Dear friends and OGPro users,
I got annoyed by running SELinux permissive for only one app - Viper4Android - so I've started searching for a way to allow it to run under Enforced mode. So far, I have found two ways:
1) changing ROM's sepolicy before building to allow exec permission for mediaserver (which looks like a bad idea),
2) adding live SELinux rule via init.d script
Second way looks a bit better for me, and someone at forums already made a fix, but it's working only if you have SuperSU installed because it needs SuperSU's supolicy binary.
Since lots of us don't use SuperSU, but instead use implemented superuser option, and since supolicy is closed source and only available in SuperSU package, I took some liberty and some of my free time to spend on lots of Google searches to find a way to implement this fix.
Requirements for this are:
- Lollipop ROM and kernel with init.d support
- working init.d
- good will to try it
Basically, this script flashes setools-android with sepolicy-inject binary and simple init.d script which is run at every boot and sets needed rules for mediaserver, allowing V4A to run under SELinux Enforced.
Flashable zip is available in the attachment. Tested and working on my device, running PAC 5.1.
setools-android and sepolicy-inject are open-source software, and credit for those projects goes to:
- xmikos @ github, for creating this tool bundle,
- pasis @ github, for originally porting setools,
- Joshua Brindle @ bitbucket, for creating sepolicy-inject
I got annoyed by running SELinux permissive for only one app - Viper4Android - so I've started searching for a way to allow it to run under Enforced mode. So far, I have found two ways:
1) changing ROM's sepolicy before building to allow exec permission for mediaserver (which looks like a bad idea),
2) adding live SELinux rule via init.d script
Second way looks a bit better for me, and someone at forums already made a fix, but it's working only if you have SuperSU installed because it needs SuperSU's supolicy binary.
Since lots of us don't use SuperSU, but instead use implemented superuser option, and since supolicy is closed source and only available in SuperSU package, I took some liberty and some of my free time to spend on lots of Google searches to find a way to implement this fix.
Requirements for this are:
- Lollipop ROM and kernel with init.d support
- working init.d
- good will to try it
Basically, this script flashes setools-android with sepolicy-inject binary and simple init.d script which is run at every boot and sets needed rules for mediaserver, allowing V4A to run under SELinux Enforced.
Flashable zip is available in the attachment. Tested and working on my device, running PAC 5.1.
setools-android and sepolicy-inject are open-source software, and credit for those projects goes to:
- xmikos @ github, for creating this tool bundle,
- pasis @ github, for originally porting setools,
- Joshua Brindle @ bitbucket, for creating sepolicy-inject