Hi!!
I am running StockROM with some little tweaks made by me like doedex and zipalign, some visual chances, but nothing too hard. To have the best battery life possible I installed @sev3n1985 kernel. Everything perfect!!
I was surfing on the web and I discovered that permissive SELinux lets us do a lot more stuff than with the SELinux mode on Enforcing.
Is this truth? If so, is there any way I can change it to permissive permanently?
Regards :*
Sent from my S3 Neo+ (GT-I9301I) running Custom Made StockROM with @sev3n1985 kernel
I think it needs to be built in to kernel, to make it permanent, but you can use some apps and init.d scripts to make it permissive on every boot.
RometVinnal said:
I think it needs to be built in to kernel, to make it permanent, but you can use some apps and init.d scripts to make it permissive on every boot.
Click to expand...
Click to collapse
Could you please teach me how?
Sent from my S3 Neo+ (GT-I9301I) running Custom Made StockROM with @sev3n1985 kernel
The Forgotten said:
Could you please teach me how?
Sent from my S3 Neo+ (GT-I9301I) running Custom Made StockROM with @sev3n1985 kernel
Click to expand...
Click to collapse
How to build a kernel..? Well.. I can't teach you that, but if you know how to do it then:
"Switching between enforcing and permissive mode is possible if the kernel you have booted supports SELinux Development mode (CONFIG_SECURITY_SELINUX_DEVELOP=y). Otherwise, the kernel automatically boots in enforcing mode and you are not able to switch back. Although such kernels are sometimes considered the safest (as a successful intrusion still doesn't allow the attacker to disable SELinux, even if he obtains full administrative access) most distributions keep development mode on."
Checking the information about current status with a terminal command:
Code:
root # sestatus
Switching between permissive and enforcing:
Code:
root #setenforce 1 - makes it enforcing
root #setenforce 0 - makes it permissive
"The default value (enforcing or permissive) when the system boots is defined in the /etc/selinux/config file, through the SELINUX parameter." You could try changing that, but from my understanding you need a kernel, that is configured like that.
Now almost all of that information came from this page:
https://wiki.gentoo.org/wiki/SELinux/Tutorials/Permissive_versus_enforcing
As I stated earlier, I can't teach you how to build a kernel. It's just a thing you need to learn yourself before starting that journey.
Altho, I'm actually working on a lightly debloated and optimized stock rom, I'll maybe even make a custom kernel for it and enable SELinux development mode because Viper4Android needs permissive SELinux mode.
I hope you're having a great day.
The Forgotten said:
Hi!!
I am running StockROM with some little tweaks made by me like doedex and zipalign, some visual chances, but nothing too hard. To have the best battery life possible I installed @sev3n1985 kernel. Everything perfect!!
I was surfing on the web and I discovered that permissive SELinux lets us do a lot more stuff than with the SELinux mode on Enforcing.
Is this truth? If so, is there any way I can change it to permissive permanently?
Regards :*
Sent from my S3 Neo+ (GT-I9301I) running Custom Made StockROM with @sev3n1985 kernel
Click to expand...
Click to collapse
Its really easy......
1. Decompress stock boot.img with Android Imag Kitchen
2. Go into split_img folder
3. Open boot.img-cmdline with a text editor of your choice (except notepad)
4. Add this to the end of the file: androidboot.selinux=permissive
5. Compress the boot.img again and thats it
There are more haX you can do when decompressing a boot.img like adding init.d support , enabling adb at boot ........
oranaise2412 said:
Its really easy......
1. Decompress stock boot.img with Android Imag Kitchen
2. Go into split_img folder
3. Open boot.img-cmdline with a text editor of your choice (except notepad)
4. Add this to the end of the file: androidboot.selinux=permissive
5. Compress the boot.img again and thats it
There are more haX you can do when decompressing a boot.img like adding init.d support , enabling adb at boot ........
Click to expand...
Click to collapse
I did exactly what you said, and I failed...
Sent from my S3 Neo+ (GT-I9301I) running Custom Made StockROM with @sev3n1985 kernel
Related
HELLO EVERYONE
I AM CURRENTLY DEVELOPING A ROM AND I WANT TO KNOW HOW TO ADD V6 SUPERCHARGER SCRIPT TO
MY ROM
--abhishekr700
just run v6 supercharger in your rom - set it all up then pull your system to your pc either with adb or use the tar command in android terminal emulator on phone and copy to pc
then use the tar file generated in android kitchen to set up working folder
one more thin
i started building rom from stock rom and stock kernel
i added int.d support via android kitchen
so will init.d work
one more thin
i started building rom from stock rom and stock kernel
i added int.d support via android kitchen
so will init.d work
yes if the user uses a kernel that supports init.d
marcussmith2626 said:
just run v6 supercharger in your rom - set it all up then pull your system to your pc either with adb or use the tar command in android terminal emulator on phone and copy to pc
then use the tar file generated in android kitchen to set up working folder
Click to expand...
