SEAndroid in Enforce-Mode
I just got a Galaxy Note Pro 12.2 LTE with Snapdragon, and as this is my third Android device I rooted it with Towelroot (had to use the string for 'new Samsung' from Geohot's page). So after rooting it I installed all the apps I am used to, but I have a problem with Orbot (Tor Proxy). Regardless if setup to provide a socks proxy or transparently proxy the traffic from apps or everything, it wouldn't start binding to the local control port.
After finding out that SEAndroid has been incorporated from google into Android and finding more stuff that doesn't work (like mounting a NFS share from my home server to the tablet) I start to think that maybe the Orbot problem is related to the kernel on the tablet in enforcing mode. I tried evrything I could find here and elesewhere to set it to permissive, no way to do it... (other than flashing a custom kernel where this is disabled...) As far a I get it, we should be able to switch modes by several commands, like setenforce Permissive or echoing 1 or 0 somewhere to the SELinuxFS. All this doesnt work, as we have root access but I guess we are in the wrong context or this has been blocked otherwise.
On the internet I found a lot of resources about management tools for SEAndroid, like 'setool' and 'SEAndroidmanage'. These are not on the Tablet as far as I can see, maybe we have a chance of getting into permissive mode somehow if we only had those tools to work with the policy. Fort example there is a mapping between Linux-users und SEAndroid-users which can be listed using setool. Maybe we can extract important info that way and find a way to permissive mode. Does anyone have those tools or is the only way to get them to compile AOSP from source with options like buildtype 'eng' which also creates additional debugging tools ?? Maybe someone can tell me, I was already gonna setup Ubuntu 14.04 in a VM to build the actual sources.
There must be a way somehow to do this without flashing unsigned kernels or create new ramdisk which also taint the device, which hasn't happened to mine up to now. It's very frustrating I can't even mount NFS shares, regardless of options I tried. So, does anyone know if this could workout or is it a waste of time ??