• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

[KERNEL] Galaxy Tab S 8.4 SM-T700 (klimtwifi) Permissive kernel - T700XXU1ANF7

Search This thread

dl12345

Senior Member
Aug 1, 2014
293
814
[size=+2]Samsung Galaxy Tab S 8.4 (klimtwifi) - Stock kernel SELinux permissive mode[/size]

[size=+1]Introduction[/size]

This kernel is built from stock Samsung source T700XXU1ANF7.This kernel will work on a stock, rooted Tab S 8.4. In addition, I run EMSPilot's NF9 ROM, so this kernel also works perfectly fine on his ROM. Thanks EMSPilot for the great ROM.

[size=+1]Features[/size]

The kernel is completely stock except for the activation of kernel configuation options allowing SELinux to be disabled and the mode to be changed from enforcing to permissive at runtime. It also supports the boot parameter androidboot.selinux=permissive and enables adb insecure in the default.prop in the ramdisk.

[size=+1]Installation instructions[/size]

To install this, use Odin 3.09 to flash the SM-T700-permissive.tar.md5 image using the AP button. DO NOT USE THIS KERNEL ON ANY DEVICE OTHER THAN A SM-T700 KLIMTWIFI. You are responsible for your own device and I make no warranty for this kernel. Flash at your own risk.

[size=+1]Changelog[/size]

Code:
Current changelog: 10-22-2014
[new] Add permissive mode configuration to stock kernel sources

[size=+1]Downloads[/size]

Download link: SM-T700-permissive.tar.md5
Github link: https://github.com/dl12345/SM-T700

[size=+1]FAQ[/size]

Q. Will this trip the Knox flag
A. Yes. Any kernel not signed by Samsung will trip Knox

Q. What Exactly are the changes between this kernel and a stock kernel
A. See below

KERNEL CONFIGURATION CHANGES:
Code:
[[email protected] SM-T700_KK_Opensource]$ diff -Naur klimtwifi_00_defconfig.orig klimtwifi_00_defconfig
--- klimtwifi_00_defconfig.orig 2014-10-18 00:19:42.588511921 +0100
+++ klimtwifi_00_defconfig      2014-10-18 00:19:06.526512090 +0100
@@ -569,6 +569,13 @@
 CONFIG_LSM_MMAP_MIN_ADDR=4096
 CONFIG_SECURITY_NETWORK=y
 CONFIG_SECURITY_SELINUX=y
+CONFIG_SECURITY_SELINUX_BOOTPARAM=y
+CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1
+CONFIG_SECURITY_SELINUX_DISABLE=y
+CONFIG_SECURITY_SELINUX_DEVELOP=y
+CONFIG_SECURITY_SELINUX_AVC_STATS=y
+CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1
+
 # SE Android Network Access Controls
 CONFIG_NETWORK_SECMARK=y
 CONFIG_NF_CONNTRACK_SECMARK=y

SELinux is forced into permissive mode at boot time through an addition to the init.rc script

INIT.RC CHANGES
Code:
[[email protected] bootimage]$ diff -Naur ramdisk.orig/init.rc ramdisk.new/init.rc
--- ramdisk.orig/init.rc        2014-10-16 23:27:10.680401045 +0100
+++ ramdisk.new/init.rc 2014-10-18 01:01:45.049925094 +0100
@@ -631,6 +631,13 @@

 ## Daemon processes to be run by init.
 ##
+
+# Force SELinux into permissive mode
+service sepermit /system/bin/setenforce 0
+    class main
+    user root
+    oneshot
+
 service sysmon /system/bin/sysmon
     class core
     user root

adb insecure is enabled in default.prop

DEFAULT.PROP CHANGES
Code:
[[email protected] bootimage]$ diff -Naur ramdisk.orig/default.prop ramdisk.new/default.prop
--- ramdisk.orig/default.prop   2014-10-16 23:27:10.669399628 +0100
+++ ramdisk.new/default.prop    2014-10-13 03:29:24.756527060 +0100
@@ -2,9 +2,9 @@
 # ADDITIONAL_DEFAULT_PROPERTIES
 #
 persist.security.ams.enforcing=1
-ro.secure=1
-ro.allow.mock.location=0
-ro.debuggable=0
-ro.adb.secure=1
+ro.secure=0
+ro.allow.mock.location=1
+ro.debuggable=1
+ro.adb.secure=0
 persist.sys.usb.config=mtp
 ro.smps.gain.spk=3.0

[size=+1]Thanks To/Credits[/size]

EMSPilot for his NF9 ROM

XDA:DevDB Information
SM-T700 SEPERM, Kernel for the Samsung Galaxy Tab S

Contributors
dl12345
Kernel Special Features: SELinux runtime mode change enabled

Version Information
Status: Beta
Beta Release Date: 2014-10-22

Created 2014-10-22
Last Updated 2014-11-08
 
Last edited:

UpInTheAir

Account currently disabled
Jan 17, 2011
7,965
15,907
Phuket, Thailand
Thanks for sharing your method. Much appreciated.

I currently use a dirty RAMDISK method with my Tab S kernels and a hardcode source method with my Note Edge kernel. I look forward to trying this way next kernel i compile for test.

The dirty way actually removes the SELinux from about device in settings, where the hard-coded way just changes it to "permissive" but is permanent.

