FORUMS
Remove All Ads from XDA

[MODULE][DISCONTINUED] Magisk SELinux Permissive Script

154 posts
Thanks Meter: 269
 
By Jman420, Senior Member on 22nd March 2017, 10:08 PM
Post Reply Email Thread
AS OF 03/07/2018
Support and development of this module have been discontinued.
A replacement module can be found here : https://forum.xda-developers.com/app...nager-t3760042


This is a very simple module that installs a post-fs-data.sh script which enables SELinux Permissive Mode. This is useful for certain audio mods and removes the need to understand Magisk's file system & boot logic. No need to create your own scripts, just flash and forget.

I have only tested this on my Verizon HTC 10, but this module is so simple and generic that it should work on any Android device with SELinux.
This module has been tested on and is compatible with Magisk v11.6-15.2.

Disclaimer & Recommendations: This module should be used as a last resort only if appropriate SELinux Permissions can not be generated and injected into the SELinux Policy using selinux-inject, supolicy or magiskpolicy. Putting your device into Permissive Mode will essentially disable all of the operating system level security built into Android and allow any app in any context to do whatever it wants. Actions requiring root access will still trigger your SU Manager App, but all apps have elevated privileges due to permissive and may be able to take malicious actions on your device without needing root access. If you find that this module fixes issues you are experiencing with an app I recommend contacting the app developer and trying to work with them to isolate the necessary SELinux Permissions and have them injected into the SELinux Policy at startup.
Here is a discussion of some of concerns to consider when running your device in Permissive Mode : https://forum.xda-developers.com/gen...risks-t3607295

Github Repo : https://github.com/Jman420/magisk-permissive-script

Change Log :
v1.0 - Initial Release
v1.1 - Update to Module Template v1400
v1.2 - Update to Module Template v1500
Attached Thumbnails
Click image for larger version

Name:	Screenshot_20170401-083559.png
Views:	35938
Size:	102.7 KB
ID:	4096812   Click image for larger version

Name:	Screenshot_20170401-082645.jpg
Views:	37032
Size:	235.1 KB
ID:	4096813   Click image for larger version

Name:	Screenshot_20170401-082730.png
Views:	36434
Size:	198.2 KB
ID:	4096814   Click image for larger version

Name:	Screenshot_20170401-083057.png
Views:	33884
Size:	65.3 KB
ID:	4096815   Click image for larger version

Name:	Screenshot_20170401-083118.png
Views:	30908
Size:	216.3 KB
ID:	4096816   Click image for larger version

Name:	Screenshot_20170401-083247.png
Views:	29322
Size:	67.2 KB
ID:	4096817  
Attached Files
File Type: zip magisk-permissive-script_v1.0.zip - [Click for QR Code] (5.8 KB, 9210 views)
File Type: zip magisk-permissive-script_v1.1.zip - [Click for QR Code] (5.2 KB, 23014 views)
File Type: zip magisk-permissive-script_v1.2.zip - [Click for QR Code] (4.7 KB, 53546 views)
The Following 93 Users Say Thank You to Jman420 For This Useful Post: [ View ] Gift Jman420 Ad-Free
 
 
23rd March 2017, 03:16 AM |#2  
Senior Member
Flag Taopei
Thanks Meter: 17
 
More
thank you brother!
LeEco LePro 3 Atmos can work finally!
23rd March 2017, 03:30 AM |#3  
ahrion's Avatar
Retired Forum Moderator / Recognized Developer
Thanks Meter: 5,072
 
More
Quote:
Originally Posted by huaiyue

thank you brother!
Can you tell me how to install LeEco LePro 3 Atmos ?
I hava supersu systemless.

These two things are completely unrelated.

If you want to install something, you install it. There's not much more to that.
The Following User Says Thank You to ahrion For This Useful Post: [ View ]
23rd March 2017, 03:31 AM |#4  
jhedfors's Avatar
Senior Member
Flag Chandler, AZ
Thanks Meter: 607
 
More
Quote:
Originally Posted by huaiyue

thank you brother!
Can you tell me how to install LeEco LePro 3 Atmos ?
I hava supersu systemless.

In Magisk, go to the Modules section, and select the "+", and select the zip you downloaded.
23rd March 2017, 04:36 AM |#5  
Senior Member
Flag Taopei
Thanks Meter: 17
 
More
Quote:
Originally Posted by Jman420

This is a very simple module that installs a post-fs-data.sh script which enables SELinux Permissive Mode. This is useful for certain audio mods and removes the need to understand Magisk's file system & boot logic. No need to create your own scripts, just flash and forget.

I have only tested this on my Verizon HTC 10, but this module is so simple and generic that it should work on any Android device with SELinux.

