Patched kernel CVE-2016-5195 (aka "Dirtycow")

[dl12345]

For those of you wanting to patch your device asap, you can download my patched kernel. This is built from the latest Samsung standard sources with a couple of minor config changes, namely the ability to change SELinux enforcing mode as boot and runtime, removal of DM_VERITY and KNOX_KAP and a couple of IPv6 / QoS items (netfilter targets, qdiscs). The full config diff is below.

If you want to use this kernel you will need to create your own bootimage. On your device

# dd if=/dev/block/platform/15540000.dwmmc0/by-name/BOOT of=/sdcard/boot.img

Unpack the boot image (you can use this tool. In the unpacked folder, replace the boot.img-zImage with the new zImage from the zip file you downloaded. Recreate the bootimage with the mkbootimg tool (all the command line args you need to supply will be in the files that the unpackbootimg command created - just plug these values back in).

Now you can adb push the new boot.img back to your device and flash it using the reverse operation

# dd if=/sdcard/boot.img of=/dev/block/platform/15540000.dwmmc0/by-name/BOOT

If you want to compile your own kernel, here's the patch. In the kernel source dir, do

$ git init
$ git add .
$ git commit -m "initial"
$ git apply CVE-2016-5195.patch

CVE-2016-5195.patch:

From 4ecebb23a13c366b5d46cd0a76f14e6c81dd2da7 Mon Sep 17 00:00:00 2001
From: DL <[email protected]>
Date: Tue, 25 Oct 2016 19:36:32 +0700
Subject: [PATCH] Dirtycow Patch - CVE-2016-5195

---
 include/linux/mm.h |  1 +
 mm/memory.c        | 28 ++++++++++++++++++++++++----
 2 files changed, 25 insertions(+), 4 deletions(-)
 mode change 100755 => 100644 include/linux/mm.h
 mode change 100755 => 100644 mm/memory.c

diff --git a/include/linux/mm.h b/include/linux/mm.h
old mode 100755
new mode 100644
index 93b01bb..979e4c7
--- a/include/linux/mm.h
+++ b/include/linux/mm.h
@@ -1711,6 +1711,7 @@ static inline struct page *follow_page(struct vm_area_struct *vma,
 #define FOLL_HWPOISON	0x100	/* check page is hwpoisoned */
 #define FOLL_NUMA	0x200	/* force NUMA hinting page fault */
 #define FOLL_MIGRATION	0x400	/* wait for page to replace migration entry */
+#define FOLL_COW	0x4000	/* internal GUP flag */
 
 typedef int (*pte_fn_t)(pte_t *pte, pgtable_t token, unsigned long addr,
 			void *data);
diff --git a/mm/memory.c b/mm/memory.c
old mode 100755
new mode 100644
index bcde4a1..5331526
--- a/mm/memory.c
+++ b/mm/memory.c
@@ -1497,6 +1497,16 @@ int zap_vma_ptes(struct vm_area_struct *vma, unsigned long address,
 }
 EXPORT_SYMBOL_GPL(zap_vma_ptes);
 
+/*
+ * FOLL_FORCE can write to even unwritable pte's, but only
+ * after we've gone through a COW cycle and they are dirty.
+ */
+static inline bool can_follow_write_pte(pte_t pte, unsigned int flags)
+{
+	return pte_write(pte) ||
+		((flags & FOLL_FORCE) && (flags & FOLL_COW) && pte_dirty(pte));
+}
+
 /**
  * follow_page_mask - look up a page descriptor from a user-virtual address
  * @vma: vm_area_struct mapping @address
@@ -1604,7 +1614,7 @@ split_fallthrough:
 	}
 	if ((flags & FOLL_NUMA) && pte_numa(pte))
 		goto no_page;
-	if ((flags & FOLL_WRITE) && !pte_write(pte))
+	if ((flags & FOLL_WRITE) && !can_follow_write_pte(pte, flags))
 		goto unlock;
 
 	page = vm_normal_page(vma, address, pte);
@@ -1911,7 +1921,7 @@ long __get_user_pages(struct task_struct *tsk, struct mm_struct *mm,
 				 */
 				if ((ret & VM_FAULT_WRITE) &&
 				    !(vma->vm_flags & VM_WRITE))
-					foll_flags &= ~FOLL_WRITE;
+					foll_flags |= FOLL_COW;
 
