Not apply selinux policy rule in magisk module #8665
Comments
|
what is /sbin/.magisk/preinit/sepolicy.rule content? |
|
It seems,what content of this file is empty. |
|
I reboot phone and for now content is allow priv_app fm_device chr_file { read write ioctl open } |
|
Any ideas about this issue? |
|
I tryed to run magiskpolicy --apply my_files_with_rule and get an error: Syntax error in: "allow priv_app fm_device chr_file { read write ioctl open }" I tryed to use allow priv_app fm_devicechr_file *{ read write ioctl open } But it seems,i get the same result. If i try to use: |
|
Hey, this looks more like an SELinux syntax issue than a Magisk bug. Try using: If that fails with a file/dir error, put the rule in a text file (e.g. Double-check your module scripts ( |
|
@JMitander I found reason of the issue. At first i should apply rule only from file,and at second,it seems what syntax error was,because magisk dont know about ioctl permission. Also i found other issue - permission write ignores for context priv_app and i can't change context of my app on platform_app,because i haven't signing of firmware. When i reinstalled my app in app folder,so it get context untrusted_app,i get new errors. Yes,i can add selinux rule,to fix this errors,but,in my opinion,in this case my device will be more vulnerable and i am not sure,what all will works ok. Also i noticed,what when i execute magiskpolicy --apply-rule <path_to_rule> (possible typos in my command),magisk not apply my rule,at least for priv_app context,but if i implement this rule in module,rule apply successfully,except ignoring of write permission. So issue for magisk it add in magisk information about type of permission with name ioctl,that magisk not throws syntax error,if we will have ioctl permission in our selinux rule,and probably fix issue for write permission for /dev/any_chr_file_device,if application have context priv_app. |
|
Check if there is any log that contains this line: Magisk/native/src/sepolicy/sepolicy.cpp Line 275 in 049db49 Also, for ioctls, you may need allowxperm such as:
|
|
I am not sure,but it seems,what in magisk logs,which i can see via magisk ui,i haven't this warning. And,as i wrote,during executing apply-rule command i had syntax error,but even if ioctl is not supported,it shouldn't be this error. I want to know,what in this line means policy,which version could not supported extended permission and how to update it. Whether in this log message means magiskpolicy? Also,as i wrote,my write permission for context priv-app is ignore in magisk module,and while write permission will be unsuccessfully,no ioctl will be execute,because algorithm in fm radio app stopp working,if opening of device was unsuccessful. |
|
Make sure your module’s |
At first,as i understand according magisk documentation,no .te files allow (only sepolicy.rule). Also i not found any mention,what in selinux rules use ; character. As i understand,magisk syntax different from selinux syntax. In selinux syntax we can write: But in magisk syntax we can only write: If magisk allow to use .te files inside it module,please show to me this place in magisk documentation. If this not documented,it reason report new issue to magisk.
Ok,how i can know selinux version on my device via adb? Also,as i wrote,even without ioctl my write permission ignores in context priv_app,i.e even with this permission i get an error/warning in log,but instead of read write permission it shows only write permission,despite in selinux rule i have {read write} or {read write open}. So,in my opinion,there is no sense solve problem with ioctl,while i not solve problem with write permission in priv_app context,because i can't replace context of my app on platform_app,because i haven't key of firmware,which use in agm m7. |
Device: agm m7
Android version: 8.1 (api 27)
Magisk version name: 28.1
Magisk version code:28101
In fact i use magisk with versioncode 28100,but if i report issue with this version number,magisk bot not allow to me report this issue. I want to write module,which allow to apply my selinux rule,to get access of my fm radio app to /dev/fm module.using dmesg i get an error message:
using this message i wrote module with selinux rule and install it via adb (magisk --install-module). Module installed successfully. Whether it's my issue,because it my first magisk module and selinux rule,or magisk issue? Yes,i know,what i probably should ask this questions in xda developer,but at first i have registration problems on this forum,and at second,this can be magisk issue,which should be fixed. In attachment you will see my module,to understand,whether it magisk issue or not,and log from magisk.
fm_radio_sepolicy.zip](https://github.com/user-attachments/files/18266123/fm_radio_sepolicy.zip)
magisk_log_2024-12-28T15.30.00.log
The text was updated successfully, but these errors were encountered: