How to use UART3 for bluetooth HCI?

Products Support HiKey 960
#41

After adding this I am getting hci_attach_dev domain related denials as it tries to access /dev/tty -

avc: denied { read write } for pid=2188 comm=“hciattach” name=“ttyAMA3” dev=“tmpfs” ino=16006 scontext=u:r:shell:s0 tcontext=u:object_r:hci_attach_dev:s0 tclass=chr_file permissive=0

I allowed shell to -

allow shell hci_attach_dev:chr_file { read write };

but now getiing compilation error -

neverallow check failed at out/target/product/hikey960/obj/ETC/plat_sepolicy.cil_intermediates/plat_sepolicy.cil:9510 from system/sepolicy/private/app.te:375
(neverallow base_typeattr_259 hci_attach_dev (chr_file (read write)))

allow at out/target/product/hikey960/obj/ETC/nonplat_sepolicy.cil_intermediates/nonplat_sepolicy.cil:7309
(allow shell_10000_0 hci_attach_dev_10000_0 (chr_file (ioctl read write getattr lock append map open)))

Please help.

Yes. I have tried this before by adding kernel command line code in BoardConfig.mk. But want to resolve the permission issue as i will not be allowed to run in permissive mode.

Thanking you,

Regards,
Arnab Dey

#42

It looks like domain transition has not been applied since source context is shell instead of hci_attach.
Are you sure you added the domain_auto_trans rule (domain_auto_trans(shell, hci_attach_exec, hci_attach)) ? you can remove the init_daemon_domain btw.

to be sure domain transition is not bypassed you can try to apply the following rule instead:
allow shell hci_attach_exec:file { r_file_perms execute };

1 Like
#43

I have

domain_auto_trans(shell, hci_attach_exec, hci_attach)

in hci_attach.te. After adding [quote=“Loic, post:42, topic:3346”]
allow shell hci_attach_exec:file { r_file_perms execute };
[/quote]

I am getting the following error -

avc: denied { use } for pid=2188 comm=“hciattach” path="/system/vendor/bin/hciattach" dev=“sdd10” ino=2554 scontext=u:r:hci_attach:s0 tcontext=u:r:shell:s0 tclass=fd permissive=0

Please help.

Thanking you,

Regards,
Arnab Dey

#44

fd is permission to use an inherited file descriptor. Don’t know which filedescriptor it could be, maybe stdin/stdout. never mind did you try to add the missing rule, maybe something like this:
allow hci_attach shell:fd use;

1 Like
#45

Let me try this out.

I am running in permissive mode till the above issue gets solved and I observed one more issue -

I have hciattach as service and it works properly. But my BT controller most of the time does not respond to UI bluetooth toggle button. I cannot turn on bluetooth from BT turn on/off toggle button.

From command line also, I have tried to turn on BT -

sudo adb shell service call bluetooth_manager 6

and also from hikey cmdline -

hikey960:/ # start bluetooth-1-0

None of the above put my hci0 in up running mode. It stays down. However, the above commands put the bluetooth service in running mode -

hikey960:/ # getprop | grep bluetooth
[init.svc.bluetooth-1-0]: [running]
[persist.bluetooth.btsnoopenable]: [true]
[ro.boottime.bluetooth-1-0]: [8973926039]

What can be the issue ?

Please help.

From logcat I could find two errors related to UART3(ffd74000) -

uart-pl011 ffd74000.serial: could not find pctldev for node /soc/pinmux@e896c000/uart3_pmx_func, deferring probe

uart-pl011 ffd74000.serial: no DMA platform data

can these cause any problem?

Thanking you,

Regards,
Arnab Dey

#46

Hi Loic,

I found that after bluetooth turn on from UI toggle button, host sends two vendor commands(opcode = 0xFD57 with 3 parameters - 0x01 0x01 0x00 and the other one is 0xFD5B with no parameter) which are not supported by my controller. These vendor commands somehow crashe my BT controller. Can you please let me know how I can modify the init code which gets executed after bluetooth is turned on so that I can disable these vendor commands?