 				cond_resched();
 			}
@@ -3913,8 +3923,18 @@ retry:
 	if (unlikely(pmd_none(*pmd)) &&
 	    unlikely(__pte_alloc(mm, vma, pmd, address)))
 		return VM_FAULT_OOM;
-	/* if an huge pmd materialized from under us just retry later */
-	if (unlikely(pmd_trans_huge(*pmd)))
+	/*
+	 * If a huge pmd materialized under us just retry later.  Use
+	 * pmd_trans_unstable() instead of pmd_trans_huge() to ensure the pmd
+	 * didn't become pmd_trans_huge under us and then back to pmd_none, as
+	 * a result of MADV_DONTNEED running immediately after a huge pmd fault
+	 * in a different thread of this mm, in turn leading to a misleading
+	 * pmd_trans_huge() retval.  All we have to ensure is that it is a
+	 * regular pmd that we can walk with pte_offset_map() and we can do that
+	 * through an atomic read in C, which is what pmd_trans_unstable()
+	 * provides.
+	 */
+	if (unlikely(pmd_trans_unstable(pmd)))
 		return 0;
 	/*
 	 * A regular pmd is established and it can't morph into a huge pmd
-- 
1.8.3.1

diff -Naur arch/arm/configs/trelte_00_defconfig .config

--- arch/arm/configs/trelte_00_defconfig	2016-03-01 17:00:22.000000000 +0700
+++ .config	2016-10-18 19:21:17.000000000 +0700
@@ -102,7 +102,8 @@
 # CONFIG_TREE_RCU_TRACE is not set
 # CONFIG_RCU_BOOST is not set
 # CONFIG_RCU_NOCB_CPU is not set
-# CONFIG_IKCONFIG is not set
+CONFIG_IKCONFIG=y
+CONFIG_IKCONFIG_PROC=y
 CONFIG_LOG_BUF_SHIFT=19
 CONFIG_CGROUPS=y
 CONFIG_CGROUP_DEBUG=y
@@ -391,7 +392,7 @@
 CONFIG_RKP_DBLMAP_PROT=y
 CONFIG_HYP_RKP=y
 CONFIG_TIMA_RKP_30=y
-CONFIG_KNOX_KAP=y
+# CONFIG_KNOX_KAP is not set
 CONFIG_TIMA_RKP_L1_TABLES=y
 # CONFIG_TIMA_RKP_L2_TABLES is not set
 # CONFIG_TIMA_RKP_DEBUG is not set
@@ -741,9 +742,23 @@
 CONFIG_INET_DIAG=y
 CONFIG_INET_TCP_DIAG=y
 # CONFIG_INET_UDP_DIAG is not set
-# CONFIG_TCP_CONG_ADVANCED is not set
+CONFIG_TCP_CONG_ADVANCED=y
+# CONFIG_TCP_CONG_BIC is not set
 CONFIG_TCP_CONG_CUBIC=y
-CONFIG_DEFAULT_TCP_CONG="cubic"
+CONFIG_TCP_CONG_WESTWOOD=y
+# CONFIG_TCP_CONG_HTCP is not set
+# CONFIG_TCP_CONG_HSTCP is not set
+# CONFIG_TCP_CONG_HYBLA is not set
+# CONFIG_TCP_CONG_VEGAS is not set
+# CONFIG_TCP_CONG_SCALABLE is not set
+# CONFIG_TCP_CONG_LP is not set
+# CONFIG_TCP_CONG_VENO is not set
+# CONFIG_TCP_CONG_YEAH is not set
+# CONFIG_TCP_CONG_ILLINOIS is not set
+# CONFIG_DEFAULT_CUBIC is not set
