L版本Msensor SELinx限制问题总结

[DESCRIPTION]

在L版本上Msensor 要正常工作,可能会遇到一些与SElinux限制问题,导致msensor的deamon进程不能正常运行

[SOLUTION]

下面以型号为akm09911的msensor为例,可能出现的log总结如下

<1> [ 16.727421].(0)[1:init]avc: denied { set } for property=ctl.akmd09911

scontext=u:r:msensord:s0 tcontext=u:object_r:ctl_default_prop:s0 tclass=

property_service

<2>[ 11.198963].(0)[155:logd.auditd]type=1400 audit(1262304198.660:4): avc

: denied { open } for pid=208 comm="akmd09911" path="/dev/msensor" dev="

tmpfs" ino=3159 scontext=u:r:akmd09911:s0 tcontext

=u:object_r:msensor_device:s0 tclass=chr_file permissive=0

<3> [ 15.818871].(1)[153:logd.auditd]type=1400 audit(1262304025.210:4):

avc: denied { read write } for pid=279 comm="akmd09911" name="msensor"

dev="tmpfs" ino=3203 scontext=u:r:akmd09911:s0 tcontext

=u:object_r:msensor_device:s0 tclass=chr_file permissive=0

<4>[ 11.114422].(0)[155:logd.auditd]type=1400 audit(1262304014.670:4): avc

: denied { read write } for pid=207 comm="akmd09911" name="gsensor" dev="

tmpfs" ino=3219 scontext=u:r:akmd09911:s0 tcontext

=u:object_r:gsensor_device:s0 tclass=chr_file permissive=0

<5>[ 11.505449].(2)[153:logd.auditd]type=1400 audit(1262304014.800:4): avc

: denied { ioctl } for pid=205 comm="akmd09911" path="/dev/msensor" dev="

tmpfs" ino=61 scontext=u:r:akmd09911:s0 tcontext

=u:object_r:msensor_device:s0 tclass=chr_file permissive=0

对应以上五条解决办法

出现上面<1>的情形

按下面的方法增加语句:

(a)在文件alps/device/mediatek/common/sepolicy/property.te中增加下面的语

句(如果存在,则不需要增加)

type ctl_akmd09911_prop, property_type;

(b)在文件alps/device/mediatek/common/sepolicy/property_contexts中增加下

面的语句(如果存在,则不需要增加)

ctl.akmd09911 u:object_r:ctl_akmd09911_prop:s0

(c)在文件alps/device/mediatek/common/sepolicy/msensord.te中增加下面的语

句(如果存在,则不需要增加)

allow msensord ctl_akmd09911_prop:property_service set;

L: you can add the policy to alps/device/mediatek/common/sepolicy/xxxx.te

上面<2><3><4><5>情形

#====================== akmd09911.te ======================

allow akmd09911 msensor_device:chr_file { read write ioctl open };

allow akmd09911 gsensor_device:chr_file { read write };

如若是其它型号的msensor将名字替换即可

来源:一牛网论坛

你可能感兴趣的:(L版本Msensor SELinx限制问题总结)