How to add the selinux policy access for the new created lin

When you create the linux file node, such as “dev/nfccard0”, you must add the selinux policy for it, or the application can not get the permit to access. this is an example for the system_server to accecc the dev/nfccard0 file node. we c

 

When you create the linux file node, such as  “dev/nfccard0”, you must  add the selinux policy for it, or  the application can not get the permit to access.

 this is an example for the system_server to accecc the dev/nfccard0 file node.

 we can do the following three things to mak the system work smoothly.

1       define the file type

in the file.te add the below line

  type nfccard_device,dev_type

2       define the file context

in the file_context.te add the below line

 /dev/nfccard0 u:object_r:nfccard_devicd:s0

3       allow the system_server to access it.

Allow system_server  nfccard_device:chr_file rw_file_perms

Or

Allow system_server  nfccard_device:chr_file {read write open getattr  ioctl}

 

there are many file type , {socket, binder, property,etc}, we must do carefully to avoid influence the system.