+CONFIG_DEFAULT_WESTWOOD=y
+# CONFIG_DEFAULT_RENO is not set
+CONFIG_DEFAULT_TCP_CONG="westwood"
 # CONFIG_TCP_MD5SIG is not set
 CONFIG_IPV6=y
 CONFIG_IPV6_PRIVACY=y
@@ -839,7 +854,7 @@
 CONFIG_NETFILTER_XT_TARGET_CONNSECMARK=y
 # CONFIG_NETFILTER_XT_TARGET_CT is not set
 # CONFIG_NETFILTER_XT_TARGET_DSCP is not set
-# CONFIG_NETFILTER_XT_TARGET_HL is not set
+CONFIG_NETFILTER_XT_TARGET_HL=y
 # CONFIG_NETFILTER_XT_TARGET_HMARK is not set
 CONFIG_NETFILTER_XT_TARGET_IDLETIMER=y
 CONFIG_NETFILTER_XT_TARGET_LOG=y
@@ -948,16 +963,16 @@
 CONFIG_NF_DEFRAG_IPV6=y
 CONFIG_NF_CONNTRACK_IPV6=y
 CONFIG_IP6_NF_IPTABLES=y
-# CONFIG_IP6_NF_MATCH_AH is not set
-# CONFIG_IP6_NF_MATCH_EUI64 is not set
-# CONFIG_IP6_NF_MATCH_FRAG is not set
-# CONFIG_IP6_NF_MATCH_OPTS is not set
-# CONFIG_IP6_NF_MATCH_HL is not set
-# CONFIG_IP6_NF_MATCH_IPV6HEADER is not set
-# CONFIG_IP6_NF_MATCH_MH is not set
-# CONFIG_IP6_NF_MATCH_RPFILTER is not set
-# CONFIG_IP6_NF_MATCH_RT is not set
-# CONFIG_IP6_NF_TARGET_HL is not set
+CONFIG_IP6_NF_MATCH_AH=y
+CONFIG_IP6_NF_MATCH_EUI64=y
+CONFIG_IP6_NF_MATCH_FRAG=y
+CONFIG_IP6_NF_MATCH_OPTS=y
+CONFIG_IP6_NF_MATCH_HL=y
+CONFIG_IP6_NF_MATCH_IPV6HEADER=y
+CONFIG_IP6_NF_MATCH_MH=y
+CONFIG_IP6_NF_MATCH_RPFILTER=y
+CONFIG_IP6_NF_MATCH_RT=y
+CONFIG_IP6_NF_TARGET_HL=y
 CONFIG_IP6_NF_FILTER=y
 CONFIG_IP6_NF_TARGET_REJECT=y
 CONFIG_IP6_NF_TARGET_REJECT_SKERR=y
@@ -987,39 +1002,39 @@
 #
 # Queueing/Scheduling
 #
-# CONFIG_NET_SCH_CBQ is not set
+CONFIG_NET_SCH_CBQ=y
 CONFIG_NET_SCH_HTB=y
-# CONFIG_NET_SCH_HFSC is not set
-# CONFIG_NET_SCH_PRIO is not set
+CONFIG_NET_SCH_HFSC=y
+CONFIG_NET_SCH_PRIO=y
 # CONFIG_NET_SCH_MULTIQ is not set
 # CONFIG_NET_SCH_RED is not set
 # CONFIG_NET_SCH_SFB is not set
-# CONFIG_NET_SCH_SFQ is not set
+CONFIG_NET_SCH_SFQ=y
 # CONFIG_NET_SCH_TEQL is not set
 # CONFIG_NET_SCH_TBF is not set
 # CONFIG_NET_SCH_GRED is not set
-# CONFIG_NET_SCH_DSMARK is not set
+CONFIG_NET_SCH_DSMARK=y
 # CONFIG_NET_SCH_NETEM is not set
 # CONFIG_NET_SCH_DRR is not set
 # CONFIG_NET_SCH_MQPRIO is not set
 # CONFIG_NET_SCH_CHOKE is not set
 # CONFIG_NET_SCH_QFQ is not set
 # CONFIG_NET_SCH_CODEL is not set
-# CONFIG_NET_SCH_FQ_CODEL is not set
-# CONFIG_NET_SCH_INGRESS is not set
+CONFIG_NET_SCH_FQ_CODEL=y
+CONFIG_NET_SCH_INGRESS=y
 # CONFIG_NET_SCH_PLUG is not set
 