Thanking you,

Regards,
Arnab Dey

#47

These two commands are ‘vendor’ specific but expected by Android BT stack (Fluoride /system/bt).
HCI_BLE_ADV_FILTER_OCF (0x0157 | HCI_GRP_VENDOR_SPECIFIC)
HCI_CONTROLLER_DEBUG_INFO_OCF (0x015B | HCI_GRP_VENDOR_SPECIFIC)

Your controler should not be confused by unknown command and just report error… btw is it a dual mode controller (BR/EDR + BLE) ? is it a custom BT controller ?

I think the simpler way to prevent these commands is to comment related code in the stack. for example HCI_BLE_ADV_FILTER_OCF command is sent at several places in stack/btm/btm_ble_adv_filter.cc, the other command is used in hci/src/hci_layer.cc. You can also filter these commands in the hci driver / line-discipline but this request some development.

1 Like
#48

My controller is dual mode broadcom controller.

Can you please let me know how to do this as this looks cleaner than commenting out at different places in the stack?

Any idea why these vendor specific commands are embedded in the common bt code which can be used by any controller from any vendor?

Absolutely.
From snoop log, I saw that the hikey960 default TI controller responds with ‘UNKNOWN_HCI_COMMAND’ to 0xFD57 (HCI_BLE_ADV_FILTER_OCF) and this should be the correct controller behavior.

Thanking you,

Regards,
Arnab Dey

#49

Is it a bcm43xx controller? if yes there is an existing driver/line-discipline for this one (hci_bcm).

If using the any line discipline, everything will take place in drivers/bluetooth/hci_h4.c. You want to prevent controller confusion on certain commands, but you also want to avoid upper stack timeout issue. So what you need to do is filtering bad command packets and inject back a virtual command complete event with a failure code like ‘command not supported’.

I suggest you to hook this in h4_enqueue which is called when upper stack want to send a HCI pkt. So if the pkt type is a command (hci_skb_pkt_type(skb) == HCI_COMMAND_PKT) and the opcode is in your ‘black-list’ then do not enqueue the skb and inject the command complete with failure code.

Note:

  • opcode is the first two bytes of the HCI pkt, skb->data[0] and skb->data[1].
  • You can find an example of command complete injection in hci_intel: inject_cmd_complete. You just need to replace the success error code (*skb_put(skb, 1) = 0x00) with command unknown (0x01) .
  • I don’t really know what the upper stack (Fluoride) will do in case of unknown command response, I assumer this is correctly managed since this is ‘vendor’ specific commands.
1 Like
#50

Hi Loic,

Thank you very much for the guidance.

Yes. It is bcm43xx controller.

It seems I can use btbcm.c+hci_bcm.c to modify the kernel to make my controller ready to work. I will try this out.

One more question, what is the maximum baudrate supported by UART3 of Hikey960? How can I change the default baudrate? I need to set it to 3000000.

Is it possible to change the baudrate at runtime? i.e. using some daemon tool or something so that I can change it at some specified time in my init.rc? As I have a code which programs my controller at 115200, then I need to swich to 3000000 for hciattach and other stuffs. Please let me know how I can do this.

Thanking you,

Regards,
Arnab Dey

#51

you can try hciattach bcm43xx instead of any this should configure your controller and UART to 3Mbps.

Yes, you can even add your controller to the device tree as a child of the UART3 node, your device will be then enumerated without having to use any userspace tool… this however requests to backport some patches to add hci_bcm serial dev support, at least this one.

#52

Hi Loic,

this ‘bcm43xx’ does hci_reset, loads firmware patch and then changes the controller uart baudrate, right? Will this be able to affect hikey960(host) Uart3 baudrate? Beacuse right now the in my code also, I am doing the same set of operations - download patch(.hcd file), change the baudrate using same vendor command(0xFC18) that is used by bcm43xx_init. Till this point I can see everything goes fine(in my current code with baudrate=115200). But after that when I issue any HCI command I do not get any response from controller. If I update baudrate using 0xFC18, I need to change Hikey960 uart3(host) baudrate also accordingly, right?

Thanking you,

Regads,
Arnab Dey

#53

cf set_speed() in hciattach.c (cfsetospeed, cfsetispeed),

1 Like
#54

Hi Loic,

Thank you. I used cfsetospeed, cfsetispeed and termios to change the baudrate. It worked. Along with that I had to remove -s option in hciattach and put it like below -

hciattach /dev/ttyAMA3 any 3000000

Thanking you,

Regards,
Arnab Dey

#55

Hello Loic

I have read this complete discussion and it helped me understand the complete Architecture. Thank you.

My question is : I am working on the USB based BT, do I need any extra vendor layer for communication ? Currently my BT service is crashing as soon as bluetooth-1-0 hal service trigger. It denies the access to hal_bluetooth_default (I added all the possible permissions to the hal_bluetooth_default domain)

[ 17.828358] type=1400 audit(12.169:11): avc: denied { accept } for pid=184 comm=“android.hardwar” lport=33452 scontext=u:r:hal_vehicle_default:s0 tcontext=u:r:hal_vehicle_default:s0 tclass=tcp_socket permissive=1 duplicate messages suppressed
[ 17.858695] type=1400 audit(17.819:12): avc: denied { read } for pid=330 comm=5573625365727669636520686F7374 name=“001” dev=“tmpfs” ino=8756 scontext=u:r:system_server:s0 tcontext=u:object_r:bluetoothtbd_device:s0 tclass=dir permissive=1
[ 17.880094] type=1400 audit(17.819:12): avc: denied { read } for pid=330 comm=5573625365727669636520686F7374 name=“001” dev=“tmpfs” ino=8756 scontext=u:r:system_server:s0 tcontext=u:object_r:bluetoothtbd_device:s0 tclass=dir permissive=1
[ 17.902092] type=1400 audit(17.819:13): avc: denied { open } for pid=330 comm=5573625365727669636520686F7374 path="/dev/bus/usb/001" dev=“tmpfs” ino=8756 scontext=u:r:system_server:s0 tcontext=u:object_r:bluetoothtbd_device:s0 tclass=dir permissive=1
[ 17.926354] type=1400 audit(17.819:13): avc: denied { open } for pid=330 comm=5573625365727669636520686F7374 path="/dev/bus/usb/001" dev=“tmpfs” ino=8756 scontext=u:r:system_server:s0 tcontext=u:object_r:bluetoothtbd_device:s0 tclass=dir permissive=1
[ 17.949527] type=1400 audit(17.819:14): avc: denied { read write } for pid=330 comm=5573625365727669636520686F7374 name=“002” dev=“tmpfs” ino=8758 scontext=u:r:system_server:s0 tcontext=u:object_r:bluetoothtbd_device:s0 tclass=chr_file permissive=1
[ 17.971937] type=1400 audit(17.819:14): avc: denied { read write } for pid=330 comm=5573625365727669636520686F7374 name=“002” dev=“tmpfs” ino=8758 scontext=u:r:system_server:s0 tcontext=u:object_r:bluetoothtbd_device:s0 tclass=chr_file permissive=1
[ 17.994302] type=1400 audit(17.819:15): avc: denied { open } for pid=330 comm=5573625365727669636520686F7374 path="/dev/bus/usb/001/002" dev=“tmpfs” ino=8758 scontext=u:r:system_server:s0 tcontext=u:object_r:bluetoothtbd_device:s0 tclass=chr_file permissive=1
[ 18.017544] type=1400 audit(17.819:15): avc: denied { open } for pid=330 comm=5573625365727669636520686F7374 path="/dev/bus/usb/001/002" dev=“tmpfs” ino=8758 scontext=u:r:system_server:s0 tcontext=u:object_r:bluetoothtbd_device:s0 tclass=chr_file permissive=1
