Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Screen orientation auto-rotate not working since upgrading to DX 41 stable (SELinux denying iio-sensor-proxy access to accelerometer) #1952

Open
jleonardfl opened this issue Nov 21, 2024 · 6 comments
Open

Screen orientation auto-rotate not working since upgrading to DX 41 stable (SELinux denying iio-sensor-proxy access to accelerometer) #1952

jleonardfl opened this issue Nov 21, 2024 · 6 comments
Labels
bug Something isn't working help wanted Keep Bluefin alive, dive in!

Comments

@jleonardfl
Copy link

jleonardfl commented Nov 21, 2024
edited
Loading

Describe the bug

When laptop is folded to tablet mode, rotating the device does not cause display orientation to change.

What did you expect to happen?

When laptop is in tablet mode, turning the device 90 degrees would cause the screen orientation to adjust to the device orientation. This was how it behaved before I upgraded to DX 41 + GNOME 47.

Output of bootc status

No staged image present
Current booted state is native ostree
Current rollback state is native ostree

Output of groups

john wheel

Extra information or context

SELinux seems to be stopping iio-sensor-proxy from getting write access to the accelerometer. This behavior (and the lack of working auto-rotate) is new since i rebased from DX 40 gts to DX 41 stable. Filesystem permissions for the sensors all seem to be -rw-r--r--.

GNOME seems to recognize when the device is folded back, since touching a text input box brings up the keyboard when folded as a tablet, but not when folded as a laptop.

iio-sensor-proxy version: iio-sensor-proxy-3.5-5.fc41.x86_64

❯ rpm-ostree status
State: idle
AutomaticUpdates: stage; rpm-ostreed-automatic.service: last run failed
Deployments:
● ostree-image-signed:docker://ghcr.io/ublue-os/bluefin-dx:stable
                   Digest: sha256:bbead96c89e810857dadd0654e6580d3f69533a93b586f4c04f55dd6e26d6dfb
                  Version: 41.20241117.3 (2024-11-17T15:49:59Z)
          LayeredPackages: mullvad-vpn

❯ journalctl -b | grep iio-sensor-proxy
Nov 20 02:24:07 krillin systemd[1]: Starting iio-sensor-proxy.service - IIO Sensor Proxy service...
Nov 20 02:24:07 krillin systemd[1]: Started iio-sensor-proxy.service - IIO Sensor Proxy service.
Nov 20 02:24:07 krillin audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=iio-sensor-proxy comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
Nov 20 02:24:07 krillin iio-sensor-proxy[1818]: ** (iio-sensor-proxy:1818): WARNING **: 02:24:07.524: Could not open for write '/sys/devices/pci0000:00/0000:00:12.0/{33AECD58-B679-4E54-9BD9-A04D34F0C226}/001F:8087:0AC2.0005/HID-SENSOR-200073.19.auto/iio:device0/scan_elements/in_accel_x_en'
Nov 20 02:24:07 krillin iio-sensor-proxy[1818]: ** (iio-sensor-proxy:1818): WARNING **: 02:24:07.524: Could not enable sensor /sys/devices/pci0000:00/0000:00:12.0/{33AECD58-B679-4E54-9BD9-A04D34F0C226}/001F:8087:0AC2.0005/HID-SENSOR-200073.19.auto/iio:device0/scan_elements/in_accel_x_en
Nov 20 02:24:07 krillin iio-sensor-proxy[1818]: ** (iio-sensor-proxy:1818): WARNING **: 02:24:07.524: Could not open for write '/sys/devices/pci0000:00/0000:00:12.0/{33AECD58-B679-4E54-9BD9-A04D34F0C226}/001F:8087:0AC2.0005/HID-SENSOR-200073.19.auto/iio:device0/scan_elements/in_accel_z_en'
Nov 20 02:24:07 krillin iio-sensor-proxy[1818]: ** (iio-sensor-proxy:1818): WARNING **: 02:24:07.524: Could not enable sensor /sys/devices/pci0000:00/0000:00:12.0/{33AECD58-B679-4E54-9BD9-A04D34F0C226}/001F:8087:0AC2.0005/HID-SENSOR-200073.19.auto/iio:device0/scan_elements/in_accel_z_en
Nov 20 02:24:07 krillin iio-sensor-proxy[1818]: ** (iio-sensor-proxy:1818): WARNING **: 02:24:07.524: Could not open for write '/sys/devices/pci0000:00/0000:00:12.0/{33AECD58-B679-4E54-9BD9-A04D34F0C226}/001F:8087:0AC2.0005/HID-SENSOR-200073.19.auto/iio:device0/scan_elements/in_timestamp_en'
Nov 20 02:24:07 krillin iio-sensor-proxy[1818]: ** (iio-sensor-proxy:1818): WARNING **: 02:24:07.524: Could not enable sensor /sys/devices/pci0000:00/0000:00:12.0/{33AECD58-B679-4E54-9BD9-A04D34F0C226}/001F:8087:0AC2.0005/HID-SENSOR-200073.19.auto/iio:device0/scan_elements/in_timestamp_en
Nov 20 02:24:07 krillin iio-sensor-proxy[1818]: ** (iio-sensor-proxy:1818): WARNING **: 02:24:07.524: Could not open for write '/sys/devices/pci0000:00/0000:00:12.0/{33AECD58-B679-4E54-9BD9-A04D34F0C226}/001F:8087:0AC2.0005/HID-SENSOR-200073.19.auto/iio:device0/scan_elements/in_accel_y_en'
Nov 20 02:24:07 krillin iio-sensor-proxy[1818]: ** (iio-sensor-proxy:1818): WARNING **: 02:24:07.524: Could not enable sensor /sys/devices/pci0000:00/0000:00:12.0/{33AECD58-B679-4E54-9BD9-A04D34F0C226}/001F:8087:0AC2.0005/HID-SENSOR-200073.19.auto/iio:device0/scan_elements/in_accel_y_en
Nov 20 02:24:07 krillin iio-sensor-proxy[1818]: ** (iio-sensor-proxy:1818): WARNING **: 02:24:07.524: Failed to enable any sensors for device '/sys/devices/pci0000:00/0000:00:12.0/{33AECD58-B679-4E54-9BD9-A04D34F0C226}/001F:8087:0AC2.0005/HID-SENSOR-200073.19.auto/iio:device0'
Nov 20 02:24:07 krillin iio-sensor-proxy[1818]: ** (iio-sensor-proxy:1818): WARNING **: 02:24:07.524: Could not open for write '/sys/devices/pci0000:00/0000:00:12.0/{33AECD58-B679-4E54-9BD9-A04D34F0C226}/001F:8087:0AC2.0005/HID-SENSOR-200073.19.auto/iio:device0/scan_elements/in_accel_x_en'
Nov 20 02:24:07 krillin iio-sensor-proxy[1818]: ** (iio-sensor-proxy:1818): WARNING **: 02:24:07.524: Could not enable sensor /sys/devices/pci0000:00/0000:00:12.0/{33AECD58-B679-4E54-9BD9-A04D34F0C226}/001F:8087:0AC2.0005/HID-SENSOR-200073.19.auto/iio:device0/scan_elements/in_accel_x_en
Nov 20 02:24:07 krillin iio-sensor-proxy[1818]: ** (iio-sensor-proxy:1818): WARNING **: 02:24:07.524: Could not open for write '/sys/devices/pci0000:00/0000:00:12.0/{33AECD58-B679-4E54-9BD9-A04D34F0C226}/001F:8087:0AC2.0005/HID-SENSOR-200073.19.auto/iio:device0/scan_elements/in_accel_z_en'
Nov 20 02:24:07 krillin iio-sensor-proxy[1818]: ** (iio-sensor-proxy:1818): WARNING **: 02:24:07.524: Could not enable sensor /sys/devices/pci0000:00/0000:00:12.0/{33AECD58-B679-4E54-9BD9-A04D34F0C226}/001F:8087:0AC2.0005/HID-SENSOR-200073.19.auto/iio:device0/scan_elements/in_accel_z_en
Nov 20 02:24:07 krillin iio-sensor-proxy[1818]: ** (iio-sensor-proxy:1818): WARNING **: 02:24:07.524: Could not open for write '/sys/devices/pci0000:00/0000:00:12.0/{33AECD58-B679-4E54-9BD9-A04D34F0C226}/001F:8087:0AC2.0005/HID-SENSOR-200073.19.auto/iio:device0/scan_elements/in_timestamp_en'
Nov 20 02:24:07 krillin iio-sensor-proxy[1818]: ** (iio-sensor-proxy:1818): WARNING **: 02:24:07.524: Could not enable sensor /sys/devices/pci0000:00/0000:00:12.0/{33AECD58-B679-4E54-9BD9-A04D34F0C226}/001F:8087:0AC2.0005/HID-SENSOR-200073.19.auto/iio:device0/scan_elements/in_timestamp_en
Nov 20 02:24:07 krillin iio-sensor-proxy[1818]: ** (iio-sensor-proxy:1818): WARNING **: 02:24:07.524: Could not open for write '/sys/devices/pci0000:00/0000:00:12.0/{33AECD58-B679-4E54-9BD9-A04D34F0C226}/001F:8087:0AC2.0005/HID-SENSOR-200073.19.auto/iio:device0/scan_elements/in_accel_y_en'
Nov 20 02:24:07 krillin iio-sensor-proxy[1818]: ** (iio-sensor-proxy:1818): WARNING **: 02:24:07.524: Could not enable sensor /sys/devices/pci0000:00/0000:00:12.0/{33AECD58-B679-4E54-9BD9-A04D34F0C226}/001F:8087:0AC2.0005/HID-SENSOR-200073.19.auto/iio:device0/scan_elements/in_accel_y_en
Nov 20 02:24:07 krillin iio-sensor-proxy[1818]: ** (iio-sensor-proxy:1818): WARNING **: 02:24:07.524: Failed to enable any sensors for device '/sys/devices/pci0000:00/0000:00:12.0/{33AECD58-B679-4E54-9BD9-A04D34F0C226}/001F:8087:0AC2.0005/HID-SENSOR-200073.19.auto/iio:device0'
Nov 20 02:24:07 krillin iio-sensor-proxy[1818]: ** (iio-sensor-proxy:1818): WARNING **: 02:24:07.524: Could not open for write '/sys/devices/pci0000:00/0000:00:12.0/{33AECD58-B679-4E54-9BD9-A04D34F0C226}/001F:8087:0AC2.0005/HID-SENSOR-200073.19.auto/iio:device0/buffer/enable'
Nov 20 02:24:07 krillin systemd[1]: iio-sensor-proxy.service: Deactivated successfully.
Nov 20 02:24:07 krillin audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=iio-sensor-proxy comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'


