[MODULE][DISCONTINUED] Magisk SELinux Permissive Script

Search This thread

Jman420

Senior Member
Jul 21, 2014
183
311
AS OF 03/07/2018
Support and development of this module have been discontinued.
A replacement module can be found here : https://xdaforums.com/apps/magisk/module-magisk-selinux-manager-t3760042


This is a very simple module that installs a post-fs-data.sh script which enables SELinux Permissive Mode. This is useful for certain audio mods and removes the need to understand Magisk's file system & boot logic. No need to create your own scripts, just flash and forget.

I have only tested this on my Verizon HTC 10, but this module is so simple and generic that it should work on any Android device with SELinux.
This module has been tested on and is compatible with Magisk v11.6-15.2.

Disclaimer & Recommendations: This module should be used as a last resort only if appropriate SELinux Permissions can not be generated and injected into the SELinux Policy using selinux-inject, supolicy or magiskpolicy. Putting your device into Permissive Mode will essentially disable all of the operating system level security built into Android and allow any app in any context to do whatever it wants. Actions requiring root access will still trigger your SU Manager App, but all apps have elevated privileges due to permissive and may be able to take malicious actions on your device without needing root access. If you find that this module fixes issues you are experiencing with an app I recommend contacting the app developer and trying to work with them to isolate the necessary SELinux Permissions and have them injected into the SELinux Policy at startup.
Here is a discussion of some of concerns to consider when running your device in Permissive Mode : https://xdaforums.com/general/general/discussion-root-selinux-risks-t3607295

Github Repo : https://github.com/Jman420/magisk-permissive-script

Change Log :
v1.0 - Initial Release
v1.1 - Update to Module Template v1400
v1.2 - Update to Module Template v1500
 

Attachments

  • Screenshot_20170401-083559.png
    Screenshot_20170401-083559.png
    102.7 KB · Views: 43,844
  • Screenshot_20170401-082645.jpg
    Screenshot_20170401-082645.jpg
    235.1 KB · Views: 45,214
  • Screenshot_20170401-082730.png
    Screenshot_20170401-082730.png
    198.2 KB · Views: 44,339
  • Screenshot_20170401-083057.png
    Screenshot_20170401-083057.png
    65.3 KB · Views: 40,854
  • Screenshot_20170401-083118.png
    Screenshot_20170401-083118.png
    216.3 KB · Views: 37,047
  • Screenshot_20170401-083247.png
    Screenshot_20170401-083247.png
    67.2 KB · Views: 35,561
  • magisk-permissive-script_v1.0.zip
    5.8 KB · Views: 12,825
  • magisk-permissive-script_v1.1.zip
    5.2 KB · Views: 24,954
  • magisk-permissive-script_v1.2.zip
    4.7 KB · Views: 73,669
Last edited:

huaiyue

Senior Member
Mar 8, 2008
106
18
Taopei
This is a very simple module that installs a post-fs-data.sh script which enables SELinux Permissive Mode. This is useful for certain audio mods and removes the need to understand Magisk's file system & boot logic. No need to create your own scripts, just flash and forget.

I have only tested this on my Verizon HTC 10, but this module is so simple and generic that it should work on any Android device with SELinux.

Github Repo : https://github.com/Jman420/magisk-permissive-script

LeEco LePro 3 Atmos can work
however
xposed systemless failed.

---------- Post added at 01:32 ---------- Previous post was at 01:31 ----------

These two things are completely unrelated.

If you want to install something, you install it. There's not much more to that.

http://imgur.com/a/Sbf9p

dolby fc.
:(

---------- Post added at 01:36 ---------- Previous post was at 01:32 ----------

In Magisk, go to the Modules section, and select the "+", and select the zip you downloaded.

thank you brother!
 

Jman420

Senior Member
Jul 21, 2014
183
311

matssa

Senior Member
Jan 8, 2015
1,817
1,898
I don't understand why this mod is usefull. In the latest version of magisk, there is a semi enforce/permissive linux bypass. The system thinks it's enforced, but in reality is permissive. Or maybe I didn't fully understand it?
 
  • Like
Reactions: FlyingMachete

Jman420

Senior Member
Jul 21, 2014
183
311
I don't understand why this mod is usefull. In the latest version of magisk, there is a semi enforce/permissive linux bypass. The system thinks it's enforced, but in reality is permissive. Or maybe I didn't fully understand it?

I agree that Magisk hides the actual SELinux Mode in such a way that if Magisk Hide is enabled the 'getenforce' command always returns 'Enforcing'. But if you do not run the 'setenforce 0' command the SELinux mode will still be set to 'Enforcing' rather than 'Permissive'. This script puts the SELinux mode into 'Permissive' at startup. Magisk Hide will still hide the fact that you are in Permissive Mode, which I believe is the 'pseudo permissive' mode that Magisk describes. But I can not find any settings or commands within Magisk that enable Permissive Mode.

I've just flashed this zip. This allows Viper4Android to run in enforcing mode:
https://www.dropbox.com/s/k9cnruw2e1t1d4t/ViPER4Android-supolicy.zip?dl=0
I forgot the source. Maybe Google it

It's just a shell script, the source is in the zip file. This is really helpful and is the direction I want to take this project. Permissive Mode is great in that it gets the Apps/Mods that we want to run to work, but I consider it the equivalent of using a sledgehammer to hammer in a finishing nail. I would much rather be able to grant the specific permissions that each App needs rather than enable all permissions for all apps (which is what permissive mode does).

