[MOD] Kernel Permissive Patcher for Android

[AdrianDC]

#include <std_disclaimer.h>
/*
 * Your warranty is now void.
 *
 * I am not responsible for bricked devices, dead SD cards,
 * thermonuclear war, or you getting fired because the alarm app failed. Please
 * do some research if you have any concerns about features included in this ROM
 * before flashing it! YOU are choosing to make these modifications, and if
 * you point the finger at me for messing up your device, I will laugh at you.
 */

About the project

Kernel Permissive Patcher is born out of an idea to ease the development of ROMs.
Its purpose is to append the permissive flag to a kernel command-line,
in order to disable the kernel selinux security on boot without user changes.

The project implements the logic from the MultiROM injection (originally by Tasssadar),
finds the bootimage of your device (boot naming similar to Chainfire's boot detection),
and extends the cmdline with the permissive flag if required.

The project also uses my version of libbootimg to support Sony ELF bootimages.

The objective of Kernel Permissive Patcher is therefore to simply enable permissive
on a regular kernel for developers and users who would require it.

Developer no longer need to recompile or edit their bootimages with permissive settings,
nor do users need to perform a setenforce command on boot if they really need it.

The patcher needs to be flashed again after a ROM / bootimage update.​

Downloads (Unlocked Bootloader only)

kernel_permissive_patcher.zip : https://github.com/AdrianDC/kernel_.../master/release/kernel_permissive_patcher.zip​

Other related useful projects

Android Bootimage ADB Unsecure Patcher - http://forum.xda-developers.com/-/-t3618558​

Source code

Project sources - https://github.com/AdrianDC/kernel_permissive_patcher (branch master)
libbootimg sources - https://github.com/multirom-dev/libbootimg (branch master)
MultiROM sources - https://github.com/AdrianDC/multirom_core (branch master)​

Kernel Permissive Patcher created also thanks to :

- Tasssadar for the original MultiROM sources
- The MultiROM-Dev team for our evolution of MultiROM
- Chainfire for the boot detection
- Everyone involved in testing it​

XDA:DevDB Information
Kernel Permissive Patcher, Tool/Utility for all devices (see above for details)

Contributors
Adrian DC

Version Information
Status: No Longer Updated

Created 2016-11-24
Last Updated 2019-08-06

 

[AdrianDC]

Reserved

Changelog

Kernel Permissive Patcher - 20/12/2016
======================================
* Fix the 32/64 bits dual support

Kernel Permissive Patcher - 18/12/2016
======================================
* Added support for Sony Stock ELF (64 bits) bootimages
* libbootimg changes from my recent updates

Kernel Permissive Patcher - 27/11/2016
======================================
* Add support for newer Sony ELF partitions
* Allows to patch Stock Sony ROMs on the Xperia Z2
* Updated in collaboration with Alexander Diewald

Kernel Permissive Patcher - 24/11/2016
======================================
* Initial public release on XDA

Devices confirmed

Sony Xperia SP (Huashan)
Sony Xperia T/TX/V (Mint, Hayabusa, Tsubasa)
Sony Xperia L (Taoshan)
Sony Xperia Z2 (Sirius)
Sony Xperia X Performance (Dora)

OnePlus One (Bacon)
...

 

[dic1911]

Thanks, this is really useful in some situation

 

[roozbeh158]

Wat do work?


Sent from my Redmi Note 3 using Tapatalk

 

[dic1911]

Wat do work?


Sent from my Redmi Note 3 using Tapatalk

Seriously? Please try to read the OP, this is rather short than most other threads, if you don't understand what's this for, you probably won't need this.

About the project

Kernel Permissive Patcher is born out of an idea to ease development of ROMs,
its purpose is to append the permissive flag to a kernel command-line,
in order to disable the kernel security on boot without user changes.

The project implements the logic from the MultiROM injection (originally by Tasssadar),
finds the boot image of your device (boot naming similar to Chainfire's boot detection),
and extends the cmdline with the permissive flag if required.

The project also uses my version of libbootimg to support Sony ELF bootimages.

