Database Info

[Q] executing root shell commands in app gives me a SU permissions rejected

im trying to download files from a server(works) make a new directory for them to go in (works) than im trying to put these new files in the system partition by remounting the /system as readwrite(not working) than write the files to the system partition
can someone please help ive tried hours of trouble shooting
Code:
final Runtime runtime = Runtime.getRuntime();
try {
runtime.exec("su");
runtime.exec("mkdir /sdcard/newdir");
runtime.exec("wget -P /sdcard/newdir websiteurl.com/file");
runtime.exec("wget -P /sdcard/newdir websiteurl.com/file");
runtime.exec("wget -P /sdcard/newdir websiteurl.com/file");
runtime.exec("busybox mount -o rw,remount /system");
runtime.exec("mv -f /mnt/sdcard/newdir/file /system/dir");
runtime.exec("mv -f /mnt/sdcard/newdir/file /system/dir");
runtime.exec("mv -f /mnt/sdcard/newdir/file /system/dir");
runtime.exec("busybox mount -o ro,remount /system");
}
catch (IOException e) {
e.printStackTrace();
}

[Q] Created a File Explorer, Cant see /data/

Hello there,
Im trying to create my own file explorer (a very stripped down one) with root privileges just to learn how to code for android. Anyways, i am able to access my /system folder and look in every folder besides the /data folder. There are no subdirectories... its just empty. When i check through ADB or through terminal emulator, i can see al the folders in the /data folder. So what am i doing wrong???
I have this setup for now,
Code:
final Runtime runtime = Runtime.getRuntime();
try {
runtime.exec("su");
}
just go get root access, but i dont even know if thats correct. The app asks for root permissions and i can accept it but i still cant view the /data folder...
I also tried
Code:
runtime.exec("mount -o remount,ro -t yaffs2 /dev/block/mtdblock5 /data");
and
Code:
runtime.exec("mount -o remount,rw -t yaffs2 /dev/block/mtdblock5 /data");
and still nothing...

nephron said:
Hello there,
Im trying to create my own file explorer (a very stripped down one) with root privileges just to learn how to code for android. Anyways, i am able to access my /system folder and look in every folder besides the /data folder. There are no subdirectories... its just empty. When i check through ADB or through terminal emulator, i can see al the folders in the /data folder. So what am i doing wrong???
I have this setup for now,
Code:
final Runtime runtime = Runtime.getRuntime();
try {
runtime.exec("su");
}
just go get root access, but i dont even know if thats correct. The app asks for root permissions and i can accept it but i still cant view the /data folder...
I also tried
Code:
runtime.exec("mount -o remount,ro -t yaffs2 /dev/block/mtdblock5 /data");
and
Code:
runtime.exec("mount -o remount,rw -t yaffs2 /dev/block/mtdblock5 /data");
and still nothing...
Click to expand...
Click to collapse
you don't actually have root
adb shell
Code:
# ls -l
drwxrwx--x 1 system system 2048 Jan 9 22:30 data
drwxr-xr-x 1 root root 2048 Jan 13 10:42 system
data is owned by system, and can only be read by system ( and root )
system is owned by root and can be read by everybody
you executed su
which got you root, but it didn't actually do anything, your app did not inherit root permissions

Firerat said:
you don't actually have root
adb shell
Code:
# ls -l
drwxrwx--x 1 system system 2048 Jan 9 22:30 data
drwxr-xr-x 1 root root 2048 Jan 13 10:42 system
data is owned by system, and can only be read by system ( and root )
system is owned by root and can be read by everybody
you executed su
which got you root, but it didn't actually do anything, your app did not inherit root permissions
Click to expand...
Click to collapse
Hmmmm alright. Well what i can do to make my app inherit root permissions?
edit:
I was able to view the contents of /data by changing the permissions on the folder itself using:
Code:
runRootCommand("chmod 555 /data");
which would make it read-only and
Code:
runRootCommand("chmod 777 /data");
which would make it read/write (i think, maybe 755?)
where runRootCommand is :
Code:
public static boolean runRootCommand(String command) {
Process process = null;
DataOutputStream os = null;
try {
process = Runtime.getRuntime().exec("su");
os = new DataOutputStream(process.getOutputStream());
os.writeBytes(command+"\n");
os.writeBytes("exit\n");
os.flush();
process.waitFor();
} catch (Exception e) {
Log.d("*** DEBUG ***", "Unexpected error - Here is what I know: "+e.getMessage());
return false;
}
finally {
try {
if (os != null) {
os.close();
}
process.destroy();
} catch (Exception e) {
// nothing
}
}
return true;
}

nephron said:
Hmmmm alright. Well what i can do to make my app inherit root permissions?
edit:
I was able to view the contents of /data by changing the permissions on the folder itself using:
Code:
runRootCommand("chmod 555 /data");
which would make it read-only and
Code:
runRootCommand("chmod 777 /data");
which would make it read/write (i think, maybe 755?)
where runRootCommand is :
Code:
public static boolean runRootCommand(String command) {
Process process = null;
DataOutputStream os = null;
try {
process = Runtime.getRuntime().exec("su");
os = new DataOutputStream(process.getOutputStream());
os.writeBytes(command+"\n");
os.writeBytes("exit\n");
os.flush();
process.waitFor();
} catch (Exception e) {
Log.d("*** DEBUG ***", "Unexpected error - Here is what I know: "+e.getMessage());
return false;
}
finally {
try {
if (os != null) {
os.close();
}
process.destroy();
} catch (Exception e) {
// nothing
}
}
return true;
}
Click to expand...
Click to collapse
hmm,
not an app I would recommend to anyone

Firerat said:
hmm,
not an app I would recommend to anyone
Click to expand...
Click to collapse
lol not trying to sell the app. Just trying to learn. Would appreciate the help though...

[Q] executing self-compiled c/c++ code in connectbot: Syntax error: word unexpected

Hi all,
(see at the end for setup and device info)
(remove spaces in URLs since I am not allowed to post real URLs yet)
I am trying to compile my own c/c++ code and run it on my android phone.
I got the android toolchain and the program (hello world, "test" binary) compiles:
./agcc -c -o test hello.cpp
file test
test: ELF 32-bit LSB relocatable, ARM, version 1 (SYSV), not stripped
The program executable is "test". I copy it to my android to /data (since other folders apparently do not have execution permission yielding the "permission denied" error when trying to execute) and do "chmod a+x test"
When I start connectbot on my phone, navigate to /data and do "./test" then I get the error: Syntax error: word unexpected (expecting ")")
As if connectbot would try to execute this binary as a shell script.
In principle, a step-by-step manual how to compile and run c/c++ code on android would be here:
"http: //www . hytherion.com/beattidp/comput/android/linux-on-android.html"
But I get this strange error mentioned above.
any ideas?
setup:
=====
Phone: Samsung Galaxy S2
Android: 2.3.4
Kernel: GINGERBREAD.XWKI4 (rooted, works all fine)
Crosscompile Toolchain: from: ./repo init -u https: // android.googlesource.com/platform/manifest
Using acc script from "http: // plausible.org/andy/agcc"
Exporting: export PATH=[PathToToolchain]/prebuilt/linux-x86/toolchain/arm-eabi-4.4.3/bin:$PATH
Hello World example:
// hello.cpp
#include <stdio.h>
int main()
{
int a=1;
printf("hello %d",a);
return 0;
}
compiling with: ./agcc -c -o test hello.cpp

bump bump?

[SOLVED] sm-t330 LP 5.1.1 working out supersu

This NOT a Q&A thread. Only people working out the problem are welcome.
okay , so as of flashing even supersu beta version BETA-SuperSU-v2.49 this is the issue i'm guessing for our device
for reference the firmware release api in question is Android 5.1 , API Level 22
Code:
[email protected]:/# adb logcat -d | grep F/
F/appproc ( 305): Error changing dalvik-cache ownership : Permission denied
F/libc ( 305): Fatal signal 6 (SIGABRT), code -6 in tid 305 (app_process32_o)
F/appproc ( 1026): Error changing dalvik-cache ownership : Permission denied
F/libc ( 1026): Fatal signal 6 (SIGABRT), code -6 in tid 1026 (app_process32_o)
F/appproc ( 1389): Error changing dalvik-cache ownership : Permission denied
F/libc ( 1389): Fatal signal 6 (SIGABRT), code -6 in tid 1389 (app_process32_o)
F/appproc ( 1758): Error changing dalvik-cache ownership : Permission denied
F/libc ( 1758): Fatal signal 6 (SIGABRT), code -6 in tid 1758 (app_process32_o)
F/appproc ( 2123): Error changing dalvik-cache ownership : Permission denied
F/libc ( 2123): Fatal signal 6 (SIGABRT), code -6 in tid 2123 (app_process32_o)
F/appproc ( 2482): Error changing dalvik-cache ownership : Permission denied
F/libc ( 2482): Fatal signal 6 (SIGABRT), code -6 in tid 2482 (app_process32_o)
[email protected]:/#
after looking at the script i ran and got this
Code:
[email protected]:/# adb shell ls -al /system/bin/app*
[COLOR="Red"]lrwxrwxrwx root root 2014-03-07 10:19 app_process -> /system/xbin/daemonsu
lrwxrwxrwx root root 2014-03-07 10:19 app_process32 -> /system/xbin/daemonsu
-rwxr-xr-x root shell 13588 2015-07-02 14:29 app_process32_original[/COLOR]
-rwxr-xr-x root shell 13588 2014-03-07 10:19 app_process_init
-rwxr-xr-x root shell 57688 2015-07-02 14:29 applypatch
-rwxr-xr-x root shell 213 2015-07-02 14:29 appops
-rwxr-xr-x root shell 215 2015-07-02 14:29 appwidget
undoing that with this
Code:
rm -f app_process app_process32
ln -sf /system/bin/app_process32_original /system/bin/app_process
"resolved" the "error" so if you flashed supersu thinking YAY ROOT ! and ended up with what you got you need to run what i did to
regain what you had.
SO, linking daemonsu in a different way is probably the thing but, how?
so far selinux is still alive i am trying out a patch @RunasSudo suggested here
http://forum.xda-developers.com/goo...orrect-to-compile-permissive-selinux-t3074761
also i am trying to figure out how app_process works
@thisisapoorusernamechoice
sorry for hijacking your thread. m

Okay, so with a modified adbd in /sbin i achieve a root prompt through adb
Note - at this point i do have full control over the system. yay!
but at the cost of blank display and no functions of hardware input [no touch hard buttons] awww (frowny face)
interesting note, the stock adbd has root access/privelege when executing adb reboot recovery.
does anyone have a lead on how to bind a block device to a tcp port ?
something like this, but that works, and as a service maybe?
cat /dev/whatever | nc -l 2345

okay if i'm seeing this right...,
Code:
F/appproc ( 305): Error changing dalvik-cache ownership : [COLOR="Red"]Permission denied[/COLOR]
F/libc ( 305): Fatal signal 6 (SIGABRT), code -6 in [COLOR="Red"]tid[/COLOR] 305 (app_process32_o)
my gues would be selinux denial based on wrong/incorrect type id
from file contexts
Code:
/system/bin/app_process32 u:object_r:[COLOR="Red"]zygote_exec[/COLOR]:s0
from zygote.te
Code:
# zygote
[COLOR="Red"]type[/COLOR] zygote, domain;
type [COLOR="Red"]zygote_exec[/COLOR], exec_type, file_type;
soooooo when the shuffling around of app_process* happens and /system/xbin/daemonsu is linked to /system/bin/app_process
should daemonsu instead of being [from supersu installer script]
Code:
/system/xbin/daemonsu 0755 u:object_r:system_file:s0
be
Code:
/system/xbin/daemonsu 0755 u:object_r:zygote_exec:s0
?
i don't think it sepolicy version 26, same as sm-t530nu, i'm also using the sm-t53nu's LL kernel source release for my sm-t330nu LP kernel build, so it's not the knox ****ery in the kernel source. so it's the actual policy itself ?

I'm going to do an experiment by flashing/writing the system.img.ext4 from the sm-t530nu LP release with a modified boot.img
to the sm-t330nu [post LP release flash]
If it works it would effectively be a downgrade to 5.0.X
This has worked with @sub77 's LP builds for sm-t530nu to "port" them to sm-t330nu soooo
more to come ?

okay, sooooo
now that my sm-t330nu has the official LP release installed, i CAN flash the system.img from the official sm-t530nu to it and boot successfully,
so i was right about the tied to firmware thing.
Now after a few different tests i am unable to "downgrade" my boot.img to match the sm-t530nu release version wise, policy and all
and remain at android 5.1.1 NNNYYYAAAAAHHHHHHHHH ! [WHEW okay , glad to get that out.. ]
SO, i flashed supersu to see what would happen and got the same result as before BUT, totally sepolicy contexts
Without restoring system or doing the meatball surgery from the previous post, i instead manually changed the policy context
of /system/xbin/daemonsu through adb in recovery
[note- you must enbale dev-options--->debugging
Code:
adb reboot recovery
adb shell mount /system
adb shell
chcon u:object_r:zygote_exec:s0 /system/xbin/daemonsu
chattr +i /system/xbin/daemonsu
reboot
SHINY ! no root. but boots
Code:
[email protected]:/system/bin/.ext $ ls -Z /system/xbin/daemonsu
-rwxr-xr-x root root u:object_r:zygote_exec:s0 daemonsu
Okay so now we need to know proper context for
/system/xbin/su
/system/bin/.ext/.su
hmmmm... i am going outside to play.
Nature sucks, the resolution is terrible ! xD
okay android 5.1.1 samsung policy context for system libraries is
Code:
u:object_r:system_library_file:s0

okay so far nutz..,
i found this for setool utility [setools-android-sepolicy-inject] project by @Mikos
http://forum.xda-developers.com/android/software/setools-android-sepolicy-inject-t2977563
i've forked his sources https://github.com/xmikos/setools-android
adjusted for api, and will try this method.
Android NDK
wget https://dl.google.com/android/ndk/android-ndk-r10e-linux-x86.bin
m

okay,
got Miko's toolkit compiled, this is the output of seinfo
Code:
\[email protected]:/ $ seinfo
Statistics for policy file: /sepolicy
Policy Version & Type: v.26 (binary, mls)
Classes: 86 Permissions: 271
Common classes: 5
Sensitivities: 1 Categories: 1024
Types: 1169 Attributes: 162
Users: 1 Roles: 2
Booleans: 0 Cond. Expr.: 0
Allow: 14802 Neverallow: 0
Auditallow: 0 Dontaudit: 401
Type_trans: 458 Type_change: 0
Type_member: 0 Role allow: 0
Role_trans: 0 Range_trans: 0
Constraints: 59 Validatetrans: 0
Initial SIDs: 27 Fs_use: 19
Genfscon: 43 Portcon: 0
Netifcon: 0 Nodecon: 0
Permissives: 0 Polcap: 2
[email protected]:/ $
i'm looking for someone who can run me through how sepolicy injection works specifically.
I don't know enough to interpret a generic example.
what i can understand right now is daemonsu disguised as app_process cannot access/change what it needs to in dalvik-cache due to incorrect/wrong -tid if that's the right way to say it.
this again
Code:
F/appproc ( 305): Error changing dalvik-cache ownership : Permission denied
F/libc ( 305): Fatal signal 6 (SIGABRT), code -6 in tid 305 (app_process32_o)
Mikos said the following as to command line syntax
Mikos said:
Hello, the syntax is simple, if you want comparison with supolicy, here is one example (taken from my SnooperStopper app):
Code:
supolicy --live 'allow vdc init fifo_file {read write getattr}'
is equivalent to:
Code:
sepolicy-inject -s vdc -t init -c fifo_file -p read,write,getattr -l
Click to expand...
Click to collapse
m

so how much progress you have done so far? need any help?

jazzespresso said:
so how much progress you have done so far? need any help?
Click to expand...
Click to collapse
Jazz,
have you ever done any work with sepolicy, setools ?
is there a way or do you know the right way to do the policy injection part of what Mikos described for
su and daemonsu ?
when i run strings on the sepolicy binary i do find su_exec.
so i'm still at daemonsu being the culprit. @Chainfire does make it clear the there is a hijack of app_process going on
and i do believe it works for other devices running a "state sanctioned" 5.1.1 so this is/has to be a dicky samsung move.
also how to determine the correct tid if that is indeed what i'm looking for. [see OP]
m

Will look into that, not sure how much differences between android 5.0.X and 5.1.1..

