My platform app is trying to write to /dev/video0 file but getting the avc denied:
10-31 08:31:42.987 4786 4786 W com.my.app: type=1400 audit(0.0:41): avc: denied { write } for name="video0" dev="tmpfs" ino=18497 scontext=u:r:cameratest_app:s0:c145,c256,c512,c768 tcontext=u:object_r:video_device:s0 tclass=chr_file permissive=0 app=com.my.app I've already added a cameratest.te sepolicy with the rules for the cameratest_app domain:
type cameratest_app, domain; app_domain(cameratest_app) allow cameratest_app video_device:chr_file { read write open getattr setattr }; and added this domain to the seapp_context file:
user=_app domain=cameratest_app seinfo=platform name=com.my.app type=app_data_file levelFrom=all But the error still occurs.
I've tried the audit2allow tool and it gave me the following comment:
# Possible cause is the source level (s0:c145,c256,c512,c768) and target level (s0) are different. allow cameratest_app video_device:chr_file write; What does the source level s0:c145,c256,c512,c768 mean? And how do I change it so that it can write to the /dev/video node?
I'm using Android 10.