Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-118600

Android QCanBus SELinux Permissions

    XMLWordPrintable

Details

    • Bug
    • Resolution: Unresolved
    • P2: Important
    • None
    • 6.5.3
    • SerialBus: CAN Bus
    • None
    • Ubuntu 22.04
      Android 12
    • Android
    • 2023wk52FOQtforAndroid, 2024wk14FOQtforAndroid

    Description

      Hi,

      I have an Android 12 device with socketcan support. I wrote a basic canbus code. This code scans the canbus devices and selects one, just like in the qt sample codes. When I run the code, I get the following logs on  application output screen of QT. I have root access. Dmesg also gives the same output. If I set Selinux to permissive, all canbus features work perfectly on my Android. If I set Selinux to Enforcing, my app and any qt canbus examples cant accessing canbus anymore. What should I do to pass Enforcing Selinux ?

      I'am using Qt6.5.3 right now but older Qt6 versions is already had same problem. I tried 6.2, 6.4 and 6.5. 

       

       

      [75700.827519] [20231028_15:34:07.230536]@1 type=1400 audit(1698496447.228:52436): avc: denied { read } for comm="qtMainLoopThrea" name="net" dev="sysfs" ino=30126 scontext=u:r:untrusted_app:s0:c37,c257,c512,c768 tcontext=u:object_r:sysfs_net:s0 tclass=dir permissive=1 app=org.qt.my_can_project
      
      [75700.827707] [20231028_15:34:07.230726]@1 type=1400 audit(1698496447.229:52437): avc: denied { open } for comm="qtMainLoopThrea" path="/sys/class/net" dev="sysfs" ino=30126 scontext=u:r:untrusted_app:s0:c37,c257,c512,c768 tcontext=u:object_r:sysfs_net:s0 tclass=dir permissive=1 app=org.qt.my_can_project
      
      [75700.827876] [20231028_15:34:07.230896]@1 type=1400 audit(1698496447.229:52438): avc: denied { search } for comm="qtMainLoopThrea" name="net" dev="sysfs" ino=30126 scontext=u:r:untrusted_app:s0:c37,c257,c512,c768 tcontext=u:object_r:sysfs_net:s0 tclass=dir permissive=1 app=org.qt.my_can_project
      
      [75700.828596] [20231028_15:34:07.231616]@1 type=1400 audit(1698496447.230:52439): avc: denied { read } for comm="qtMainLoopThrea" name="type" dev="sysfs" ino=38629 scontext=u:r:untrusted_app:s0:c37,c257,c512,c768 tcontext=u:object_r:sysfs_net:s0 tclass=file permissive=1 app=org.qt.my_can_project
      
      [75700.828733] [20231028_15:34:07.231753]@1 type=1400 audit(1698496447.230:52440): avc: denied { open } for comm="qtMainLoopThrea" path="/sys/devices/virtual/net/dummy0/type" dev="sysfs" ino=38629 scontext=u:r:untrusted_app:s0:c37,c257,c512,c768 tcontext=u:object_r:sysfs_net:s0 tclass=file permissive=1 app=org.qt.my_can_project
      
      [75700.828949] [20231028_15:34:07.231968]@1 type=1400 audit(1698496447.230:52441): avc: denied { getattr } for comm="qtMainLoopThrea" path="/sys/devices/virtual/net/dummy0/type" dev="sysfs" ino=38629 scontext=u:r:untrusted_app:s0:c37,c257,c512,c768 tcontext=u:object_r:sysfs_net:s0 tclass=file permissive=1 app=org.qt.my_can_project
      
      [75702.297704] [20231028_15:34:08.700726]@2 type=1400 audit(1698496448.699:52442): avc: denied { create } for comm="qtMainLoopThrea" scontext=u:r:untrusted_app:s0:c37,c257,c512,c768 tcontext=u:r:untrusted_app:s0:c37,c257,c512,c768 tclass=can_socket permissive=1 app=org.qt.my_can_project
      
      [75702.297824] [20231028_15:34:08.700848]@2 type=1400 audit(1698496448.699:52443): avc: denied { ioctl } for comm="qtMainLoopThrea" path="socket:[2281780]" dev="sockfs" ino=2281780 ioctlcmd=8933 scontext=u:r:untrusted_app:s0:c37,c257,c512,c768 tcontext=u:r:untrusted_app:s0:c37,c257,c512,c768 tclass=can_socket permissive=1 app=org.qt.my_can_project 
      
      [75702.297884] [20231028_15:34:08.700909]@2 type=1400 audit(1698496448.699:52444): avc: denied { bind } for comm="qtMainLoopThrea" scontext=u:r:untrusted_app:s0:c37,c257,c512,c768 tcontext=u:r:untrusted_app:s0:c37,c257,c512,c768 tclass=can_socket permissive=1 app=org.qt.my_can_project
      
      [75702.297942] [20231028_15:34:08.700966]@2 type=1400 audit(1698496448.699:52445): avc: denied { setopt } for comm="qtMainLoopThrea" scontext=u:r:untrusted_app:s0:c37,c257,c512,c768 tcontext=u:r:untrusted_app:s0:c37,c257,c512,c768 tclass=can_socket permissive=1 app=org.qt.my_can_project
      
      [75702.492132] [20231028_15:34:08.895154]@2 type=1400 audit(1698496448.893:52446): avc: denied { write } for comm="qtMainLoopThrea" path="socket:[2281780]" dev="sockfs" ino=2281780 scontext=u:r:untrusted_app:s0:c37,c257,c512,c768 tcontext=u:r:untrusted_app:s0:c37,c257,c512,c768 tclass=can_socket permissive=1 app=org.qt.my_can_project 
                                                                                                                                                                

       

       

      Attachments

        Issue Links

          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              qtandroidteam Qt Android Team
              osos11 Alperen UNAL
              Votes:
              1 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:

                Gerrit Reviews

                  There are no open Gerrit changes