From 641c5ae99de78c29a0bf9c2ee7366429cbd8e091 Mon Sep 17 00:00:00 2001 From: Macpaul Lin Date: Mon, 12 Jul 2021 15:53:54 +0800 Subject: [PATCH] Add FUNCTIONFS_ENDPOINT_ALLOC to ioctl_defines and mediaprovider.te We've got a SELinux warning in kernel-5.10 when "File Transfer" (MTP) has been enabled by user. Error log: avc: denied { ioctl } for pid=5521 comm="MtpServer" path="/dev/usb-ffs/mtp/ep1" dev="functionfs" ino=102677 ioctlcmd=0x67e7 scontext=u:r:mediaprovider:s0:c512,c768 tcontext=u:object_r:functionfs:s0 tclass=file permissive=0 Repeat steps: 1. Connect the phone to PC with USB cable. 2. Select "File Transfer" (MTP) in "USB Preferences" Menu. 3. Selinux warning will arise after "File Transfer" has been enabled by user due to an IOCTL access to /dev/usb-ffs/mtp/ep1. Solution: To solve this warning, add a sepolicy to allow this type of IOCTL is required. Signed-off-by: Macpaul Lin Change-Id: Id340fb98062b3cee239343f3800f6dfceadeb572 Bug: 193473440 --- private/mediaprovider.te | 1 + public/ioctl_defines | 1 + 2 files changed, 2 insertions(+) diff --git a/private/mediaprovider.te b/private/mediaprovider.te index 78bbdb064..545d9eae5 100644 --- a/private/mediaprovider.te +++ b/private/mediaprovider.te @@ -39,6 +39,7 @@ allow mediaprovider mtp_device:chr_file rw_file_perms; allow mediaprovider functionfs:dir search; allow mediaprovider functionfs:file rw_file_perms; allowxperm mediaprovider functionfs:file ioctl FUNCTIONFS_ENDPOINT_DESC; +allowxperm mediaprovider functionfs:file ioctl FUNCTIONFS_ENDPOINT_ALLOC; # MtpServer sets sys.usb.ffs.mtp.ready get_prop(mediaprovider, ffs_config_prop) diff --git a/public/ioctl_defines b/public/ioctl_defines index 5ac4d9458..3585d90ed 100644 --- a/public/ioctl_defines +++ b/public/ioctl_defines @@ -846,6 +846,7 @@ define(`FUNCTIONFS_ENDPOINT_REVMAP', `0x00006781') define(`FUNCTIONFS_FIFO_FLUSH', `0x00006702') define(`FUNCTIONFS_FIFO_STATUS', `0x00006701') define(`FUNCTIONFS_INTERFACE_REVMAP', `0x00006780') +define(`FUNCTIONFS_ENDPOINT_ALLOC', `0x000067e7') define(`FW_CDEV_IOC_ADD_DESCRIPTOR', `0xc0182306') define(`FW_CDEV_IOC_ALLOCATE', `0xc0202302') define(`FW_CDEV_IOC_ALLOCATE_ISO_RESOURCE', `0xc018230d')