• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!
  • Fill out your device list and let everyone know which phones you have!    Edit Your Device Inventory

Secure Folder Patch for Custom ROM

Search This thread

tetratheta

Member
Sep 13, 2019
10
1
Am I doing it right?

I'm using S8+(SM-G955N, Korean+Exynos) Pie.

I can't understand the tutorial, so here is what I understanded:
I use Pie, so I will follow 'FOR PIE ROM' instruction.

1. Patch build.prop
Code:
ro.config.iccc_version=3.0
to
Code:
ro.config.iccc_version=iccc_disabled
I can't understand about SecureFolder.apk thing so I skipped it.

2. Patch services.jar
- Deleted
Code:
invoke-static {v10, v9}, Lcom/samsung/android/knox/SemPersonaManager;->setAttributes(II)Z
near '.line 1346', Lcom/android/server/pm/PersonaManagerService.
- Deleted
Code:
invoke-static {p1, v3}, Lcom/samsung/android/knox/SemPersonaManager;->setAttributes(II)Z
near '.line 945', Lcom/android/server/pm/PersonaServiceHelper. It says it is in line 941 but recent version of services.jar, it is in line 945.
- Added
Code:
const/4 v11, 0x1
in
Code:
    .line 1344
    .local v8, "ui":Landroid/content/pm/UserInfo;
    iget-object v11, p0, Lcom/android/server/pm/PersonaManagerService;->mContext:Landroid/content/Context;

    invoke-static {v11}, Lcom/android/server/pm/PersonaServiceHelper;->isTimaAvailable(Landroid/content/Context;)Z

    move-result v11
		
    const/4 v11, 0x1

    if-nez v11, :cond_2
in Lcom/android/server/pm/PersonaManagerService.
I wonder I should do it in Lcom/android/server/pm/PersonaServiceHelper.
Code:
    .line 944
    invoke-static {p0}, Lcom/android/server/pm/PersonaServiceHelper;->isTimaAvailable(Landroid/content/Context;)Z

    move-result v3

    if-nez v3, :cond_0
For the time being, I didn't add line to Lcom/android/server/pm/PersonaServiceHelper becuase there wasn't saying about that(As long as I understand).

3. Modify system/etc/floating_features.xml
Added
Code:
<SEC_FLOATING_FEATURE_KNOX_SUPPORT_UKS>TRUE</SEC_FLOATING_FEATURE_KNOX_SUPPORT_UKS>
because there wasn't.

I am working on stock rom(no port rom).

I wonder I am doing it right or I missed something or done wrong.

PS. Any means to trick firmware status to 'Official'?
PPS. I've tried 'Smali Pathcer' Magisk module, but I broke my camera(black screen) and Secure Folder became not asking password/pin/pattern. I think It isn't right tool for me.
 
Last edited:

jaran kepang

Member
Mar 19, 2016
49
16
In here.
hello im trying to add this patch to get secure folder but ended with fail boot,my rom cant boot with deodexed services.jar..
i deodex framework with toad then put only services.jar and replace it to working system but the rom cant boot..only samsung logo without dimming..im using fully stock rom..my device is note fe..anyone can help me ??thanks
 

dandaosd17

New member
Sep 3, 2020
1
0
Could someone help me? I'm Brazilian and I don't know much about programming.
Galaxy s930f android oreo
rom G930FXXS8ETCM_G930FZTO8ETCA_ZTO

Could you make a video or explain better what should be done?
I only managed
II. Patch build.prop:
altere ro.config.iccc_version = 3.0 para
ro.config.iccc_version = iccc_disabled

and so sansumg health is back but the safe folder is not

I also did the entire smalipatcher procedure but it didn't work.
 

TheRealModder

Senior Member
Sep 2, 2018
601
550
16
Denpasar, Bali
Anyone have successfully patch Secure Folder on Q?