[ 18.040821] type=1400 audit(17.819:16): avc: denied { ioctl } for pid=330 comm=5573625365727669636520686F7374 path="/dev/bus/usb/001/002" dev=“tmpfs” ino=8758 ioctlcmd=5500 scontext=u:r:system_server:s0 tcontext=u:object_r:bluetoothtbd_device:s0 tclass=chr_file permi1
[ 18.267920] init: computing context for service ‘webview_zygote32’
[ 18.295454] type=1400 audit(17.819:16): avc: denied { ioctl } for pid=330 comm=5573625365727669636520686F7374 path="/dev/bus/usb/001/002" dev=“tmpfs” ino=8758 ioctlcmd=5500 scontext=u:r:system_server:s0 tcontext=u:object_r:bluetoothtbd_device:s0 tclass=chr_file permi1
[ 18.305307] init: starting service ‘webview_zygote32’…
[ 18.308262] init: Created socket ‘/dev/socket/webview_zygote’, mode 660, user 1053, group 1000
[ 18.347202] type=1400 audit(18.289:17): avc: denied { accept } for pid=184 comm=“android.hardwar” lport=33452 scontext=u:r:hal_vehicle_default:s0 tcontext=u:r:hal_vehicle_default:s0 tclass=tcp_socket permissive=1
[ 19.181288] omap-iommu 55082000.mmu: 55082000.mmu: version 2.1
[ 19.758868] type=1400 audit(18.289:17): avc: denied { accept } for pid=184 comm=“android.hardwar” lport=33452 scontext=u:r:hal_vehicle_default:s0 tcontext=u:r:hal_vehicle_default:s0 tclass=tcp_socket permissive=1
[ 19.798789] type=1400 audit(19.749:18): avc: denied { create } for pid=185 comm=“bluetooth@1.0-s” scontext=u:r:hal_bluetooth_default:s0 tcontext=u:r:hal_bluetooth_default:s0 tclass=socket permissive=1
[ 19.835290] type=1400 audit(19.749:18): avc: denied { create } for pid=185 comm=“bluetooth@1.0-s” scontext=u:r:hal_bluetooth_default:s0 tcontext=u:r:hal_bluetooth_default:s0 tclass=socket permissive=1
[ 19.856699] type=1400 audit(19.749:19): avc: denied { bind } for pid=185 comm=“bluetooth@1.0-s” scontext=u:r:hal_bluetooth_default:s0 tcontext=u:r:hal_bluetooth_default:s0 tclass=socket permissive=1
[ 19.878996] type=1400 audit(19.749:19): avc: denied { bind } for pid=185 comm=“bluetooth@1.0-s” scontext=u:r:hal_bluetooth_default:s0 tcontext=u:r:hal_bluetooth_default:s0 tclass=socket permissive=1
[ 19.898453] type=1400 audit(19.749:20): avc: denied { write } for pid=185 comm=“bluetooth@1.0-s” path=“socket:[12705]” dev=“sockfs” ino=12705 scontext=u:r:hal_bluetooth_default:s0 tcontext=u:r:hal_bluetooth_default:s0 tclass=socket permissive=1
[ 19.921568] type=1400 audit(19.749:20): avc: denied { write } for pid=185 comm=“bluetooth@1.0-s” path=“socket:[12705]” dev=“sockfs” ino=12705 scontext=u:r:hal_bluetooth_default:s0 tcontext=u:r:hal_bluetooth_default:s0 tclass=socket permissive=1
[ 19.944408] type=1400 audit(19.749:21): avc: denied { read } for pid=185 comm=“bluetooth@1.0-s” path=“socket:[12705]” dev=“sockfs” ino=12705 scontext=u:r:hal_bluetooth_default:s0 tcontext=u:r:hal_bluetooth_default:s0 tclass=socket permissive=1
[ 19.975880] type=1400 audit(19.749:21): avc: denied { read } for pid=185 comm=“bluetooth@1.0-s” path=“socket:[12705]” dev=“sockfs” ino=12705 scontext=u:r:hal_bluetooth_default:s0 tcontext=u:r:hal_bluetooth_default:s0 tclass=socket permissive=1
[ 19.998473] type=1400 audit(19.799:22): avc: denied { accept } for pid=184 comm=“android.hardwar” lport=33452 scontext=u:r:hal_vehicle_default:s0 tcontext=u:r:hal_vehicle_default:s0 tclass=tcp_socket permissive=1
