Magisk: WiFi driver (qca_cld3_wlan.ko) blocked by SELinux only with Magisk-patched boot.img
Hi, I'm using a Pie GSI on the Xiaomi Mi A2 (jasmine), and Wi-Fi works out of the box with the stock boot.img, but stops working when flashing a boot.img patched by Magisk 17.1 (patched in the Manager app, flashed via fastboot).
Because SELinux denies the module load:
[ 10.773604] type=1400 audit(3768088.839:135): avc: denied { module_load } for pid=561 comm="init" path="/vendor/lib/modules/qca_cld3/qca_cld3_wlan.ko" dev="mmcblk0p67" i
no=2511 scontext=u:r:vendor_init:s0 tcontext=u:object_r:vendor_file:s0 tclass=system permissive=0
Manually running
insmod /vendor/lib/modules/qca_cld3/qca_cld3_wlan.ko
from a root shell makes the WiFi work.
But it loads from init just fine when Magisk is not used. There's probably some vendor policy that allows this module to be loaded, maybe Magisk is somehow removing that policy?
myfreeweb
All 7 comments
Thank you for your report! Finally an issue opened with relevant info, I'm crying with joy now LOL
(not sarcasm)
I'll flash an GSI and see what's the issue here!
topjohnwu
on 3 Sep 2018
Can confirm this happens on the Essential Phone with a Pie GSI and OPM1.180104.234 kernel/vendor, mobile data is also affected. I see the same module_load being denied in dmesg
[ 6.262749] type=1400 audit(34937290.556:141): avc: denied { module_load } for pid=580 comm="init" path="/vendor/lib/modules/qca_cld3_wlan.ko" dev="sde17" ino=805 scontext=u:r:vendor_init:s0 tcontext=u:object_r:vendor_file:s0 tclass=system permissive=0
[ 6.287230] type=1400 audit(34937290.556:141): avc: denied { module_load } for pid=580 comm="init" path="/vendor/lib/modules/qca_cld3_wlan.ko" dev="sde17" ino=805 scontext=u:r:vendor_init:s0 tcontext=u:object_r:vendor_file:s0 tclass=system permissive=0
includereserved
on 4 Sep 2018
Please fix this, I have the exact same issue with a different phone
0xNeffarion
on 4 Dec 2018
Move to a single issue (#844) regarding GSIs
topjohnwu
on 9 Dec 2018
Not only GSIs, apparently. Experiencing this with LOS 16 on Samsung Galaxy A3 2017 (SM-A320) as well. insmod helps (but not across reboots, obviously).
lpirl
on 3 May 2019
Still an issue on
- A3 2017 (SM-A320) with
- LOS 16.0 (20190623) and
- Magisk 19.3
https://github.com/topjohnwu/Magisk/issues/552#issue-356315467 xor reverting to Magisk 19.0 works around the issue.
Anything I can provide to debug this @topjohnwu?
lpirl
on 21 Jul 2019
So I've been looking at it, I can't make much sense to it.
I personnally added (and needed only):
allow vendor_init vendor_init:capability { sys_module };
but the error mentioned earlier means it require
allow vendor_init vendor_file:system { module_load };
One such device is Nokia 3.1, sepolicy can be found at:
https://github.com/AndroidDumps/nokia_essential2_dump/blob/Essential2_00WW-user-9-PPR1.180610.011-00WW_3_25B-release-keys/vendor/etc/selinux/plat_pub_versioned.cil
https://github.com/AndroidDumps/nokia_essential2_dump/blob/Essential2_00WW-user-9-PPR1.180610.011-00WW_3_25B-release-keys/vendor/etc/selinux/vendor_sepolicy.cil
and vendor sepolicy indeed has the expected:
(allow vendor_init_28_0 vendor_file_28_0 (system (module_load)))
I have a hard time figuring how it could be GSI's fault, I don't edit binary/live SELinux policy. Only Magisk does.
phhusson
on 23 Dec 2019
Related issues
Displax
路
4Comments
ThiefMaster
路
3Comments
Rakleed
路
4Comments
HikariCalyx
路
3Comments
pbbqdd
路
4Comments
Most helpful comment
Thank you for your report! Finally an issue opened with relevant info, I'm crying with joy now LOL
(not sarcasm)
I'll flash an GSI and see what's the issue here!