[SCRIPT] [INIT.D] Permissive SELinux on Stock Kernels [08/21/2014]

[hsbadr]

"As part of the Android security model, Android uses Security-Enhanced Linux (SELinux) to enforce Mandatory Access Control (MAC) over all processes, even processes running with root/superuser privileges (a.k.a. Linux capabilities). SELinux can operate in one of two global modes: permissive mode, in which permission denials are logged but not enforced, and enforcing mode, in which permission denials are both logged and enforced." Read more here...


Requirements:

- Rooted Device
- Root/FS/ES Explorer
- busybox & init.d support

How to:

- Add the 01selinux script to /system/etc/init.d
- Set file permissions to 0755 (rwx r-x r-x)
- Power off, wait for a few seconds & power on

If you'd like to add this script to your ROM, just copy 01selinux script to /system/etc/init.d !


Downloads:

[08/21/2014] Permissive SELinux v1.0: 01selinux

Status:

- Fully working on NC4 Kernel - Verizon Samsung Galaxy Note 3 (N900V)
- Not working on NCG/NE9 Kernel - Verizon Samsung Galaxy S5 (G900V)

Thanks to @Misterxtc for making all S5 testing.

If you've any question, you may contact him.

 

[GuestK00143]

It didn't work for me. I set permissions to 755, rebooted and it still says enforcing.

 

[hsbadr]

It didn't work for me. I set permissions to 755, rebooted and it still says enforcing.

It should be 775.

Have you tested init.d before? Check if it created an SELINUX log file on /data. If not, test init.d support!

 

[GuestK00143]

It should be 775.

Have you tested init.d before? Check if it created an SELINUX log file on /data. If not, test init.d support!

The log says Permissive SELinux by @hsbadr but in about phone and running the getenforce command in terminal mode it says enforcing. Yes, I have init.d support. Permissions are 775.

 

[hsbadr]

The log says Permissive SELinux by @hsbadr but in about phone and running the getenforce command in terminal mode it says enforcing. Yes, I have init.d support. Permissions are 775.

Do you've any other init.d scripts? Try to rename it 99selinux & report me!

 

[GuestK00143]

Do you've any other init.d scripts? Try to rename it 99selinux & report me!

Still dind't work renaming it. I have 99SuperSUDaemon and 00ARCHOID_INITD in the init.d directory also.

 

[hsbadr]

Still dind't work renaming it. I have 99SuperSUDaemon and 00ARCHOID_INITD in the init.d directory also.

I've just tested it on NC4 kernel (Note 3) & it works,

Unfortunately, I don't have S5 device for now !

 

[GuestK00143]

I've just tested it on NC4 kernel (Note 3) & it works,

Unfortunately, I don't have S5 device for now !

I'll have to try this on the NCG kernel it may be blocked on NE9. I'll report back in a few.

 

[hsbadr]

I'll have to try this on the NCG kernel it may be blocked on NE9. I'll report back in a few.

Thanks @Misterxtc! Yes, test it on NCG kernel & maybe another ROM if you can.


Update: Compare the following values in your build.prop:

ro.build.selinux=1
ro.kernel.qemu=0
ro.kernel.android.checkjni=0
ro.config.tima=0
ro.config.timaversion=3.0
ro.config.knox=0

 

[elliwigy]

it doesnt work for me either on my ne9 rom. although it also didnt create a log under /data either

Sent from my SM-G900V using XDA Free mobile app

---------- Post added at 08:01 AM ---------- Previous post was at 08:00 AM ----------

shouldnt perms be set same as other scripts in init.d folder?

Sent from my SM-G900V using XDA Free mobile app

 

[hsbadr]

it doesnt work for me either on my ne9 rom. although it also didnt create a log under /data either

If it didn't create /data/SELinux.log, your init.d doesn't work. Try a simple init.d test & it'll fail too!

 

[elliwigy]

If it didn't create /data/SELinux.log, your init.d doesn't work. Try a simple init.d test & it'll fail too!

so i had in wrong folder lol. moved to system/etc/init.d tried perms 0775 and 0755.. i have log file now but still says enforcing..

Sent from my SM-G900V using XDA Free mobile app

---------- Post added at 08:12 AM ---------- Previous post was at 08:12 AM ----------

so i had in wrong folder lol. moved to system/etc/init.d tried perms 0775 and 0755.. i have log file now but still says enforcing..

Sent from my SM-G900V using XDA Free mobile app

also tried renaming it to 99 as suggested

Sent from my SM-G900V using XDA Free mobile app

 

[hsbadr]

so i had in wrong folder lol. moved to system/etc/init.d tried perms 0775 and 0755.. i have log file now but still says enforcing..

It should be 0775; Compare the following values in your build.prop:

ro.build.selinux=1
ro.kernel.qemu=0
ro.kernel.android.checkjni=0
ro.config.tima=0
ro.config.timaversion=3.0
ro.config.knox=0

Power off, wait for a few seconds & power on!

 

[elliwigy]

It should be 0775; Compare the following values in your build.prop:

ro.build.selinux=1
ro.kernel.qemu=0
ro.kernel.android.checkjni=0
ro.config.tima=0
ro.config.timaversion=3.0
ro.config.knox=0

Power off, wait for a few seconds & power on!

i have init.d.. i tested it and also tried universal init.d with no luck ill compare build.prop now

Sent from my SM-G900V using XDA Free mobile app

 

[hsbadr]

i have init.d.. i tested it and also tried universal init.d with no luck ill compare build.prop now

Also, test the following commands in shell/terminal emulator & report me back:

getenforce

setenforce 0

getenforce

 

[GuestK00143]

Also, test the following commands in shell/terminal emulator & report me back:

getenforce

setenforce 0

getenforce

I tried the build.prop and it didn't work. I'm doing a full tar install of NCG right now because my NCG backup failed and locked my phone. I'll try it again after I'm done restoring the phone.

 

[hsbadr]

I tried the build.prop and it didn't work. I'm doing a full tar install of NCG right now because my NCG backup failed and locked my phone. I'll try it again after I'm done restoring the phone.

Great! Consider all troubleshooting options here including terminal commands. I know you've had a Note 3 & NC4 kernel caused many problems because of the Enforcing SELinux. My ROM is running now on NC4 kernel using this script.

 

[elliwigy]

i chqnged build.prop to match as well as tried the term emu and still enforcing..

Sent from my SM-G900V using XDA Free mobile app

 

[hsbadr]

i chqnged build.prop to match as well as tried the term emu and still enforcing..

Thanks! This is very weird In terminal, you wrote setenforce 0 & this didn't change it to Permissive lol Please try it again with su!

 

[elliwigy]

Thanks! This is very weird In terminal, you wrote setenforce 0 & this didn't change it to Permissive lol Please try it again with su!

i did in bottom screen but tried again... also selinux changer didnt work either to change it lol

Sent from my SM-G900V using XDA Free mobile app