If I remember correctly what has changed is that atleast one file was mislabeled in a previous android version (sensors_persist_file ← → persist_sensors_file). That is one thing I found while skimming through some commits.
As far as I’m aware some partitions are automatically relabeled, but the persist partition only gets relabeled under certain specific conditions which are not triggered by a reboot/flash but only by some specific changes.
Hello, Florian from UBports here. This happens, unexpectedly for us to say, for the following reasons:
- Ubuntu Touch does not use SELinux but Apparmor to secure processes, files, isolate Apps etc.
- When doing a port for Ubuntu TOuch therefore SELinux is turned off in kernel, and so any SELinux context information that was stored with files may be tampered/removed if the file gets written.
- Sensors probably store calibration, metadata whatever on /persist in this case
- When Android is reinstalled, its not supposed to reset anything on persist
- But also, Android refuses access to those files since they fail SELinux checks now
- At the end, sensors do not work anymore
We will work with Fairphone to see if this can be fixed in a better way. Until then, please use the manual workaround psoted a few comments above.
Are there plans to use SELinux? I only have advanced experience with SELinux (Fedora/RHEL user) and some regular experience with AppArmor (OpenSUSE/Debian). But from what I can tell is that SELinux is, when enabled, really strict. While AppArmor, when enabled, it could only be just protecting a CUPS service. That sort of gives me the impression that SELinux is more like a firewall where you have the default rule to drop traffic, and then allow selective traffic. While AppArmor feels more like a firewall where the default is to allow everything, and you specify some behavior you don’t want.
This may be a topic of it’s own though. But just wondering if Ubuntu Touch is considering SELinux. Fedora Silverblue shows how a Linux environment can be quite locked down in terms of security at the level of iOS/Android, by using SELinux (and some other stuff).
I had the same exact problem and it worked for me too. Thanks