[ 21.334854] init: Service ‘bootanim’ (pid 320) exited with status 0
[ 21.380276] init: processing action (sys.boot_completed=1)
[ 21.398255] init: processing action (sys.boot_completed=1 && sys.logbootcomplete=1)
[ 21.415937] init: computing context for service ‘exec 4 (/system/bin/bootstat)’
[ 21.427436] init: starting service ‘exec 4 (/system/bin/bootstat)’…
[ 21.465598] init: SVC_EXEC pid 782 (uid 0 gid 0+0 context default) started; waiting…
[ 21.493311] init: Command ‘exec - root root – /system/bin/bootstat --record_boot_complete’ action=sys.boot_completed=1 && sys.logbootcomplete=1 (/system/etc/init/bootstat.rc:36) returned 0 took 64.9585ms.
[ 21.539155] init: Service ‘exec 4 (/system/bin/bootstat)’ (pid 782) exited with status 0 waiting took 0.123367 seconds
[ 21.555047] init: computing context for service ‘exec 5 (/system/bin/bootstat)’
[ 21.563394] init: starting service ‘exec 5 (/system/bin/bootstat)’…
[ 21.571515] init: SVC_EXEC pid 783 (uid 0 gid 0+0 context default) started; waiting…
[ 21.598249] init: Service ‘exec 5 (/system/bin/bootstat)’ (pid 783) exited with status 0 waiting took 0.043200 seconds
[ 21.612159] init: computing context for service ‘exec 6 (/system/bin/bootstat)’
[ 21.620091] init: starting service ‘exec 6 (/system/bin/bootstat)’…
[ 21.629816] init: SVC_EXEC pid 784 (uid 0 gid 0+0 context default) started; waiting…
[ 21.683909] init: Service ‘exec 6 (/system/bin/bootstat)’ (pid 784) exited with status 0 waiting took 0.071727 seconds
[ 21.702755] init: computing context for service ‘exec 7 (/system/bin/bootstat)’
[ 21.724467] init: starting service ‘exec 7 (/system/bin/bootstat)’…
[ 21.738621] init: SVC_EXEC pid 809 (uid 0 gid 0+0 context default) started; waiting…
[ 21.771242] init: Command ‘exec - root root – /system/bin/bootstat -l’ action=sys.boot_completed=1 && sys.logbootcomplete=1 (/system/etc/init/bootstat.rc:45) returned 0 took 68.4866ms.
[ 21.790646] type=1400 audit(19.799:22): avc: denied { accept } for pid=184 comm=“android.hardwar” lport=33452 scontext=u:r:hal_vehicle_default:s0 tcontext=u:r:hal_vehicle_default:s0 tclass=tcp_socket permissive=1
[ 21.814040] type=1400 audit(21.779:23): avc: denied { write } for pid=185 comm=“HwBinder:185_1” path=“socket:[12703]” dev=“sockfs” ino=12703 scontext=u:r:hal_bluetooth_default:s0 tcontext=u:r:hal_bluetooth_default:s0 tclass=socket permissive=1
[ 21.839089] init: Service ‘exec 7 (/system/bin/bootstat)’ (pid 809) exited with status 0 waiting took 0.136379 seconds
[ 21.850985] init: processing action (sys.boot_completed=1 && sys.wifitracing.started=0)
[ 21.912670] init: Command ‘mkdir /sys/kernel/debug/tracing/instances/wifi 711’ action=sys.boot_completed=1 && sys.wifitracing.started=0 (/system/etc/init/wifi-events.rc:22) returned 0 took 52.1291ms.
[ 23.021776] type=1400 audit(21.779:23): avc: denied { write } for pid=185 comm=“HwBinder:185_1” path=“socket:[12703]” dev=“sockfs” ino=12703 scontext=u:r:hal_bluetooth_default:s0 tcontext=u:r:hal_bluetooth_default:s0 tclass=socket permissive=1