I tried with SmaliPatcher but i think it failed. [build.prop + service.jar patched, knox lines on floating_feature.xml is added]
Code:
09-05 09:01:09.325  2833  3261 E BufferQueueProducer: [com.osp.app.signin/com.samsung.android.samsungaccount.authentication.ui.check.user.UserValidateCheck$UserValidationPopupActivity$_7904#0] disconnect: not connected (req=1)
09-05 09:01:09.338  2833  3261 E BufferQueueProducer: [com.osp.app.signin/com.samsung.android.samsungaccount.authentication.ui.check.user.UserValidateCheck$UserValidationPopupActivity$_7904#1] disconnect: not connected (req=1)
09-05 09:01:09.467  2876 19699 E keymaster_tee: [ERR] (knox_secure_db.cpp:1663) DELETE error(-917)
09-05 09:01:09.470  2876 19699 E keymaster_tee: [ERR] (knox_secure_db.cpp:1742) execute_command error -917
09-05 09:01:09.500  2833  7022 E BufferQueueProducer: [com.sec.android.app.launcher/com.sec.android.app.launcher.activities.LauncherActivity$_7633#0] disconnect: not connected (req=1)
09-05 09:01:09.548  3225  9048 E DEVROOT#Service: [1.1.44] Type = [1] , Ret = [-10010]
09-05 09:01:09.557  3225  9048 E UserManagerService: Failed in DRK check
09-05 09:01:09.565 17398 19696 E CreateProfileTask: CreateProfileTask run. com.samsung.knox.securefolder.setupwizard.provisioning.ProvisioningException: user creation failed
09-05 09:01:09.565 17398 19696 E CreateProfileTask: 	at com.samsung.knox.securefolder.setupwizard.provisioning.task.CreateProfileTask.run(CreateProfileTask.java:79)
09-05 09:01:09.565 17398 19696 E CreateProfileTask: 	at com.samsung.knox.securefolder.setupwizard.provisioning.AbstractProvisioningController$ProvisioningTaskHandler.handleMessage(AbstractProvisioningController.java:163)
09-05 09:01:09.565 17398 19696 E CreateProfileTask: 	at android.os.Handler.dispatchMessage(Handler.java:107)
09-05 09:01:09.565 17398 19696 E CreateProfileTask: 	at android.os.Looper.loop(Looper.java:237)
09-05 09:01:09.565 17398 19696 E CreateProfileTask: 	at android.os.HandlerThread.run(HandlerThread.java:67)
09-05 09:01:09.566  3225  9049 E KnoxMUMContainerPolicy: no ongoing provisioning
09-05 09:01:09.567  3225  9049 E KnoxMUMContainerPolicy: no ongoing provisioning
09-05 09:01:09.601 17398 17398 E KnoxNameSetting: Creation failure : -1
09-05 09:01:09.653  3225  3285 E WindowManager: win=Window{8321b0c u0 com.osp.app.signin/com.samsung.android.samsungaccount.authentication.ui.check.user.UserValidateCheck$UserValidationPopupActivity EXITING} destroySurfaces: appStopped=false win.mWindowRemovalAllowed=true win.mRemoveOnExit=true win.mViewVisibility=0 caller=com.android.server.wm.AppWindowToken.destroySurfaces:1199 com.android.server.wm.AppWindowToken.destroySurfaces:1180 com.android.server.wm.WindowState.onExitAnimationDone:5030 com.android.server.wm.WindowStateAnimator.onAnimationFinished:287 com.android.server.wm.WindowState.onAnimationFinished:5471 com.android.server.wm.-$$Lambda$yVRF8YoeNdTa8GR1wDStVsHu8xM.run:2 com.android.server.wm.SurfaceAnimator.lambda$getFinishedCallback$0$SurfaceAnimator:100 
09-05 09:01:09.655 17398 17398 E KnoxLog : showErrorDialog() : Failed to create Secure Folder.

You can check the full log here : Google Drive
 

louforgiveno

Senior Member
Jun 24, 2010
3,715
2,386
Anyone have successfully patch Secure Folder on Q?

I tried with SmaliPatcher but i think it failed. [build.prop + service.jar patched, knox lines on floating_feature.xml is added]
Code:
09-05 09:01:09.325  2833  3261 E BufferQueueProducer: [com.osp.app.signin/com.samsung.android.samsungaccount.authentication.ui.check.user.UserValidateCheck$UserValidationPopupActivity$_7904#0] disconnect: not connected (req=1)
09-05 09:01:09.338  2833  3261 E BufferQueueProducer: [com.osp.app.signin/com.samsung.android.samsungaccount.authentication.ui.check.user.UserValidateCheck$UserValidationPopupActivity$_7904#1] disconnect: not connected (req=1)
09-05 09:01:09.467  2876 19699 E keymaster_tee: [[31mERR[0m] (knox_secure_db.cpp:1663) DELETE error(-917)
09-05 09:01:09.470  2876 19699 E keymaster_tee: [[31mERR[0m] (knox_secure_db.cpp:1742) execute_command error -917
09-05 09:01:09.500  2833  7022 E BufferQueueProducer: [com.sec.android.app.launcher/com.sec.android.app.launcher.activities.LauncherActivity$_7633#0] disconnect: not connected (req=1)
09-05 09:01:09.548  3225  9048 E DEVROOT#Service: [1.1.44] Type = [1] , Ret = [-10010]
09-05 09:01:09.557  3225  9048 E UserManagerService: Failed in DRK check
09-05 09:01:09.565 17398 19696 E CreateProfileTask: CreateProfileTask run. com.samsung.knox.securefolder.setupwizard.provisioning.ProvisioningException: user creation failed
09-05 09:01:09.565 17398 19696 E CreateProfileTask: at com.samsung.knox.securefolder.setupwizard.provisioning.task.CreateProfileTask.run(CreateProfileTask.java:79)
09-05 09:01:09.565 17398 19696 E CreateProfileTask: at com.samsung.knox.securefolder.setupwizard.provisioning.AbstractProvisioningController$ProvisioningTaskHandler.handleMessage(AbstractProvisioningController.java:163)
09-05 09:01:09.565 17398 19696 E CreateProfileTask: at android.os.Handler.dispatchMessage(Handler.java:107)
09-05 09:01:09.565 17398 19696 E CreateProfileTask: at android.os.Looper.loop(Looper.java:237)
09-05 09:01:09.565 17398 19696 E CreateProfileTask: at android.os.HandlerThread.run(HandlerThread.java:67)
09-05 09:01:09.566  3225  9049 E KnoxMUMContainerPolicy: no ongoing provisioning
09-05 09:01:09.567  3225  9049 E KnoxMUMContainerPolicy: no ongoing provisioning
09-05 09:01:09.601 17398 17398 E KnoxNameSetting: Creation failure : -1
09-05 09:01:09.653  3225  3285 E WindowManager: win=Window{8321b0c u0 com.osp.app.signin/com.samsung.android.samsungaccount.authentication.ui.check.user.UserValidateCheck$UserValidationPopupActivity EXITING} destroySurfaces: appStopped=false win.mWindowRemovalAllowed=true win.mRemoveOnExit=true win.mViewVisibility=0 caller=com.android.server.wm.AppWindowToken.destroySurfaces:1199 com.android.server.wm.AppWindowToken.destroySurfaces:1180 com.android.server.wm.WindowState.onExitAnimationDone:5030 com.android.server.wm.WindowStateAnimator.onAnimationFinished:287 com.android.server.wm.WindowState.onAnimationFinished:5471 com.android.server.wm.-$$Lambda$yVRF8YoeNdTa8GR1wDStVsHu8xM.run:2 com.android.server.wm.SurfaceAnimator.lambda$getFinishedCallback$0$SurfaceAnimator:100 
09-05 09:01:09.655 17398 17398 E KnoxLog : showErrorDialog() : Failed to create Secure Folder.

You can check the full log here : Google Drive
I believe @sac23 did, maybe pm or telegram him

Sent from my [device_name] using XDA-Developers Legacy app
 

rodrigospascoal

New member
Jun 4, 2021
1
0
Does this still work? This helped me fixing Samsung Health but Secure Folder keeps giving the same error.
I'm looking forward to alternatives to Smali Patcher as it gives me the Knox class error.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 84
    Hello XDA again,

    Maybe many of you knew me before, especially my work on secure folder for rooted note 5.

    I currently own Note 8 rooted.

    Many devs said that Samsung introduced TEE and because of that we can not use secure folder again.

    After spending a lot of time on investigating, patching both old and new lib, apk, framework, services I figured that actually Secure Folder is currently not related to TEE. Samsung just patched by code then we can bypass their patch to use Secure Folder in custom rooted rom.

    How:

    A. FOR PIE ROM
    I. Include all Knox related things in your rom.

    II. Patch build.prop:
    change ro.config.iccc_version=3.0 to
    ro.config.iccc_version=iccc_disabled

    De-compile new SecureFolder.apk show that it uses Iccc (IntegrityControlCheckCenter) to check system integrity status (device_status). If it's ok, SecureFolder.apk will create container. Old SecureFolder.apk did not use that check.
    Patch libtz_iccc.so is difficult so that just bypass this check by above patch.

    III. Patch services.jar
    Lcom/samsung/android/knox/SemPersonaManager is personal manager for knox related things. If device is compromised then Lcom/samsung/android/knox/SemPersonaManager will set persona's attribute to 0x4 and securefolder container will be uninstalled.

    Check this code in Lcom/android/server/pm/PersonaManagerService:

    Code:
        iget-object v11, p0, Lcom/android/server/pm/PersonaManagerService;->mContext:Landroid/content/Context;
    
        invoke-static {v11}, Lcom/android/server/pm/PersonaServiceHelper;->isTimaAvailable(Landroid/content/Context;)Z
    
        move-result v11
    	
        if-nez v11, :cond_2
    
        .line 1345
        const-string v11, "PersonaManagerService"
    
        const-string v12, "Device compromise detected !"
    
        invoke-static {v11, v12}, Landroid/util/Log;->e(Ljava/lang/String;Ljava/lang/String;)I
    
        .line 1346
    [COLOR="DarkOrange"]    invoke-static {v10, v9}, Lcom/samsung/android/knox/SemPersonaManager;->setAttributes(II)Z[/COLOR]
    
        move-result v10
    
        if-nez v10, :cond_3
    
        .line 1347
        const-string v10, "PersonaManagerService"
    
        const-string/jumbo v11, "setting compromise attribute failed !"
    
        invoke-static {v10, v11}, Landroid/util/Log;->e(Ljava/lang/String;Ljava/lang/String;)I
    
        goto :goto_2
    
        .line 1349
        :cond_2
        invoke-virtual {v8}, Landroid/content/pm/UserInfo;->isSuperLocked()Z
    
        move-result v10
    
        if-eqz v10, :cond_3
    
        .line 1350
        const-string v10, "PersonaManagerService"
    
        const-string v11, "Device is super locked - start lock screen"
    
        invoke-static {v10, v11}, Landroid/util/Log;->e(Ljava/lang/String;Ljava/lang/String;)I
    
        .line 1354
        .end local v8    # "ui":Landroid/content/pm/UserInfo;
        :cond_3
        :goto_2
        iget-object v8, p0, Lcom/android/server/pm/PersonaManagerService;->mContext:Landroid/content/Context;
    
        invoke-static {v8}, Lcom/samsung/android/knox/SemPersonaManager;->isKioskModeEnabled(Landroid/content/Context;)Z
    
        move-result v8
    
        if-eqz v8, :cond_4
    
        .line 1355
        iget-object v8, p0, Lcom/android/server/pm/PersonaManagerService;->mContext:Landroid/content/Context;
    
        invoke-static {v8}, Lcom/android/server/pm/PersonaServiceHelper;->isTimaAvailable(Landroid/content/Context;)Z
    
        move-result v8
    	
        const/4 v8, 0x1
    
        if-nez v8, :cond_4
    
        .line 1356
        invoke-direct {p0}, Lcom/android/server/pm/PersonaManagerService;->getPersonaManager()Lcom/samsung/android/knox/SemPersonaManager;
    
        move-result-object v8
    
        invoke-virtual {v8}, Lcom/samsung/android/knox/SemPersonaManager;->getKioskId()I
    
        move-result v8
    
    [COLOR="darkorange"]    invoke-static {v8, v9}, Lcom/samsung/android/knox/SemPersonaManager;->setAttributes(II)Z[/COLOR]
    
        move-result v8
    
        if-nez v8, :cond_4
    
        .line 1357
        const-string v8, "PersonaManagerService"
    
        const-string/jumbo v9, "setting compromise attribute failed !!"
    
        invoke-static {v8, v9}, Landroid/util/Log;->e(Ljava/lang/String;Ljava/lang/String;)I
    
        .line 1362
        :cond_4
        return-void

    and this code in Lcom/android/server/pm/PersonaServiceHelper

    Code:
    .method public static shouldBlockUserStart(Landroid/content/Context;I)Z
        .locals 7
        .param p0, "c"    # Landroid/content/Context;
        .param p1, "userId"    # I
    
        .line 934
        invoke-static {}, Landroid/os/Binder;->clearCallingIdentity()J
    
        move-result-wide v0
    
        .line 936
        .local v0, "token":J
        :try_start_0
        const-string v2, "PersonaServiceHelper"
    
        new-instance v3, Ljava/lang/StringBuilder;
    
        invoke-direct {v3}, Ljava/lang/StringBuilder;-><init>()V
    
        const-string/jumbo v4, "shouldBlockUserStart() "
    
        invoke-virtual {v3, v4}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
    
        invoke-virtual {v3, p1}, Ljava/lang/StringBuilder;->append(I)Ljava/lang/StringBuilder;
    
        invoke-virtual {v3}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
    
        move-result-object v3
    
        invoke-static {v2, v3}, Landroid/util/Log;->d(Ljava/lang/String;Ljava/lang/String;)I
    
        .line 937
        invoke-static {}, Lcom/android/server/pm/PersonaServiceHelper;->getUserManager()Lcom/android/server/pm/UserManagerService;
    
        move-result-object v2
    
        invoke-virtual {v2, p1}, Lcom/android/server/pm/UserManagerService;->getUserInfo(I)Landroid/content/pm/UserInfo;
    
        move-result-object v2
    
        .line 938
        .local v2, "uinfo":Landroid/content/pm/UserInfo;
        if-eqz v2, :cond_2
    
        .line 939
        invoke-virtual {v2}, Landroid/content/pm/UserInfo;->isManagedProfile()Z
    
        move-result v3
    
        const/4 v4, 0x1
    
        if-eqz v3, :cond_0
    
        .line 940
        invoke-static {p0}, Lcom/android/server/pm/PersonaServiceHelper;->isTimaAvailable(Landroid/content/Context;)Z
    
        move-result v3
    	
        if-nez v3, :cond_0
    
        .line 941
    [COLOR="darkorange"]    const/4 v3, 0x4
    
        invoke-static {p1, v3}, Lcom/samsung/android/knox/SemPersonaManager;->setAttributes(II)Z[/COLOR]
    
        .line 942
        const-string v3, "PersonaServiceHelper"
    
        new-instance v5, Ljava/lang/StringBuilder;
    
        invoke-direct {v5}, Ljava/lang/StringBuilder;-><init>()V
    
        const-string v6, "Device compromise attribute set for user : "
    
        invoke-virtual {v5, v6}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
    
        invoke-virtual {v5, p1}, Ljava/lang/StringBuilder;->append(I)Ljava/lang/StringBuilder;
    
        invoke-virtual {v5}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
    
        move-result-object v5
    
        invoke-static {v3, v5}, Landroid/util/Log;->w(Ljava/lang/String;Ljava/lang/String;)I
    
        .line 943
        iget v3, v2, Landroid/content/pm/UserInfo;->id:I
    
        if-eqz v3, :cond_0
    
        .line 944
        const-string v3, "PersonaServiceHelper"
    
        new-instance v5, Ljava/lang/StringBuilder;
    
        invoke-direct {v5}, Ljava/lang/StringBuilder;-><init>()V
    
        const-string v6, "blocking when device compromised "
    
        invoke-virtual {v5, v6}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
    
        invoke-virtual {v5, p1}, Ljava/lang/StringBuilder;->append(I)Ljava/lang/StringBuilder;
    
        invoke-virtual {v5}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
    
        move-result-object v5
    
        invoke-static {v3, v5}, Landroid/util/Log;->w(Ljava/lang/String;Ljava/lang/String;)I
        :try_end_0
        .catchall {:try_start_0 .. :try_end_0} :catchall_0
    
        .line 945
        nop
    
        .line 963
        invoke-static {v0, v1}, Landroid/os/Binder;->restoreCallingIdentity(J)V
    
        .line 945
        return v4
    
        .line 950
        :cond_0
        :try_start_1
        iget v3, v2, Landroid/content/pm/UserInfo;->id:I
    
        if-eqz v3, :cond_1
    
        invoke-virtual {v2}, Landroid/content/pm/UserInfo;->isManagedProfile()Z
    
        move-result v3
    
        if-eqz v3, :cond_1
    
        invoke-virtual {v2}, Landroid/content/pm/UserInfo;->isDeviceCompromised()Z
    
        move-result v3
    
        if-eqz v3, :cond_1
    
        .line 951
        const-string v3, "PersonaServiceHelper"
    
        new-instance v5, Ljava/lang/StringBuilder;
    
        invoke-direct {v5}, Ljava/lang/StringBuilder;-><init>()V
    
        const-string v6, "blocking when device compromised : "
    
        invoke-virtual {v5, v6}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
    
        invoke-virtual {v5, p1}, Ljava/lang/StringBuilder;->append(I)Ljava/lang/StringBuilder;
    
        invoke-virtual {v5}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
    
        move-result-object v5
    
        invoke-static {v3, v5}, Landroid/util/Log;->w(Ljava/lang/String;Ljava/lang/String;)I
        :try_end_1
        .catchall {:try_start_1 .. :try_end_1} :catchall_0
    
        .line 952
        nop
    
        .line 963
        invoke-static {v0, v1}, Landroid/os/Binder;->restoreCallingIdentity(J)V
    
        .line 952
        return v4
    
        .line 955
        :cond_1
        :try_start_2
        invoke-virtual {v2}, Landroid/content/pm/UserInfo;->isSuperLocked()Z
    
        move-result v3
    
        if-eqz v3, :cond_2
    
        invoke-static {p1}, Lcom/samsung/android/knox/SemPersonaManager;->isLegacyClId(I)Z
    
        move-result v3
    
        if-eqz v3, :cond_2
    
        .line 956
        const-string v3, "PersonaServiceHelper"
    
        new-instance v5, Ljava/lang/StringBuilder;
    
        invoke-direct {v5}, Ljava/lang/StringBuilder;-><init>()V
    
        const-string v6, "blocking non-BYOD super locked user "
    
        invoke-virtual {v5, v6}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
    
        invoke-virtual {v5, p1}, Ljava/lang/StringBuilder;->append(I)Ljava/lang/StringBuilder;
    
        invoke-virtual {v5}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
    
        move-result-object v5
    
        invoke-static {v3, v5}, Landroid/util/Log;->w(Ljava/lang/String;Ljava/lang/String;)I
        :try_end_2
        .catchall {:try_start_2 .. :try_end_2} :catchall_0
    
        .line 957
        nop
    
        .line 963
        invoke-static {v0, v1}, Landroid/os/Binder;->restoreCallingIdentity(J)V
    
        .line 957
        return v4
    
        .line 961
        :cond_2
        const/4 v3, 0x0
    
        .line 963
        invoke-static {v0, v1}, Landroid/os/Binder;->restoreCallingIdentity(J)V
    
        .line 961
        return v3
    
        .line 963
        .end local v2    # "uinfo":Landroid/content/pm/UserInfo;
        :catchall_0
        move-exception v2
    
        invoke-static {v0, v1}, Landroid/os/Binder;->restoreCallingIdentity(J)V
    
        throw v2
    .end method

    Then we can bypass those things by several way:
    1. Delete those Lcom/samsung/android/knox/SemPersonaManager;->setAttributes(II)Z lines
    2. Patch Lcom/android/server/pm/PersonaServiceHelper;->isTimaAvailable(Landroid/content/Context;)Z so that it returns true. But this way may cause other issues related to tima.
    3. Just add simple code like below:

    Code:
        invoke-static {v11}, Lcom/android/server/pm/PersonaServiceHelper;->isTimaAvailable(Landroid/content/Context;)Z
    
        move-result v11
    	
    [COLOR="DarkOrange"]    const/4 v11, 0x1[/COLOR]
    
        if-nez v11, :cond_2

    Better use the third way.

    IV. Patch method isUnifiedKeyStoreSupported in Lcom/android/server/locksettings/SyntheticPasswordManager so that it return true, by two way:
    1. Simply add that line (from S10 firmware to system/etc/floating_features.xml:
    <SEC_FLOATING_FEATURE_KNOX_SUPPORT_UKS>TRUE</SEC_FLOATING_FEATURE_KNOX_SUPPORT_UKS>
    2. Modify smali file.

    V. If your rom is a ported rom. You should replace services\smali_classes3\com\android\server\enterpr ise\ccm from stock services.jar.

    VI. Recompile services.jar and enjoy secure folder.


    B. FOR OREO ROM
    I. Include all Knox related things in your rom.

    II. Patch build.prop:
    change ro.config.iccc_version=3.0 to
    ro.config.iccc_version=iccc_disabled

    De-compile new SecureFolder.apk show that it uses Iccc (IntegrityControlCheckCenter) to check system integrity status (device_status). If it's ok, SecureFolder.apk will create container. Old SecureFolder.apk did not use that check.
    Patch libtz_iccc.so is difficult so that just bypass this check by above patch.

    III. Patch services.jar
    Lcom/samsung/android/knox/SemPersonaManager is personal manager for knox related things. If device is compromised then Lcom/samsung/android/knox/SemPersonaManager will set persona's attribute to 0x4 and securefolder container will be uninstalled.

    Check this code in Lcom/android/server/pm/PersonaManagerService:

    Code:
        iget-object v11, p0, Lcom/android/server/pm/PersonaManagerService;->mContext:Landroid/content/Context;
    
        invoke-static {v11}, Lcom/android/server/pm/PersonaServiceHelper;->isTimaAvailable(Landroid/content/Context;)Z
    
        move-result v11
    	
        if-nez v11, :cond_2
    
        .line 1345
        const-string v11, "PersonaManagerService"
    
        const-string v12, "Device compromise detected !"
    
        invoke-static {v11, v12}, Landroid/util/Log;->e(Ljava/lang/String;Ljava/lang/String;)I
    
        .line 1346
    [COLOR="DarkOrange"]    invoke-static {v10, v9}, Lcom/samsung/android/knox/SemPersonaManager;->setAttributes(II)Z[/COLOR]
    
        move-result v10
    
        if-nez v10, :cond_3
    
        .line 1347
        const-string v10, "PersonaManagerService"
    
        const-string/jumbo v11, "setting compromise attribute failed !"
    
        invoke-static {v10, v11}, Landroid/util/Log;->e(Ljava/lang/String;Ljava/lang/String;)I
    
        goto :goto_2
    
        .line 1349
        :cond_2
        invoke-virtual {v8}, Landroid/content/pm/UserInfo;->isSuperLocked()Z
    
        move-result v10
    
        if-eqz v10, :cond_3
    
        .line 1350
        const-string v10, "PersonaManagerService"
    
        const-string v11, "Device is super locked - start lock screen"
    
        invoke-static {v10, v11}, Landroid/util/Log;->e(Ljava/lang/String;Ljava/lang/String;)I
    
        .line 1354
        .end local v8    # "ui":Landroid/content/pm/UserInfo;
        :cond_3
        :goto_2
        iget-object v8, p0, Lcom/android/server/pm/PersonaManagerService;->mContext:Landroid/content/Context;
    
        invoke-static {v8}, Lcom/samsung/android/knox/SemPersonaManager;->isKioskModeEnabled(Landroid/content/Context;)Z
    
        move-result v8
    
        if-eqz v8, :cond_4
    
        .line 1355
        iget-object v8, p0, Lcom/android/server/pm/PersonaManagerService;->mContext:Landroid/content/Context;
    
        invoke-static {v8}, Lcom/android/server/pm/PersonaServiceHelper;->isTimaAvailable(Landroid/content/Context;)Z
    
        move-result v8
    	
        const/4 v8, 0x1
    
        if-nez v8, :cond_4
    
        .line 1356
        invoke-direct {p0}, Lcom/android/server/pm/PersonaManagerService;->getPersonaManager()Lcom/samsung/android/knox/SemPersonaManager;
    
        move-result-object v8
    
        invoke-virtual {v8}, Lcom/samsung/android/knox/SemPersonaManager;->getKioskId()I
    
        move-result v8
    
    [COLOR="darkorange"]    invoke-static {v8, v9}, Lcom/samsung/android/knox/SemPersonaManager;->setAttributes(II)Z[/COLOR]
    
        move-result v8
    
        if-nez v8, :cond_4
    
        .line 1357
        const-string v8, "PersonaManagerService"
    
        const-string/jumbo v9, "setting compromise attribute failed !!"
    
        invoke-static {v8, v9}, Landroid/util/Log;->e(Ljava/lang/String;Ljava/lang/String;)I
    
        .line 1362
        :cond_4
        return-void

    and this code in Lcom/android/server/pm/PersonaServiceHelper

    Code:
    .method public static shouldBlockUserStart(Landroid/content/Context;I)Z
        .locals 7
        .param p0, "c"    # Landroid/content/Context;
        .param p1, "userId"    # I
    
        .line 934
        invoke-static {}, Landroid/os/Binder;->clearCallingIdentity()J
    
        move-result-wide v0
    
        .line 936
        .local v0, "token":J
        :try_start_0
        const-string v2, "PersonaServiceHelper"
    
        new-instance v3, Ljava/lang/StringBuilder;
    
        invoke-direct {v3}, Ljava/lang/StringBuilder;-><init>()V
    
        const-string/jumbo v4, "shouldBlockUserStart() "
    
        invoke-virtual {v3, v4}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
    
        invoke-virtual {v3, p1}, Ljava/lang/StringBuilder;->append(I)Ljava/lang/StringBuilder;
    
        invoke-virtual {v3}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
    
        move-result-object v3
    
        invoke-static {v2, v3}, Landroid/util/Log;->d(Ljava/lang/String;Ljava/lang/String;)I
    
        .line 937
        invoke-static {}, Lcom/android/server/pm/PersonaServiceHelper;->getUserManager()Lcom/android/server/pm/UserManagerService;
    
        move-result-object v2
    
        invoke-virtual {v2, p1}, Lcom/android/server/pm/UserManagerService;->getUserInfo(I)Landroid/content/pm/UserInfo;
    
        move-result-object v2
    
        .line 938
        .local v2, "uinfo":Landroid/content/pm/UserInfo;
        if-eqz v2, :cond_2
    
        .line 939
        invoke-virtual {v2}, Landroid/content/pm/UserInfo;->isManagedProfile()Z
    
        move-result v3
    
        const/4 v4, 0x1
    
        if-eqz v3, :cond_0
    
        .line 940
        invoke-static {p0}, Lcom/android/server/pm/PersonaServiceHelper;->isTimaAvailable(Landroid/content/Context;)Z
    
        move-result v3
    	
        if-nez v3, :cond_0
    
        .line 941
    [COLOR="darkorange"]    const/4 v3, 0x4
    
        invoke-static {p1, v3}, Lcom/samsung/android/knox/SemPersonaManager;->setAttributes(II)Z[/COLOR]
    
        .line 942
        const-string v3, "PersonaServiceHelper"
    
        new-instance v5, Ljava/lang/StringBuilder;
    
        invoke-direct {v5}, Ljava/lang/StringBuilder;-><init>()V
    
        const-string v6, "Device compromise attribute set for user : "
    
        invoke-virtual {v5, v6}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
    
        invoke-virtual {v5, p1}, Ljava/lang/StringBuilder;->append(I)Ljava/lang/StringBuilder;
    
        invoke-virtual {v5}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
    
        move-result-object v5
    
        invoke-static {v3, v5}, Landroid/util/Log;->w(Ljava/lang/String;Ljava/lang/String;)I
    
        .line 943
        iget v3, v2, Landroid/content/pm/UserInfo;->id:I
    
        if-eqz v3, :cond_0
    
        .line 944
        const-string v3, "PersonaServiceHelper"
    
        new-instance v5, Ljava/lang/StringBuilder;
    
        invoke-direct {v5}, Ljava/lang/StringBuilder;-><init>()V
    
        const-string v6, "blocking when device compromised "
    
        invoke-virtual {v5, v6}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
    
        invoke-virtual {v5, p1}, Ljava/lang/StringBuilder;->append(I)Ljava/lang/StringBuilder;
    
        invoke-virtual {v5}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
    
        move-result-object v5
    
        invoke-static {v3, v5}, Landroid/util/Log;->w(Ljava/lang/String;Ljava/lang/String;)I
        :try_end_0
        .catchall {:try_start_0 .. :try_end_0} :catchall_0
    
        .line 945
        nop
    
        .line 963
        invoke-static {v0, v1}, Landroid/os/Binder;->restoreCallingIdentity(J)V
    
        .line 945
        return v4
    
        .line 950
        :cond_0
        :try_start_1
        iget v3, v2, Landroid/content/pm/UserInfo;->id:I
    
        if-eqz v3, :cond_1
    
        invoke-virtual {v2}, Landroid/content/pm/UserInfo;->isManagedProfile()Z
    
        move-result v3
    
        if-eqz v3, :cond_1
    
        invoke-virtual {v2}, Landroid/content/pm/UserInfo;->isDeviceCompromised()Z
    
        move-result v3
    
        if-eqz v3, :cond_1
    
        .line 951
        const-string v3, "PersonaServiceHelper"
    
        new-instance v5, Ljava/lang/StringBuilder;
    
        invoke-direct {v5}, Ljava/lang/StringBuilder;-><init>()V
    
        const-string v6, "blocking when device compromised : "
    
        invoke-virtual {v5, v6}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
    
        invoke-virtual {v5, p1}, Ljava/lang/StringBuilder;->append(I)Ljava/lang/StringBuilder;
    
        invoke-virtual {v5}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
    
        move-result-object v5
    
        invoke-static {v3, v5}, Landroid/util/Log;->w(Ljava/lang/String;Ljava/lang/String;)I
        :try_end_1
        .catchall {:try_start_1 .. :try_end_1} :catchall_0
    
        .line 952
        nop
    
        .line 963
        invoke-static {v0, v1}, Landroid/os/Binder;->restoreCallingIdentity(J)V
    
        .line 952
        return v4
    
        .line 955
        :cond_1
        :try_start_2
        invoke-virtual {v2}, Landroid/content/pm/UserInfo;->isSuperLocked()Z
    
        move-result v3
    
        if-eqz v3, :cond_2
    
        invoke-static {p1}, Lcom/samsung/android/knox/SemPersonaManager;->isLegacyClId(I)Z
    
        move-result v3
    
        if-eqz v3, :cond_2
    
        .line 956
        const-string v3, "PersonaServiceHelper"
    
        new-instance v5, Ljava/lang/StringBuilder;
    
        invoke-direct {v5}, Ljava/lang/StringBuilder;-><init>()V
    
        const-string v6, "blocking non-BYOD super locked user "
    
        invoke-virtual {v5, v6}, Ljava/lang/StringBuilder;->append(Ljava/lang/String;)Ljava/lang/StringBuilder;
    
        invoke-virtual {v5, p1}, Ljava/lang/StringBuilder;->append(I)Ljava/lang/StringBuilder;
    
        invoke-virtual {v5}, Ljava/lang/StringBuilder;->toString()Ljava/lang/String;
    
        move-result-object v5
    
        invoke-static {v3, v5}, Landroid/util/Log;->w(Ljava/lang/String;Ljava/lang/String;)I
        :try_end_2
        .catchall {:try_start_2 .. :try_end_2} :catchall_0
    
        .line 957
        nop
    
        .line 963
        invoke-static {v0, v1}, Landroid/os/Binder;->restoreCallingIdentity(J)V
    
        .line 957
        return v4
    
        .line 961
        :cond_2
        const/4 v3, 0x0
    
        .line 963
        invoke-static {v0, v1}, Landroid/os/Binder;->restoreCallingIdentity(J)V
    
        .line 961
        return v3
    
        .line 963
        .end local v2    # "uinfo":Landroid/content/pm/UserInfo;
        :catchall_0
        move-exception v2
    
        invoke-static {v0, v1}, Landroid/os/Binder;->restoreCallingIdentity(J)V
    
        throw v2
    .end method

    Check this code in KnoxMUMContainerPolicy

    Code:
    invoke-static {v5}, Lcom/android/server/pm/PersonaServiceHelper;->isTimaAvailable(Landroid/content/ContextZ
    
    move-result v5
    
    if-nez v5, :cond_0


    Then we can bypass those things by several way:
    1. Delete those Lcom/samsung/android/knox/SemPersonaManager;->setAttributes(II)Z lines
    2. Patch Lcom/android/server/pm/PersonaServiceHelper;->isTimaAvailable(Landroid/content/Context;)Z so that it returns true. But this way may cause other issues related to tima.
    3. Just add simple code like below:

    Code:
        invoke-static {v11}, Lcom/android/server/pm/PersonaServiceHelper;->isTimaAvailable(Landroid/content/Context;)Z
    
        move-result v11
    	
    [COLOR="DarkOrange"]    const/4 v11, 0x1[/COLOR]
    
        if-nez v11, :cond_2


    Code:
    invoke-static {v5}, Lcom/android/server/pm/PersonaServiceHelper;->isTimaAvailable(Landroid/content/ContextZ
    
    move-result v5
    
    [COLOR="DarkOrange"]    const/4 v5, 0x1[/COLOR]
    
    if-nez v5, :cond_0

    Better use the third way.

    IV. Patch method isUnifiedKeyStoreSupported in Lcom/android/server/locksettings/SyntheticPasswordManager so that it return true, by two way:
    1. Simply add that line (from S10 firmware to system/etc/floating_features.xml:
    <SEC_FLOATING_FEATURE_KNOX_SUPPORT_UKS>TRUE</SEC_FLOATING_FEATURE_KNOX_SUPPORT_UKS>
    2. Modify smali file.

    V. Mod KnoxFileHandler
    In Oreo Samsung forced using tima to store, retrive and delete encryptkey. But in Pie they changed to use KeyProtector. So that we will mod KnoxFileHandler. Compare modded one to stock one in attached to find out what need to be changed.

    VI. If your rom is a ported rom. You should replace services\smali_classes3\com\android\server\enterpr ise\ccm from stock services.jar.

    VII. Recompile services.jar and enjoy secure folder.





    PS:
    VII. SamsungPay and SamsungPass still use TEE, their own trustlets and use samsung server to check, store hash code. I will try to investigate deeper on those apk if I have time.
    14
    Great job mate, working perfect... View attachment 4794516

    Sent from my SM-N950F using Tapatalk
    13
    This is great to see, ive been curious on how you fixed SS back on Note 5 nougat for a while now, ill give it a go on my N5 running pie.

    Thanks for sharing :good: god bless
    5
    Nice find mate,Keep it up :)
    5
    To fix lock issue of secure folder


    download smali
    http://www.mediafire.com/file/ivy8py1lueln8tf/SyntheticPasswordManager.smali/file

    and replace in service jar ( com/android/server/locksettings) -