 #
 # Classification
 #
 CONFIG_NET_CLS=y
-# CONFIG_NET_CLS_BASIC is not set
+CONFIG_NET_CLS_BASIC=y
 # CONFIG_NET_CLS_TCINDEX is not set
 # CONFIG_NET_CLS_ROUTE4 is not set
-# CONFIG_NET_CLS_FW is not set
+CONFIG_NET_CLS_FW=y
 CONFIG_NET_CLS_U32=y
 # CONFIG_CLS_U32_PERF is not set
-# CONFIG_CLS_U32_MARK is not set
+CONFIG_CLS_U32_MARK=y
 # CONFIG_NET_CLS_RSVP is not set
 # CONFIG_NET_CLS_RSVP6 is not set
 # CONFIG_NET_CLS_FLOW is not set
@@ -1036,7 +1051,7 @@
 CONFIG_NET_ACT_GACT=y
 # CONFIG_GACT_PROB is not set
 CONFIG_NET_ACT_MIRRED=y
-# CONFIG_NET_ACT_IPT is not set
+CONFIG_NET_ACT_IPT=y
 # CONFIG_NET_ACT_NAT is not set
 # CONFIG_NET_ACT_PEDIT is not set
 # CONFIG_NET_ACT_SIMP is not set
@@ -1438,7 +1453,6 @@
 # CONFIG_BCACHE is not set
 CONFIG_BLK_DEV_DM=y
 # CONFIG_DM_DEBUG is not set
-CONFIG_DM_BUFIO=y
 CONFIG_DM_CRYPT=y
 # CONFIG_DM_SNAPSHOT is not set
 # CONFIG_DM_THIN_PROVISIONING is not set
@@ -1450,7 +1464,7 @@
 # CONFIG_DM_DELAY is not set
 # CONFIG_DM_UEVENT is not set
 # CONFIG_DM_FLAKEY is not set
-CONFIG_DM_VERITY=y
+# CONFIG_DM_VERITY is not set
 # CONFIG_TARGET_CORE is not set
 # CONFIG_FUSION is not set
 
@@ -1467,7 +1481,7 @@
 # CONFIG_EQUALIZER is not set
 # CONFIG_NET_FC is not set
 CONFIG_MII=y
-# CONFIG_IFB is not set
+CONFIG_IFB=y
 # CONFIG_NET_TEAM is not set
 # CONFIG_MACVLAN is not set
 # CONFIG_VXLAN is not set
@@ -4524,8 +4538,9 @@
 # CONFIG_SECURITY_PATH is not set
 CONFIG_LSM_MMAP_MIN_ADDR=4096
 CONFIG_SECURITY_SELINUX=y
-# CONFIG_SECURITY_SELINUX_BOOTPARAM is not set
-# CONFIG_SECURITY_SELINUX_DISABLE is not set
+CONFIG_SECURITY_SELINUX_BOOTPARAM=y
+CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1
+CONFIG_SECURITY_SELINUX_DISABLE=y
 CONFIG_SECURITY_SELINUX_DEVELOP=y
 CONFIG_SECURITY_SELINUX_AVC_STATS=y
 CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1

 

[dicksteele]

Well done. Working good so far.

What sources did you use?

 

[zealjibia]

Well done. Working good so far.

What sources did you use?

He said" This is built from the latest Samsung standard source"

 

[dicksteele]

He said" This is built from the latest Samsung standard source"

I understand that. N910CXXU2DPI7 appears to be the latest. Which is why my question was simply, which one did he use, to verify that was it.

 

[dl12345]

I understand that. N910CXXU2DPI7 appears to be the latest. Which is why my question was simply, which one did he use, to verify that was it.

Yes, correct. I used the latest vanilla Samsung sources N910CXXU2DPI7. You can download them directly from Samsung. I've supplied the patch and the config diff, so everyone can precisely replicate the linked binary kernel version if they wish.

 

[dicksteele]

Yes, correct. I used the latest vanilla Samsung sources N910CXXU2DPI7. You can download them directly from Samsung. I've supplied the patch and the config diff, so everyone can precisely replicate the linked binary kernel version if they wish.

Excellent thanks. I've downloaded and getting compile errors. But I've been on travel for the past couple of weeks and my brains is not completely functioning.

 

[dl12345]

Excellent thanks. I've downloaded and getting compile errors. But I've been on travel for the past couple of weeks and my brains is not completely functioning.

If it helps to know, I use the android ndk 13 toolchain. Here are two files that I use, the first to setup the environment, the second to build the kernel. My NDK is installed in /opt/android/android-ndk-r13

/opt/android/setvars.sh

#!/bin/bash

NDKARCH="arm-linux-androideabi"
NDKARCHVER="4.9"

NDKVER="r13"
NDKBASE="/opt/android/android-ndk"

NDK="${NDKBASE}-${NDKVER}"
export NDKBIN="${NDK}/toolchains/${NDKARCH}-${NDKARCHVER}/prebuilt/linux-x86_64/bin"
export CROSS_COMPILE="${NDKARCH}-"
export ARCH=arm
export SUBARCH=arm

