FORUMS
Remove All Ads from XDA

supolicy cannot find/open output file (/sys/fs/selinux/policy) - But exists

7,800 posts
Thanks Meter: 5,330
 
By elesbb, Senior Member on 23rd January 2019, 09:17 PM
Post Reply Email Thread
First, the details:

Phone: Samsung Galaxy S7 Sprint - Eng boot image flashed - Bootloader v4

The problem:
I have a script that I can hijack at boot, using the eng boot image allows me to have a root adb shell. I can place all necessary files needed for root and have done so. I can chcon the root files to match what they need to be.

I add the following to the boot script that the kernel runs:

Code:
./system/xbin/supolicy --live --sdk=26 > /dev/kmsg 2>&1 <---- This is where the errors happen.
./system/xbin/daemonsu --auto-daemon&

Everything runs but supolicy cannot open the target file. I know it exists because of the output from ls -l

I also know I am a root user in the script due to whoami returning root.

Code:
[   82.936270] WHOAMI
[   83.009546] ss_platform_log: [email protected]: Data SVC is acquired
[   83.215499] root
[   83.860941] -r--r--r--    1 0        0                0 Jan  1  1970 /sys/fs/selinux/policy
[   83.947108] supolicy v2.82 (ndk:arm64-v8a) - Copyright (C) 2014-2017 - Chainfire & CCMT\x0a
[   83.947856] File [/sys/fs/selinux/policy] does not exist!
I can successfully use the adb shell with root access to execute supolicy and it works. So I have no idea what is going on. My only guess is selinux is preventing supolicy from accessing the file. But I thought changing contexts with chcon would fix that? EDIT: Current context of the hijacked script at boot: context=u:r:qti_init_shell:s0

If anyone can give me pointers, I sure would love that.

PS: I know I can root with the eng boot, but my attempt is to have supolicy working so I can flash the original boot img back due to eng boot consuming abhorrent amounts of ram. I also want stock kernel with supolicy working to allow viper4android to run.
 
 
24th January 2019, 02:34 AM |#2  
Ibuprophen's Avatar
Recognized Contributor
Flag Upstate New York
Thanks Meter: 6,007
 
Donate to Me
More
Quote:
Originally Posted by elesbb

First, the details: Phone: Samsung Galaxy S7 Sprint - Eng boot image flashed - Bootloader v4..........

It looks like you may just need a Custom Kernel that's SEAndroid Capable which allows for the Sepolicy to be freely changed.

I don't have this device nor this Kernel but, it looks like the following thread may be helpful for what you need.

Note the phrase on the OP "Set SELinux to Permissive or Enforcing". Don't be afraid to ask for some member guidance within it.

https://forum.xda-developers.com/sho....php?t=3462897

Good Luck!


~~~~~~~~~~~~~~~
UNLESS asked to do so, PLEASE don't PM me regarding support. Sent using The ClaRetoX Forum App on my Enigma Machine {aenigma = Latin for "Riddle"}.
24th January 2019, 09:40 PM |#3  
elesbb's Avatar
OP Senior Member
Thanks Meter: 5,330
 
Donate to Me
More
Quote:
Originally Posted by Ibuprophen

It looks like you may just need a Custom Kernel that's SEAndroid Capable which allows for the Sepolicy to be freely changed.

I don't have this device nor this Kernel but, it looks like the following thread may be helpful for what you need.

Note the phrase on the OP "Set SELinux to Permissive or Enforcing". Don't be afraid to ask for some member guidance within it.

https://forum.xda-developers.com/sho....php?t=3462897

Good Luck!


~~~~~~~~~~~~~~~
UNLESS asked to do so, PLEASE don't PM me regarding support. Sent using The ClaRetoX Forum App on my Enigma Machine {aenigma = Latin for "Riddle"}.

Hey! Thanks for the reply. Sadly I am on Sprint with the Sprint variant S7. This has a locked boot loader and I cannot use custom kernels. If so, I would have zero issues with root or selinux lol.

But, I did figure out it IS the context that the script I am hijacking is using that prevents the supolicy from finding the necessary file for patching. So, either I need to find another script, or I need to give up
24th January 2019, 10:10 PM |#4  
Ibuprophen's Avatar
Recognized Contributor
Flag Upstate New York
Thanks Meter: 6,007
 
Donate to Me
More
Quote:
Originally Posted by elesbb

Hey! Thanks for the reply. Sadly I am on Sprint with the Sprint variant S7..........

I can't state anything that's device specific but, your situation is pretty much "in general terms" that applies to many/most devices in regards to what your trying to do.

The unfortunate situation you're in regarding the Locked Bootloader and such does prevent the ability for what your trying to do.

It's one thing to manually change to and from Enforcing and Permissive...

It's another thing for the ability to access the devices SEAndroid Policy freely in a type of "R/W Permission" (Modifiable) way.

Currently you are able to Change the SELinux State but, this is only a Temporary Change since it'll immediately default back when your device has rebooted.

As of right now, to my knowledge, you can't do what you are looking to do (unless there's something I'm missing or don't know about) but, you seem to have been pretty clear with the information that you had provided.

I hope that I had explained this okay via text...

Sorry for the bad news...

I do wish you the best of luck!


~~~~~~~~~~~~~~~
UNLESS asked to do so, PLEASE don't PM me regarding support. Sent using The ClaRetoX Forum App on my Enigma Machine {aenigma = Latin for "Riddle"}.
27th March 2019, 05:27 PM |#5  
Junior Member
Thanks Meter: 0
 
More
Hi,
try to switch selinux in permissive mode before you run your script.
So , you can log all the Selinux denied.
Post Reply Subscribe to Thread

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes