Android Question Error avc: denied

warwound

Expert
Licensed User
Longtime User
We have a newly built custom tablet running android 7.1 that contains an RFM73 radio transceiver.
The tablet manufacturer supplied us with a C/java library to access the RFM73 and i've wrapped this into a b4a library.

A minimal b4a project that tests the wrapper works fine and our tablets can send and receive small data packets to and from each other.
We then added the library to our company's main app - again a b4a project - but the library now fails to work.
After lots of debugging i found this line in the unfiltered logs:

type=1400 audit(0.0:120): avc: denied { ioctl } for path="/dev/rfm7x" dev="tmpfs" ino=1175 ioctlcmd=6b09 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=ubject_r:device:s0 tclass=chr_file permissive=1

ioctl is the C library that accesses the RFM73.

/dev/rfm7x is the named pipe that ioctl uses to communicate with the RFM73.

So our b4a test app has no problems but our main application is refused permission to access the RFM73.
A Google search suggests that android needs to be recompiled with an updated SELinux security policy to allow access to the RFM73 from 'user apps'.
But we're confused as to why our minimal test app is allowed to access the RFM73 but not our main application.
Both test application and main application:
  • Use a foreground service to access the RFM73.
  • Have the same permissions.
  • Use the same min(4) and target(23) android sdks.
  • Are compiled using the same version of android.jar(28).
  • Are compiled with the same android debug keystore.
Has anyone got any idea why one app is allowed access to the RFM73 but not the other?

Thanks.
 

Erel

B4X founder
Staff member
Licensed User
Longtime User
A Google search suggests that android needs to be recompiled with an updated SELinux security policy to allow access to the RFM73 from 'user apps'.
If your test app works then your "real" app should also work.

Check the list of permissions in each app. Might be related.

Try to set the targetSdkVersion to 21 and see whether it makes any difference.
 
Upvote 0

warwound

Expert
Licensed User
Longtime User
Check the list of permissions in each app. Might be related.

The permissions used by the test app are all present in our main app.

Try to set the targetSdkVersion to 21 and see whether it makes any difference.

That makes no difference whatsoever.

I suspect this is a bug with the custom android firmware and needs to be fixed with a change in the SELinux security policy.
 
Upvote 0
Cookies are required to use this site. You must accept them to continue using the site. Learn more…