❯ ls -l /sys/devices/pci0000:00/0000:00:12.0/{33AECD58-B679-4E54-9BD9-A04D34F0C226}/001F:8087:0AC2.0005/HID-SENSOR-200073.19.auto/iio:device0/scan_elements/in_accel_x_en
-rw-r--r--. 1 root root 4096 Nov 20 02:24 /sys/devices/pci0000:00/0000:00:12.0/{33AECD58-B679-4E54-9BD9-A04D34F0C226}/001F:8087:0AC2.0005/HID-SENSOR-200073.19.auto/iio:device0/scan_elements/in_accel_x_en

❯ sudo ausearch -m avc -c iio-sensor-prox -ts boot
----
time->Wed Nov 20 02:24:07 2024
type=AVC msg=audit(1732087447.523:152): avc:  denied  { write } for  pid=1818 comm="iio-sensor-prox" name="in_accel_x_en" dev="sysfs" ino=61055 scontext=system_u:system_r:iiosensorproxy_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file permissive=0
----
time->Wed Nov 20 02:24:07 2024
type=AVC msg=audit(1732087447.523:153): avc:  denied  { create } for  pid=1818 comm="iio-sensor-prox" scontext=system_u:system_r:iiosensorproxy_t:s0 tcontext=system_u:system_r:iiosensorproxy_t:s0 tclass=unix_dgram_socket permissive=0
----
time->Wed Nov 20 02:24:07 2024
type=AVC msg=audit(1732087447.523:154): avc:  denied  { create } for  pid=1818 comm="iio-sensor-prox" scontext=system_u:system_r:iiosensorproxy_t:s0 tcontext=system_u:system_r:iiosensorproxy_t:s0 tclass=unix_dgram_socket permissive=0
----
time->Wed Nov 20 02:24:07 2024
type=AVC msg=audit(1732087447.523:155): avc:  denied  { write } for  pid=1818 comm="iio-sensor-prox" name="in_accel_z_en" dev="sysfs" ino=61047 scontext=system_u:system_r:iiosensorproxy_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file permissive=0
----
time->Wed Nov 20 02:24:07 2024
type=AVC msg=audit(1732087447.523:156): avc:  denied  { create } for  pid=1818 comm="iio-sensor-prox" scontext=system_u:system_r:iiosensorproxy_t:s0 tcontext=system_u:system_r:iiosensorproxy_t:s0 tclass=unix_dgram_socket permissive=0
----
time->Wed Nov 20 02:24:07 2024
type=AVC msg=audit(1732087447.523:157): avc:  denied  { create } for  pid=1818 comm="iio-sensor-prox" scontext=system_u:system_r:iiosensorproxy_t:s0 tcontext=system_u:system_r:iiosensorproxy_t:s0 tclass=unix_dgram_socket permissive=0
----
time->Wed Nov 20 02:24:07 2024
type=AVC msg=audit(1732087447.523:158): avc:  denied  { write } for  pid=1818 comm="iio-sensor-prox" name="in_timestamp_en" dev="sysfs" ino=61044 scontext=system_u:system_r:iiosensorproxy_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file permissive=0
----
time->Wed Nov 20 02:24:07 2024
type=AVC msg=audit(1732087447.523:159): avc:  denied  { create } for  pid=1818 comm="iio-sensor-prox" scontext=system_u:system_r:iiosensorproxy_t:s0 tcontext=system_u:system_r:iiosensorproxy_t:s0 tclass=unix_dgram_socket permissive=0
----
time->Wed Nov 20 02:24:07 2024
type=AVC msg=audit(1732087447.523:160): avc:  denied  { create } for  pid=1818 comm="iio-sensor-prox" scontext=system_u:system_r:iiosensorproxy_t:s0 tcontext=system_u:system_r:iiosensorproxy_t:s0 tclass=unix_dgram_socket permissive=0
----
time->Wed Nov 20 02:24:07 2024
type=AVC msg=audit(1732087447.523:161): avc:  denied  { write } for  pid=1818 comm="iio-sensor-prox" name="in_accel_y_en" dev="sysfs" ino=61052 scontext=system_u:system_r:iiosensorproxy_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file permissive=0
----
time->Wed Nov 20 02:24:07 2024
type=AVC msg=audit(1732087447.523:162): avc:  denied  { create } for  pid=1818 comm="iio-sensor-prox" scontext=system_u:system_r:iiosensorproxy_t:s0 tcontext=system_u:system_r:iiosensorproxy_t:s0 tclass=unix_dgram_socket permissive=0
----
time->Wed Nov 20 02:24:07 2024
type=AVC msg=audit(1732087447.523:163): avc:  denied  { create } for  pid=1818 comm="iio-sensor-prox" scontext=system_u:system_r:iiosensorproxy_t:s0 tcontext=system_u:system_r:iiosensorproxy_t:s0 tclass=unix_dgram_socket permissive=0
----
time->Wed Nov 20 02:24:07 2024
type=AVC msg=audit(1732087447.523:164): avc:  denied  { create } for  pid=1818 comm="iio-sensor-prox" scontext=system_u:system_r:iiosensorproxy_t:s0 tcontext=system_u:system_r:iiosensorproxy_t:s0 tclass=unix_dgram_socket permissive=0
----
time->Wed Nov 20 02:24:07 2024
type=AVC msg=audit(1732087447.523:165): avc:  denied  { write } for  pid=1818 comm="iio-sensor-prox" name="in_accel_x_en" dev="sysfs" ino=61055 scontext=system_u:system_r:iiosensorproxy_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file permissive=0
----
time->Wed Nov 20 02:24:07 2024
type=AVC msg=audit(1732087447.523:166): avc:  denied  { create } for  pid=1818 comm="iio-sensor-prox" scontext=system_u:system_r:iiosensorproxy_t:s0 tcontext=system_u:system_r:iiosensorproxy_t:s0 tclass=unix_dgram_socket permissive=0
----