[ 23.090702] init: Command ‘restorecon_recursive /sys/kernel/debug/tracing/instances/wifi’ action=sys.boot_completed=1 && sys.wifitracing.started=0 (/system/etc/init/wifi-events.rc:23) returned 0 took 1158.61ms.
[ 23.388182] type=1400 audit(23.009:24): avc: denied { accept } for pid=184 comm=“android.hardwar” lport=33452 scontext=u:r:hal_vehicle_default:s0 tcontext=u:r:hal_vehicle_default:s0 tclass=tcp_socket permissive=1
[ 25.060978] init: Untracked pid 823 exited with status 0
[ 25.208194] binder: undelivered transaction 13330
[ 26.288335] type=1400 audit(25.569:25): avc: denied { accept } for pid=184 comm=“android.hardwar” lport=33452 scontext=u:r:hal_vehicle_default:s0 tcontext=u:r:hal_vehicle_default:s0 tclass=tcp_socket permissive=1
[ 26.401752] type=1400 audit(26.279:26): avc: denied { read write } for pid=330 comm=“Binder:330_7” name=“002” dev=“tmpfs” ino=8758 scontext=u:r:system_server:s0 tcontext=u:object_r:bluetoothtbd_device:s0 tclass=chr_file permissive=1
[ 26.447975] type=1400 audit(26.279:26): avc: denied { read write } for pid=330 comm=“Binder:330_7” name=“002” dev=“tmpfs” ino=8758 scontext=u:r:system_server:s0 tcontext=u:object_r:bluetoothtbd_device:s0 tclass=chr_file permissive=1
[ 26.502113] type=1400 audit(26.279:27): avc: denied { open } for pid=330 comm=“Binder:330_7” path="/dev/bus/usb/001/002" dev=“tmpfs” ino=8758 scontext=u:r:system_server:s0 tcontext=u:object_r:bluetoothtbd_device:s0 tclass=chr_file permissive=1
[ 26.541841] type=1400 audit(26.279:27): avc: denied { open } for pid=330 comm=“Binder:330_7” path="/dev/bus/usb/001/002" dev=“tmpfs” ino=8758 scontext=u:r:system_server:s0 tcontext=u:object_r:bluetoothtbd_device:s0 tclass=chr_file permissive=1
[ 26.563657] type=1400 audit(26.279:28): avc: denied { getattr } for pid=330 comm=“Binder:330_7” path="/dev/bus/usb/001/002" dev=“tmpfs” ino=8758 scontext=u:r:system_server:s0 tcontext=u:object_r:bluetoothtbd_device:s0 tclass=chr_file permissive=1
[ 26.585977] type=1400 audit(26.279:28): avc: denied { getattr } for pid=330 comm=“Binder:330_7” path="/dev/bus/usb/001/002" dev=“tmpfs” ino=8758 scontext=u:r:system_server:s0 tcontext=u:object_r:bluetoothtbd_device:s0 tclass=chr_file permissive=1
[ 26.608828] type=1400 audit(26.279:29): avc: denied { read write } for pid=330 comm=“Binder:330_7” path="/dev/bus/usb/001/002" dev=“tmpfs” ino=8758 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:bluetoothtbd_device:s0 tclass=chr_file permissive=1
[ 26.632880] type=1400 audit(26.279:29): avc: denied { read write } for pid=330 comm=“Binder:330_7” path="/dev/bus/usb/001/002" dev=“tmpfs” ino=8758 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:bluetoothtbd_device:s0 tclass=chr_file permissive=1
[ 26.658316] type=1400 audit(26.309:30): avc: denied { create } for pid=185 comm=“HwBinder:185_1” scontext=u:r:hal_bluetooth_default:s0 tcontext=u:r:hal_bluetooth_default:s0 tclass=socket permissive=1
[ 26.683823] type=1400 audit(26.309:30): avc: denied { create } for pid=185 comm=“HwBinder:185_1” scontext=u:r:hal_bluetooth_default:s0 tcontext=u:r:hal_bluetooth_default:s0 tclass=socket permissive=1