I plan on trying to develop an App which will assist in managing and generating a script which uses 'supolicy' to inject individual SELinux Policy Permissions. I had planned on using the Dolby Atmos LePro3 build as a guinea pig to try to isolate which permissions it needs and put together the supolicy command for them. I've hit a bit of a roadblock in verifying my supolicy command due to the format that the SELinux Policy is stored in on the device. I've found a project called sedump (https://ge0n0sis.github.io/posts/2015/12/exploring-androids-selinux-kernel-policy/) which claims to deserialize the Binary SELinux Policy to a readable format, but I can't seem to get it to work... the process seems to complete, but it generates an empty file... If anyone has experience with SELinux I'd really appreciate any feedback.
 
  • Like
Reactions: ChazzMatt

Jman420

Senior Member
Jul 21, 2014
183
311
its working with s5neo?

Dunno, I've only got an HTC 10 for testing. Give it a shot, if it doesn't work just uninstall the Magisk Package. Remember to disable Magisk Hide if you are testing to make sure it actually put your phone into Permissive Mode by using the 'getenforce' command.
 

X_GOD

Member
Dec 16, 2012
12
4
india
This is a very simple module that installs a post-fs-data.sh script which enables SELinux Permissive Mode. This is useful for certain audio mods and removes the need to understand Magisk's file system & boot logic. No need to create your own scripts, just flash and forget.

I have only tested this on my Verizon HTC 10, but this module is so simple and generic that it should work on any Android device with SELinux.

Github Repo : https://github.com/Jman420/magisk-permissive-script

this zip must be flashed using twrp rite ? or stock recovery also will do fine ? because i tried many times to flash recovery for samsung e5 5.1.1 but ended up with boot loop. now running all stock !!
 

Jman420

Senior Member
Jul 21, 2014
183
311
this zip must be flashed using twrp rite ? or stock recovery also will do fine ? because i tried many times to flash recovery for samsung e5 5.1.1 but ended up with boot loop. now running all stock !!

Should be able to install it through Magisk Manager or TWRP. Let me know if you have problems.
 

Thor™

Senior Member
Feb 15, 2016
136
39
भारत
I don't understand why this mod is usefull. In the latest version of magisk, there is a semi enforce/permissive linux bypass. The system thinks it's enforced, but in reality is permissive. Or maybe I didn't fully understand it?

Now, I have magisk 11.6 on EMUI marshmallows :) V4A driver was abnormal because Enforcing selinux. Same happened with SuperSU 2.79. When I changed to permissive mode using terminal emulato/kernerl aduitor init.d script emulator/su.d SuperSU script, V4A driver was normal and it was processing. I like Magisk a lot because of its xposed like modules. Now using jman420's permissive magisk module.
 

matssa

Senior Member
Jan 8, 2015
1,817
1,898
Now, I have magisk 11.6 on EMUI marshmallows :) V4A driver was abnormal because Enforcing selinux. Same happened with SuperSU 2.79. When I changed to permissive mode using terminal emulato/kernerl aduitor init.d script emulator/su.d SuperSU script, V4A driver was normal and it was processing. I like Magisk a lot because of its xposed like modules. Now using jman420's permissive magisk module.
Without this module, ARISE is working fine, processing in 48000 on my side, so for V4A I don't think this is necessary, at least on my side.

Sent from my OnePlus3 using XDA Labs
 

Top Liked Posts

  • There are no posts matching your filters.
  • 94
    AS OF 03/07/2018
    Support and development of this module have been discontinued.
    A replacement module can be found here : https://xdaforums.com/apps/magisk/module-magisk-selinux-manager-t3760042


    This is a very simple module that installs a post-fs-data.sh script which enables SELinux Permissive Mode. This is useful for certain audio mods and removes the need to understand Magisk's file system & boot logic. No need to create your own scripts, just flash and forget.

    I have only tested this on my Verizon HTC 10, but this module is so simple and generic that it should work on any Android device with SELinux.
    This module has been tested on and is compatible with Magisk v11.6-15.2.

    Disclaimer & Recommendations: This module should be used as a last resort only if appropriate SELinux Permissions can not be generated and injected into the SELinux Policy using selinux-inject, supolicy or magiskpolicy. Putting your device into Permissive Mode will essentially disable all of the operating system level security built into Android and allow any app in any context to do whatever it wants. Actions requiring root access will still trigger your SU Manager App, but all apps have elevated privileges due to permissive and may be able to take malicious actions on your device without needing root access. If you find that this module fixes issues you are experiencing with an app I recommend contacting the app developer and trying to work with them to isolate the necessary SELinux Permissions and have them injected into the SELinux Policy at startup.
    Here is a discussion of some of concerns to consider when running your device in Permissive Mode : https://xdaforums.com/general/general/discussion-root-selinux-risks-t3607295

    Github Repo : https://github.com/Jman420/magisk-permissive-script

    Change Log :
    v1.0 - Initial Release
    v1.1 - Update to Module Template v1400
    v1.2 - Update to Module Template v1500
    11
    So I've decided to discontinue development for the Magisk SELinux Permissive Script module. Instead it will be replaced with a new Magisk module which will be more flexible and potentially encompass more functionality related to SELinux. I do not have a working build of the new module yet, but have working title of 'Magisk SELinux Manager' and have started pushing some code to https://github.com/Jman420/magisk_selinux_manager. This new project's first feature will be selecting which SELinux mode to set at startup.

    Until I release a working build of Magisk SELinux Manager I will continue support for Magisk SELinux Permissive Script here.
    9
    Module template updated to v1500 and tested install via MagiskManager v15.2.

    Please post any issues.
    5
    Hey @Jman420. I mean no disrespect in asking, but I was wondering if you wouldn't mind updating the module for v16 at your convenience, thanks!

    The module is already updated to the latest template. It needs nothing new for Magisk v16.0.
    4
    Magisk Permissive Script module has been updated to Module Template v1400, see v1.1. Installation can be done from TWRP or Magisk Manager.

    Enjoy!