Hello to all, I want to change Selinux enforncing to Permissive, I'm making a new rom and need change it.
Does anyone know how to do it?. my device is G900M. Sorry for my English
Thank you very much.
Im not sure but... I think the SELinux is part of the kernel, and you cant change it without modding the kernel so... I think thats what you have to do, but im not sure about this. BTW, if you dont need to change the kernel to do this you can just do a init.d script with this line:
setenforce 0
Or add it to the finish of the "init.qcom.post_boot.sh" like this:
#SELinux Permissive
setenforce 0
Stock kernels will not allow it no matter what, you need a custom kernel that is not seandroid enforcing
this does not belong in the Dev section please have a mod move the thread
Related
Hi!!
I am running StockROM with some little tweaks made by me like doedex and zipalign, some visual chances, but nothing too hard. To have the best battery life possible I installed @sev3n1985 kernel. Everything perfect!!
I was surfing on the web and I discovered that permissive SELinux lets us do a lot more stuff than with the SELinux mode on Enforcing.
Is this truth? If so, is there any way I can change it to permissive permanently?
Regards :*
Sent from my S3 Neo+ (GT-I9301I) running Custom Made StockROM with @sev3n1985 kernel
I think it needs to be built in to kernel, to make it permanent, but you can use some apps and init.d scripts to make it permissive on every boot.
RometVinnal said:
I think it needs to be built in to kernel, to make it permanent, but you can use some apps and init.d scripts to make it permissive on every boot.
Click to expand...
Click to collapse
Could you please teach me how?
Sent from my S3 Neo+ (GT-I9301I) running Custom Made StockROM with @sev3n1985 kernel
The Forgotten said:
Could you please teach me how?
Sent from my S3 Neo+ (GT-I9301I) running Custom Made StockROM with @sev3n1985 kernel
Click to expand...
Click to collapse
How to build a kernel..? Well.. I can't teach you that, but if you know how to do it then:
"Switching between enforcing and permissive mode is possible if the kernel you have booted supports SELinux Development mode (CONFIG_SECURITY_SELINUX_DEVELOP=y). Otherwise, the kernel automatically boots in enforcing mode and you are not able to switch back. Although such kernels are sometimes considered the safest (as a successful intrusion still doesn't allow the attacker to disable SELinux, even if he obtains full administrative access) most distributions keep development mode on."
Checking the information about current status with a terminal command:
Code:
root # sestatus
Switching between permissive and enforcing:
Code:
root #setenforce 1 - makes it enforcing
root #setenforce 0 - makes it permissive
"The default value (enforcing or permissive) when the system boots is defined in the /etc/selinux/config file, through the SELINUX parameter." You could try changing that, but from my understanding you need a kernel, that is configured like that.
Now almost all of that information came from this page:
https://wiki.gentoo.org/wiki/SELinux/Tutorials/Permissive_versus_enforcing
As I stated earlier, I can't teach you how to build a kernel. It's just a thing you need to learn yourself before starting that journey.
Altho, I'm actually working on a lightly debloated and optimized stock rom, I'll maybe even make a custom kernel for it and enable SELinux development mode because Viper4Android needs permissive SELinux mode.
I hope you're having a great day.
The Forgotten said:
Hi!!
I am running StockROM with some little tweaks made by me like doedex and zipalign, some visual chances, but nothing too hard. To have the best battery life possible I installed @sev3n1985 kernel. Everything perfect!!
I was surfing on the web and I discovered that permissive SELinux lets us do a lot more stuff than with the SELinux mode on Enforcing.
Is this truth? If so, is there any way I can change it to permissive permanently?
Regards :*
Sent from my S3 Neo+ (GT-I9301I) running Custom Made StockROM with @sev3n1985 kernel
Click to expand...
Click to collapse
Its really easy......
1. Decompress stock boot.img with Android Imag Kitchen
2. Go into split_img folder
3. Open boot.img-cmdline with a text editor of your choice (except notepad)
4. Add this to the end of the file: androidboot.selinux=permissive
5. Compress the boot.img again and thats it
There are more haX you can do when decompressing a boot.img like adding init.d support , enabling adb at boot ........
oranaise2412 said:
Its really easy......