RE=".*${NDK}.*[:]*"

if [[ ! ${PATH} =~ ${RE} ]] ; then

    export PATH="$PATH:${NDKBIN}"

elif [[ ${PATH} =~ ${RE} ]]; then

    export PATH=$(echo $PATH | awk -F':' \
                        "{ \
                            i = 1; \
                            for (i = 1; i <= NF; i++) { \
                                if (\$i !~ /android-ndk/) printf \"%s\", \$i; \
                                else printf \"%s\", \"${NDKBIN}\";  \
                                if ( i < NF) printf \":\"; \
                            }; \
                         }")

fi

echo CROSS_COMPILE=$CROSS_COMPILE
echo PATH=$PATH

/opt/android/note4/src/kernel/build_kernel.sh

#!/bin/bash

. /opt/android/setvars.sh

export KBUILD_BUILD_USER=dl12345
export KBUILD_BUILD_HOST=xda

set -x
make -j16 ARCH=arm KBUILD_USER=$KBUILD_BUILD_USER KBUILD_BUILD_HOST=$KBUILD_BUILD_HOST $1
make ARCH=arm exynos5433-tre_eur_open_16.dtb

 

[dicksteele]

If it helps to know, I use the android ndk 13 toolchain. Here are two files that I use, the first to setup the environment, the second to build the kernel. My NDK is installed in /opt/android/android-ndk-r13

/opt/android/setvars.sh

#!/bin/bash

NDKARCH="arm-linux-androideabi"
NDKARCHVER="4.9"

NDKVER="r13"
NDKBASE="/opt/android/android-ndk"

NDK="${NDKBASE}-${NDKVER}"
export NDKBIN="${NDK}/toolchains/${NDKARCH}-${NDKARCHVER}/prebuilt/linux-x86_64/bin"
export CROSS_COMPILE="${NDKARCH}-"
export ARCH=arm
export SUBARCH=arm

RE=".*${NDK}.*[:]*"

if [[ ! ${PATH} =~ ${RE} ]] ; then

    export PATH="$PATH:${NDKBIN}"

elif [[ ${PATH} =~ ${RE} ]]; then

    export PATH=$(echo $PATH | awk -F':' \
                        "{ \
                            i = 1; \
                            for (i = 1; i <= NF; i++) { \
                                if (\$i !~ /android-ndk/) printf \"%s\", \$i; \
                                else printf \"%s\", \"${NDKBIN}\";  \
                                if ( i < NF) printf \":\"; \
                            }; \
                         }")

fi

echo CROSS_COMPILE=$CROSS_COMPILE
echo PATH=$PATH

/opt/android/note4/src/kernel/build_kernel.sh

#!/bin/bash

. /opt/android/setvars.sh

export KBUILD_BUILD_USER=dl12345
export KBUILD_BUILD_HOST=xda

set -x
make -j16 ARCH=arm KBUILD_USER=$KBUILD_BUILD_USER KBUILD_BUILD_HOST=$KBUILD_BUILD_HOST $1
make ARCH=arm exynos5433-tre_eur_open_16.dtb

This helps thanks a ton. I've really never attempted to compile a kernel for android. That's my last frontier.

I've done Linux over 10 years ago, I've just been content with using others.

They've all been great, but the only thing that was missing was the Revoke USB debugging authorizations on most of the custom ones.

I'd have to flash back to stock if ADB lost its mind and wouldn't recognize the phone.

Good stuff, great work. Much appreciation. Hope you stick around !

 

[dl12345]

If you want to use ADB on this kernel and you're booting with SELinux in enforcing mode, you'll need to first run a terminal and execute

$ su
# setenforce 0

If you don't do this, ADB will appear not to work or even recognize the device.

When you're done, just setenforce 1 again. Of course, depending on how your ramdisk is setup, this may not be necessary but it's worth knowing if you run into apparent problems with ADB.

 

[dicksteele]

If you want to use ADB on this kernel and you're booting with SELinux in enforcing mode, you'll need to first run a terminal and execute

$ su
# setenforce 0

If you don't do this, ADB will appear not to work or even recognize the device.

When you're done, just setenforce 1 again. Of course, depending on how your ramdisk is setup, this may not be necessary but it's worth knowing if you run into apparent problems with ADB.

ADB usually works fine. After reflashing and moving to a new machine ADBKeys is usually hosed.

So Revoke USB debugging authorizations is not under Developer Options to reset under some kernels, but it is under stock and it was after I applied yours. Which was cool.

It doesn't happen a lot just enough to be annoying.

 

[radz_]

This is nice.. @dl12345 I suggest make a flashable kernel..
Im not seeing any updated kernel right now specially for n910c device,.. no more kernel devs

 

[dicksteele]

This is nice.. @dl12345 I suggest make a flashable kernel..
Im not seeing any updated kernel right now specially for n910c device,.. no more kernel devs

[KERNEL][PI7 v1.5][6.0.1][TW] talexop - Note4 N910C Permissive
N910C_PI7_6.0.1_talexop_v1.5.zip

Came out Nov 2

Hoping sources will be out soon

 

[dl12345]

The thing with a flashable kernel is that everyone has a different ramdisk, so making something that fits all sizes is tricky. I figured it better to just let people use their existing ramdisk and so they won't notice any real change, regardless of the ROM they're using.

 

[radz_]

The thing with a flashable kernel is that everyone has a different ramdisk, so making something that fits all sizes is tricky. I figured it better to just let people use their existing ramdisk and so they won't notice any real change, regardless of the ROM they're using.

I saw your post in talexop's thread... are you able to confirm if dm verity is disabled with Permissive?

Im not really satisfied with systemless root, i want system mode root.. but it requires custom kernel with dm verity disabled.


http://forum.xda-developers.com/app...LX5SBEoShv5AasiQg&sig2=4Ak_z3p5coQU3YK0NY8aYw

 

[dicksteele]

I saw your post in talexop's thread... are you able to confirm if dm verity is disabled with Permissive?

Im not really satisfied with systemless root, i want system mode root.. but it requires custom kernel with dm verity disabled.


http://forum.xda-developers.com/app...LX5SBEoShv5AasiQg&sig2=4Ak_z3p5coQU3YK0NY8aYw

Flashed the talexop kernel, then the system mode supersu. Both worked fine together

 

[dl12345]

I saw your post in talexop's thread... are you able to confirm if dm verity is disabled with Permissive?

Im not really satisfied with systemless root, i want system mode root.. but it requires custom kernel with dm verity disabled.


http://forum.xda-developers.com/app...LX5SBEoShv5AasiQg&sig2=4Ak_z3p5coQU3YK0NY8aYw

Yes, CONFIG_DM_VERITY is disabled on this kernel as is CONFIG_KNOX_KAP. I run this kernel in enforcing mode (you can switch SELinux on or off with a boot command line parameter, or with the setenforce command).

 

[radz_]

Flashed the talexop kernel, then the system mode supersu. Both worked fine together

Oh nice... thanks for the confirmation mate.
For now I went back to stock, talexop kernel has wifi issue.. hoping for a fix soon..

 

[dicksteele]

Oh nice... thanks for the confirmation mate.
For now I went back to stock, talexop kernel has wifi issue.. hoping for a fix soon..

I compiled a kernel and mine is doing the same thing. But I think I found the fix. I hope. Kernel's running good I think.

But it's my first one ever and I'm still tickering with things.

It will be 70-80% stock. IF I release it it won't be until the end of the month at least.

 

[dl12345]

I compiled a kernel and mine is doing the same thing. But I think I found the fix. I hope. Kernel's running good I think.

But it's my first one ever and I'm still tickering with things.

It will be 70-80% stock. IF I release it it won't be until the end of the month at least.

These are all ramdisk related problems, and one of the reasons I just posted a link to a kernel rather than full boot image.

This wifi issue is a known problem caused by using secure_storage with a custom kernel or ROM. Your default.prop in your ramdisk should turn off securestorage

ro.securestorage.support=false

I'd also suggest the following edits in default.prop which are related to adb. Just search them here on XDA. There's lots of info

ro.secure=0
persist.service.adb.enable=1
persist.service.debuggable=1
ro.debuggable=1
ro.adb.secure=0
persist.sys.usb.config=mtp,adb

 

[talexop]

Yes, CONFIG_DM_VERITY is disabled on this kernel as is CONFIG_KNOX_KAP. I run this kernel in enforcing mode (you can switch SELinux on or off with a boot command line parameter, or with the setenforce command).

I do not think you can change to enforcing... It is only permissive. Are you sure it changed?

---------- Post added at 10:47 ---------- Previous post was at 10:45 ----------

These are all ramdisk related problems, and one of the reasons I just posted a link to a kernel rather than full boot image.

This wifi issue is a known problem caused by using secure_storage with a custom kernel or ROM. Your default.prop in your ramdisk should turn off securestorage

ro.securestorage.support=false

I'd also suggest the following edits in default.prop which are related to adb. Just search them here on XDA. There's lots of info

ro.secure=0
persist.service.adb.enable=1
persist.service.debuggable=1
ro.debuggable=1
ro.adb.secure=0
persist.sys.usb.config=mtp,adb

Bump