FORUMS
Remove All Ads from XDA

Patching Sepolicy with Supolicy Tool, modifed file not produced.

641 posts
Thanks Meter: 290
 
Post Reply Email Thread
19th September 2016, 10:49 PM |#11  
Chainfire's Avatar
Senior Moderator / Senior Recognized Developer - Where is my shirt?
Thanks Meter: 86,612
 
Donate to Me
More
Quote:
Originally Posted by Matt07211

Hmm, I really don't know what is wrong, I will try exactly what you have done later today, to see If can reproduce the output. If it doesn't work then we can pin it down to the emulator itself. What emulator image did you use?

I also realise that so emulator are rooted in the sense that web shell has root acess, just wasn't sure what dependices supolicy had at the time.

I created an API 22 Google Nexus x86_64 AVD in Android Studio
 
 
19th September 2016, 10:58 PM |#12  
Matt07211's Avatar
OP Senior Member
Thanks Meter: 290
 
More
I should be able to try that in about 20-30 mins after I download it, I was using api level 19, Intel's emulator image.
20th September 2016, 02:46 AM |#13  
Matt07211's Avatar
OP Senior Member
Thanks Meter: 290
 
More
I ran these commands on the Intel api 19 x86 emulator image.

Code:
adb push libsupol.so /system/lib/libsupol.so
adb shell chmod 0644 /system/lib/libsupol.so
adb push /system/xbin/supolicy
adb shell chmod 0755 /system/xbin/supolicy
adb push supolicy /data/local/tmp/supolicy
adb shell chmod 0755 /data/local/tmp/supolicy

adb push sepolicy /data/local/tmp/sepolicy 
adb shell 
cd /data/local/tmp 
chmod 0755 supolicy 
LD_LIBRARY_PATH=/data/local/tmp:$LD_LIBRARY_PATH ./supolicy --file sepolicy sepolicy_out
and it results in the error(shown in screenshot)

Code:
libsepol.policydb_read: policydb magic number 0x464c457f does not match expected magic number 0xf97cff8c or 0xf97cff8d
-Failure!
Error on API 19 Emulator using SUPOLICY

I then tried it on the Intel x86_64 api 22 emulator image (running the same commands as the first one, resulting in a succes, with the file being outputted as the sepolicy_out.
So as you have stated @Chainfire , it looks like a problem with the emulator itself, and most likely not the supolicy tool.
22nd May 2017, 06:34 AM |#14  
ashyx's Avatar
Recognized Contributor
Thanks Meter: 7,721
 
Donate to Me
More
Quote:
Originally Posted by Chainfire

So, I think it has something to do with your emulator image (perhaps its too old ?)

I took SuperSU's ZIP file and extracted it, changed to that folder, then:

(note that my adb shell to my emulator image has # root by default)

Code:
adb push c:\download\sepolicy /data/local/tmp/sepolicy
adb push x86\. /data/local/tmp/.

adb shell
cd /data/local/tmp
chmod 0755 supolicy
LD_LIBRARY_PATH=/data/local/tmp:$LD_LIBRARY_PATH ./supolicy --file sepolicy sepolicy_out
exit
Resulting in:

Code:
supolicy v2.78 (ndk:x86) - Copyright (C) 2014-2016 - Chainfire

Patching policy [sepolicy] --> [sepolicy_out] ...
- Success
So, I'm really not sure what might be going on with your setup, but I don't think its SuperSU itself, but rather the emulator.

Note that to use supolicy --file, you only need supolicy and libsupol.so, you don't even need root.

@Chainfire, I'm trying to patch sepolicy for a Samsung device running Nougat, so that Supersu can be installed in system mode. Could you confirm if the --sdk=24 parameter is required?

adb shell su -c "supolicy --file /data/local/tmp/sepolicy /data/local/tmp/sepolicy_out --sdk=24"

Thanks, appreciate your time.
22nd May 2017, 08:15 AM |#15  
Chainfire's Avatar
Senior Moderator / Senior Recognized Developer - Where is my shirt?
Thanks Meter: 86,612
 
Donate to Me
More
Quote:
Originally Posted by ashyx

@Chainfire, I'm trying to patch sepolicy for a Samsung device running Nougat, so that Supersu can be installed in system mode. Could you confirm if the --sdk=24 parameter is required?

adb shell su -c "supolicy --file /data/local/tmp/sepolicy /data/local/tmp/sepolicy_out --sdk=24"

Thanks, appreciate your time.

Yes it is.

System mode hasn't been tested at all on 7.0 though. I'm not sure anybody has been able to get it to work at this point.

If you do, let me know and with the steps
22nd May 2017, 12:40 PM |#16  
ashyx's Avatar
Recognized Contributor
Thanks Meter: 7,721
 
Donate to Me
More
Quote:
Originally Posted by Chainfire

Yes it is.

System mode hasn't been tested at all on 7.0 though. I'm not sure anybody has been able to get it to work at this point.

If you do, let me know and with the steps

Hmm wasn't aware of the lack of support for system mode in nougat, any plans to implement?

It seems system mode root renders the device unbootable according to reports from my tester.

Question, if I modify the supersu script to mount su.img from /system am I likely to hit issues?

Seems a strange query I know.
Reason is we have a Samsung device that for some reason will not boot from a source built custom Nougat kernel. Not sure if this is related to AVB yet or something else.
However we can get a half assed TWRP to boot with the stock kernel.
Only problem is, no matter what, only /system can be mounted and accessed with write permission due to permission denied issues with the rest of partitions. Pretty sure this is an SELinux issue.

Meaning systemless root cannot be installed as normal. No access to /data or /cache.

I can patch the boot.img ramdisk manually for systemless, but for root to work I would need to push su.img to system and mount it from there.
Is it possible to still mount su.img from system if I modify the ramdisk init as required?

The other avenue is to flash su.img to /data or /cache via ODIN.

If it was flashed to /cache would supersu automatically pick up its location and copy it to /data or would a flag need to be set?

Just trying to keep my options open here.
22nd May 2017, 06:52 PM |#17  
Chainfire's Avatar
Senior Moderator / Senior Recognized Developer - Where is my shirt?
Thanks Meter: 86,612
 
Donate to Me
More
Quote:
Originally Posted by ashyx

Hmm wasn't aware of the lack of support for system mode in nougat, any plans to implement?

It seems system mode root renders the device unbootable according to reports from my tester.

It is on my list of things to test/fix, but that list is long and full of terrors.

Quote:

Question, if I modify the supersu script to mount su.img from /system am I likely to hit issues?

Is it possible to still mount su.img from system if I modify the ramdisk init as required?

I think that could work, yes.

Quote:

The other avenue is to flash su.img to /data or /cache via ODIN.

If it was flashed to /cache would supersu automatically pick up its location and copy it to /data or would a flag need to be set?

Just trying to keep my options open here.

SuperSU should pick it up from /cache. Alternatively, try SuperSU's FRP mode, which stores a copy of the needed files in the boot-image and re-creates /data/su.img as needed.
23rd May 2017, 03:05 PM |#18  
ashyx's Avatar
Recognized Contributor
Thanks Meter: 7,721
 
Donate to Me
More
Quote:
Originally Posted by Chainfire

It is on my list of things to test/fix, but that list is long and full of terrors.



I think that could work, yes.



SuperSU should pick it up from /cache. Alternatively, try SuperSU's FRP mode, which stores a copy of the needed files in the boot-image and re-creates /data/su.img as needed.

Thanks, great info as always. Finally managed to root the damn thing by adding a short script to the init which copies su.img to cache.
However FRP mode sounds like a more elegant solution if I can work out how to implement it in the Ramdisk.

Much appreciate your input.
24th May 2017, 02:28 PM |#19  
Matt07211's Avatar
OP Senior Member
Thanks Meter: 290
 
More
Quote:
Originally Posted by ashyx

So, I think it has something to do with your emulator image (perhaps its too old ?)
...
Could you confirm if the --sdk=24 parameter is required?

adb shell su -c "supolicy --file /data/local/tmp/sepolicy /data/local/tmp/sepolicy_out --sdk=24"

Thanks, appreciate your time.

Yea believe it was segfaulting due to the Android version, I think I was using KitKat and it wasn't working, bumped up to lollipop and above and it worked fine


Oh, the SDK parameter, never heard of it, what does it do? Geuss I'll Google that then.

Quote:
Originally Posted by ashyx

Thanks, great info as always. Finally managed to root the damn thing by adding a short script to the init which copies su.img to cache.
However FRP mode sounds like a more elegant solution if I can work out how to implement it in the Ramdisk.

Much appreciate your input.

I did the same thing for my device, add a little script to move it to data. Had no other way to get it to a locked down device without TWRP. Hehe. Good job
8th January 2018, 06:48 AM |#20  
Member
Thanks Meter: 8
 
More
Can you please tell me how to manually patch init by supersu ?
I've googled a lot, but haven't found a way to manually patch init by supersu.
My model is Honor v10, there isn't a custom recovery, so i have to make a boot.img with supersu inside to get root.
8th January 2018, 10:54 AM |#21  
ashyx's Avatar
Recognized Contributor
Thanks Meter: 7,721
 
Donate to Me
More
Quote:
Originally Posted by dawnc

Can you please tell me how to manually patch init by supersu ?
I've googled a lot, but haven't found a way to manually patch init by supersu.
My model is Honor v10, there isn't a custom recovery, so i have to make a boot.img with supersu inside to get root.

Upload your boot.img
Post Reply Subscribe to Thread

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes