Hi there
I got droidwall running on the SGY.
Please first read the whole post. I add changes at the end of it.
Here's what I did:
1. follow this great tut from irfanbagus. Thanks a lot irfanbagus!
2. After running "make bcm21553_totoro_05_defconfig", set this in .config:
CONFIG_IP_NF_TARGET_REJECT=y
CONFIG_NETFILTER_XT_MATCH_OWNER=y
and continue irfanbagus's steps
3. Install the new boot.img, e.g. via mai77's method as shown here
4. Profit! (as in: use droidwall )
Notes:
Alternatively the changes in .config could be set in cm21553_totoro_05_defconfig or via make menuconfig
If you don't have your boot.img as a normal file, run this in adb, then pull the file:
dd if=/dev/block/bml7 of=/data/local/boot.img
I was surprised that there was no such modified kernel till now. Maybe this is because the TARGET_REJECT option is essential but only XT_MATCH_OWNER is largely discussed when dealing with droidwall.
See attachment (mikstev_SGY_Kernel_netfilter_for_droidwall_boot.img.zip) for a boot.img with only these modifications.
Please test and report. I only tested blacklist/whitelist mode with Google Play blocked/allowed on Wifi connection, but it worked.
Edit 1: I've added the necessary (and probably some more) modules so that droidwall's logging works. Use the second attached file instead the first one.
Here are the changes I made, compared to normal .config:
CONFIG_NETFILTER_NETLINK=y
CONFIG_NETFILTER_NETLINK_LOG=y
CONFIG_NETFILTER_XT_MATCH_OWNER=y
CONFIG_IP_NF_TARGET_REJECT=y
CONFIG_IP_NF_TARGET_LOG=y
CONFIG_IP_NF_TARGET_ULOG=y
I guess the first two aren't necessary but I didn't bother to check every single module if it's the correct one which droidwall needs for logging. However this shouldn't matter anyway. See mikstev_SGY_Kernel_netfilter_for_droidwall_with_log_boot.img.zip
Edit 2: Due to request I've added init.d support to the latest release. Thanks irfanbagus! See mikstev_SGY_Kernel_droidwall_initd_boot.img.zip
Edit 2.5: Seems only the following modules are required but that only as a side note:
CONFIG_NETFILTER_XT_MATCH_OWNER=y
CONFIG_IP_NF_TARGET_REJECT=y
CONFIG_IP_NF_TARGET_LOG=y
Edit 3: New method for adding init.d support to a (newest) boot.img, with kernel modules for droidwall (+logging) and init.d scripts to load these modules. Please read the readme, if you have questions, post here. Special thanks to irfanbagus See mikstev_add_initd_to_boot.img__kernel_modules_initd_scripts_for_droidwall.zip
Edit 4: Thanks to an idea by irfanbagus and another tutorial to include init.d support by kurotsugi, here's another release. Adding init.d support is now easier with kurotsugi's method plus there's a update.zip (modules_droidwall_signed.zip) which does the other steps for you (copying the modules, init.d scripts and applying the correct permissions for these files). NOTE: this update.zip is yet untested. If you test it please report. See mikstev_add_initd_to_boot.img__kernel_modules_initd_scripts_for_droidwall_v2.zip
Edit 5: The update.zip from edit 4 seems to work. If you're using a kernel with init.d support you only need to install the update.zip and it should work fine.
good job. i know droidwall depend on other kernel features beside CONFIG_NETFILTER_XT_MATCH_OWNER. since i don't have plan to use droidwall, i don't bother to find it.
Profit indeed! It works! Good job, mikstev! I was able to block dolphin HD on my phone just to test if it works and it did, much to my delight!
And to irfanbagus as well for that wonderful guide on how to compile a kernel.
Great job, guys!
Now let's hope that all the other kernel developers include this small bit of configuration in their builts
finally! ive been waiting for this for ages. thank you very muchhhh!
Sent from my GT-S5360 using xda premium
Logging doesn't work yet. I'll try the solution from highlandsun: http://forum.xda-developers.com/showpost.php?p=11110889&postcount=357 tonight and upload new kernel if successful.
No need for so much hassel
Just use "lbe privacy guard" (free in store) it has much more features than droidwall and it doesnt require any special kind of kernel.
Y u no press "thanks"!?
Sent from my GT-S5360 using XDA
Ok, logging works now, I'll upload the new kernel. See first post.
devilrulz4ever said:
No need for so much hassel
Just use "lbe privacy guard" (free in store) it has much more features than droidwall and it doesnt require any special kind of kernel.
Y u no press "thanks"!?
Sent from my GT-S5360 using XDA
Click to expand...
Click to collapse
It seems that there're at least some people who see this differently. Here're some of my reasons, why I prefer droidwall over LBE Privacy Guard:
- it's a good and easy to use firewall. Not more, nor less. That's what I want.
- no "hassel" (to use your words) with resticting internet access of "trusted" apps
- I did not find a way in LBE to block LBE from using internet. In the iptables rules created by Droidwall I can clearly see that droidwall is not allowed = blocked
@mikstev: I'm just curious...is it based on sgy's newest kernel?
I think so, the source code is the one mentioned in irfanbagus' post (update2) which I linked above.
nice...I can integrate dualboot and data-2sd mod into this kernel easily. thx
i got other option to make droidwall work.
on init.rc i added this line:
service netfilter /system/bin/iptables
disabled
oneshot
this also work with avast firewall..
gear12 said:
i got other option to make droidwall work.
on init.rc i added this line:
service netfilter /system/bin/iptables
disabled
oneshot
this also work with avast firewall..
Click to expand...
Click to collapse
Can anyone confirm this? I can't see how this could replace the missing kernel modules.
mikstev said:
Can anyone confirm this? I can't see how this could replace the missing kernel modules.
Click to expand...
Click to collapse
nope. iptables only a user space application that depend on kernel features. and you can't call iptables without command/params.
the firewall works great, also, I can see the logs but after disconnecting from the internet and a few minutes the log is empty again, is this normal or a bug?
off topic:
and can I make a request? can you make the your boot.img support init.d as well? please...
Adam_Blade said:
the firewall works great, also, I can see the logs but after disconnecting from the internet and a few minutes the log is empty again, is this normal or a bug?
Click to expand...
Click to collapse
Yep, I noticed this too. The droidwall source seems ok at first glance and I don't think it's related to the netfilter modules etc. My guess would be that it's dmesg's fault, maybe the log is truncated or something but this is just speculation. I'll investigate in this in a few days. Maybe someone else knows why this happens?
Adam_Blade said:
and can I make a request? can you make the your boot.img support init.d as well? please...
Click to expand...
Click to collapse
Sorry, I currently don't have the necessary skills, so if you're looking for a quick solution you might better ask someone else for help. (Especially since there're already kernels with this feature and including the modifications for netfilter/droidwall should be trivial). However as I wanted to build up my knowledge regarding android/kernel development anyway, I'll try to add this feature one time, but that surely would take >1 week.
Regarding dmesg: the buffer size is set by CONFIG_LOG_BUF_SHIFT=19 which means 2^19 Bytes = 512KiB. I'll check later if this relatively huge size is really used up.
@mikstev: make init.d support kernel is easy. we only have to add a few script inside init.rc file. we can do it easily by using dsixda's kitchen or put the script manually. you can see my modified init.rc here http://www.mediafire.com/?cc1kg8s7cx27onb
I believe the script that have to be added is
service sysinit /system/bin/logwrapper /system/xbin/busybox run-parts /system/etc/init.d
disabled
oneshot
Just to get sure: the init.rc which needs to be modified is the one in the initial ramdisk and not in the kernel (zImage), right?
Related
Updates
10/1/2011 - Added 00remounti9001 to remount the major partitions to noatime and disabled barriers for as well as delayed journaling to every 60 seconds (as opposed to 5) to /data, /persist, /cache. Added Acid Tweaks - Removed Useless Stuff i9001.zip to remove journaling from /cache and /system (It's safe). Also added JournalingOn.zip to revert back the two partitions to being journaled.
For the 00remount script, here's the how to:
0. Wait till Android finishes loading everything.
1. Install Script Manager from Market
2. Point script manager to the script you placed in the sdcard.
3. Run as root.
4. Do this at every boot, as mount points are reset to its default as set by the type of your lagfix. Voodoo (from what I am using will set barriers for /data and atime for every mount point except /system, /data, /cache, /dbdata which puts a slight risk at your disk for using atime.
5. You can add a widget to your home screen for the script so that you can
activate it easily.
The other two are CWM zips. You should know how to flash CWM zips right?
Introduction
I've made a Definite Guide on Android thread for i9000 that focuses on a few optimizations/scripts I've picked up over the months I've spent on XDA. I truly enjoyed sharing my knowledge with the i9000 community and since the tips/guide/scripts can also be applied here (save some exceptions that I would list down below),I would like to share this with the Captivate community too.
Exceptions
Take note that the guide is primarily for i9000 units. There are a few differences I can note here that you should be aware of:
1. The guide points out some kernels/ROMs that are for i9000. Hence the phones you are using may have different ROMs/kernels that may or may not correlate with the one in the guide.
2. The guide also mentions some apps/tweaks that are particularly alien to your unit and you may have never encountered it in your use of your phone or in XDA. Please ignore them for now, I'll make an effort to make the guide compatible in the future (with feedback from you guys of course )
3. Journaling scripts that are attached like the JournalingOn.zip and Acid Tweaks - Removed Useless Stuff and 00remount may not work well with your unit or it may completely brick it. I don't know this, but if you can post your mount partition configuration, I am willing to make the scripts work for you. You only have to type "mount" on your Terminal Emulator and provide the output to me, and I'll provide the rest. Zach's script however, have high compatibility towards a lot of phones, and thus can be used for your unit. Take note that there is a slight risk that it won't work well. If it doesn't, please post your problems here, and I'll try to fix it. Hence, it's best that you make a nandroid backup before attempting to use any tweaks here.
3. I've compiled a guide on a few notable tweaks in XDA here: LINK. If you would like me to evaluate scripts/tweaks/anything that you do not understand due to their terms being alien to you, I'll be glad to explain it here
Guide
You can refer to the guide here:
LINK
Hi pikachu!
I've made a screenshot of the terminal output after entering the mount command. Hope it provides you the needed informations!?
reneph said:
Hi pikachu!
I've made a screenshot of the terminal output after entering the mount command. Hope it provides you the needed informations!?
Click to expand...
Click to collapse
Thank you
I'll get to work on the scripts. Give me an hour or two
pikachu01 said:
Thank you
I'll get to work on the scripts. Give me an hour or two
Click to expand...
Click to collapse
Updated the scripts. Please read my guide before flashing any of those zips/scripts to know about its risks.
I am not responsible for any damages/bootloops if you did not read the guide before flashing those scripts/zips.
UPDATE 10/1/2011 - Added 00remounti9001 to remount the major partitions to noatime and disabled barriers for as well as delayed journaling to every 60 seconds (as opposed to 5) to /data, /persist, /cache. Added Acid Tweaks - Removed Useless Stuff i9001.zip to remove journaling from /cache and /system (It's safe). Also added JournalingOn.zip to revert back the two partitions to being journaled.
For the 00remount script, here's the how to:
0. Wait till Android finishes loading everything.
1. Install Script Manager from Market
2. Point script manager to the script you placed in the sdcard.
3. Run as root.
4. Do this at every boot, as mount points are reset to its default as set by the type of your lagfix. Voodoo (from what I am using will set barriers for /data and atime for every mount point except /system, /data, /cache, /dbdata which puts a slight risk at your disk for using atime.
5. You can add a widget to your home screen for the script so that you can
activate it easily.
First of all, thanks for the work.
I have tried to execute the remount-script using the script manager as root as you mentioned, but something fails. When running the script it outputs "mount: No such file or directory, mount: Invalid argument" and then the predefined echos of the script.
I had to remove following lines of code to get an output without the mount-errors:
mount -o noatime,remount,rw /mnt/.lfs /mnt/.lfs;
mount -o noatime,remount,rw /sys/kernel/debug /sys/kernel/debug;
Click to expand...
Click to collapse
more scripts and tweaks!
http://forum.xda-developers.com/showthread.php?t=1227269
reneph said:
First of all, thanks for the work.
I have tried to execute the remount-script using the script manager as root as you mentioned, but something fails. When running the script it outputs "mount: No such file or directory, mount: Invalid argument" and then the predefined echos of the script.
I had to remove following lines of code to get an output without the mount-errors:
Click to expand...
Click to collapse
Thanks for the heads up. I forgot to remove those lines actually. I reupload the script with those two lines remoevd.
sakindia123 said:
more scripts and tweaks!
http://forum.xda-developers.com/showthread.php?t=1227269
Click to expand...
Click to collapse
Thanks for the link. Yes, I've read this one before. My guide would explain more about what some of the tweaks do, and the script incorporates more than the link that you provided. You can edit the script and take a look if you want
is this working?
larry200ro said:
is this working?
Click to expand...
Click to collapse
Which tweak are you specifically asking about?
They should work provided you read the guide to know what those tweaks are
can i use this in my rom?thanks
sakindia123 said:
can i use this in my rom?thanks
Click to expand...
Click to collapse
Why not?
Let me know how good it is working for you. Remember to read the guide, as the scripts might not work well with other scripts (if your ROM also implements other scripts)
pikachu01 said:
Which tweak are you specifically asking about?
They should work provided you read the guide to know what those tweaks are
Click to expand...
Click to collapse
Honestly, I am at work now, I tried to read some things really quickly from your guide but I think that this is to technical for me. In a few words can you please describe what are they doing? I own a i9001 with Kernel 2.6.35.7-perf [email protected] #1 and build number gingerbread.xxkg1 android 2.3.3.
Sorry if my english is not to good, I am at work , have no time to concentrate, I am Romanian
larry200ro said:
Honestly, I am at work now, I tried to read some things really quickly from your guide but I think that this is to technical for me. In a few words can you please describe what are they doing? I own a i9001 with Kernel 2.6.35.7-perf [email protected] #1 and build number gingerbread.xxkg1 android 2.3.3.
Sorry if my english is not to good, I am at work , have no time to concentrate, I am Romanian
Click to expand...
Click to collapse
Umm, if you only want to use the scripts, you could scroll down to Zach's scripts and 00remount (Hint: They are in quoted text form). They are pretty short and simple to read. All the others in the guide would reinforce the things that are explained in there. If you don't understand something in the guide, post it here, and I'll offer up a simpler more laymen explanation of it
And you'll need a custom kernel with init.d support if you want to use the scripts.
pikachu01 said:
Umm, if you only want to use the scripts, you could scroll down to Zach's scripts and 00remount (Hint: They are in quoted text form). They are pretty short and simple to read. All the others in the guide would reinforce the things that are explained in there. If you don't understand something in the guide, post it here, and I'll offer up a simpler more laymen explanation of it
And you'll need a custom kernel with init.d support if you want to use the scripts.
Click to expand...
Click to collapse
Sorry but you lost me in the bold section. Where do I get a custom kernel with init.d support? I am searching for a month now for a custom kernel/custom rom/custom anything for my phone but found nothing than the successfull rooting guide in this forum.
Am I so stupid?
pikachu01 said:
And you'll need a custom kernel with init.d support if you want to use the scripts.
Click to expand...
Click to collapse
But not for the remount-script!?
Anyways, is there an existing custom kernel for the phone at all?
larry200ro said:
Sorry but you lost me in the bold section. Where do I get a custom kernel with init.d support? I am searching for a month now for a custom kernel/custom rom/custom anything for my phone but found nothing than the successfull rooting guide in this forum.
Am I so stupid?
Click to expand...
Click to collapse
Ahh, it appears that i9001 doesn't have a custom kernel If supercurio or chainfire is free, they could patch the initramfs with theirs and publish it here. I'm not an expert in initramfs and I don't have this phone
reneph said:
But not for the remount-script!?
Anyways, is there an existing custom kernel for the phone at all?
Click to expand...
Click to collapse
The remount script will always work, yes with Script Manager. No, I can see that i9001 doesn't have a custom kernel for it. Too bad
Actually, even without init.d support, you could use Script Manager to launch the scripts at boot. The only thing is that the screenstate_scaling would need the Script Manager to be on all the time, which will drain more battery than save it.
pikachu01 said:
Actually, even without init.d support, you could use Script Manager to launch the scripts at boot. The only thing is that the screenstate_scaling would need the Script Manager to be on all the time, which will drain more battery than save it.
Click to expand...
Click to collapse
So, you are saying that it's better not to use any scripts until a custom Kernel will appear?
larry200ro said:
So, you are saying that it's better not to use any scripts until a custom Kernel will appear?
Click to expand...
Click to collapse
You can use the scripts with Script Manager. A custom kernel only makes it easier to apply the scripts.
pikachu01 said:
You can use the scripts with Script Manager. A custom kernel only makes it easier to apply the scripts.
Click to expand...
Click to collapse
Ok, This I understood very well but, as you said before, this will need Script manager to be running all the time which will result in more battery spent.
Isn't the purpose of all tweaks/scripts to improve performance without lose of battery life and the phone to run the applications that you need and freeze/uninstall those you never use?(I've uninstalled the applications that I don't need with Titanium Backup and I have improved my battery life significantly).
Thanks very much pikachu for all the scripts and for the good work but I think this is not worth it because 1. galaxy s plus i9001 has a good 1.4Ghz processor and runs almost anything perfect. 2. You can safely improve the battery time with a simple software available on the market for free without risking with scripts.
Many thanks again, if you need any information from my phone for development purposes just let me know. I am willing to help
i want to create a rom for i9001..i have already started a thread for this.
and init.d will be one of the first things i would do!
all ur scripts will load automatically at startup!
Hi there,
I am fairly new to custom ROMs etc and recently installed LeeDroid 4.3.0 successfully. However, I also wanted to try out a custom ROM and installed Faux' kernel too (mainline).
Battery drain became a lot better, but there's an optional feature to under voltage the CPU. According to the guide in the thread, I have to put
Code:
echo "-25000" > /sys/devices/system/cpu/cpufreq/vdd_table/vdd_levels
somewhere. Can someone tell me in where I have to put this in detail? Any other things I should take care of / should be aware of?
If this topic was discussed already (sure it was), please don't hesitate to link me to it, I just couldn't find anything via forums search.
Thanks!
You can run it with a terminal emulator directly on your phone or through adb/shell on your pc.
Either way, it's not going to stick and you should repeat the operation after every reboot if you want to keep the UV.
You can add that line to a script, though, so that it is executed automatically after every boot.
I usually add that line to the init.post_boot.sh script in /system/etc (between the other MSN8660 tweaks). The alternative is adding a file in the init.d folder.
nTraum said:
Hi there,
I am fairly new to custom ROMs etc and recently installed LeeDroid 4.3.0 successfully. However, I also wanted to try out a custom ROM and installed Faux' kernel too (mainline).
Battery drain became a lot better, but there's an optional feature to under voltage the CPU. According to the guide in the thread, I have to put
Code:
echo "-25000" > /sys/devices/system/cpu/cpufreq/vdd_table/vdd_levels
somewhere. Can someone tell me in where I have to put this in detail? Any other things I should take care of / should be aware of?
If this topic was discussed already (sure it was), please don't hesitate to link me to it, I just couldn't find anything via forums search.
Thanks!
Click to expand...
Click to collapse
you could just get System Tuner Pro from the market and UV that way
Thanks, got it with Grandelama's method.
Grandelama said:
You can run it with a terminal emulator directly on your phone or through adb/shell on your pc.
Either way, it's not going to stick and you should repeat the operation after every reboot if you want to keep the UV.
You can add that line to a script, though, so that it is executed automatically after every boot.
I usually add that line to the init.post_boot.sh script in /system/etc (between the other MSN8660 tweaks). The alternative is adding a file in the init.d folder.
Click to expand...
Click to collapse
how did u put it in the init.post_boot.sh?
i cant do that cuz cannot write to that
and writing tool have super user permissions,
that file cannot be editing
or can? if - how?
Hey guys I already posted this in a few kernel devs threads but I wanted to create this thread so I can share my info more easily with all the people out there.