Click to collapse
But I have already built much of the rom.
Isn't there a way to add it by other method
Like I run v6 supercharger on my phone then copy 99supercharger from init.d folder to my rom init.d folder
Also my stock rom has stock kernel
And I added init d support to my rom via kitchen
Will.init.d script work
abhishekr700 said:
But I have already built much of the rom.
Isn't there a way to add it by other method
Like I run v6 supercharger on my phone then copy 99supercharger from init.d folder to my rom init.d folder
Also my stock rom has stock kernel
And I added init d support to my rom via kitchen
Will.init.d script work
Click to expand...
Click to collapse
if thats the only file it produces then yes
but you could just flash the rom you have built so far then install v6 supercharger then pull the system
and yes init.d will work if the end user uses a kernel that supports it
marcussmith2626 said:
if thats the only file it produces then yes
but you could just flash the rom you have built so far then install v6 supercharger then pull the system
and yes init.d will work if the end user uses a kernel that supports it
Click to expand...
Click to collapse
hey
canu do a favour for me
i will upload the update script from kitchen
can u tell me if it will give error while flashing
marcussmith2626 said:
if thats the only file it produces then yes
but you could just flash the rom you have built so far then install v6 supercharger then pull the system
and yes init.d will work if the end user uses a kernel that supports it
Click to expand...
Click to collapse
hey
canu do a favour for me
i will upload the update script from kitchen
can u tell me if it will give error while flashing
abhishekr700 said:
hey
canu do a favour for me
i will upload the update script from kitchen
can u tell me if it will give error while flashing
Click to expand...
Click to collapse
why dont you build the rom then flash it and see?
marcussmith2626 said:
why dont you build the rom then flash it and see?
Click to expand...
Click to collapse
what if the phone bootloops or doesn't boot
will i be able to open recovery mode
abhishekr700 said:
what if the phone bootloops or doesn't boot
will i be able to open recovery mode
Click to expand...
Click to collapse
you will only not be able to get into recovery mode if you incorrectly flash a kernel or a kernel that has a bug in it with recovery mode
if your rom does not contain a kernel in the rom zip or there is no problem with the kernel then the recovery mode will not be touched and you can always restore via odin in download mode
marcussmith2626 said:
why dont you build the rom then flash it and see?
Click to expand...
Click to collapse
what if the phone bootloops or doesn't boot
will i be able to open recovery mode
marcussmith2626 said:
you will only not be able to get into recovery mode if you incorrectly flash a kernel or a kernel that has a bug in it with recovery mode
if your rom does not contain a kernel in the rom zip or there is no problem with the kernel then the recovery mode will not be touched and you can always restore via odin in download mode
Click to expand...
Click to collapse
i have stock kernel in my rom
i think the recovery mode will open ??
marcussmith2626 said:
you will only not be able to get into recovery mode if you incorrectly flash a kernel or a kernel that has a bug in it with recovery mode
if your rom does not contain a kernel in the rom zip or there is no problem with the kernel then the recovery mode will not be touched and you can always restore via odin in download mode
Click to expand...
Click to collapse
i have stock kernel in my rom
i think the recovery mode will open ??
abhishekr700 said:
i have stock kernel in my rom
i think the recovery mode will open ??
Click to expand...
Click to collapse
re-read my quote again
are you replacing the kernel? if no then no chance of loosing recovery mode!
I have been playing around with kernels (for nexus 5), to add some features to the stock kernel. But I have problem with Samsung. I am trying to build a flashable custom kernel for Samsung S7 edge (G935F). .Steps I followed to create the boot.img are:
Get the stock source code (Samsung openSource)
Modify the kernel (just add/remove some TCP features)
Build the kernel (as per the kernel READ.ME, with aarch64-linux-android-4.9 toolchain)
-->created Image, with no loadable modules (*.ko)
Unpack the boot.img from the stock kernel (abootimg -x )
Create new boot.img replacing the original zImage with the custom kernel Image (abootimg --create . . . )
Make tar.md5 file of the custom boot.img for Odin3
Pushed the custom kernel using Odin3, but it fails to boot ("kernel not enforcing seadnroid"). I have tried using TWRP (install from zip), but it just does bootloop. Can anyone see what I am doing wrong? Am I missing something? I have read most of the "Build kernel from source" dev-threads but have not found a solution for this, nor am I allowed to post my questions there as I am just a junior member.
I would highly appreciate any help, as I have already invested some days with no avail
mdh-labs said:
I have been playing around with kernels (for nexus 5), to add some features to the stock kernel. But I have problem with Samsung. I am trying to build a flashable custom kernel for Samsung S7 edge (G935F). .Steps I followed to create the boot.img are:
Get the stock source code (Samsung openSource)
Modify the kernel (just add/remove some TCP features)
Build the kernel (as per the kernel READ.ME, with aarch64-linux-android-4.9 toolchain)
-->created Image, with no loadable modules (*.ko)
Unpack the boot.img from the stock kernel (abootimg -x )
Create new boot.img replacing the original zImage with the custom kernel Image (abootimg --create . . . )
Make tar.md5 file of the custom boot.img for Odin3
Pushed the custom kernel using Odin3, but it fails to boot ("kernel not enforcing seadnroid"). I have tried using TWRP (install from zip), but it just does bootloop. Can anyone see what I am doing wrong? Am I missing something? I have read most of the "Build kernel from source" dev-threads but have not found a solution for this, nor am I allowed to post my questions there as I am just a junior member.
I would highly appreciate any help, as I have already invested some days with no avail
Click to expand...
Click to collapse
I dont want to tell you something you have already read, if you have been through the Dev forums, But on the off chance:
Have you removed the Fingerprint reader?
The Kernel will fail to boot with it enabled, Unless you know the workaround (EchoTeam)
dave7802 said:
I dont want to tell you something you have already read, if you have been through the Dev forums, But on the off chance:
Have you removed the Fingerprint reader?
The Kernel will fail to boot with it enabled, Unless you know the workaround (EchoTeam)
Click to expand...
Click to collapse
Hmm ... Fingerprint reader? No, I have not removed anything. I was thinking that since I am not adding anything that was not already in the stock kernel source, I do not need to do any modifications. How can I remove this reader?
Here are the temporary solutions.
Way A:
Remove /system/lib/libbauth* , /system/lib64/libbauth*
Way B: (If you want to completely disable (or bypass) TEE)
Remove /system/lib/libbauth* , /system/lib64/libbauth*
Replace /system/lib64/hw/gatekeeper.exynos8890.so,/system/lib64/hw/keystore.exynos8890.so with these i uploaded.
Both of them will make your FP Sensor not working.
(Lock Screen will work)
But,at least,you get a stable custom kernel.
Click to expand...
Click to collapse
http://forum.xda-developers.com/s7-...m-g935f-fd-t3361460/post66762787#post66762787
Thank @Jesse Chan He also fixed the fingerprint too.
dave7802 said:
http://forum.xda-developers.com/s7-...m-g935f-fd-t3361460/post66762787#post66762787
Thank @Jesse Chan He also fixed the fingerprint too.
Click to expand...
Click to collapse
Thanks a lot, I will try that. I have already seen his custom kernel (would love to ask something on his thread but . . . )
mdh-labs said:
Thanks a lot, I will try that. I have already seen his custom kernel (would love to ask something on his thread but . . . )
Click to expand...
Click to collapse
I saw someone mention me.
Well, you must disable all TIMA-related configs as well as KNOX_KAP to get kernel boot.
And then, if you want to get a stable kernel with FP, you must apply my FP fix.(could be found in my Kernel's flashable zip)
Jesse Chan said:
I saw someone mention me.
Well, you must disable all TIMA-related configs as well as KNOX_KAP to get kernel boot.
And then, if you want to get a stable kernel with FP, you must apply my FP fix.(could be found in my Kernel's flashable zip)
Click to expand...
Click to collapse
I appreciate that you have had the time to look at my question. I've tried the tricks you suggested but my kernel still cannot boot. Modified the .config file (with menuconfig):
disabled
# CONFIG_KNOX_KAP is not set
# CONFIG_TIMA is not set
# CONFIG_TIMA_LKMAUTH is not set
not in config anymore
-CONFIG_TIMA_LOG=y
-CONFIG_TIMA_RKP=y
Then built a custom boot.img as mentioned in my question and added the META and mcRegistry folders from your flashable zip file to create a zip file out of the three.
