Boot.img collection to set SELinux to Permissive and allow ADB to run as root

ocaldini · Feb 7, 2014 at 7:47 AM

sorg said:
Bootloaders in international models (i9505 and i9500) accept unsigned kernels.

No, you are wrong.

Bootloaders released after MK8 don't accept unsigned kernels.

I tested it on new NEE NA4 and it bootloops constantly.

It's the end of permissive kernels.

A pitty.

sorg · Feb 7, 2014

ocaldini said:
No, you are wrong.

Bootloaders released after MK8 don't accept unsigned kernels.

I tested it on new NEE NA4 and it bootloops constantly.

It's the end of permissive kernels.

A pitty.

You are the first one who tell this. While it's possible, i really doubt it's true. Usually it's true for operator-sponsored versions. May be you did something wrong.
Just quickly browsed topic names and didn't find any "Arrghhh, cannot flash custom kernel anymore!!!!". And i'm sure it would be a big news on many sites.
Nothing...

akshizzle · Feb 10, 2014 at 10:18 PM

sorg said:
You are the first one who tell this. While it's possible, i really doubt it's true. Usually it's true for operator-sponsored versions. May be you did something wrong.
Just quickly browsed topic names and didn't find any "Arrghhh, cannot flash custom kernel anymore!!!!". And i'm sure it would be a big news on many sites.
Nothing...

Well I'm on the KitKat leak... so if it works for me then I'm not sure whats wrong?

tech_head · Feb 12, 2014 at 12:24 AM

akshizzle said:
Well I'm on the KitKat leak... so if it works for me then I'm not sure whats wrong?

The Samsung Kit Kat leak is signed....

rayenvs · Mar 20, 2011 180 6 0

iridaki said:
Thank you for this @akshizzle!

I made a flashable zip for the XXUEMJ3.
Instructions:
1. Boot into CMW/TWRP.
2. Flash it.
3. Reboot.
4. Profit.

Also, official XXUEMJ5 is out!

can i use this zip to flash back to a stock rom when i'm coming from a custom rom?

if i try to flash with odin it faills at the aboot.img
want badly to go back to stock

finnince · Feb 8, 2014 65 8 0

akshizzle said:
Sorry everyone for being so lazy and busy!!
I'm back after a very long holiday haha anyway here's my guide for converting stock kernel to SELinux Permissive

1. You'll need something like Android Kitchen or any other tool to unpack a boot.img

(http://forum.xda-developers.com/showthread.php?t=633246)

2. Extract the kernel and ramdisk from the boot.img, you should be left with a folder containing a zImage file and a boot.img-ramdisk folder. You do not need to touch the zImage file, this is the actual kernel - the ramdisk is just instructions it follows while booting.

3.These are the edits you need to make:

default.prop

Code:

ro.secure=1 -----------------> ro.secure=0 ro.adb.secure=1 -----------------> ro.adb.secure=0

init.rc

Code:

setsebool debugfs 1 --------> setsebool debugfs 0 *ADD THIS LINE UNDERNEATH* setenforce 0 setprop selinux.reload_policy 1 -------> setprop selinux.reload_policy 0

init.target.rc

Code:

setprop selinux.reload_policy 1 -----> setprop selinux.reload_policy 0

4.Repack and flash!

Will this work on SHV-E330S KitKat 4.4 ？

finnince · Feb 8, 2014 65 8 0

Seems it doesn't work on my E330S

Mikekelso421 · May 31, 2014 at 4:36 PM

if i send you my boot.img can you turn off SELinux?

akshizzle said:
Sorry everyone for being so lazy and busy!!
I'm back after a very long holiday haha anyway here's my guide for converting stock kernel to SELinux Permissive

1. You'll need something like Android Kitchen or any other tool to unpack a boot.img

(http://forum.xda-developers.com/showthread.php?t=633246)

2. Extract the kernel and ramdisk from the boot.img, you should be left with a folder containing a zImage file and a boot.img-ramdisk folder. You do not need to touch the zImage file, this is the actual kernel - the ramdisk is just instructions it follows while booting.

3.These are the edits you need to make:

default.prop

Code:

ro.secure=1 -----------------> ro.secure=0 ro.adb.secure=1 -----------------> ro.adb.secure=0

init.rc

Code:

setsebool debugfs 1 --------> setsebool debugfs 0 *ADD THIS LINE UNDERNEATH* setenforce 0 setprop selinux.reload_policy 1 -------> setprop selinux.reload_policy 0

init.target.rc

Code:

setprop selinux.reload_policy 1 -----> setprop selinux.reload_policy 0

4.Repack and flash!

ive tried this method with no luck. if i send you my boot.img can you turn off SELinux?? or maybe tell me what needs to be edited.

btw im using note 2 android 4.4 touchwiz. thanks

E:V:A · Jun 1, 2014 at 12:08 AM

ocaldini said:
No, you are wrong. Bootloaders released after MK8 don't accept unsigned kernels. I tested it on new NEE NA4 and it bootloops constantly. It's the end of permissive kernels.

sorg said:
You are the first one who tell this. While it's possible, i really doubt it's true. Usually it's true for operator-sponsored versions. May be you did something wrong. Just quickly browsed topic names and didn't find any "Arrghhh, cannot flash custom kernel anymore!!!!". And i'm sure it would be a big news on many sites. Nothing...

I think you're as confused as everyone else. These are 3 different things.
1. Locked bootloaders = only allow signed code in the chain of trust.
2. Signed kernel = doesn't matter if not locked bootloader.
3. "Permissive" kernels refer to SEAndroid set to "Permissive" contrary to "Enforced" which makes any kind of root mods way more complicated.

Did I get that right?

ianwuk · Jul 18, 2014

akshizzle said:
Sorry everyone for being so lazy and busy!!
I'm back after a very long holiday haha anyway here's my guide for converting stock kernel to SELinux Permissive

1. You'll need something like Android Kitchen or any other tool to unpack a boot.img

(http://forum.xda-developers.com/showthread.php?t=633246)

2. Extract the kernel and ramdisk from the boot.img, you should be left with a folder containing a zImage file and a boot.img-ramdisk folder. You do not need to touch the zImage file, this is the actual kernel - the ramdisk is just instructions it follows while booting.

3.These are the edits you need to make:

default.prop

Code:

ro.secure=1 -----------------> ro.secure=0 ro.adb.secure=1 -----------------> ro.adb.secure=0

init.rc

Code:

setsebool debugfs 1 --------> setsebool debugfs 0 *ADD THIS LINE UNDERNEATH* setenforce 0 setprop selinux.reload_policy 1 -------> setprop selinux.reload_policy 0

init.target.rc

Code:

setprop selinux.reload_policy 1 -----> setprop selinux.reload_policy 0

4.Repack and flash!

Hello.

I cannot find setsebool debugfs 1 in my init.rc file - what am I doing wrong? Can I manually add it? If so, where?

I also do not have 'init.target.rc' either.

I have attached a picture of the files I do have (Samsung Galaxy S4 - GT-I9500 - 4.2.2) - how can I follow your steps?

Geofferey · Jul 29, 2014

Thanks for the guide man. I know this post is old but I am having trouble. I unpacked the boot.img and made all the necessary changes. I repacked, converted to tar.md5 and reflashed with Odin. When I start up and run getenforce it outputs "Enforcing". Idk what I'm doing wrong.

I'm using a Galaxy Tab3 on kitkat

george0884 · Jun 29, 2015

In G900H I could not make it work, Not the ini.target file

G900H by Genezis Rom

Top Devices

New Devices

Topics

Search

Boot.img collection to set SELinux to Permissive and allow ADB to run as root

ocaldini

Senior Member

sorg

Senior Member

akshizzle

Senior Member

tech_head

Senior Member

rayenvs

Senior Member

finnince

Senior Member

finnince

Senior Member

Mikekelso421

Senior Member

E:V:A

Inactive Recognized Developer

ianwuk

Member

Geofferey

Senior Member

george0884

Senior Member

New posts