Patching Sepolicy with Supolicy Tool, modifed file not produced.

Search This thread

Matt07211

Senior Member
Jan 10, 2015
642
291
I am in the position of having to manually apply the defult sepolicy patch, init,?*init_shell?* and?*recovery?*permissive, and as the title states when using the supolicy tool to modify my supplieded sepolicy it is not being produced and on closer inspection throwing an error. I have attached both the images and the sepolicy file I am trying to applie these change to.

Have I been doing something wrong or is the file corrupted??

If you need more info just ask ;)

Note: when I first tried it inside an adb shell it reported a segumentation fault, but I was unable to reproduce that condition to be provided with as a screen shot.

Screenshot_4.jpg

Screenshot_5.jpg

EDIT: I at least can say that the possibility of a corrupt file is now smaller becuse I am able to run dumpav and dump its contents to a txt file and then do afb pull back to pc. So amyone know any way to applie the defult P atchs needed to sysyemless root?
 

Attachments

  • sepolicy.zip
    107.9 KB · Views: 1,237
Last edited:

Matt07211

Senior Member
Jan 10, 2015
642
291
@Chainfire Since this is your binary files, you should know the most about it.

Commands to gain application root on emulator

Code:
adb shell df           #Check Available Space
adb shell mount -o remount,rw /system
adb push su /system/bin/su
adb shell chmod 0755 /system/bin/su
adb push su /system/xbin/su
adb shell chmod 0755 /system/xbin/su
adb shell su --install
adb shell "su --daemon&"
adb install superuser.apk
adb install rootcheck.apk

I then proceed to patch the sepolicy file with the following commands

Code:
adb push sepolicy /data/local/tmp/sepolicy 
adb shell su -c "supolicy --file /data/local/tmp/sepolicy /data/local/tmp/sepolicy_out"   #There is no sepolicy_out file
adb shell su -c "chmod 0644 /data/local/tmp/sepolicy_out" 
adb pull /data/local/tmp/sepolicy_out sepolicy_out

So what am I able to do?
Are you able to
A) Help me debug the problem
Or
B) Patch the sepolicy file and post the output back to me/here
 
Last edited:

Matt07211

Senior Member
Jan 10, 2015
642
291
Thanks for that. Yes, I am trying to patch the policy for my armv8 (arm64) cpu device (just realised, but would trying to patch the sepolicy from one architecture using the supolicy for a different architecture have new the problem?, if so I feel dumb). And since I didn't have a spare device devce that met the requirements, I resorted to use the already setup emulator in my Windows installation.
I had proceeded to root and run the supolicy tool for which nothing out-putted (tried different directorys), I then created a new sub-directory, test, in /data/local/tmp and chmod it with read and write permissions. I tried again and failed, I then ran a dumpav in the sepolicy I was trying to patch and outputted it to /data/local/tmp/test/dumpav.txt which worked.

I am just wondering why it didn't work for me :(.

Thanks again for the sepolic_out file, I really do apperciate it.
 

Chainfire

Moderator Emeritus / Senior Recognized Developer
Oct 2, 2007
11,452
87,856
www.chainfire.eu
Ah you're saying the segmentation fault occurred on the emulator? That's interesting. Might be reproducable on my end.
 

Matt07211

Senior Member
Jan 10, 2015
642
291
Note: look at my first image with cms in the foreground and near the bottom of the command window you should see the segfault message, around second last command or so.

To reproduce that segfault (hopefully):
1) https://software.intel.com/en-us/android/articles/android-44-kitkat-x86-emulator-system-image Download the system image from here (had to direct download instead of sdk as internet was running through profile and ask wouldn't work through it)

2) used the 2.78 SuperSu zip and run above commands to gain root

3) run above commands to try and modify sepolicy (it doesn't produce anything)

4) start an adb shell and then run the commands inside the shell. Know the outputs shown was segfault the first time running the commands, every time afterwards it would show the error in the above screenshots

If you figure out what cause the segfault can you please tell me ;) ?
 
Last edited:

Chainfire

Moderator Emeritus / Senior Recognized Developer
Oct 2, 2007
11,452
87,856
www.chainfire.eu
Note: look at my first image with cms in the foreground and near the bottom of the command window you should see the segfault message, around second last command or so.

To reproduce that segfault (hopefully):
1) https://software.intel.com/en-us/android/articles/android-44-kitkat-x86-emulator-system-image Download the system image from here (had to direct download instead of sdk as internet was running through profile and ask wouldn't work through it)

2) used the 2.78 SuperSu zip and run above commands to gain root

3) run above commands to try and modify sepolicy (it doesn't produce anything)

4) start an adb shell and then run the commands inside the shell. Know the outputs shown was segfault the first time running the commands, every time afterwards it would show the error in the above screenshots

If you figure out what cause the segfault can you please tell me ;) ?

Before I go do all this, can you make sure the issue persists with the v2.78 SR1 version from the BETA thread ? Some issues with supolicy were fixed in that release.
 

Matt07211

Senior Member
Jan 10, 2015
642
291
Started with a fresh emulator and the newest SuperSu and ran these commands to gain root (I am placing everything as described in update-binary in the right places just to eliminate one thing, missing dependencies)

Code:
adb shell df 
adb shell mount -o remount,rw /system
adb push Superuser.apk /system/app/Superuser.apk
adb shell chmod 0644 /system/app/Superuser.apk 
adb push install-recovery.sh /system/etc/install-recovery.sh 
adb shell ln -s /system/etc/install-recovery.sh /system/bin/install-recovery.sh 
adb shell chmod 0755 /system/etc/install-recovery.sh 
adb push su /system/xbin/su 
adb shell chmod 0755 /system/xbin/su 
adb push su /system/bin/.ext/.su 
adb shell chmod 0755 /system/bin/.ext/.su 
adb push su /system/xbin/daemonsu 
adb shell chmod 0755 /system/xbin/daemonsu 
adb push su /system/xbin/sugote 
adb shell chmod 0755 /system/xbin/sugote 
adb push supolicy /system/xbin/supolicy 
adb shell chmod 0755 /system/xbin/supolicy
adb push libsupol.so /system/lib/libsupol.so 
adb shell chmod 0644 /system/lib/libsupol.so 
adb push 99SuperSUDaemon /system/etc/init.d/99SuperSUDaemon 
adb shell chmod 0755 /system/etc/init.d/99SuperSUDaemon 
adb shell su --install 
adb shell "su --daemon&" 
adb install superuser.apk 
adb install rootcheck.apk

No everything should be in place, and we now can eliminate one thing (supolicy not finding needed dependencies)

Opened up SuperSu and let it install/update binary (succesful)

I then proceeded to patch the sepolicy file like so

Code:
adb push sepolicy /data/local/tmp/sepolicy
adb shell su -c "supolicy --file /data/local/tmp/sepolicy /data/local/tmp/sepolicy_out"

I then did "ls" in the directory and no file out-putted. So I went into a shell and ran

Code:
supolicy --file /data/local/tmp/sepolicy /data/local/tmp/sepolicy_out

And it throw the error shown in the image below. First time running that command in shell it says stopped, but the second time it says stopped as well as segfault.

Keep in mind I am trying to patch a sepolicy file that originates from an armv8 cpu (arm64) on an x86 Intel emulator.

Any more info needed? I am happy to help ;) @Chainfire
 

Attachments

  • 20160919_234505.jpg
    20160919_234505.jpg
    266.3 KB · Views: 388
Last edited:

Chainfire

Moderator Emeritus / Senior Recognized Developer
Oct 2, 2007
11,452
87,856
www.chainfire.eu
So, I think it has something to do with your emulator image (perhaps its too old ?)

I took SuperSU's ZIP file and extracted it, changed to that folder, then:

(note that my adb shell to my emulator image has # root by default)

Code:
adb push c:\download\sepolicy /data/local/tmp/sepolicy
adb push x86\. /data/local/tmp/.

adb shell
cd /data/local/tmp
chmod 0755 supolicy
LD_LIBRARY_PATH=/data/local/tmp:$LD_LIBRARY_PATH ./supolicy --file sepolicy sepolicy_out
exit

Resulting in:

Code:
supolicy v2.78 (ndk:x86) - Copyright (C) 2014-2016 - Chainfire

Patching policy [sepolicy] --> [sepolicy_out] ...
- Success

So, I'm really not sure what might be going on with your setup, but I don't think its SuperSU itself, but rather the emulator.

Note that to use supolicy --file, you only need supolicy and libsupol.so, you don't even need root.
 
  • Like
Reactions: Matt07211

Matt07211

Senior Member
Jan 10, 2015
642
291
So, I think it has something to do with your emulator image (perhaps its too old ?)

I took SuperSU's ZIP file and extracted it, changed to that folder, then:

(note that my adb shell to my emulator image has # root by default)



Resulting in:



So, I'm really not sure what might be going on with your setup, but I don't think its SuperSU itself, but rather the emulator.

Note that to use supolicy --file, you only need supolicy and libsupol.so, you don't even need root.

Hmm, I really don't know what is wrong, I will try exactly what you have done later today, to see If can reproduce the output. If it doesn't work then we can pin it down to the emulator itself. What emulator image did you use?

I also realise that so emulator are rooted in the sense that web shell has root acess, just wasn't sure what dependices supolicy had at the time.
 

Chainfire

Moderator Emeritus / Senior Recognized Developer
Oct 2, 2007
11,452
87,856
www.chainfire.eu
Hmm, I really don't know what is wrong, I will try exactly what you have done later today, to see If can reproduce the output. If it doesn't work then we can pin it down to the emulator itself. What emulator image did you use?

I also realise that so emulator are rooted in the sense that web shell has root acess, just wasn't sure what dependices supolicy had at the time.

I created an API 22 Google Nexus x86_64 AVD in Android Studio
 

Matt07211

Senior Member
Jan 10, 2015
642
291
I should be able to try that in about 20-30 mins after I download it, I was using api level 19, Intel's emulator image.
 

Matt07211

Senior Member
Jan 10, 2015
642
291
I ran these commands on the Intel api 19 x86 emulator image.

Code:
adb push libsupol.so /system/lib/libsupol.so
adb shell chmod 0644 /system/lib/libsupol.so
adb push /system/xbin/supolicy
adb shell chmod 0755 /system/xbin/supolicy
adb push supolicy /data/local/tmp/supolicy
adb shell chmod 0755 /data/local/tmp/supolicy

adb push sepolicy /data/local/tmp/sepolicy 
adb shell 
cd /data/local/tmp 
chmod 0755 supolicy 
LD_LIBRARY_PATH=/data/local/tmp:$LD_LIBRARY_PATH ./supolicy --file sepolicy sepolicy_out

and it results in the error(shown in screenshot)

Code:
libsepol.policydb_read: policydb magic number 0x464c457f does not match expected magic number 0xf97cff8c or 0xf97cff8d
-Failure!

Q6AbX.png


I then tried it on the Intel x86_64 api 22 emulator image (running the same commands as the first one, resulting in a succes, with the file being outputted as the sepolicy_out.
So as you have stated @Chainfire , it looks like a problem with the emulator itself, and most likely not the supolicy tool.
 

ashyx

Inactive Recognized Contributor
Oct 14, 2012
15,055
9,943
So, I think it has something to do with your emulator image (perhaps its too old ?)

I took SuperSU's ZIP file and extracted it, changed to that folder, then:

(note that my adb shell to my emulator image has # root by default)

Code:
adb push c:\download\sepolicy /data/local/tmp/sepolicy
adb push x86\. /data/local/tmp/.

adb shell
cd /data/local/tmp
chmod 0755 supolicy
LD_LIBRARY_PATH=/data/local/tmp:$LD_LIBRARY_PATH ./supolicy --file sepolicy sepolicy_out
exit

Resulting in:

Code:
supolicy v2.78 (ndk:x86) - Copyright (C) 2014-2016 - Chainfire

Patching policy [sepolicy] --> [sepolicy_out] ...
- Success

So, I'm really not sure what might be going on with your setup, but I don't think its SuperSU itself, but rather the emulator.

Note that to use supolicy --file, you only need supolicy and libsupol.so, you don't even need root.

@Chainfire, I'm trying to patch sepolicy for a Samsung device running Nougat, so that Supersu can be installed in system mode. Could you confirm if the --sdk=24 parameter is required?

adb shell su -c "supolicy --file /data/local/tmp/sepolicy /data/local/tmp/sepolicy_out --sdk=24"

Thanks, appreciate your time.
 

Chainfire

Moderator Emeritus / Senior Recognized Developer
Oct 2, 2007
11,452
87,856
www.chainfire.eu
@Chainfire, I'm trying to patch sepolicy for a Samsung device running Nougat, so that Supersu can be installed in system mode. Could you confirm if the --sdk=24 parameter is required?

adb shell su -c "supolicy --file /data/local/tmp/sepolicy /data/local/tmp/sepolicy_out --sdk=24"

Thanks, appreciate your time.

Yes it is.

System mode hasn't been tested at all on 7.0 though. I'm not sure anybody has been able to get it to work at this point.

If you do, let me know and with the steps :)
 

ashyx

Inactive Recognized Contributor
Oct 14, 2012
15,055
9,943
Yes it is.

System mode hasn't been tested at all on 7.0 though. I'm not sure anybody has been able to get it to work at this point.

If you do, let me know and with the steps :)
Hmm wasn't aware of the lack of support for system mode in nougat, any plans to implement?

It seems system mode root renders the device unbootable according to reports from my tester.

Question, if I modify the supersu script to mount su.img from /system am I likely to hit issues?

