We have a newly built custom tablet running android 7.1 that contains an
RFM73 radio transceiver.
The tablet manufacturer supplied us with a C/java library to access the RFM73 and i've wrapped this into a b4a library.
A minimal b4a project that tests the wrapper works fine and our tablets can send and receive small data packets to and from each other.
We then added the library to our company's main app - again a b4a project - but the library now fails to work.
After lots of debugging i found this line in the unfiltered logs:
type=1400 audit(0.0:120): avc: denied { ioctl } for path="/dev/rfm7x" dev="tmpfs" ino=1175 ioctlcmd=6b09 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u
bject_r:device:s0 tclass=chr_file permissive=1
ioctl is the C library that accesses the RFM73.
/dev/rfm7x is the named pipe that ioctl uses to communicate with the RFM73.
So our b4a test app has no problems but our main application is refused permission to access the RFM73.
A Google search suggests that android needs to be recompiled with an updated SELinux security policy to allow access to the RFM73 from 'user apps'.
But we're confused as to why our minimal test app is allowed to access the RFM73 but not our main application.
Both test application and main application:
- Use a foreground service to access the RFM73.
- Have the same permissions.
- Use the same min(4) and target(23) android sdks.
- Are compiled using the same version of android.jar(28).
- Are compiled with the same android debug keystore.
Has anyone got any idea why one app is allowed access to the RFM73 but not the other?
Thanks.