[How to] Set Selinux to permissive on boot

Search This thread

kevintm78

Senior Member

Top Liked Posts

  • There are no posts matching your filters.
  • 226
    Everyone ecxited about xposed framework released for lollipop.. But there are many facing problems installing framework because of SELinux set to enforce by default.

    You can check you Selinux status in settings - About phone

    You can set the SELinux to Permissive temporarily by running the bellow two commands in Terminal emulator

    su
    setenforce 0

    But it SElinux will change to default once you hard reboot your phone.. In order to keep it in permissive, you need to soft reboot always whenever reboot needed and it's quite annoying..

    So I found a workaround to Set the SELinux to permissive on boot itself.

    For this you need to have init.d support.. If you don't have just install it via universal init.d tool available in xda.. (just do a search, u will get it) install universal init.d and activate init.d..

    Then go to /etc/init.d directory, create a file and rename it as "08setperm" (without quotes) and add the below lines in the file and save it..

    #!/system/sh
    setenforce 0

    And give full permission (rwxrwxrwx) .. Use root Explorer to edit and give permissions..

    Now hard reboot your phone and you can see SELinux is set to "permissive" on boot itself..

    Now install Xposed framework by following the steps mentioned in the official xposed thread..

    This method is tested in moto G and working fine for me... I'm not responsible for anything if happened with your mobile after trying this..

    Ps: if you flash any new nightly or new rom, you need to add the file in to init.d directory again..

    I posted this using my mobile. So pardon me if any formatting issues..

    Hit thanks if i helped you..
    31
    Using the commands below should get permissive even after reboot
    per http://xdaforums.com/showpost.php?p=58887725&postcount=230

    su
    mount -o remount,rw /system
    mkdir /system/su.d
    echo "#!/system/bin/sh" > /system/su.d/permissive.sh
    echo "echo 0 > /sys/fs/selinux/enforce" >> /system/su.d/permissive.sh
    chmod 755 > /system/su.d/permissive.sh
    Doesn't work this way. You should have read following posts.

    Solution:
    su
    mount -o remount,rw /system
    mkdir /system/su.d
    echo "#!/system/bin/sh" > /system/su.d/permissive.sh
    echo "setenforce 0" > /system/su.d/permissive.sh
    echo "0" > /sys/fs/selinux/enforce
    chmod 755 /system/su.d/permissive.sh
    Works!
    Finally got a permissive system on reboot.

    Edit: Doesn't help to get XPosed working on my Z3C though. :(
    27
    Using the commands below should get permissive even after reboot
    per http://xdaforums.com/showpost.php?p=58887725&postcount=230

    su
    mount -o remount,rw /system
    mkdir /system/su.d
    echo "#!/system/bin/sh" > /system/su.d/permissive.sh
    echo "echo 0 > /sys/fs/selinux/enforce" >> /system/su.d/permissive.sh
    chmod 755 > /system/su.d/permissive.sh
    14
    Using a combination of posts on XDA, I'm able to dirty flash a CM nightly and have Xposed persist a reboot and also have SELinux persist the reboot, without having to soft reboot.

    ISSUE: I have an LG G3 d851 (T-Mobile) running CM12 and Xposed. When I reboot, I lose Xposed because of SELinux set to enforcing. When I change to permissive and soft reboot, I lose mobile network (no APN available) which is apparently a CM issue.

    SOLUTION: Take the addon.d script from this thread and modify it to include the permissive.sh file (found in this thread).

    With this solution, I can reboot my ROM or dirty flash CM and Xposed will be running on the first boot without having to re-flash the Xposed installer zip in recovery and without having to soft reboot.

    OMG HOW DID YOU DO THAT?
    Step 1: You must use SuperSU instead of the built in Superuser in CM. This was driving me nuts, but this was the only way I could get any of this to work.
    Step 2: I modified the file 81-Xposed.sh from this thread to the following (notice I just added the permissive.sh lines where necessary):
    Code:
    #!/sbin/sh
    # 
    # /system/addon.d/81-Xposed.sh
    # During a CM12 upgrade, this script backs up Xposed framework files.
    # /system is formatted and reinstalled, then the files are restored.
    # Thread: http://xdaforums.com/xposed/addon-d-script-xposed-to-survive-cm12-t3036886
    # Author: Adlx.XDA
    #
    
    . /tmp/backuptool.functions
    
    list_files() {
    cat <<EOF
    bin/app_process32_xposed
    bin/dex2oat
    bin/oatdump
    bin/patchoat
    framework/XposedBridge.jar
    lib/libart-compiler.so
    lib/libart-disassembler.so
    lib/libart.so
    lib/libsigchain.so
    lib/libxposed_art.so
    bin/app_process64_xposed
    lib64/libart.so
    lib64/libart-compiler.so
    lib64/libart-disassembler.so
    lib64/libsigchain.so
    lib64/libxposed_art.so
    xposed.prop
    su.d/permissive.sh
    EOF
    }
    
    case "$1" in
      backup)
        echo "STARTING TO BACKUP XPOSED"
        list_files | while read FILE DUMMY; do
          echo backup_file $S/"$FILE"
          backup_file $S/"$FILE"
        done
        ls -al /tmp
        echo "ENDING TO BACKUP XPOSED"
      ;;
      restore)
        echo "STARTING TO RESTORE XPOSED"
        list_files | while read FILE REPLACEMENT; do
          R=""
          [ -n "$REPLACEMENT" ] && R="$S/$REPLACEMENT"
          [ -f "$C/$S/$FILE" ] && restore_file $S/"$FILE" "$R"
          echo $S/$FILE $( ls -alZ $S/$FILE )
        done
        echo "ENDING TO RESTORE XPOSED"
      ;;
      pre-backup)
        # Stub
      ;;
      post-backup)
        # Stub
      ;;
      pre-restore)
        # Stub
      ;;
      post-restore)
    echo "STARTING POST-RESTORE XPOSED"
    # /system/bin/app_process32_xposed
    chmod 0755 /system/bin/app_process32_xposed
    chown root:shell /system/bin/app_process32_xposed
    chcon u:object_r:zygote_exec:s0 /system/bin/app_process32_xposed
    # /system/bin/app_process64_xposed
    chmod 0755 /system/bin/app_process64_xposed
    chown root:shell /system/bin/app_process64_xposed
    chcon u:object_r:zygote_exec:s0 /system/bin/app_process64_xposed
    # /system/bin/dex2oat
    chmod 0755 /system/bin/dex2oat
    chown root:shell /system/bin/dex2oat
    chcon u:object_r:dex2oat_exec:s0 /system/bin/dex2oat
    # /system/bin/oatdump
    chmod 0755 /system/bin/oatdump
    chown root:shell /system/bin/oatdump
    chcon u:object_r:system_file:s0 /system/bin/oatdump
    # /system/bin/patchoat
    chmod 0755 /system/bin/patchoat
    chown root:shell /system/bin/patchoat
    chcon u:object_r:dex2oat_exec:s0 /system/bin/patchoat
    # /system/framework/XposedBridge.jar
    chmod 0644 /system/framework/XposedBridge.jar
    chown root:root /system/framework/XposedBridge.jar
    chcon u:object_r:system_file:s0 /system/framework/XposedBridge.jar
    # /system/lib/libart-compiler.so
    chmod 0644 /system/lib/libart-compiler.so
    chown root:root /system/lib/libart-compiler.so
    chcon u:object_r:system_file:s0 /system/lib/libart-compiler.so
    # /system/lib/libart-disassembler.so
    chmod 0644 /system/lib/libart-disassembler.so
    chown root:root /system/lib/libart-disassembler.so
    chcon u:object_r:system_file:s0 /system/lib/libart-disassembler.so
    # /system/lib/libart.so
    chmod 0644 /system/lib/libart.so
    chown root:root /system/lib/libart.so
    chcon u:object_r:system_file:s0 /system/lib/libart.so
    # /system/lib/libsigchain.so
    chmod 0644 /system/lib/libsigchain.so
    chown root:root /system/lib/libsigchain.so
    chcon u:object_r:system_file:s0 /system/lib/libsigchain.so
    # /system/lib/libxposed_art.so
    chmod 0644 /system/lib/libxposed_art.so
    chown root:root /system/lib/libxposed_art.so
    chcon u:object_r:system_file:s0 /system/lib/libxposed_art.so
    # /system/xposed.prop
    chmod 0644 /system/xposed.prop
    chown root:root /system/xposed.prop
    chcon u:object_r:system_file:s0 /system/xposed.prop
    # /system/su.d/permissive.sh
    chmod 0755 /system/su.d/permissive.sh
    chown root:root /system/su.d/permissive.sh
    chcon u:object_r:system_file:s0 /system/su.d/permissive.sh
    echo "DONE POST-RESTORE XPOSED"
      ;;
    esac
    Step 3: Put the modified file from Step 2 on your phone per the instructions from this thread.
    Step 4: Follow the instructions found in this post to create the /system/su.d/permissive.sh file. Here is the contents just in case:
    Code:
    setenforce 0

    Since I know someone will ask for it, I modified adix.xda's flashable zip to include the permissive.sh file. If all goes well, you should be able to just flash it once and that's it. This may not work for everyone, but it works for me (so far). If this helps you, you can press the thanks button, but honestly the thanks really goes to the guys who posted these solutions.. adlx.xda and flar2.

    Please, remember to MAKE A BACKUP if you think you'll screw something up. Let me know if there are any typos or errors in my post. And be nice.

    To uninstall, remove the following files via Terminal or a root file manager:
    • /system/addon.d/81-Xposed.sh
    • /system/su.d/permissive.sh
    14
    Can you please elaborate?
    On nightly roms (AOSP, CM..) you can take the boot.img directly from the zip file. If you want to change the current running kernel you would have to dump it with dd. For my device its something like this:
    Code:
    busybox dd if=/dev/block/platform/msm_sdcc.1/by-name/boot of=/sdcard/boot.img bs=1M
    Edit the kernel command line in boot.img correspondingly (with a hex editor) and flash the kernel back. Its right at the beginning and is not covered by any checksum. I use a nightly CM12 zip image, delete the rom stuff (/system) and change the updater-script (META-INF/com/google/android/updater-script) so it only flashes the kernel. Alternatively, it can be reflashed with dd as well.
    Just append this to kernel command line (marked in blue below). Don't forget the leading space.
    Code:
    androidboot.selinux=permissive
    bootimg5lkza.png