[SCRIPT] [INIT.D] Permissive SELinux on Stock Kernels [08/21/2014]

Search This thread
lol. I had an s5 most likely longer than you as well as i started creating roms myself with the vzw s5 thats had over 100k views as well as ive done other work for the vzw s5 as well as helped the op of this thread test and try to get permissive on the s5 long ago when this thread was created.

So yes, I'd say I know what I'm talking about and yes, I do own a g925v as well.. I DID PASS up the opportunity for a N6 to get a better device all around. The only benefit I saw from a N6 was it has a larger screen but that was the ONLY factor which clearly all the benefits of an s6e in every other area made the choice very easy.

Sent from my SM-G925V using XDA Free mobile app

---------- Post added at 08:24 AM ---------- Previous post was at 08:18 AM ----------



to make it easy, here is a link to one of my pieces of work for the s5:

http://xdaforums.com/showthread.php?p=53784905

It was one of the most used/viewed roms available until I got my s6e.. but then again who am i to browse around the vzw s5 threads? I suppose its only for people who use others work to put on their devices that has more say/knowledge then those who actually put in work?

I think your philosophy is flawed and I am done duscussing this with you lol

Sent from my SM-G925V using XDA Free mobile app

Drops-Mic.jpg


OK, let's move on folks, shall wek? :)
 

blair.sadewitz

Senior Member
Dec 24, 2014
249
57
vzw s5 always had it lol.. well not right away but once it was updated it worked.. heck, my vzw s6e has had v4a since ping pong root and were enforced as well.

theres ways around it for some root apps and luckily most dont require permissive (none that i use)

Sent from my SM-G925V using XDA Free mobile app

You can't _disable_ selinux, but I think for v4a if you have it use the right selinux context, it works. There are other methods, too.

---------- Post added at 09:34 AM ---------- Previous post was at 09:33 AM ----------

vzw s5 always had it lol.. well not right away but once it was updated it worked.. heck, my vzw s6e has had v4a since ping pong root and were enforced as well.

theres ways around it for some root apps and luckily most dont require permissive (none that i use)

Sent from my SM-G925V using XDA Free mobile app

You can't _disable_ selinux, but I think for v4a if you have it use the right selinux context, it works. There are other methods, too.

Also, I append this to build.prop:

lpa.decode=false tunnel.decode=false lpa.use-stagefright=false lpa.releaselock=false
 

elliwigy

Retired Forum Moderator / Recognized Developer
XDA App Taskforce
You can't _disable_ selinux, but I think for v4a if you have it use the right selinux context, it works. There are other methods, too.

---------- Post added at 09:34 AM ---------- Previous post was at 09:33 AM ----------



You can't _disable_ selinux, but I think for v4a if you have it use the right selinux context, it works. There are other methods, too.

Also, I append this to build.prop:

lpa.decode=false tunnel.decode=false lpa.use-stagefright=false lpa.releaselock=false

i didnt say you could disable selinix lol.. i simply said theres ways around permissive..

those edits to the build prop arent even necessary on the s6/s6e.. you do however need to edit or replace the audio.effects.conf file and delete pre installed sound alive and hearingdro apks

Sent from my SM-G925V using XDA Free mobile app
 

blair.sadewitz

Senior Member
Dec 24, 2014
249
57
I wasn't addressing you, I was responding to the guy asking the question! ;)

i didnt say you could disable selinix lol.. i simply said theres ways around permissive..

those edits to the build prop arent even necessary on the s6/s6e.. you do however need to edit or replace the audio.effects.conf file and delete pre installed sound alive and hearingdro apks

Sent from my SM-G925V using XDA Free mobile app


---------- Post added at 02:51 PM ---------- Previous post was at 02:49 PM ----------

But while I have your attention--can you just delete soundalive on the S5 also? I have become almost obsessed with "de-samsungizing" my phone. Each proprietary apk I rip out increases my perceived well-being haha
 

elliwigy

Retired Forum Moderator / Recognized Developer
XDA App Taskforce
I wasn't addressing you, I was responding to the guy asking the question! ;)



---------- Post added at 02:51 PM ---------- Previous post was at 02:49 PM ----------

But while I have your attention--can you just delete soundalive on the S5 also? I have become almost obsessed with "de-samsungizing" my phone. Each proprietary apk I rip out increases my perceived well-being haha

not sure but i dont see why not if you are using v4a drivers.. its required to install v4a on s6e.. id try to freeze it in tibu first and see if any negative effects

Extreme Syndicate v8
 

Stupifier

Senior Member
Jun 8, 2010
1,914
680
not sure but i dont see why not if you are using v4a drivers.. its required to install v4a on s6e.. id try to freeze it in tibu first and see if any negative effects

Extreme Syndicate v8

S5 with V4A. Received massive SoundAlive FCs. I froze SoundAlive. No More FCs and V4A worked just fine. So I backed SoundAlive up and Uninstalled. No issues. V4A works great.
 

Smdh

Member
Jan 1, 2016
21
6
50
Hopewell
Hey...I set my 775 and all but it wouldn't flip to permissive, so I downloaded an app from play store Paragon NTFS & HFS+. When I opened the app and allowed root...it ASKED if I wanted to set my selinux to permissive. I said yes. Damn if it's not showing permissive in settings too. Is that ok?
 
  • Like
Reactions: luis4995

luis4995

Member
Dec 12, 2008
7
0
Hey...I set my 775 and all but it wouldn't flip to permissive, so I downloaded an app from play store Paragon NTFS & HFS+. When I opened the app and allowed root...it ASKED if I wanted to set my selinux to permissive. I said yes. Damn if it's not showing permissive in settings too. Is that ok?
Oh my gosh that is awesome... Ive been trying to get fireflash going again but couldnt change Selinux back to permissive till this app...
e364587f847f028963bc2fd3340b3e66.jpg


Sent from my SM-G900V using XDA-Developers mobile app
 

blackjack4it

Senior Member
Dec 21, 2009
72
35
hi there, on my side I have a G900F Samsung Galaxy S5. I've noticed two things:
1) as far as I can understand, there's no init.d support by default in the stock kernel
2) it isn't possible to set permissive mode on any G900F stock kernel (you have to recompile a permissive kernel but Knox counter will be tripped). Am I right? I've enabled init.d support and used the script by hsbadr but no luck...always that damned Enforcing.
I've bought Knox Reset Premium but I can't get it to work (31 days of trials with no luck). I suppose that's because of missing permissive mode. I can achieve permissive mode using other kernels but Knox Counter isn't happy about this.
So, what to do (1 and 2)?
 

Top Liked Posts

  • There are no posts matching your filters.
  • 9
    "As part of the Android security model, Android uses Security-Enhanced Linux (SELinux) to enforce Mandatory Access Control (MAC) over all processes, even processes running with root/superuser privileges (a.k.a. Linux capabilities). SELinux can operate in one of two global modes: permissive mode, in which permission denials are logged but not enforced, and enforcing mode, in which permission denials are both logged and enforced." Read more here...


    Requirements:
    - Rooted Device
    - Root/FS/ES Explorer
    - busybox & init.d support


    How to:
    - Add the 01selinux script to /system/etc/init.d
    - Set file permissions to 0755 (rwx r-x r-x)
    - Power off, wait for a few seconds & power on
    If you'd like to add this script to your ROM, just copy 01selinux script to /system/etc/init.d !


    Downloads:
    [08/21/2014] Permissive SELinux v1.0: 01selinux


    Status:
    - Fully working on NC4 Kernel - Verizon Samsung Galaxy Note 3 (N900V)
    - Not working on NCG/NE9 Kernel - Verizon Samsung Galaxy S5 (G900V)


    Thanks to @Misterxtc for making all S5 testing.

    If you've any question, you may contact him.


    9xqFkpjl.png
    4
    Hi I've been following this thread with interest. Just a noob question: Is it possible that SE Linux IS being set permissive with these scripts, only the indicator is (perhaps deliberately) showing "enforcing"? Are you testing it for" enforcing" behavior?

    I understand what you mean; this isn't a noob qusetion at all. We're able with a new script/command (not in OP) to set "permissive" SELinux for SU user, which isn't applied for the other users. It seems that the policy may be enforced per user (confined users?!). Moreover, the script is overwritten on reboot.

    I believe I can find a workaround like I did with N3 NC4 kernel, but I don't have an S5 device for debugging. @Misterxtc is doing a great job in testing, but remote testing is time consuming & I've many other things to do.
    4
    Progress [09/04/2014]

    We had some progress today by setting Permissive SELinux for root, but it doesn't stick for user & on reboot.

    We'll continue testing later.
    3
    not worth it, forget it. welcome to the ignorelist, brian...
    2
    the first set of commands returned enforcing and the same with the second set after the reboot.

    It seems the output of setenforce is ignored by system for some reason. I'll do some more research...