0 tclass=
property_service
<2>[ 11.198963].(0)[155:logd.auditd]type=1400 audit(1262304198.660:4): avc
: denied { open } for pid=208 comm="akmd09911" path="/dev/msensor" dev="
tmpfs" ino=3159 scontext=u:r:akmd09911:s0 tcontext
=u:object_r:msensor_device:s0 tclass=chr_file permissive=0
<3> [ 15.818871].(1)[153:logd.auditd]type=1400 audit(1262304025.210:4):
avc: denied { read write } for pid=279 comm="akmd09911" name="msensor"
dev="tmpfs" ino=3203 scontext=u:r:akmd09911:s0 tcontext
=u:object_r:msensor_device:s0 tclass=chr_file permissive=0
<4>[ 11.114422].(0)[155:logd.auditd]type=1400 audit(1262304014.670:4): avc
: denied { read write } for pid=207 comm="akmd09911" name="gsensor" dev="
tmpfs" ino=3219 scontext=u:r:akmd09911:s0 tcontext
=u:object_r:gsensor_device:s0 tclass=chr_file permissive=0
<5>[ 11.505449].(2)[153:logd.auditd]type=1400 audit(1262304014.800:4): avc
: denied { ioctl } for pid=205 comm="akmd09911" path="/dev/msensor" dev="
tmpfs" ino=61 scontext=u:r:akmd09911:s0 tcontext
=u:object_r:msensor_device:s0 tclass=chr_file permissive=0
对应以上五条解决办法
出现上面<1>的情形
按下面的方法增加语句:
(a)在文件alps/device/mediatek/common/sepolicy/property.te中增加下面的语
句(如果存在,则不需要增加)
type ctl_akmd09911_prop, property_type;
(b)在文件alps/device/mediatek/common/sepolicy/property_contexts中增加下
面的语句(如果存在,则不需要增加)
ctl.akmd09911 u:object_r:ctl_akmd09911_prop:s0
(c)在文件alps/device/mediatek/common/sepolicy/msensord.te中增加下面的语
句(如果存在,则不需要增加)
allow msensord ctl_akmd09911_prop:property_service set;
L: you can add the policy to alps/device/mediatek/common/sepolicy/xxxx.te
上面<2><3><4><5>情形
#====================== akmd09911.te ======================
allow akmd09911 msensor_device:chr_file { read write ioctl open };
allow akmd09911 gsensor_device:chr_file { read write };
如若是其它型号的msensor将名字替换即可
来源:一牛网论坛