[ 26.702493] type=1400 audit(26.309:31): avc: denied { ioctl } for pid=1062 comm=“car.usb.handler” path="/dev/bus/usb/001/002" dev=“tmpfs” ino=8758 ioctlcmd=5500 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:bluetoothtbd_device:s0 tclass=chr_file permissi1
[ 26.728001] type=1400 audit(26.309:31): avc: denied { ioctl } for pid=1062 comm=“car.usb.handler” path="/dev/bus/usb/001/002" dev=“tmpfs” ino=8758 ioctlcmd=5500 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:bluetoothtbd_device:s0 tclass=chr_file permissi1
[ 26.752172] type=1400 audit(26.309:32): avc: denied { bind } for pid=185 comm=“HwBinder:185_1” scontext=u:r:hal_bluetooth_default:s0 tcontext=u:r:hal_bluetooth_default:s0 tclass=socket permissive=1
[ 26.771756] type=1400 audit(26.309:32): avc: denied { bind } for pid=185 comm=“HwBinder:185_1” scontext=u:r:hal_bluetooth_default:s0 tcontext=u:r:hal_bluetooth_default:s0 tclass=socket permissive=1
[ 26.790057] type=1400 audit(26.309:33): avc: denied { write } for pid=185 comm=“HwBinder:185_1” path=“socket:[15131]” dev=“sockfs” ino=15131 scontext=u:r:hal_bluetooth_default:s0 tcontext=u:r:hal_bluetooth_default:s0 tclass=socket permissive=1
[ 26.812700] type=1400 audit(26.309:33): avc: denied { write } for pid=185 comm=“HwBinder:185_1” path=“socket:[15131]” dev=“sockfs” ino=15131 scontext=u:r:hal_bluetooth_default:s0 tcontext=u:r:hal_bluetooth_default:s0 tclass=socket permissive=1
[ 26.834437] type=1400 audit(26.309:34): avc: denied { read } for pid=185 comm=“HwBinder:185_1” path=“socket:[15131]” dev=“sockfs” ino=15131 scontext=u:r:hal_bluetooth_default:s0 tcontext=u:r:hal_bluetooth_default:s0 tclass=socket permissive=1
[ 27.404095] type=1400 audit(26.309:34): avc: denied { read } for pid=185 comm=“HwBinder:185_1” path=“socket:[15131]” dev=“sockfs” ino=15131 scontext=u:r:hal_bluetooth_default:s0 tcontext=u:r:hal_bluetooth_default:s0 tclass=socket permissive=1
[ 27.428341] type=1400 audit(27.399:35): avc: denied { accept } for pid=184 comm=“android.hardwar” lport=33452 scontext=u:r:hal_vehicle_default:s0 tcontext=u:r:hal_vehicle_default:s0 tclass=tcp_socket permissive=1
[ 28.163307] selinux: avc: denied { set } for property=sys.usb.ffs.mtp.ready pid=872 uid=10012 gid=10012 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:ffs_prop:s0 tclass=property_service
[ 28.163307]
[ 28.166501] type=1400 audit(27.399:35): avc: denied { accept } for pid=184 comm=“android.hardwar” lport=33452 scontext=u:r:hal_vehicle_default:s0 tcontext=u:r:hal_vehicle_default:s0 tclass=tcp_socket permissive=1
[ 28.166515] type=1400 audit(28.159:36): avc: denied { write } for pid=872 comm=“d.process.media” name=“property_service” dev=“tmpfs” ino=6273 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=1
[ 28.166667] type=1400 audit(28.159:36): avc: denied { write } for pid=872 comm=“d.process.media” name=“property_service” dev=“tmpfs” ino=6273 scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=1
[ 28.166679] type=1400 audit(28.159:37): avc: denied { connectto } for pid=872 comm=“d.process.media” path="/dev/socket/property_service" scontext=u:r:priv_app:s0:c512,c768 tcontext=u:r:init:s0 tclass=unix_stream_socket permissive=1
[ 30.092617] init: Untracked pid 1296 exited with status 0