1. Decompress stock boot.img with Android Imag Kitchen
2. Go into split_img folder
3. Open boot.img-cmdline with a text editor of your choice (except notepad)
4. Add this to the end of the file: androidboot.selinux=permissive
5. Compress the boot.img again and thats it
There are more haX you can do when decompressing a boot.img like adding init.d support , enabling adb at boot ........
Click to expand...
Click to collapse
I did exactly what you said, and I failed...
Sent from my S3 Neo+ (GT-I9301I) running Custom Made StockROM with @sev3n1985 kernel
Hey all. I know we can use terminal editor to change the SELinux permissions but if we reboot it will have to be done again. Is there anyway to permanently set it to permissive on boot?
Yeah the app for that is here: https://f-droid.org/repository/browse/?fdid=com.mrbimc.selinux
In Samsung s7 edge not work
I apologize if it's the wrong post. But on my Samsung s7 edge I can not change the selinux to permissive. I tried in every way, selinuxmodechanger, init.d folder and terminal Android. Is there some other method?
Thank you
I searched lots of things to make it permissive...
I did this things
1)
/etc/init.d directory, create a file and rename it as 08setperm
2)
Added lines on that file
#!/system/sh
setenforce 0
It did work but when i tried rebooting it didn't...
Im using cm14.1 official..
I can't wipe anything because my storage is full
Twrp doesn't give me permission to do that and says selinux not premssive...
How to do it then?? I want it permanently not for temp purpose
Have you tried SELinux Mode Changer app? http://forum.xda-developers.com/showthread.php?t=2524485
acejavelin said:
Have you tried SELinux Mode Changer app? http://forum.xda-developers.com/showthread.php?t=2524485
Click to expand...
Click to collapse
But that's for temp use bro...
I can't add exposed....
Sagar_1401 said:
But that's for temp use bro...
I can't add exposed....
Click to expand...
Click to collapse
Yes you can. Set it where when the phone boots it notifs you that its changed to permissive. I've used it on LP, MM, and now 7.1. I've used it with Xposed and Viper just fine
I've read a couple posts where folks say they're running their stock rom but with a permissive kernel. I can't seem to find said kernel for the sm-t280. It appears to only be available for the t285.
Is a permissive kernel available for the t280 and if so, where might I find it?
Thanks!
The post was made in one of @_mone's threads for an updated TWRP and Magisk, it is an SELinux Permissive Available kernel.
https://forum.xda-developers.com/showpost.php?p=73181495&postcount=59
_mone said:
Under request of quite few users I've uploaded two boot.img that have a kernel able to set SELinux to permissive.
With Magisk-v12.0 ramdisk patches:
T280XXU0AQA4-Magisk-v12.0-SPA-boot.img
With SuperSU-v2.82 ramdisk patches:
T280XXU0AQA4-SuperSU-v2.82-SPA-boot.img
The tag SPA stands for SELinux Permissive Able, this means that the kernel is able to set SELinux to permissive mode but it is not set by default.
You can set it running from terminal:
Code:
su
setenforce 0
If you want to set SELinux to permissive at boot there are few methods that you can use, you can find them here at xda.
I would like to have feedback about these boot.img as I have not tested them because I'm currently running T280XXU0AQF1 with SuperSU in system mode, and it has a different ramdisk, and I rather skip the pain to restore an old backup of AQA4 and test the images with the different root methods.
Kernel source: https://github.com/underscoremone/android_kernel_samsung_gtexswifi/tree/T280XXU0AQA4-SPA
What I have done is just remove the awful CONFIG_ALWAYS_ENFORCE, a proper custom kernel will may arrive in the near future.
Screenshots are taken from my device running T280XXU0AQF1 with the same kernel included in the boot.imgs shared in this post.
Looking forward for your feedback.. if everything is ok I'll add the link to the OP, if it is not I'll restore the old backup, make the tests for you and provide the new boot.img.
Click to expand...
Click to collapse
I've been trying here for awhile now and can't seem to get it...
I'm using kernel aduitor's init.d(I'm sure it works) and universal Int.d and I'm using the following code:
#!/system/bin/sh
setenforce 0
I've named it "08setperm" and I've gave it all permissions.
I've also given the init.d folder all permissions.
When I try to run it in kernel aduitor it just stays at the "executing " screen.
When I boot, it stays enforcing
Any help would be great, thanks!