My Android app is trying to write to the /dev/video0 file but is getting the following AVC denial:
10-31 08:31:42.987 4786 4786 W com.my.app: type=1400 audit(0.0:41): avc: denied { write } for name="video0" dev="tmpfs" ino=18497 scontext=u:r:cameratest_app:s0:c145,c256,c512,c768 tcontext=u:object_r:video_device:s0 tclass=chr_file permissive=0 app=com.my.app My app is running as platform app. For that, I've added a cameratest.te SELinux policy with the rule to access video devices:
type cameratest_app, domain; app_domain(cameratest_app) allow cameratest_app video_device:chr_file { read write open getattr setattr }; I also added this domain to the seapp_context file:
user=_app domain=cameratest_app seinfo=platform name=com.my.app type=app_data_file levelFrom=all However, the error still occurs.
I've tried the audit2allow tool, which suggested the following:
# Possible cause is the source level (s0:c145,c256,c512,c768) and target level (s0) are different. allow cameratest_app video_device:chr_file write; My questions are:
- What does the source level
s0:c145,c256,c512,c768mean? - How can I change it so that the app can write to the
/dev/videonode?
I'm using Android 10.
P.S. I've already checked a similar question: What is c512,c768 of SELinux process.
It mentions that running an app as a platform or system app should fix the problem. My app is already a platform app though, and I've tried running it as system app too, but I still get the same result.
Is there anything else I can do to fix it?