And here are logcat

I bt_hci : event_finish_startup
01-01 00:04:04.968 3498 3516 I bt_core_module: module_start_up Started module “hci_module”
01-01 00:04:04.968 3498 3533 I bt_osi_thread: run_thread: thread id 3533, thread name bt_workqueue started
01-01 00:04:04.969 3498 3533 I bt_btu : btu_task pending for preload complete event
01-01 00:04:04.969 3498 3533 I bt_btu_task: Bluetooth chip preload is complete
01-01 00:04:04.969 3498 3533 I bt_btu : btu_task received preload complete event
01-01 00:04:04.969 3498 3533 E bt_att : gatt_profile_db_init: gatt_if=1
01-01 00:04:04.970 3498 3534 I bt_osi_thread: run_thread: thread id 3534, thread name module_wrapper started
01-01 00:04:04.970 3498 3534 I bt_core_module: module_start_up Starting module “controller_module”
01-01 00:04:04.970 189 189 I bt_vendor: bt_vendor_op op 7
01-01 00:04:04.970 189 189 I bt_vendor: bt_vendor_op op 7 retval 0
01-01 00:04:04.970 189 189 E android.hardware.bluetooth-hci-hci_protocol: WriteSafely error writing to UART (Invalid argument)
01-01 00:04:06.971 3498 3519 E bt_hci : command_timed_out: 1 commands pending response
01-01 00:04:06.971 3498 3519 E bt_hci : command_timed_out: Waited 2000 ms for a response to opcode: 0xc03 matches timer
01-01 00:04:06.971 3498 3519 E bt_hci : command_timed_out: Size 3 Hex 03 0c 00
01-01 00:04:06.971 3498 3519 E bt_hci : command_timed_out: requesting a firmware dump.
01-01 00:04:06.971 189 189 E android.hardware.bluetooth-hci-hci_protocol: WriteSafely error writing to UART (Invalid argument)
01-01 00:04:06.971 3498 3519 E bt_hci : command_timed_out restarting the Bluetooth process.

I’m using Android O, with the current kernel release . Let me know if you can assist in above case?

#56

Your log lines are being clipped.
But this really isn’t a Bluetooth issue, this is an selinux issue. Probably your Bluetooth device is being given the wrong context based on usb. You will need to set an appropriate context for it.

#57

I just updated the log’s .

Currently I have the context as below :

File: file_context
//Bluetoothtbd
/system/bin/bluetoothtbd u:object_r:bluetoothtbd_exec:s0
/dev/bus/usb/001(.*)? u:object_r:bluetoothtbd_device:s0

#58

Hello doitright/loic,

I was able to resolve most of the permissions issue however below one is not going through, even when I add the related permissions in the platform_app file.
Recommended permission by audio2allow was
allow platform_app bluetoothtbd_device:chr_file { ioctl read write };

type=1400 audit(25.049:16): avc: denied { write } for pid=331 comm=“Binder:331_1” path="/dev/bus/usb/001/002" dev=“tmpfs” ino=8610 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:bluetoothtbd_device:s0 tclass=chr_file permissive=1
[ 25.560385] type=1400 audit(25.049:16): avc: denied { write } for pid=331 comm=“Binder:331_1” path="/dev/bus/usb/001/002" dev=“tmpfs” ino=8610 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:bluetoothtbd_device:s0 tclass=chr_file permissive=1

Also, In above discussion you have UART (hciattach) tool and I am using USB, is there a way around to connect with it or I’ve to write my own vendor lib here? Please clarify on this part as new architecture has changed and eliminating the need for that (my understanding).

Please correct me if I am missing anything here ?

#59

You’re not modifying files in system/sepolicy/, are you? If you are, then you should be informed that that is not a good idea. You should modify the policy only at device/linaro/hikey/sepolicy/

I’m also not aware of anything like “bluetoothtbd_device” in the AOSP sepolicy. So where did that come from?

You don’t need to worry about UART vs USB. That difference is abstracted away in the device driver.

EDIT: Are you running a PERMISSIVE sepolicy and its still not working? If that’s the case, then you have other things to worry about before fixing the policy.

#60

I tried with all the cases, modified public/private and vendor policies, However it has the same issue with all asking for the platform_app permissions.

In bluetoothtbd domain I am using
bluetoothtbd_device as /dev/bus/usb/001(.*)? u:object_r:bluetoothtbd_device:s0 , I added as my USB is visible at above location only.

And, yes, I’m running in permissive mode.