• State Resolved
  • Locked Locked
  • Replies 1 reply
  • Subscribers 97 subscribers
  • Views 371 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

DRA821U: QNX security policies for tisci-mgr, tiipc-mgr and tiudma-mgr don't work(open(/dev/tisci): Permission denied)

Sun Jianqiang
Prodigy 210 points
Part Number: DRA821U

Hi expert,
I followed the link:
www.qnx.com/.../index.html

and generated the security policy for tisci-mgr, tiipc-mgr and tiudma-mgr as following:

# === Rules for type tiipc_mgr_t ============
allow_attach tiipc_mgr_t {
/dev/tiipc
};
allow tiipc_mgr_t self:ability {
nonroot
pathspace
# Process tiipc-mgr mapped sysram addresses 0xa4000000-0xa401ffff using MAP_PHYS making it hard to secure
# Process tiipc-mgr mapped sysram addresses 0xa4040000-0xa405ffff using MAP_PHYS making it hard to secure
# Process tiipc-mgr mapped sysram addresses 0xa4020000-0xa403ffff using MAP_PHYS making it hard to secure
# Process tiipc-mgr mapped sysram addresses 0xa4060000-0xa407ffff using MAP_PHYS making it hard to secure
# Process tiipc-mgr mapped sysram addresses 0xa4080000-0xa409ffff using MAP_PHYS making it hard to secure
mem_phys:823001088-823005183,838336512-838344703,2751463424-2753560575
prot_exec
io:0
map_fixed
public_channel
};
allow tiipc_mgr_t {
slogger2_t
tisci_mgr_t
}:channel connect;

# === Rules for type tisci_mgr_t ============
allow_attach tisci_mgr_t {
/dev/tisci
};
allow tisci_mgr_t self:ability {
nonroot
pathspace
mem_phys:823394304-823398399,843055104-844103679,847249408-848297983,851443712-852492287
prot_exec
io:0
map_fixed
public_channel
};
allow tisci_mgr_t {
slogger2_t
}:channel connect;

# === Rules for type tiudma_mgr_t ============
allow_attach tiudma_mgr_t {
/dev/tiudma
};
allow tiudma_mgr_t self:ability {
nonroot
pathspace
mem_phys:813703168-813707263,815005696-815071231,816840704-816857087,817889280-817905663,818937856-818954239,822345728-822362111,822607872-822870015,823132160-823136255,823197696-823214079,823263232-823267327,823459840-823463935,823525376-823529471,838860800-838991871,855638016-855900159,859832320-860094463,864026624-866123775,869269504-870318079,872415232-872677375,889192448-889454591,939524096-943718399,1006632960-1010827263,1166475264-1166508031
prot_exec
io:0-1
map_fixed
public_channel
};
allow tiudma_mgr_t {
tisci_mgr_t
}:channel connect;

then used the following to start the resource managers:

echo "Starting tisci-mgr.."
on -u 40 -T tisci_mgr_t tisci-mgr
waitfor /dev/tisci 2

echo "Starting shmemallocator.."
on -u 41 -T shmemallocator_t shmemallocator

echo "Starting tiipc-mgr.."
on -u 42 -T tiipc_mgr_t tiipc-mgr

echo "Starting tiudma-mgr.."
on -u 43 -T tiudma_mgr_t tiudma-mgr

The boot process failed and said:

Starting tiipc-mgr..
open(/dev/tisci): Permission denied
open(/dev/tisci): Permission denied
open(/dev/tisci): Permission denied
open(/dev/tisci): Permission denied
Starting TI IPC Resmgr
Starting tiudma-mgr..
open(/dev/tisci): Permission denied
open(/dev/tisci): Permission denied
open(/dev/tisci): Permission denied
open(/dev/tisci): Permission denied
open(/dev/tisci): Permission denied
open(/dev/tisci): Permission denied
open(/dev/tisci): Permission denied

Please help to fix this issue, it blocked me for two days, and tried a lot of ways and got failed:(

Note: The qnx's own resource mangers don't have this problem.

Thanks,
Regards,
Jianqiang