Github Tutorial App Shows You How to Use… Github

Github can get pretty complicated and using it can become quite daunting, especially … more

Google Glass-like Clip-On For Regular Glasses Developed by Sony

For the price of $2,000, a pair of glasses that can run apps, take pictures, … more

Micromax Takes OnePlus to Court! Android Wear Receives Lollipop – XDA TV

Android 5.0 Lollipop is available officially for the Moto 360! … more

Google Invites Selected Devs to Buy Project Tango Development Kit

Just about a month ago, the curious Project Tango development kit was … more

Welcome to XDA

Search to go directly to your device's forum

Register an account

Unlock full posting privileges

Ask a question

No registration required
Post Reply

[KERNEL] Galaxy Tab S 8.4 SM-T700 (klimtwifi) Permissive kernel - T700XXU1ANF7

OP dl12345

Announcement from dl12345: Permissive mode kernel - change SELinux mode at runtime
22nd October 2014, 07:28 PM   |  #1  
OP Member
Thanks Meter: 49
 
69 posts
Join Date:Joined: Aug 2014
Samsung Galaxy Tab S 8.4 (klimtwifi) - Stock kernel SELinux permissive mode

Introduction

This kernel is built from stock Samsung source T700XXU1ANF7.This kernel will work on a stock, rooted Tab S 8.4. In addition, I run EMSPilot's NF9 ROM, so this kernel also works perfectly fine on his ROM. Thanks EMSPilot for the great ROM.

Features

The kernel is completely stock except for the activation of kernel configuation options allowing SELinux to be disabled and the mode to be changed from enforcing to permissive at runtime. It also supports the boot parameter androidboot.selinux=permissive and enables adb insecure in the default.prop in the ramdisk.

Installation instructions

To install this, use Odin 3.09 to flash the SM-T700-permissive.tar.md5 image using the AP button. DO NOT USE THIS KERNEL ON ANY DEVICE OTHER THAN A SM-T700 KLIMTWIFI. You are responsible for your own device and I make no warranty for this kernel. Flash at your own risk.

Changelog

Code:
Current changelog: 10-22-2014
[new] Add permissive mode configuration to stock kernel sources
Downloads

Download link: SM-T700-permissive.tar.md5
Github link: https://github.com/dl12345/SM-T700

FAQ

Q. Will this trip the Knox flag
A. Yes. Any kernel not signed by Samsung will trip Knox

Q. What Exactly are the changes between this kernel and a stock kernel
A. See below

KERNEL CONFIGURATION CHANGES:
Code:
[fedora@fedora SM-T700_KK_Opensource]$ diff -Naur klimtwifi_00_defconfig.orig klimtwifi_00_defconfig
--- klimtwifi_00_defconfig.orig 2014-10-18 00:19:42.588511921 +0100
+++ klimtwifi_00_defconfig      2014-10-18 00:19:06.526512090 +0100
@@ -569,6 +569,13 @@
 CONFIG_LSM_MMAP_MIN_ADDR=4096
 CONFIG_SECURITY_NETWORK=y
 CONFIG_SECURITY_SELINUX=y
+CONFIG_SECURITY_SELINUX_BOOTPARAM=y
+CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1
+CONFIG_SECURITY_SELINUX_DISABLE=y
+CONFIG_SECURITY_SELINUX_DEVELOP=y
+CONFIG_SECURITY_SELINUX_AVC_STATS=y
+CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1
+
 # SE Android Network Access Controls
 CONFIG_NETWORK_SECMARK=y
 CONFIG_NF_CONNTRACK_SECMARK=y
SELinux is forced into permissive mode at boot time through an addition to the init.rc script

INIT.RC CHANGES
Code:
[fedora@fedora bootimage]$ diff -Naur ramdisk.orig/init.rc ramdisk.new/init.rc
--- ramdisk.orig/init.rc        2014-10-16 23:27:10.680401045 +0100
+++ ramdisk.new/init.rc 2014-10-18 01:01:45.049925094 +0100
@@ -631,6 +631,13 @@

 ## Daemon processes to be run by init.
 ##
+
+# Force SELinux into permissive mode
+service sepermit /system/bin/setenforce 0
+    class main
+    user root
+    oneshot
+
 service sysmon /system/bin/sysmon
     class core
     user root
adb insecure is enabled in default.prop

DEFAULT.PROP CHANGES
Code:
[fedora@fedora bootimage]$ diff -Naur ramdisk.orig/default.prop ramdisk.new/default.prop
--- ramdisk.orig/default.prop   2014-10-16 23:27:10.669399628 +0100
+++ ramdisk.new/default.prop    2014-10-13 03:29:24.756527060 +0100
@@ -2,9 +2,9 @@
 # ADDITIONAL_DEFAULT_PROPERTIES
 #
 persist.security.ams.enforcing=1
-ro.secure=1
-ro.allow.mock.location=0
-ro.debuggable=0
-ro.adb.secure=1
+ro.secure=0
+ro.allow.mock.location=1
+ro.debuggable=1
+ro.adb.secure=0
 persist.sys.usb.config=mtp
 ro.smps.gain.spk=3.0
Thanks To/Credits

EMSPilot for his NF9 ROM

XDA:DevDB Information
SM-T700 SEPERM, Kernel for the Samsung Galaxy Tab S

Contributors
dl12345
Kernel Special Features: SELinux runtime mode change enabled

Version Information
Status: Beta
Beta Release Date: 2014-10-22

Created 2014-10-22
Last Updated 2014-11-08
The Following 6 Users Say Thank You to dl12345 For This Useful Post: [ View ]
25th October 2014, 11:42 AM   |  #3  
Member
Flag MS Gulf Coast
Thanks Meter: 9
 
60 posts
Join Date:Joined: Mar 2012
More
Thanks d12345 and to emspilot!
24th November 2014, 03:02 PM   |  #4  
Senior Member
Flag Phuket, Thailand
Thanks Meter: 5,434
 
4,876 posts
Join Date:Joined: Jan 2011
More
Thanks for sharing your method. Much appreciated.

I currently use a dirty RAMDISK method with my Tab S kernels and a hardcode source method with my Note Edge kernel. I look forward to trying this way next kernel i compile for test.

The dirty way actually removes the SELinux from about device in settings, where the hard-coded way just changes it to "permissive" but is permanent.

Does your way change the devices settings and visible, or is it removed all together (check status with getprop) ?
24th November 2014, 05:19 PM   |  #5  
Junior Member
Thanks Meter: 2
 
10 posts
Join Date:Joined: Nov 2014
Thanks man this kernal gave me access to use my wireless xbox controller awesome man!
24th November 2014, 06:42 PM   |  #6  
Quote:
Originally Posted by Ccieslin

Thanks man this kernal gave me access to use my wireless xbox controller awesome man!

Do u have a thread u found or any info on getting that to work?
24th November 2014, 07:17 PM   |  #7  
Junior Member
Thanks Meter: 2
 
10 posts
Join Date:Joined: Nov 2014
Quote:
Originally Posted by freddy0872

Do u have a thread u found or any info on getting that to work?

Hi yes I posted in this thread http://forum.xda-developers.com/gala...oller-t2820410

Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes