[ROOT]Gaining write access on system partition

N

njhuiz

Member
Jun 28, 2015
42
14
0
Oct 16, 2015 at 10:16 PM
The latest update to .368 restricts access to /system, in particular 'mount -o remount,rw /system' won't give write access.

With the SuperSU 'supolicy' tool and a current busybox there is an easy way around the protection:

Code: 
/system/xbin/supolicy --live \
  "allow init_shell unlabeled file {execute execute_no_trans}"\
  "allow  {init_shell kernel} {device unlabeled mmc_block_device} blk_file {getattr read write open ioctl}"\
  "allow init_shell kernel process setsched"\
  "allow init_shell {rootfs labeledfs} filesystem {mount umount remount}"

mknod /dev/loop2 b 7 2
losetup /dev/loop2 /dev/block/mmcblk0 -o 96468992
mount -t ext4 /dev/loop2 /system
The number in the losetup command is the position of the system partition in bytes in the internal memory. (This number in blocks (bytes = blocks * 512) is displayed in the expert mode of fdisk)

This works because we do not use the device corresponding to the system partition but construct an equivalent device.
 
  • Like
Reactions: levone1, TheEndHK, CoolDevelopment and 1 other person
N

njhuiz

Member
Jun 28, 2015
42
14
0
Oct 21, 2015 at 9:04 PM
I could not write to /system because I somehow lost the XZDualRecovery during the last update. When installed that does the magic at startup and enables a "remount,rw" of /system. In particular it has nothing to do with .368 as I initially suspected.

The flashable zip of the XZDualRecovery contains the necessary scripts and modules.

The method proposed in my initial post has the advantage, that it builds on (heavily used) features of the (Linux) kernel and is independent of the kernel version. Kernel modules on the other hand often only work with the kernel they were compiled for.
 
L

levone1

Senior Member
Dec 28, 2014
3,741
1,451
243
Oct 23, 2015 at 3:11 PM
Far from an expert, so please let me know what I'm missing. Ran all commands successfully, rebooted, but still seems like no system rw access. Does this actually create that access, or does this only enable the ability to get access, and now there's another step? Thanks
 
N

njhuiz

Member
Jun 28, 2015
42
14
0
Oct 25, 2015 at 10:33 PM
Those commands grant immediate write access, but this is not persistent.
If you need a persistent solution, you should install the XZDualrecovery (which you should do anyway!).
Then a "mount -o remount,rw /system" gives you write access.
 
  • Like
Reactions: levone1
L

levone1

Senior Member
Dec 28, 2014
3,741
1,451
243
Oct 25, 2015 at 11:51 PM
njhuiz said:
Those commands grant immediate write access, but this is not persistent.
If you need a persistent solution, you should install the XZDualrecovery (which you should do anyway!).
Then a "mount -o remount,rw /system" gives you write access.
Click to expand...
Thanks, I'll give it a try, (switched ROMs at the moment, but not for long).
 
F

FrikandelChris

Senior Member
Jan 24, 2012
72
8
0
Oct 26, 2015 at 8:16 AM
I have an unlocked Bootloader, root (working!) and XZDualRecovery. I' running prerooted 5.1 Android Stock ROM. I can't write to system... I tried many commands via ADB.
Is there any workaround?
 
T

tracyn

Senior Member
Jan 8, 2011
51
11
0
Christchurch
Oct 30, 2015 at 8:55 AM
I just spent a long time trying to get write access on my Z1C, too. I'm on MX ROM and wanted to debloat some of the software.

Turns out I just had to set the SE Linux from Enforced to Permissive, then using the mount -o remount,rw /system went fine.

Code: 
su -c setenforce 0
mount -o remount,rw /system
exit
EDIT:
The "su -c setenforce 0" should make the change to Permissive permanent. Will check.

EDIT 2:
I had to get the app SELinuxModeChanger (http://forum.xda-developers.com/showthread.php?t=2524485) in conjunction with the adbd Insecure app to finally get it to work reliably, now...
 
Last edited:
xander59

xander59

Senior Member
Dec 25, 2012
165
82
0
Lille
Nov 5, 2015 at 12:33 PM
I tried all the solution in this post but I failed every time... Someone to explain me how I have to do? :)

Envoyé de mon D5503 en utilisant Tapatalk
 
L

levone1

Senior Member
Dec 28, 2014
3,741
1,451
243
Nov 5, 2015 at 2:55 PM
xander59 said:
I tried all the solution in this post but I failed every time... Someone to explain me how I have to do? :)

Envoyé de mon D5503 en utilisant Tapatalk
Click to expand...
Did you try all of them, (terminal commands in op, adb insecure app, mount -o remount command, selinux permission change..)? If so, and you still can't rw, I'd say it might be a problem with your ROM. I have used RockZ1 and MX ROM recently, and initially had issues, but at least one of these things worked for me.
 
xander59

xander59

Senior Member
Dec 25, 2012
165
82
0
Lille
Nov 5, 2015 at 2:58 PM
In fact, I read again the topic and I have the version 21 of dual recovery, so I have the r/w permission... But i can't still see an app when I'm moving its to /system/app and set right permission

Envoyé de mon D5503 en utilisant Tapatalk
 
L

levone1

Senior Member
Dec 28, 2014
3,741
1,451
243
Nov 6, 2015 at 8:39 PM
xander59 said:
In fact, I read again the topic and I have the version 21 of dual recovery, so I have the r/w permission... But i can't still see an app when I'm moving its to /system/app and set right permission

Envoyé de mon D5503 en utilisant Tapatalk
Click to expand...
Not sure about that... I've definitely had apps that won't install or won't open before. I'm not sure what makes something compatible or not. Maybe email developer.
 
M

Morfarj

Senior Member
May 16, 2013
72
21
0
Nov 23, 2015 at 6:23 PM
SGP621-RICDefeat

The SGP621-RICDefeat.zip will work on latest .216 stock. It's not a flashable zip but it contains a install.bat file, wich will remove the write to system protection. Then you can download an app from play store to mount system as RW and RO.

Don't remember where i found it though, but it was somewhere in the Z1 compact forum.
 
You must log in or register to reply here.

New posts

Our Apps
Get our official app!
The best way to access XDA on your phone
Nav Gestures
Add swipe gestures to any Android
One Handed Mode
Eases uses one hand with your phone