Access Permissions of /Dev/Mem

Access permissions of /dev/mem

1. Yes, you're right, /dev/mem allows you to map any physical address, including non-RAM memory mapped IO. This can can be useful for a quick and dirty hack to access some hardware device without writing a kernel driver.

2. CONFIG_STRICT_DEVMEM makes the kernel check addresses in /dev/mem with devmem_is_allowed() in arch/x86/mm/init.c, and the comment there explains:

   * On x86, access has to be given to the first megabyte of ram because that area
   * contains bios code and data regions used by X and dosemu and similar apps.
   * Access has to be given to non-kernel-ram areas as well, these contain the PCI
   * mmio resources as well as potential bios/acpi data regions.
   

   your address 0xFFFF0000 is quite likely to be non-RAM, since BIOSes typically put IO memory just below 4GB, so that's why you're able to map it even with STRICT_DEVMEM.

Permission denied for mmap /dev/mem, even with CAP_SYS_RAWIO, but works as root

CAP_SYS_RAWIO isn't all you need to access /dev/mem. Its regular file permissions apply too. You either need CAP_DAC_READ_SEARCH (if you just want to read and not write), CAP_DAC_OVERRIDE, setgid kmem, or change the permissions or set file ACLs on /dev/mem.

Failed to open /dev/mem: Permission denied

Putting sudo in front of sox will not help you since I am pretty sure the error message "Failed to open /dev/mem" comes from pi_fm_rds. And that is still started without sudo.

You are actually executing two commands. sox is the first, and pi_fm_rds the second. You are sending the output of the first command to the second (via the pipe |).

To call pi_fm_rds with root access you can choose one of these three options:

Call pi_fm_rds with sudo

sox -t mp3 /home/pi/test.mp3 -t wav - | sudo /home/pi/PiFmRds/src/pi_fm_rds -audio -

Or add your user to the kmem group (which allows access to /dev/mem) - requires logout/reboot.

sudo usermod -a -G kmem userName

or make the program setuid root - or setgid kmem

chown root:root /home/pi/PiFmRds/src/pi_fm_rds
chmod u+s /home/pi/PiFmRds/src/pi_fm_rds

open /dev/mem - Operation not permitted

You cannot read /dev/mem if you are not root.

^{There is no reason for an ordinary application to access /dev/mem, i.e. the physical RAM, since applications are running in virtual memory !}

If you change the permission of /dev/mem to enable that (you should not), you will open a huge security hole in your system. Only trusted root processes should access /dev/mem. See mem(4)

(you could use setuid techniques if so wanted, or run your program with sudo)

If you need to access virtual memory in the address space of some other process, consider proc(5) e.g. /proc/1234/mem for process of pid 1234.

No access to /dev/mem. Try running as root

Not only access to /dev can be privileged for access, also the device itself will probably be protected.

You should do an ls -l /dev and check the I/O device you are trying to access. Once you see the group, try adding yourself to that group:

$ sudo usermod -aG <iogroup> user

After that, you probably need to log out and in again for the group to be added.

Else you could change the permission to 777 (of the device), but changing the group is more correct.

devmem: can't open '/dev/mem': Permission denied

Because on 4.4.2 (At least on Samsung S4), Selinux is set to Enforcing which causes you not able to list out the /dev/mem or even reading it.

Since you have rooted the phone, from ADB shell, go into 'su' and use the 'getenforce' command, it should return you with 'Enforcing'. You can temporary disable Selinux by using 'setenforce 0' which will change the Selinux mode to Permissive and you are able to read or list /dev/mem

---

Related Topics