Github Repo : https://github.com/Jman420/magisk-permissive-script

LeEco LePro 3 Atmos can work
however
xposed systemless failed.[COLOR="Silver"]

---------- Post added at 01:32 ---------- Previous post was at 01:31 ----------

Quote:
Originally Posted by ahrion

These two things are completely unrelated.

If you want to install something, you install it. There's not much more to that.

http://imgur.com/a/Sbf9p

dolby fc.


---------- Post added at 01:36 ---------- Previous post was at 01:32 ----------

Quote:
Originally Posted by jhedfors

In Magisk, go to the Modules section, and select the "+", and select the zip you downloaded.

thank you brother!
23rd March 2017, 06:16 AM |#6  
Thor™'s Avatar
Senior Member
Flag भारत
Thanks Meter: 37
 
More
Thanks a lot
23rd March 2017, 01:52 PM |#7  
OP Senior Member
Thanks Meter: 269
 
More
Quote:
Originally Posted by huaiyue

thank you brother!
LeEco LePro 3 Atmos can work finally!

Regarding your other post mentioning Xposed (which I'm not quoting cause it's a mess). I'm running on Nougat so I can't use Xposed and haven't tested with it. If you give me more details I can try to determine what the issue is. Logs, error messages, symptoms would all be helpful.

Quote:
Originally Posted by Thor™

Thanks a lot

I aim to please
The Following 3 Users Say Thank You to Jman420 For This Useful Post: [ View ] Gift Jman420 Ad-Free
24th March 2017, 06:24 PM |#8  
matssa's Avatar
Senior Member
Thanks Meter: 1,883
 
Donate to Me
More
I don't understand why this mod is usefull. In the latest version of magisk, there is a semi enforce/permissive linux bypass. The system thinks it's enforced, but in reality is permissive. Or maybe I didn't fully understand it?
The Following User Says Thank You to matssa For This Useful Post: [ View ] Gift matssa Ad-Free
24th March 2017, 09:03 PM |#9  
Member
Thanks Meter: 9
 
More
its working with s5neo?
24th March 2017, 10:46 PM |#10  
htr5's Avatar
Senior Member
Thanks Meter: 236
 
More
I've just flashed this zip. This allows Viper4Android to run in enforcing mode:

https://www.dropbox.com/s/k9cnruw2e1...olicy.zip?dl=0

I forgot the source. Maybe Google it
The Following User Says Thank You to htr5 For This Useful Post: [ View ] Gift htr5 Ad-Free
25th March 2017, 01:33 PM |#11  
OP Senior Member
Thanks Meter: 269
 
More
Quote:
Originally Posted by matssa

I don't understand why this mod is usefull. In the latest version of magisk, there is a semi enforce/permissive linux bypass. The system thinks it's enforced, but in reality is permissive. Or maybe I didn't fully understand it?

I agree that Magisk hides the actual SELinux Mode in such a way that if Magisk Hide is enabled the 'getenforce' command always returns 'Enforcing'. But if you do not run the 'setenforce 0' command the SELinux mode will still be set to 'Enforcing' rather than 'Permissive'. This script puts the SELinux mode into 'Permissive' at startup. Magisk Hide will still hide the fact that you are in Permissive Mode, which I believe is the 'pseudo permissive' mode that Magisk describes. But I can not find any settings or commands within Magisk that enable Permissive Mode.

Quote:
Originally Posted by htr5

I've just flashed this zip. This allows Viper4Android to run in enforcing mode:
https://www.dropbox.com/s/k9cnruw2e1...olicy.zip?dl=0
I forgot the source. Maybe Google it

It's just a shell script, the source is in the zip file. This is really helpful and is the direction I want to take this project. Permissive Mode is great in that it gets the Apps/Mods that we want to run to work, but I consider it the equivalent of using a sledgehammer to hammer in a finishing nail. I would much rather be able to grant the specific permissions that each App needs rather than enable all permissions for all apps (which is what permissive mode does).

I plan on trying to develop an App which will assist in managing and generating a script which uses 'supolicy' to inject individual SELinux Policy Permissions. I had planned on using the Dolby Atmos LePro3 build as a guinea pig to try to isolate which permissions it needs and put together the supolicy command for them. I've hit a bit of a roadblock in verifying my supolicy command due to the format that the SELinux Policy is stored in on the device. I've found a project called sedump (https://ge0n0sis.github.io/posts/201...kernel-policy/) which claims to deserialize the Binary SELinux Policy to a readable format, but I can't seem to get it to work... the process seems to complete, but it generates an empty file... If anyone has experience with SELinux I'd really appreciate any feedback.
The Following User Says Thank You to Jman420 For This Useful Post: [ View ] Gift Jman420 Ad-Free
Post Reply Subscribe to Thread

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes