I'm porting AOSP to a custom board, and I need /dev/ttymxc4
to be owned by u-blox
so that the GPS driver can use it. (Nothing else needs to use it.)
Ideally, I would like this to be specified in the build process, rather than as I run-time hack.
Where is the best place to manage the ownership of device nodes in /dev
?
I assume when you say GPS driver you are actually perhaps referring to a user space daemon which needs to communicate with a Linux kernel driver?
Traditional Linux DAC permissions are normally established in Android at boot by the init process, usually in a file such as init.common.rc
in the appropriate device directory of AOSP. This is also where the daemon (aka init service) is defined. Typically you would reuse the system
group for your daemon and then chown
the device files to system
with standard perms such as 0660
or 0440
.
Remember that SELinux MAC permissions must be established as well in all recent versions of Android. Establishing SELinux permissions is fairly complex but generally when you must do the following when setting up a new daemon that needs to communicate with a kernel driver:
file_contexts
to assign a label to the file created by the kernel driverSee:
https://source.android.com/security/selinux/customize https://source.android.com/security/selinux/implement https://source.android.com/security/selinux/images/SELinux_Treble.pdf
Examples:
https://android.googlesource.com/device/google/marlin/+/oreo-mr1-release/init.common.rc https://android.googlesource.com/device/google/marlin/+/oreo-mr1-release/sepolicy/init_radio.te