What I found is some leftovers of knox on the ramdisk of nearly all the kernels out there - and possibilities to get rid of some more clutter.
There is this init.container.rc file which gets called from the init.rc who's job is to set up the mount points and some symlinks etc. for knox (just take a look at it). It also contains a service called "containersetup" and which's binary is located in /system/bin/containersetup.
I dont 100% know what this containersetup thingy does - but I just renamed the binary to stop it from running with no negative side-effects at all.
Disabling/removing the init.container.rc would also get rid of those reappearing data_1, data_2, data_3 etc. folders which get created by it.
---
This one is not particulary interesting for kernel devs I think, but I also found some other binaries that are or at least appear to be rather useless:
- there is "tima_dump_log" which creates some dumps related to tima on the data partition (possibly for the knox watchdog crap) - disabled that without side effects so far.
- there is "auditd" which is the audit daemon, which logs security related stuff (wether selinux allowed or disallowed stuff etc) - also disabled without side effects.
could possibly find some more.. (bootchecker, drsservice etc.. but not 100% sure on those)
P.S: Why don't you all include init.d support into the kernel? Just wondering, no attack (hard to tell in the internet hehe). Isn't that standard on linux kernel or is it a special feature which normally gets handled by the operating system / rom? (I know how to activate init.d support myself... well its not that hard.. but still wondering lol, because when switching kernels I always have to try and test if the kernel includes init.d support so scripts dont get run twice... some do some don't ...)
Just cooked my "own" custom version of faux123 v004 with the android image kitchen. (http://forum.xda-developers.com/showthread.php?t=2073775)
Removed the init.container.rc
Removed the call to init.container.rc inside init.rc
Edited the fstab.qcom to change system partitions mount flags to "ro,noatime,noauto_da_alloc,discard,journal_async_commit,errors=panic"
(you could also add init.d support to init.rc, but I already got that in my install-recovery.sh..)
--
Repacked everything together and flashed it onto my phone. This got rid of the container folders and data_1,data_2,data_3,mnt_1, etc. plus the mount "tweaks".
Unfortunately I cannot redistribute the kernel image with the modified ramdisk (its not my work, i just edited it a tiny bit...), but with the android image kitchen you can just do it yourself - until the kernel devs include this into their kernels as well. (might not be important to you guys, but I like my phone clutter free hehe)
---
ADD: By the way - this android image kitchen is awesome! I was trying to do this stuff with other versions of kernel repack tools - which are mostly made for linux. But the resulting kernels were not working. (the addresses used are not standard, and one would have had to edit the mkbootimg.c and recompile it himself to do it... but with this thing its just idiot-safe drag n drop. Just make sure you dont do any bullcrap on the ramdisk partition..
ADD2: Does anyone know how I could completely disable selinux (not just permissive, but completely turning it off)? I know it might missbehave, but I want to give it a try. The mount script already has the option to mount the firmware partition context free for the case that se-linux is disabled - so it must be possible somehow right? (what benefit does selinux give you anyway in permissive mode other than a possible nsa backdoor or smth?)
Awesome
Enviado do meu SM-N9005 através de Tapatalk
with selinux=permissive you can also deactivate the samsung drs service (this thing handles context labeling as it appears).
It consists of an app called "drsservice" and the binary /system/bin/drs. Can/could been disabled on selinux=enforcing too, but then you needed to do restorecon yourself on some occurences.
--
so on my device I disabled the following services/binaries (please lets try to find more together ...):
/system/bin/containersetup
/system/bin/auditd
/system/bin/tima_dump_log
/system/bin/kiesexe
/system/bin/drs
---
What I would like to manage (if possible) to disable the watchdog daemon and all that bullcrap that checks if the device was tempered (the watchdog daemon is related to knox right?)
zroice said:
Just cooked my "own" custom version of faux123 v004 with the android image kitchen. (http://forum.xda-developers.com/showthread.php?t=2073775)
Removed the init.container.rc
Removed the call to init.container.rc inside init.rc
Edited the fstab.qcom to change system partitions mount flags to "ro,noatime,noauto_da_alloc,discard,journal_async_commit,errors=panic"
(you could also add init.d support to init.rc, but I already got that in my install-recovery.sh..)
--
Repacked everything together and flashed it onto my phone. This got rid of the container folders and data_1,data_2,data_3,mnt_1, etc. plus the mount "tweaks".
Unfortunately I cannot redistribute the kernel image with the modified ramdisk (its not my work, i just edited it a tiny bit...), but with the android image kitchen you can just do it yourself - until the kernel devs include this into their kernels as well. (might not be important to you guys, but I like my phone clutter free hehe)
---
ADD: By the way - this android image kitchen is awesome! I was trying to do this stuff with other versions of kernel repack tools - which are mostly made for linux. But the resulting kernels were not working. (the addresses used are not standard, and one would have had to edit the mkbootimg.c and recompile it himself to do it... but with this thing its just idiot-safe drag n drop. Just make sure you dont do any bullcrap on the ramdisk partition..
ADD2: Does anyone know how I could completely disable selinux (not just permissive, but completely turning it off)? I know it might missbehave, but I want to give it a try. The mount script already has the option to mount the firmware partition context free for the case that se-linux is disabled - so it must be possible somehow right? (what benefit does selinux give you anyway in permissive mode other than a possible nsa backdoor or smth?)
Click to expand...
Click to collapse
I followed the link to the Android Image Kitchen and successfully followed your instructions from post #2 but I was wondering if you could please let me know of a good place to find some kernel tutorials for absolute beginners? Thank you for your information as well.
@zroice: Maybe you're already thinking about doing a free rom of Knox
Silverbolt said:
I followed the link to the Android Image Kitchen and successfully followed your instructions from post #2 but I was wondering if you could please let me know of a good place to find some kernel tutorials for absolute beginners? Thank you for your information as well.
Click to expand...
Click to collapse
not sure really, this was just basic scripting and editing the boot scripts, and I just found this out by playing around with the things.
I'm sure you will find a tutorial or smth on xda or google. I have yet to compile anything for android.. so I dont have a clue.
Just sharing my findings and hoping for some interesting replies what other people find out.
what about those data_x folders in a stock image?
Hi!
I've encountered these data_1 data_2 & data_3 on my stock note 3. Is there a way to remove them?
Ibe been looking for a way to remove these processes. I dont have any knox or container agents on my phone nor doea the kt747 kernel have selinux enforcing but I do see these leftovers running around. I found this thread by searching how to disable the tima log. There doeant seem to be much info about this available anywhere. I do se something else running that I suspect is a waste is called edmaudit. I suspect is enterprise device management. Not sure tho. I changed the permissions on the files you mentioned. I know its been a year but if you happen to have any new insight on thos I'd appreciate it.
Hi,
Some users don't root their devices or, even if rooted, some stock kernels don't includes support for init.d scripts folder.
With this simple app you can define a folder (at sdcard) containing all your initialization scripts and execute it after the boot sequence.
Note that some scripts (like the scripts needed to set min/max CPU speed) needs root permissions.
Operation is very simple, and you only need to select the scripts folder and activate the "run on boot" checkbox.
Note that you can provide superuser permissions to the scripts if you will.
Link: https://play.google.com/store/apps/details?id=com.ryosoftware.initd
First x) Awesome app mate!
Keep up the good work, and this is definitely a great tool.
Sent from my Nexus 5
any chance for a download link that isnt google play? (i run gapp-less on my att s3 i747)
thanks for good work regardless.
peace.
err on the side of kindness
Can I integrate this in my rom?
Can't run from /system/etc/init.d ?
Please help, and thanks for the great work.
Hello,
How can we make sure the init.d start soon enough ? Sooner than debuggerd ?
Would it start soon enough to remount important folders elsewhere before they are called ?
Same question
When does the script added to init.d actually run ?
Has the OS fully booted and are all services started/ready ?
Is this documented somewhere ? How can I tell ?
Thank you
So... here I will share 2 scripts I made to fix permissions for ViPER4Android running with enforced SELinux.
Why 2 scripts?
I like to keep everything open-source. Here I like to notice, Cyanogenmod is taking the wrong direction in my point of view. Every update takes out something of the customization possibilities of the user, so I am thinking of choosing new ROM. I faced real nightmare with SELinux permissions (well... SELinux is good, but Cyanogenmod doesn't provide any tool or way to manage those permissions). The more funny part is that with branch 13.0 of cyanogenmod there is no more init.d. Before someone corrects me - yeah... there is init.d, but SELinux blocks any script from executing at boot time, so don't use it. You will get your logs spammed by error messages. So... I've tried to enable init.d again, but there is no way to manage init.d to work as before. I've tried lots of different fixes from other posts, but nothing seems to work anymore, because of SELinux restrictions. I didn't managed to find any way to run scripts on boot time with root permissions in a suitable way... without messing with other system files or rebuilding build.img... so I came with those 2 solutions:
ViPER4Android (OpenSource) This is the solution I recommend to all of you. It is full open source. It doens't mess with you current system and it should work on any device/ROM. The zip file contains ViPER4Android app and driver, sepolicy-inject tool from setools-android so we can set permissions for ViPER4Android to work with enforced SELinux and Universal Init.d.
sepolicy-inject is open source equivalent to supolicy tool of Chainfire's SuperSU. I strongly recommend sepolicy-inject over supolicy, because every root closed source app should be threaten as security risk as the code can't be examined. I don't trust it esepcially when it is part of your android root manager
Universal init.d is just a application - it simulates init.d function. Imagine it like init.d on the user side... sadly enough you need to be pre-rooted to get it running.
ViPER4Android (Legacy) Maybe more of you will like this solution as it is more automated and it doesn't require any user action after installing the zip. This zip will do the same as the one above - it will install ViPER4Android removing all other DSP apps, but here come the difference - THIS SCRIPT WILL INSTALL CHAINFIRE'S SUPERSU in order to set SELinux policies for ViIPER4Android. Chainfire's SuperSU uses supolicy-tool - it let you manage SELinux policies on boot time. Chainfire's SuperSU will run everything in /system/su.d/ so again... you have init.d support - this is the real pain in the ass.
Before you download and flash, please read:
Both scripts WILL REMOVE other DSP apps from your device and will install ViPER4Android 2.4.0.1. I STRONGLY RECOMMEND TO USE SOLUTION 1 AS IT IS FULL OPEN SOURCE! Support open source software!!!
INSTRUCTIONS
ViPER4Android (OpenSource) - IN ORDER TO WORK, YOUR DEVICE MUST BE ROOTED! (Your device need to be rooted as Unversal Init.d needs root permissions in order to simulate init.d functionality)Download the .zip; Flash and reboot; Open Universal Init.d and grant root permission if asked; Reboot once more in case it don't work!
Sometimes Universal init.d is not fully initialized and needs some root permissions. That's why you need to reboot second time - then everything works. No further actions needed.
ViPER4Android (Legacy) - Just flash and reboot... but once more - SUPPORT OPEN SOURCE AND CHOOSE SOLUTION 1!!!!
For Samsung devices - if the scripts above doesn't work for you, check this post. Thx to Viper4713 for the instructions and voshchronos for solving the issue!!!
Hope to make someone happy
PS: If u want to make me happy with some beer, here you can donate a small amount. Thank you for your support.
Can i flash it on android one device running on 6.0.1
Yes. If you have any issues, please let me know!
rpangelov said:
Yes. If you have any issues, please let me know!
Click to expand...
Click to collapse
Hi, i tried to install the open source version on my kltedv running resurrection remix 6.0.1 however it is still not working. The init.d shows the kernel doesnt support init.d, and v4a drivers status is abnormal. It is also cause screen freeze and random restart. Any ideas? Your kind input would be very much appreciated. Thanks.
hiropandaz said:
Hi, i tried to install the open source version on my kltedv running resurrection remix 6.0.1 however it is still not working. The init.d shows the kernel doesnt support init.d, and v4a drivers status is abnormal. It is also cause screen freeze and random restart. Any ideas? Your kind input would be very much appreciated. Thanks.
Click to expand...
Click to collapse
I've just readed some info about the ROM you use. As it is based on Cyanogenmod I assume there is root manager builded in. Maybe it is disabled as CM root access is disabled by defaults? Look at: Settings -> Developer Options -> Root Access - turn in on by "Apps only".
Then just follow this steps:
1. Start Universal Init.d
2. Turn it off from the toggle button
3. Run test from the button on the bottom of Universal Init.d
4. If ask for root permissions, grant them!
5. Turn Universal Init.d ON from the toggle (step 2 you turned it off)
6. Restart your device and check once more!
If you still have any issues, please let me know!
Greetz,
Angelov
---------- Post added at 10:44 PM ---------- Previous post was at 10:42 PM ----------
rpangelov said:
I've just readed some info about the ROM you use. As it is based on Cyanogenmod I assume there is root manager builded in. Maybe it is disabled as CM root access is disabled by defaults? Look at: Settings -> Developer Options -> Root Access - turn in on by "Apps only".
Then just follow this steps:
1. Start Universal Init.d
2. Turn it off from the toggle button
3. Run test from the button on the bottom of Universal Init.d
4. If ask for root permissions, grant them!
5. Turn Universal Init.d ON from the toggle (step 2 you turned it off)
6. Restart your device and check once more!
If you still have any issues, please let me know!
Greetz,
Angelov
Click to expand...
Click to collapse
Hi Angelov, many thanks for your helpful instruction. I couldnt get it work with open source version. However it is working now after i install V4A legacy version. Many Thanks once again.
hiropandaz said:
---------- Post added at 10:44 PM ---------- Previous post was at 10:42 PM ----------
Hi Angelov, many thanks for your helpful instruction. I couldnt get it work with open source version. However it is working now after i install V4A legacy version. Many Thanks once again.
Click to expand...
Click to collapse
You are welcome! As I mentioned in the instructions - the legacy script will work always, but I don't like the implementation of it. I am working on new version of the opensource script, so there won't be any issues of that kind. When I am ready I will upload it here after updating my first post.
Greetz,
Angelov
This "universal" fix has been shared several months ago on XDA and a simple root shell is enough to use V4A in enforcing mode.
FYI init.d is deprecated now but it's not related to CM. Use su.d instead.
Primokorn said:
This "universal" fix has been shared several months ago on XDA and a simple root shell is enough to use V4A in enforcing mode.
FYI init.d is deprecated now but it's not related to CM. Use su.d instead.
Click to expand...
Click to collapse
Can you provide me a link to this universal fix you are talking about?
PS: init.d is deprecated in AOSP, i get that. Please read my first post once more, obviously isn't clear enough. Using su.d will result in using closed source tools to manage your Selinux policy's. As I mentioned it above - please support open source software. Every closed source root app has to be threaten as security risk. My opinion...
rpangelov said:
Can you provide me a link to this universal fix you are talking about?
PS: init.d is deprecated in AOSP, i get that. Please read my first post once more, obviously isn't clear enough. Using su.d will result in using closed source tools to manage your Selinux policy's. As I mentioned it above - please support open source software. Every closed source root app has to be threaten as security risk. My opinion...
Click to expand...
Click to collapse
Check the official V4A thread for instance. Others have opened threads in device specific forums or in the App & Games forum.
Have a look at this thread, it might interest you: http://forum.xda-developers.com/android/software-hacking/wip-selinux-capable-superuser-t3216394
FYI I do support open-source free/libre softwares, as much as I can.
Primokorn said:
Check the official V4A thread for instance. Others have opened threads in device specific forums or in the App & Games forum.
Have a look at this thread, it might interest you: http://forum.xda-developers.com/android/software-hacking/wip-selinux-capable-superuser-t3216394
FYI I do support open-source free/libre softwares, as much as I can.
Click to expand...
Click to collapse
I've seen phh's SuperUser but I didn't tried it - this is one of my tasks for this/next week.
As I've tried the most scripts, I didn't liked all the actions needed to be taken before running the .zip script in order to get viper working. I compile my own Cyanogenmod and I don't use gapps. Almost all apps I use on my device are opensource as I use F-droid as my only market (well... I need whatsapp, but I download it just from the website). Anyway... Cyanogenmod has it's own root manager builded in.... so why I need to install one more, which contains closed source tools in it? That is also the reason I don't advice people to use it... and I don't see that as solution to my problem. AOSP is opensource, but nowadays it is very dependent on some closed-source elements and I want to wipe them all out and use open source alternatives for. I hope you understand why using su.d isn't solution in this case. You just make your self and others dependent on one more closed source app, so I don't get where is the support for open source? I think that opensource script is good solution to the problem without using any closed source tool.
To make it easy as possible - just flash the .zip and you are ready to go, I included the latest version of Chainfire's SuperSu in the legacy script, so you don't need to install it before running the .zip. It looks easier to me....
Actually it is very stupid because the result of using the scripts (doesn't matter which one) you will end up with rooted device anyway (if it isnt already), but in order to get opensource script working your device has to be rooted before running the .zip, but if your device is already rooted, you just flash the zip and you are ready to go.
rpangelov said:
I've seen phh's SuperUser but I didn't tried it - this is one of my tasks for this/next week.
As I've tried the most scripts, I didn't liked all the actions needed to be taken before running the .zip script in order to get viper working. I compile my own Cyanogenmod and I don't use gapps. Almost all apps I use on my device are opensource as I use F-droid as my only market (well... I need whatsapp, but I download it just from the website). Anyway... Cyanogenmod has it's own root manager builded in.... so why I need to install one more, which contains closed source tools in it? That is also the reason I don't advice people to use it... and I don't see that as solution to my problem. AOSP is opensource, but nowadays it is very dependent on some closed-source elements and I want to wipe them all out and use open source alternatives for. I hope you understand why using su.d isn't solution in this case. You just make your self and others dependent on one more closed source app, so I don't get where is the support for open source? I think that opensource script is good solution to the problem without using any closed source tool.
To make it easy as possible - just flash the .zip and you are ready to go, I included the latest version of Chainfire's SuperSu in the legacy script, so you don't need to install it before running the .zip. It looks easier to me....
Actually it is very stupid because the result of using the scripts (doesn't matter which one) you will end up with rooted device anyway (if it isnt already), but in order to get opensource script working your device has to be rooted before running the .zip, but if your device is already rooted, you just flash the zip and you are ready to go.
Click to expand...
Click to collapse
I mentioned su.d because that's a solution with newer Android versions but I didn't say it's the best one. Using FLOSS softwares is a good move but you are using proprietary codes with CM.
Hi everyone, i flashed both of the zips with TWRP but i got an error code : 255. Any idea how to fix it ? Please help me. I'm using an x86 phone btw
trongtin64 said:
Hi everyone, i flashed both of the zips with TWRP but i got an error code : 255. Any idea how to fix it ? Please help me. I'm using an x86 phone btw
Click to expand...
Click to collapse
I think it's because your phone architecture... anyway - I will look at it today and I will let you know if I find a solution for your problem. Can you tell me which phone exactly you own ? Thank you.
Greetz, Angelov
rpangelov said:
I think it's because your phone architecture... anyway - I will look at it today and I will let you know if I find a solution for your problem. Can you tell me which phone exactly you own ? Thank you.
Greetz, Angelov
Click to expand...
Click to collapse
i'm using a zenfone 5 (A501CG) with resurrection remix mm 5.6.7
trongtin64 said:
i'm using a zenfone 5 (A501CG) with resurrection remix mm 5.6.7
Click to expand...
Click to collapse
You have a x86 architecture and this zip is probably for arm only. I guess you need the updater-binary for x86 and place it into the zip in META-INF/com/google/android.
Primokorn said:
You have a x86 architecture and this zip is probably for arm only. I guess you need the updater-binary for x86 and place it into the zip in META-INF/com/google/android.
Click to expand...
Click to collapse
Ok so i need an updater-binary for x86 right? Can i copy it from other zip to your zip? Will it work?
trongtin64 said:
Ok so i need an updater-binary for x86 right? Can i copy it from other zip to your zip? Will it work?
Click to expand...
Click to collapse
AFAIK you can use the one from a custom rom. You need a compatible custom recovery of course.
Primokorn said:
AFAIK you can use the one from a custom rom. You need a compatible custom recovery of course.
Click to expand...
Click to collapse
I'll use the one from my custom rom . Thank you for helping me :good:
It works great. thanks.
my bad for not following the instructions.