I have also tried by removing the libbauth* files from system/lib/ and system/lib64 directories?
One more thing, does it matter whether I get just an Image file or zImage from kernel build (I get only Image and .gz of it)?
//Thank you all for 30k+ Views. You're amazing guys//
You want Android 8 with Viper4android to?
Thread created check my profile...
Hi,
at first im not responsible for anything that happens to your phone OK?
Fine Let's Start.
If you are on cm skip all until the cm section
Supported kernel list and known errors/bugs see second post
Step 1
- Flash full Factory Images.
- Install TWRP, remember you have to be decrypted.
Step 2
- Install Android 7 ROM by tupac4u / or any other rom / or leave stock
- Reboot //if nessesairy
Step 3
- Flash ElementalX's N Kernel.
- Flash Viper5.0_Stock.zip in Recovery / or any other viper
- Reboot.
Step 4
- Install driver.
- Open File Explorer and delete /system/vendor/etc/audio_effects.conf
- Reboot.
Step 5
- Set enforcing to permissive (You have to do it at every Reboot!).
- In Viper open Menu->FX-CompatibleMode->yes // you can try without, it may work
- Enjoy Viper.
CM Section
1. Flash arise sound mod ( link down below )
2. And IMPORTANT flash super su
3. Disable audio fx and reboot
SPOTIFY FIX
1. Download that file
https://drive.google.com/file/d/0BxyY1q0qeeeEeUFGT3JHeDZLZkE/view
2. Place it under /system/etc
3. Reboot
PURE NEXUS ONLY WORKS WITH BUILD 10/25!!!
If it worked leave a reply.
Alternative Download link for ARISE Viper here:
http://forum.xda-developers.com/android/software/r-s-e-sound-systems-auditory-research-t3379709
Unsupported Rom/Kernel
Kernel:
- Stock
- Jolla
ROM:
F.A.Q.
Q: Spotify isn't working with that
A: Force enable Viper4Android and turn FX Mode to compatible. Then restart both applications.
Q: Why ElementalX Kernel?
A: That's the only Kernel who works with Viper except Stock kernel. Elite Kernel may also work but it hasent been updated since the Dev Previews.
Q: Is that also working with the stock rom?
A: Yup. Also works with (nearly) any stock based ROM.
Is there a definite way of checking if it's working? Not by sound?
Yes, just check driver status in viper when something is playing in the background. If it says 'processing', then it's working.
Btw, why would I need custom kernel for viper?
Sent from my Nexus 5X using Tapatalk
how to set permissive mode permanently?
Nightshadow931 said:
Yes, just check driver status in viper when something is playing in the background. If it says 'processing', then it's working.
Btw, why would I need custom kernel for viper?
Click to expand...
Click to collapse
I found that it isn't working on jolla Kernel and Stock.
Did you enable viper in app itself?
Not sure, but maybe you need to enable it on order to see 'processing'..
Did the installation of driver went well?
Sent from my Nexus 5X using Tapatalk
enzippo said:
how to set permissive mode permanently?
Click to expand...
Click to collapse
use a file exlorer with root privileges like es or root explorer and go to /etc/init.d directory, create a file and named "08setperm" (without quotes) and add the below lines in the file and save it..
#!/system/sh
setenforce 0
And give full permission (rwxrwxrwx)
reboot and you should be good. if for some reason your init.d script doesn't launch then download and install universal init.d tool and enable it.
Nice that someone is trying to get Viper4Android to work on Nexus 5x with Android 7.0 (Nougat). Sadly it does not work, tried your way but it does not enable me to get Viper4Android to work in Spotify.
Selinux is in permissive, your viber4android package is in place, audio_effects.conf removed, Android 7 by tupac4u installed and complete factory image installation before all this. No go..
Viper4android driver status does not complain but processing is always "no".
Try some other app like play music, v4a won't work on all apps if they have their own equalizer.
Sent from my Nexus 5X using Tapatalk
Blinkiz said:
Nice that someone is trying to get Viper4Android to work on Nexus 5x with Android 7.0 (Nougat). Sadly it does not work, tried your way but it does not enable me to get Viper4Android to work in Spotify.
Selinux is in permissive, your viber4android package is in place, audio_effects.conf removed, Android 7 by tupac4u installed and complete factory image installation before all this. No go..
Viper4android driver status does not complain but processing is always "no".
Click to expand...
Click to collapse
For those who want to use Viper4android with Spotify change fx compatible Mode to compatible in Viper settings. Then Open Spotify and go to Settings->Equalizer that should bring up Viper. Select Force enable and close Viper and Spotify. Open up both again and Boom Viper is there.
How find Android 7 by tupac4u ??
EDIT.
I found him already
Did someone get it working with stock rooted ROM?
noidea24 said:
use a file exlorer with root privileges like es or root explorer and go to /etc/init.d directory, create a file and named "08setperm" (without quotes) and add the below lines in the file and save it..
#!/system/sh
setenforce 0
And give full permission (rwxrwxrwx)
reboot and you should be good. if for some reason your init.d script doesn't launch then download and install universal init.d tool and enable it.
Click to expand...
Click to collapse
Idk if this will work on the new version, but this zip I've attached here sets the previous ElementalX-N5x-1.17 kernel permissive permanently. I'm not on nougat yet, waiting for Xposed.
trhacker01 said:
Idk if this will work on the new version, but this zip I've attached here sets the previous ElementalX-N5x-1.17 kernel permissive permanently. I'm not on nougat yet, waiting for Xposed.
Click to expand...
Click to collapse
In gonna give it a try
Nightshadow931 said:
Did someone get it working with stock rooted ROM?
Click to expand...
Click to collapse
Me not
Thargorsson said:
In gonna give it a try
Click to expand...
Click to collapse
Nope it don't works
Thargorsson said:
Nope it don't works
Click to expand...
Click to collapse
thats how im running right now, just checked. only with the universal init.d though
noidea24 said:
thats how im running right now, just checked. only with the universal init.d though
Click to expand...
Click to collapse
Ur saying that permissive zip works with the universal init.d?
trhacker01 said:
Ur saying that permissive zip works with the universal init.d?
Click to expand...
Click to collapse
As long as the zip creates/places a file in the init.d to change selinux then i guess it should work
Hello to all, I want to change Selinux enforncing to Permissive, I'm making a new rom and need change it.
Does anyone know how to do it?. my device is G900M. Sorry for my English
Thank you very much.
Im not sure but... I think the SELinux is part of the kernel, and you cant change it without modding the kernel so... I think thats what you have to do, but im not sure about this. BTW, if you dont need to change the kernel to do this you can just do a init.d script with this line:
setenforce 0
Or add it to the finish of the "init.qcom.post_boot.sh" like this:
#SELinux Permissive
setenforce 0
Stock kernels will not allow it no matter what, you need a custom kernel that is not seandroid enforcing
this does not belong in the Dev section please have a mod move the thread
I've read a couple posts where folks say they're running their stock rom but with a permissive kernel. I can't seem to find said kernel for the sm-t280. It appears to only be available for the t285.
Is a permissive kernel available for the t280 and if so, where might I find it?
Thanks!
The post was made in one of @_mone's threads for an updated TWRP and Magisk, it is an SELinux Permissive Available kernel.
https://forum.xda-developers.com/showpost.php?p=73181495&postcount=59
_mone said:
Under request of quite few users I've uploaded two boot.img that have a kernel able to set SELinux to permissive.
With Magisk-v12.0 ramdisk patches:
T280XXU0AQA4-Magisk-v12.0-SPA-boot.img
With SuperSU-v2.82 ramdisk patches:
T280XXU0AQA4-SuperSU-v2.82-SPA-boot.img
The tag SPA stands for SELinux Permissive Able, this means that the kernel is able to set SELinux to permissive mode but it is not set by default.
You can set it running from terminal:
Code:
su
setenforce 0
If you want to set SELinux to permissive at boot there are few methods that you can use, you can find them here at xda.
I would like to have feedback about these boot.img as I have not tested them because I'm currently running T280XXU0AQF1 with SuperSU in system mode, and it has a different ramdisk, and I rather skip the pain to restore an old backup of AQA4 and test the images with the different root methods.
Kernel source: https://github.com/underscoremone/android_kernel_samsung_gtexswifi/tree/T280XXU0AQA4-SPA
What I have done is just remove the awful CONFIG_ALWAYS_ENFORCE, a proper custom kernel will may arrive in the near future.
Screenshots are taken from my device running T280XXU0AQF1 with the same kernel included in the boot.imgs shared in this post.
Looking forward for your feedback.. if everything is ok I'll add the link to the OP, if it is not I'll restore the old backup, make the tests for you and provide the new boot.img.
Click to expand...
Click to collapse