Seems a strange query I know.
Reason is we have a Samsung device that for some reason will not boot from a source built custom Nougat kernel. Not sure if this is related to AVB yet or something else.
However we can get a half assed TWRP to boot with the stock kernel.
Only problem is, no matter what, only /system can be mounted and accessed with write permission due to permission denied issues with the rest of partitions. Pretty sure this is an SELinux issue.

Meaning systemless root cannot be installed as normal. No access to /data or /cache.

I can patch the boot.img ramdisk manually for systemless, but for root to work I would need to push su.img to system and mount it from there.
Is it possible to still mount su.img from system if I modify the ramdisk init as required?

The other avenue is to flash su.img to /data or /cache via ODIN.

If it was flashed to /cache would supersu automatically pick up its location and copy it to /data or would a flag need to be set?

Just trying to keep my options open here.
 

Chainfire

Moderator Emeritus / Senior Recognized Developer
Oct 2, 2007
11,452
87,856
www.chainfire.eu
Hmm wasn't aware of the lack of support for system mode in nougat, any plans to implement?

It seems system mode root renders the device unbootable according to reports from my tester.

It is on my list of things to test/fix, but that list is long and full of terrors.

Question, if I modify the supersu script to mount su.img from /system am I likely to hit issues?

Is it possible to still mount su.img from system if I modify the ramdisk init as required?

I think that could work, yes.

The other avenue is to flash su.img to /data or /cache via ODIN.

If it was flashed to /cache would supersu automatically pick up its location and copy it to /data or would a flag need to be set?

Just trying to keep my options open here.

SuperSU should pick it up from /cache. Alternatively, try SuperSU's FRP mode, which stores a copy of the needed files in the boot-image and re-creates /data/su.img as needed.
 

ashyx

Inactive Recognized Contributor
Oct 14, 2012
15,055
9,943
It is on my list of things to test/fix, but that list is long and full of terrors.



I think that could work, yes.



SuperSU should pick it up from /cache. Alternatively, try SuperSU's FRP mode, which stores a copy of the needed files in the boot-image and re-creates /data/su.img as needed.
Thanks, great info as always. Finally managed to root the damn thing by adding a short script to the init which copies su.img to cache.
However FRP mode sounds like a more elegant solution if I can work out how to implement it in the Ramdisk.

Much appreciate your input.
 

Matt07211

Senior Member
Jan 10, 2015
642
291
So, I think it has something to do with your emulator image (perhaps its too old ?)
...
Could you confirm if the --sdk=24 parameter is required?

adb shell su -c "supolicy --file /data/local/tmp/sepolicy /data/local/tmp/sepolicy_out --sdk=24"

Thanks, appreciate your time.
Yea believe it was segfaulting due to the Android version, I think I was using KitKat and it wasn't working, bumped up to lollipop and above and it worked fine


Oh, the SDK parameter, never heard of it, what does it do? Geuss I'll Google that then.

Thanks, great info as always. Finally managed to root the damn thing by adding a short script to the init which copies su.img to cache.
However FRP mode sounds like a more elegant solution if I can work out how to implement it in the Ramdisk.

Much appreciate your input.
I did the same thing for my device, add a little script to move it to data. Had no other way to get it to a locked down device without TWRP. Hehe. Good job
 

dawnc

Senior Member
May 26, 2009
51
8
Can you please tell me how to manually patch init by supersu ?
I've googled a lot, but haven't found a way to manually patch init by supersu.
My model is Honor v10, there isn't a custom recovery, so i have to make a boot.img with supersu inside to get root.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 2

    Works fine on my device... could be an x86 specific issue? Unfortunately I don't have any x86 devices to test with.
    1
    So, I think it has something to do with your emulator image (perhaps its too old ?)

    I took SuperSU's ZIP file and extracted it, changed to that folder, then:

    (note that my adb shell to my emulator image has # root by default)

    Code:
    adb push c:\download\sepolicy /data/local/tmp/sepolicy
    adb push x86\. /data/local/tmp/.
    
    adb shell
    cd /data/local/tmp
    chmod 0755 supolicy
    LD_LIBRARY_PATH=/data/local/tmp:$LD_LIBRARY_PATH ./supolicy --file sepolicy sepolicy_out
    exit

    Resulting in:

    Code:
    supolicy v2.78 (ndk:x86) - Copyright (C) 2014-2016 - Chainfire
    
    Patching policy [sepolicy] --> [sepolicy_out] ...
    - Success

    So, I'm really not sure what might be going on with your setup, but I don't think its SuperSU itself, but rather the emulator.

    Note that to use supolicy --file, you only need supolicy and libsupol.so, you don't even need root.
    1
    I have successfully modified ans saved custom sepolicy but now I need to do some granular editing outside of live system. Are there any tools that would allow me to edit saved sepolicy file?