time->Wed Nov 20 02:24:07 2024
type=AVC msg=audit(1732087447.523:167): avc:  denied  { create } for  pid=1818 comm="iio-sensor-prox" scontext=system_u:system_r:iiosensorproxy_t:s0 tcontext=system_u:system_r:iiosensorproxy_t:s0 tclass=unix_dgram_socket permissive=0
----
time->Wed Nov 20 02:24:07 2024
type=AVC msg=audit(1732087447.523:168): avc:  denied  { write } for  pid=1818 comm="iio-sensor-prox" name="in_accel_z_en" dev="sysfs" ino=61047 scontext=system_u:system_r:iiosensorproxy_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file permissive=0
----
time->Wed Nov 20 02:24:07 2024
type=AVC msg=audit(1732087447.523:169): avc:  denied  { create } for  pid=1818 comm="iio-sensor-prox" scontext=system_u:system_r:iiosensorproxy_t:s0 tcontext=system_u:system_r:iiosensorproxy_t:s0 tclass=unix_dgram_socket permissive=0
----
time->Wed Nov 20 02:24:07 2024
type=AVC msg=audit(1732087447.523:170): avc:  denied  { create } for  pid=1818 comm="iio-sensor-prox" scontext=system_u:system_r:iiosensorproxy_t:s0 tcontext=system_u:system_r:iiosensorproxy_t:s0 tclass=unix_dgram_socket permissive=0
----
time->Wed Nov 20 02:24:07 2024
type=AVC msg=audit(1732087447.523:171): avc:  denied  { write } for  pid=1818 comm="iio-sensor-prox" name="in_timestamp_en" dev="sysfs" ino=61044 scontext=system_u:system_r:iiosensorproxy_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file permissive=0
----
time->Wed Nov 20 02:24:07 2024
type=AVC msg=audit(1732087447.523:172): avc:  denied  { create } for  pid=1818 comm="iio-sensor-prox" scontext=system_u:system_r:iiosensorproxy_t:s0 tcontext=system_u:system_r:iiosensorproxy_t:s0 tclass=unix_dgram_socket permissive=0
----
time->Wed Nov 20 02:24:07 2024
type=AVC msg=audit(1732087447.523:173): avc:  denied  { create } for  pid=1818 comm="iio-sensor-prox" scontext=system_u:system_r:iiosensorproxy_t:s0 tcontext=system_u:system_r:iiosensorproxy_t:s0 tclass=unix_dgram_socket permissive=0
----
time->Wed Nov 20 02:24:07 2024
type=AVC msg=audit(1732087447.523:174): avc:  denied  { write } for  pid=1818 comm="iio-sensor-prox" name="in_accel_y_en" dev="sysfs" ino=61052 scontext=system_u:system_r:iiosensorproxy_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file permissive=0
----
time->Wed Nov 20 02:24:07 2024
type=AVC msg=audit(1732087447.523:175): avc:  denied  { create } for  pid=1818 comm="iio-sensor-prox" scontext=system_u:system_r:iiosensorproxy_t:s0 tcontext=system_u:system_r:iiosensorproxy_t:s0 tclass=unix_dgram_socket permissive=0
----
time->Wed Nov 20 02:24:07 2024
type=AVC msg=audit(1732087447.523:176): avc:  denied  { create } for  pid=1818 comm="iio-sensor-prox" scontext=system_u:system_r:iiosensorproxy_t:s0 tcontext=system_u:system_r:iiosensorproxy_t:s0 tclass=unix_dgram_socket permissive=0
----
time->Wed Nov 20 02:24:07 2024
type=AVC msg=audit(1732087447.523:177): avc:  denied  { create } for  pid=1818 comm="iio-sensor-prox" scontext=system_u:system_r:iiosensorproxy_t:s0 tcontext=system_u:system_r:iiosensorproxy_t:s0 tclass=unix_dgram_socket permissive=0
----
time->Wed Nov 20 02:24:07 2024
type=AVC msg=audit(1732087447.523:178): avc:  denied  { write } for  pid=1818 comm="iio-sensor-prox" name="buffer" dev="sysfs" ino=61035 scontext=system_u:system_r:iiosensorproxy_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir permissive=0
----
time->Wed Nov 20 02:24:07 2024
type=AVC msg=audit(1732087447.523:179): avc:  denied  { write } for  pid=1818 comm="iio-sensor-prox" name="enable" dev="sysfs" ino=61041 scontext=system_u:system_r:iiosensorproxy_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file permissive=0
----
time->Wed Nov 20 02:24:07 2024
type=AVC msg=audit(1732087447.523:180): avc:  denied  { create } for  pid=1818 comm="iio-sensor-prox" scontext=system_u:system_r:iiosensorproxy_t:s0 tcontext=system_u:system_r:iiosensorproxy_t:s0 tclass=unix_dgram_socket permissive=0
----
time->Wed Nov 20 02:24:07 2024
type=AVC msg=audit(1732087447.523:181): avc:  denied  { write } for  pid=1818 comm="iio-sensor-prox" name="trigger" dev="sysfs" ino=61067 scontext=system_u:system_r:iiosensorproxy_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=dir permissive=0
----
time->Wed Nov 20 02:24:07 2024
type=AVC msg=audit(1732087447.523:182): avc:  denied  { write } for  pid=1818 comm="iio-sensor-prox" name="current_trigger" dev="sysfs" ino=61068 scontext=system_u:system_r:iiosensorproxy_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file permissive=0
@dosubot dosubot bot added aurora bug Something isn't working labels Nov 21, 2024
@castrojo castrojo removed the aurora label Nov 22, 2024
@castrojo
Copy link
Member

Same issue on my yoga 2 in 1 and same errors in my log.

@m2Giles
Copy link
Member

m2Giles commented Nov 22, 2024

Can you provide the SElabel on the binary being used?

@castrojo
Copy link
Member 

# ls -Z /usr/libexec/iio-sensor-proxy 
system_u:object_r:iiosensorproxy_exec_t:s0 /usr/libexec/iio-sensor-proxy

@jleonardfl
Copy link
Author 

# ls -Z /usr/libexec/iio-sensor-proxy 
system_u:object_r:iiosensorproxy_exec_t:s0 /usr/libexec/iio-sensor-proxy

I have the same output for this command. For what it's worth, this is also on a lenovo 2-in-1.

@zanito
Copy link

zanito commented Nov 28, 2024

Seems this is related to 2 issues in Fedora and SELinux policies for iio-sensor-proxy https://bugzilla.redhat.com/show_bug.cgi?id=231976 https://bugzilla.redhat.com/show_bug.cgi?id=2324181

@castrojo castrojo added the help wanted Keep Bluefin alive, dive in! label Dec 7, 2024
@zanito
Copy link

zanito commented Dec 9, 2024

I managed to get this to work on my Lenovo yoga x1 2nd gen by making use of the information provided in https://bugzilla.redhat.com/show_bug.cgi?id=2319766 on the second work around but I doesn't work for me if I just use the example commands. I needed to adjust the TE file a little bit and generate a PP file. If I just run sudo grep iio-sensor /var/log/audit/audit.log | grep denied | audit2allow -M iio_sensor it won't be enough because this generates the PP file based on iio-sensor-proxy activity does far but I think iio-sensor-proxy aborts in the middle so not all the events that it will generated will be captured in the audit log.

My TE iio_sensor.te file that allows this to work is:

module iio_sensor 1.0;

require {
type syslogd_var_run_t;
type iiosensorproxy_t;
type device_t;
type sysfs_t;
class dir { add_name search write };
class chr_file { open read };
class file { create write };
class unix_dgram_socket create;
}

#============= iiosensorproxy_t ==============
allow iiosensorproxy_t device_t:chr_file { open read };
allow iiosensorproxy_t self:unix_dgram_socket create;
allow iiosensorproxy_t sysfs_t:dir write;
allow iiosensorproxy_t sysfs_t:dir add_name;
allow iiosensorproxy_t sysfs_t:file { create write };
allow iiosensorproxy_t syslogd_var_run_t:dir search;

which if I understand correctly gives permission to iio sensor proxy to do what it needs to do to detect the sensor data. If I just run:

and then I run the following commands to transform the te file into a pp file:
$ checkmodule -M -m iio_sensor.te -o iio_sensor.mod
$ checkmodule -M -m iio_sensor.mod -o iio_sensor.pp

and install it with
$ semodule -i iio_sensor

you would need to restart iio-sensor-proxy service to check if this has worked by doing
$ monitor-sensor

if this detect orientation changes you should be good to go but on KDE you need to have enabled the touch mode otherwise KDE will ignore orientation changes.

I guess we can wait for Fedora team to fix this, but I'm not sure if it will work since I'm not sure if SE policies database is refreshed with each new image, I have no idea how this works.

hope you find this useful, if this still doesn't work for you probably some permissions still missing, check the /var/log/audit/audit.log file for any iio_sensor denied events, there shouldn't be any but I have only tested this on my laptop so not sure if it will work for all 2-in-1 laptops.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working help wanted Keep Bluefin alive, dive in!
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@castrojo @zanito @jleonardfl @m2Giles