The objective of Kernel Permissive Patcher is therefore to simply enable permissive
on a regular kernel for developers and users who would require it.
The patcher needs to be flashed again after a ROM / boot image update.​

 

[rgadge]

Hello AdrianDC,
First of all, thank you for this wonderful MOD, I can set my phone running in permissive mode without rooting it.
I have BlackBerry work and for the same reason I'm not rooting my phone.
I have OnePlus One your MOD worked fine with LineageOS but with the version sultanxda's CAF version this mod won't keep the SELinux permissive.
Please suggest if there is a way to find the root cause and fix it?
Thank you in advance.

 

[aaron74]

Well this work on samsung kernels? Note4?

 

[blood1995]

i flashed your zip file with my galaxy j2(j2lte) exynos and its not working still on enforcing status

 

[Eversmile23]

S-ON problem.

Can I do Operations which are possible when a device is with 'S-OFF', by flashing this zip? I have got HTC desire 10 Lifestyle, which is bootloader unlocked but 'S-ON'. For example, when I write something on to my '/system' partition, the files vanish after a reboot.

 

[dic1911]

Can I do Operations which are possible when a device is with 'S-OFF', by flashing this zip? I have got HTC desire 10 Lifestyle, which is bootloader unlocked but 'S-ON'. For example, when I write something on to my '/system' partition, the files vanish after a reboot.

Nope, having a permissive kernel won't change this behavior

 

[hdc8899]

no working on s7 edge

 

[VincentJoshuaET]

Thanks for this. Can you make a zip that does the opposite, which is patching the kernel to enforcing? Thanks

Sent from my OnePlus 3T using XDA-Developers Legacy app

 

[SykoraLukas]

how to uninstall it?

 

[JumboMan]

Thanks for this. Can you make a zip that does the opposite, which is patching the kernel to enforcing? Thanks

This is very simple . you can do yourself.
steps.
1.Take .zip from here and decompile
2. Edit kernel_permissive.sh file
At line No.18 replace "androidboot.selinux=permissive" with "androidboot.selinux=enforcing"
3. Re-compile zip
4. Flash

---------- Post added at 09:12 AM ---------- Previous post was at 09:10 AM ----------

how to uninstall it?

Restore your stock boot.img

 

[doubledragon5]

Tried on S5 Sprint not working.

 

[Alonso_Quixana]

Can I use this on a Samsung Galaxy S5 mini Marshmallow Stock Rom to make it permissive?

If not, what else could I do? (except trying to compile a custom kernel)

 

[☆KØŁØЯΛĐØ☆]

@AdrianDC To start off, I have the Galaxy J7 Refine (SM-J737P) (2018) from Boost Mobile & this device seems incapable of setting SELinux to permissive, except in TWRP. The Kernel Patcher receives an error when attempting to flash, yet the adb unsecure patcher flashed no problem. No matter what methods I try or files I flash, SELinux remains set to Enforcing. I am wondering if you could shed some light on this situation or if this device remains permanently enforced by SELinux.

​

 

[Zackptg5]

@AdrianDC To start off, I have the Galaxy J7 Refine (SM-J737P) (2018) from Boost Mobile & this device seems incapable of setting SELinux to permissive, except in TWRP. The Kernel Patcher receives an error when attempting to flash, yet the adb unsecure patcher flashed no problem. No matter what methods I try or files I flash, SELinux remains set to Enforcing. I am wondering if you could shed some light on this situation or if this device remains permanently enforced by SELinux.

View attachment 4750016​

I made one here that can switch between permissive and enforcing: https://github.com/Zackptg5/Kernel-Sepolicy-Patcher
Hopefully it'll work for your device

 

[☆KØŁØЯΛĐØ☆]

I made one here that can switch between permissive and enforcing: https://github.com/Zackptg5/Kernel-Sepolicy-Patcher
Hopefully it'll work for your device

I was hoping it would but sadly it doesn't look like it. Even mounted the system in TWRP before flashing.

(See attached screenshots)

 

[Zackptg5]

I was hoping it would but sadly it doesn't look like it. Even mounted the system in TWRP before flashing.

(See attached screenshots)

It's not supposed to mount system. It's all in the boot I'm headers. Can you send twrp log after flashing?

Also, it's setenforce 0, you don't want the equal there