jazzespresso said:
Will look into that, not sure how much differences between android 5.0.X and 5.1.1..
Click to expand...
Click to collapse
It seems to be all sepolicy, i had to adblock and put in my usual apps minus root apps via adb push.
Swapping policy from the 5.0 boot.img reseults in no visuals or input but at adb/terminal i have access,
It just occured to me that i have not yet tried the policy swap and then applied root, hmm.
After i unscrew my system, i upgraded but forgot to change from sid so now wifi is totally boned, xD
I'll try that out, i figure it's something with ueventd.?
On disabling the policy it's complete no go so far.
In spite of modding init.rc
To disab;e sepolicy reload, to write to sys/fs/selinux/enable/0 and trying kernel cmdline edits for enforce=0 androidboot.selinux=0 etc, results
In bogus disable or no boot and dead adbd. Fun fun fun !

this is a copy/paste from my earlier sepolicy trip from galaxy tab 3 forum, putting here for reference
On-Device Policy Files
/sepolicy: Kernel binary policy
/file_contexts: File security contexts
/property_contexts: Property security contexts
/seapp_contexts: App security contexts
/system/etc/security/mac_permissions.xml: App certificate to seinfo mapping
On mac_permissions.xml
●At build time, mac_permissions.xml signature tag names (e.g. @platform) are rewritten to the actual
certificate value extracted from .pem file specified by external/sepolicy/keys.conf
.●build/tools/releasetools/sign_target_files_apks rewrites mac_permissions.xml with updated certificate values for new keys.
System Apps by Certificate
●mac_permissions.xml:
<signer signature= @platform" >
<seinfo value="platform" />
</signer>
●
seapp_contexts:
user=_app seinfo=platform domain=platform_app
type= app_data_file
---------------------------------------------------
Okay so what is this _u _r _t suffix stuff?
• _u – SELinux user
eg: system_u – used for running system services
• _r – SELinux role
eg: system_r – for daemons and background processes
• _t – SELinux type / domain
eg:httpd_t
you can change a single domain to permissive mode
-------------------------------------
the original thread is here, i forgot all about mac_permissions.xml when swapping policy
http://forum.xda-developers.com/galaxy-tab-3/general/se-linux-policy-information-thread-t2865457

moonbutt74 said:
It seems to be all sepolicy, i had to adblock and put in my usual apps minus root apps via adb push.
Swapping policy from the 5.0 boot.img reseults in no visuals or input but at adb/terminal i have access,
It just occured to me that i have not yet tried the policy swap and then applied root, hmm.
After i unscrew my system, i upgraded but forgot to change from sid so now wifi is totally boned, xD
I'll try that out, i figure it's something with ueventd.?
On disabling the policy it's complete no go so far.
In spite of modding init.rc
To disab;e sepolicy reload, to write to sys/fs/selinux/enable/0 and trying kernel cmdline edits for enforce=0 androidboot.selinux=0 etc, results
In bogus disable or no boot and dead adbd. Fun fun fun !
Click to expand...
Click to collapse
I was thinking about getting policy from the 5.0 boot.img and try and see...not sure if it would work - you may try and let me know your results
1) 5.0 sepolicy file.
2) initrd.img current one
3) initrd.img current one
It has been long time man I worked on it or dig this stuff......hmmm....hmmm....Galaxy S6 developers got root on 5.1.1, so this should be not so hard.....

okay so the sesearch string looks something like this , yielding the following output
Code:
[email protected]:/storage/AIK-Linux/ramdisk# sesearch -A -s shell -t system [COLOR="Red"]-c file[/COLOR] sepolicy
Found 3 semantic av rules:
allow shell newAttr33 : file { ioctl read write getattr lock open } ;
allow newAttr7 newAttr33 : file { ioctl read write getattr lock open } ;
allow appdomain newAttr33 : file { ioctl read write getattr lock open } ;
but if i leave out the -c [class=name] option it works sort of like a wild-card and i get this
Code:
[email protected]:/storage/AIK-Linux/ramdisk# sesearch -A -s shell -t system sepolicy
Found 20 semantic av rules:
allow shell system_server : process { transition siginh rlimitinh } ;
allow shell newAttr33 : process getattr ;
allow shell newAttr33 : file { ioctl read write getattr lock open } ;
allow shell newAttr33 : dir { ioctl read getattr search open } ;
[COLOR="Red"]allow shell newAttr33 : lnk_file { ioctl read getattr lock open } ;[/COLOR]
allow appdomain domain : process getattr ;
allow domain system_server : fd use ;
allow newAttr7 newAttr33 : file { ioctl read write getattr lock open } ;
allow newAttr7 newAttr33 : dir { ioctl read getattr search open } ;
[COLOR="Red"] allow newAttr7 newAttr33 : lnk_file { ioctl read getattr lock open } ; [/COLOR]
allow newAttr1 binderservicedomain : fd use ;
allow newAttr1 binderservicedomain : binder { call transfer } ;
allow appdomain system_server : fd use ;
allow appdomain system_server : fifo_file { ioctl read write getattr lock append open } ;
allow appdomain system_server : tcp_socket { read write getattr getopt shutdown } ;
allow appdomain system_server : unix_stream_socket { read write getattr getopt setopt shutdown } ;
allow appdomain newAttr33 : file { ioctl read write getattr lock open } ;
allow appdomain newAttr33 : dir { read getattr search open } ;
allow appdomain newAttr33 : lnk_file { read write getattr open } ;
allow appdomain system_server : binder { call transfer } ;
the lnk_file ones seem interesing, i'm not sure if write is the correct perm or if it's readwrite
using sepolicy inject i've been adding to that list like so
Code:
sepolicy-inject -s appdomain -t newAttr33 -c lnk_file -p write -P sepolicy -o sepolicy-UNdead
but nothing yet, as i go further i will learn more, i think it's finding out what need to be made permissive, getting a read on audit and allow rules don't seem to work, i'm using debian's sepolicy dev tools, as well as Miko's set, and the originating source for sepolicy-inject as well.
finding the permissions/av denial connected to daemonsu being prevented from changing dalvik-cache ownership is what i think i'm looking for
but i'm not 100% on that, though when i
Code:
chcon u:object_r:su_exec:s0 su
, i do get a denial in terminal when i reboot and run su, so i'm still uncertain if su is the culprit.

what makes you think su is the culprit, it is because 5.1.1?

jazzespresso said:
what makes you think su is the culprit, it is because 5.1.1?
Click to expand...
Click to collapse
well, su runs the daemon right the daemon and supolicy need root privelege to run and load
for the portion of the logcat, changing ownership in dalvik-cache fails because damonsu hijacks the app_process/32
changing ownership is the function of chown which needs root priveleges, that particular function happens after the init process,
the init process work with root privelege for the beginning stages of the boot process then lock down and throws over to the system,
without the system's su functioning that process of changing dalvik cache ownership fails and sigabrt , the system hangs.
the reason i'm not 100% sure it's su is because when i chcon app_process/32 -> /xbin/daemonsu to ubject_r:zygote_exec
then the process goes through so...

moonbutt74 said:
well, su runs the daemon right the daemon and supolicy need root privelege to run and load
for the portion of the logcat, changing ownership in dalvik-cache fails because damonsu hijacks the app_process/32
changing ownership is the function of chown which needs root priveleges, that particular function happens after the init process,
the init process work with root privelege for the beginning stages of the boot process then lock down and throws over to the system,
without the system's su functioning that process of changing dalvik cache ownership fails and sigabrt , the system hangs.
the reason i'm not 100% sure it's su is because when i chcon app_process/32 -> /xbin/daemonsu to ubject_r:zygote_exec
then the process goes through so...
Click to expand...
Click to collapse
re-moved

Jazz,
what i am actually going to say is;
pingpong root is a fail, i tried it a few days ago.
dumping general links into this thread is not help.
Linking DIRECTLY to kernel patches/mods etc., is better.
I am looking at the s6 source from the thread you linked to.
I don't think kernel version will make too much of a difference.
The interest, MY interest is in how to mod the default sepolicy to unbreak root.
I do NOT want permissive, i want enforcing with root functioning correctly.
I am getting a better hang of the sepolicy tools but have yet to find what needs changing adjusting
I did manage to disable [set permissive] the policy AND achieve root BUT with display,touch,input broken as before. [grumble]
In the furture please remove quoted text when you reply to post. Thanks.
m

moonbutt74 said:
Jazz,
what i am actually going to say is;
pingpong root is a fail, i tried it a few days ago.
dumping general links into this thread is not help.
Linking DIRECTLY to kernel patches/mods etc., is better.
I am looking at the s6 source from the thread you linked to.
I don't think kernel version will make too much of a difference.
The interest, MY interest is in how to mod the default sepolicy to unbreak root.
I do NOT want permissive, i want enforcing with root functioning correctly.
I am getting a better hang of the sepolicy tools but have yet to find what needs changing adjusting
I did manage to disable [set permissive] the policy AND achieve root BUT with display,touch,input broken as before. [grumble]
In the furture please remove quoted text when you reply to post. Thanks.
m
Click to expand...
Click to collapse
sorry....removed the links and references on my previous post....

jazzespresso said:
sorry....removed the links and references on my previous post....
Click to expand...
Click to collapse
Jazz,
security: SELinux: Avoid enabling enforcing by conventional flag
as to this https://github.com/djvoleur/V_925R4_BOF7/commit/3e33f1fb5538fb2f0f055e9035fe8885a3471322
i'll give it a try and see what happens, but i still want sepolicy enforcing.
@jazzespresso
EDIT - okay i tried it out straight and no-go, but looking at the diff between our selinuxfs.c
and the one you linked to i see that we have a compile/build flag
#ifdef CONFIG_ALWAYS_ENFORCE
//If build is user build and enforce option is set, selinux is always enforcing
new_value = 1;
[blah blah blah]
selinux_enforcing = new_value;
there's some more but i think you get the idea of where i'm going with this.
the new_value change has been used before to success so it will work with our kernel source,
it's just a matter of getting it right. =]

Running app via ADB "** No activities found to run, monkey aborted." error

I'm having issues with my Pixel being stuck in "pixel is starting..." with no luck retrieving my files or even opening apps.
I have been using
Code:
./adb shell pm list packages"
To get the list of packages and
Code:
./adb shell monkey -p "package name" -v 500
to try to run the package. The result is always an error. Are there any tips on what could be causing this error or how to resolve it?
Code:
.vzmsgs -v 500
bash arg: -p
bash arg: com.verizon.messaging.vzmsgs
bash arg: -v
bash arg: 500
args: [-p, com.verizon.messaging.vzmsgs, -v, 500]
arg: "-p"
arg: "com.verizon.messaging.vzmsgs"
arg: "-v"
arg: "500"
data="com.verizon.messaging.vzmsgs"
:Monkey: seed=1613020879167 count=500
:AllowPackage: com.verizon.messaging.vzmsgs
:IncludeCategory: android.intent.category.LAUNCHER
:IncludeCategory: android.intent.category.MONKEY
** No activities found to run, monkey aborted.

AFAIK the monkey tool is basically used to generate pseudo-random streams of user and system events, not to start apps. But I may err, as always ...
If you want to abuse monkey to start an app then the synthax would be
Code:
adb shell "monkey -p <package_name> -c android.intent.category.LAUNCHER 1"
where you replace <package_name> with the package name of the app you would like to launch.
BTW: Line
Code:
./adb shell pm list packages"
contains a synthax error. It should read as
Code:
./adb shell "pm list packages"

I have also tried
Code:
./adb shell am start com.verizon.messaging.vzmsgs
which results in
Code:
Error: Activity not started, unable to resolve Intent { act=android.intent.action.MAIN cat=[android.intent.category.LAUNCHER] flg=0x10000000 pkg=com.verizon.messaging.vzmsgs }

As I can see you didn't pass a valid activity.
Correct Synthax to start an app by AM is
Code:
adb shell "am start -a android.intent.action.<ACTIVITY>"
where you replace <ACTIVITY> with the activity expected by app to get launched.
Hint:
Always enquote the command line ( args ) you pass to shell ( aka Android's terminal )
FYI:
I no longer participate this thread: for me it just doesn't make sense anymore. May be others willing to help will join.

I am able to do this other commands like "pull" successfully with another android phone without any issue but not on the pixel. I cannot actually use the shell am start command successfully anywhere.

I was able to run on another device using:
Code:
./adb shell monkey -p com.verizon.messaging.vzmsgs -c android.intent.category.LAUNCHER 1
but on my pixel it fails