Does your way change the devices settings and visible, or is it removed all together (check status with getprop) ?
 

netprospero

Member
Jan 1, 2018
19
2
"seandroid not enforced" and bootloop in recovery

sm-t700 wifi, non-system rooted (rooted but not a system root)

how the title, I installed the selinux permissive with odin (ap)
restarted to enter twrp and saw "seandroid not enforced" red, wrote up/left display,
wiped dalvik in twrp and restart to system, and always twrp,
tried to restart to system again, and twrp a new time..

I am recovering now (i saved boot too, in backup), hope to solve..

-------------------------

refresh, solved with full backup.

knox was completely off.. probably this permissive linux is not good for
marshmallow 6.01 or for this tablet particular firmware..

---------- Post added at 06:54 PM ---------- Previous post was at 06:50 PM ----------


have lollipop?
 

Top Liked Posts

  • There are no posts matching your filters.
  • 8
    [size=+2]Samsung Galaxy Tab S 8.4 (klimtwifi) - Stock kernel SELinux permissive mode[/size]

    [size=+1]Introduction[/size]

    This kernel is built from stock Samsung source T700XXU1ANF7.This kernel will work on a stock, rooted Tab S 8.4. In addition, I run EMSPilot's NF9 ROM, so this kernel also works perfectly fine on his ROM. Thanks EMSPilot for the great ROM.

    [size=+1]Features[/size]

    The kernel is completely stock except for the activation of kernel configuation options allowing SELinux to be disabled and the mode to be changed from enforcing to permissive at runtime. It also supports the boot parameter androidboot.selinux=permissive and enables adb insecure in the default.prop in the ramdisk.

    [size=+1]Installation instructions[/size]

    To install this, use Odin 3.09 to flash the SM-T700-permissive.tar.md5 image using the AP button. DO NOT USE THIS KERNEL ON ANY DEVICE OTHER THAN A SM-T700 KLIMTWIFI. You are responsible for your own device and I make no warranty for this kernel. Flash at your own risk.

    [size=+1]Changelog[/size]

    Code:
    Current changelog: 10-22-2014
    [new] Add permissive mode configuration to stock kernel sources

    [size=+1]Downloads[/size]

    Download link: SM-T700-permissive.tar.md5
    Github link: https://github.com/dl12345/SM-T700

    [size=+1]FAQ[/size]

    Q. Will this trip the Knox flag
    A. Yes. Any kernel not signed by Samsung will trip Knox

    Q. What Exactly are the changes between this kernel and a stock kernel
    A. See below

    KERNEL CONFIGURATION CHANGES:
    Code:
    [[email protected] SM-T700_KK_Opensource]$ diff -Naur klimtwifi_00_defconfig.orig klimtwifi_00_defconfig
    --- klimtwifi_00_defconfig.orig 2014-10-18 00:19:42.588511921 +0100
    +++ klimtwifi_00_defconfig      2014-10-18 00:19:06.526512090 +0100
    @@ -569,6 +569,13 @@
     CONFIG_LSM_MMAP_MIN_ADDR=4096
     CONFIG_SECURITY_NETWORK=y
     CONFIG_SECURITY_SELINUX=y
    +CONFIG_SECURITY_SELINUX_BOOTPARAM=y
    +CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1
    +CONFIG_SECURITY_SELINUX_DISABLE=y
    +CONFIG_SECURITY_SELINUX_DEVELOP=y
    +CONFIG_SECURITY_SELINUX_AVC_STATS=y
    +CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1
    +
     # SE Android Network Access Controls
     CONFIG_NETWORK_SECMARK=y
     CONFIG_NF_CONNTRACK_SECMARK=y

    SELinux is forced into permissive mode at boot time through an addition to the init.rc script

    INIT.RC CHANGES
    Code:
    [[email protected] bootimage]$ diff -Naur ramdisk.orig/init.rc ramdisk.new/init.rc
    --- ramdisk.orig/init.rc        2014-10-16 23:27:10.680401045 +0100
    +++ ramdisk.new/init.rc 2014-10-18 01:01:45.049925094 +0100
    @@ -631,6 +631,13 @@
    
     ## Daemon processes to be run by init.
     ##
    +
    +# Force SELinux into permissive mode
    +service sepermit /system/bin/setenforce 0
    +    class main
    +    user root
    +    oneshot
    +
     service sysmon /system/bin/sysmon
         class core
         user root

    adb insecure is enabled in default.prop

    DEFAULT.PROP CHANGES
    Code:
    [[email protected] bootimage]$ diff -Naur ramdisk.orig/default.prop ramdisk.new/default.prop
    --- ramdisk.orig/default.prop   2014-10-16 23:27:10.669399628 +0100
    +++ ramdisk.new/default.prop    2014-10-13 03:29:24.756527060 +0100
    @@ -2,9 +2,9 @@
     # ADDITIONAL_DEFAULT_PROPERTIES
     #
     persist.security.ams.enforcing=1
    -ro.secure=1
    -ro.allow.mock.location=0
    -ro.debuggable=0
    -ro.adb.secure=1
    +ro.secure=0
    +ro.allow.mock.location=1
    +ro.debuggable=1
    +ro.adb.secure=0
     persist.sys.usb.config=mtp
     ro.smps.gain.spk=3.0

    [size=+1]Thanks To/Credits[/size]

    EMSPilot for his NF9 ROM

    XDA:DevDB Information
    SM-T700 SEPERM, Kernel for the Samsung Galaxy Tab S

    Contributors
    dl12345
    Kernel Special Features: SELinux runtime mode change enabled

    Version Information
    Status: Beta
    Beta Release Date: 2014-10-22

    Created 2014-10-22
    Last Updated 2014-11-08