[APP][Root][4.2+]SELinuxModeChanger v10.0 :: [24.07.2017] - Android Apps and Games

Now opensourced under gplv3! GITHUB
Get it in f-droid F-DROID page (v10 probably won't be there until release of stable gradle 4.0 and buildtools 26)
Now available on the XDA Labs! XDA Labs page (UPD: somebody released a fork without changing packagename so you can't get it there yet -_-)
Apk from github app-release-v10.apk - (as that's the only way to distribute it until I get control of my packagename on xda labs)
There are lots of folks around who already has KitKat on their devices. But kitkat comes with new secutity enhancement, SELinux, put into "enforcing mode". Maybe This thing is good from the point of security, but it breaks some Root Apps, like my Ultimate Dynamic Navbar, so I created this app.
What does it do? This app can change modes of SELinux:
Run app, give root access, select the mode you want SELinux to be in(permissive or enforcing) and that's all. Every time you reboot your device app will execute the script to change SELinux to the mode you've selected. Simple and stupid.
know issues:
- [THEORETICALLY] doesn't work with Samsung KNOX.
XDA:DevDB Information
SELinuxModeChanger, App for the Android General
Contributors
MrBIMC
Version Information
Status: Stable
Current Stable Version: 10.0
Stable Release Date: 2017-07-24
Created 2013-11-13
Last Updated 2017-07-24

With all the hype over SELinux Permissive and Enforcing, Ill be glad to test this out

WEM97 said:
With all the hype over SELinux Permissive and Enforcing, Ill be glad to test this out
Click to expand...
Click to collapse
Post your results once you've tested. Cuz I'm on custom kernel now that has SELinux completely disabled and didn't really tested this app

Does not work on my N9005 stock, i open the app, grant it root access, click on passive and hust to make sure i rebooted, still when i goto settings/about i get enforcing written...

Ather said:
Does not work on my N9005 stock, i open the app, grant it root access, click on passive and hust to make sure i rebooted, still when i goto settings/about i get enforcing written...
Click to expand...
Click to collapse
I don't sure the string there will actually change. Better test by executing this in some terminal emulator:
Code:
su
/system/bin/getenforce

MrBIMC said:
I don't sure the string there will actually change. Better test by executing this in some terminal emulator:
Code:
su
/system/bin/getenforce
Click to expand...
Click to collapse
Outputs: Enforcing

MrBIMC said:
Post your results once you've tested. Cuz I'm on custom kernel now that has SELinux completely disabled and didn't really tested this app
Click to expand...
Click to collapse
Same as the other guy. Passive to Passive. Post reboot of course.

WEM97 said:
Same as the other guy. Passive to Passive. Post reboot of course.
Click to expand...
Click to collapse
Just flashed stock kernel. Indeed. Works only untill reboot. After that - no Will work on a fix now!
UPD: Switched few times into different states - it works. Works when device is booted, works after reboot(wait till notification appear - go to "about phone".). Rebooted ~10 times to check it out - everything works fine for me(galaxy nexus, android 4.4)!
Dunno, guys. Maybe that's root denial in your case or something like this?
Waiting for more replies.

MrBIMC said:
Just flashed stock kernel. Indeed. Works only untill reboot. After that - no Will work on a fix now!
UPD: Switched few times into different states - it works. Works when device is booted, works after reboot(wait till notification appear - go to "about phone".). Rebooted ~10 times to check it out - everything works fine for me(galaxy nexus, android 4.4)!
Dunno, guys. Maybe that's root denial in your case or something like this?
Waiting for more replies.
Click to expand...
Click to collapse
Could be the knox not letting it set?

Ather said:
Could be the knox not letting it set?
Click to expand...
Click to collapse
Don't know. Will look to it tommorow. It's almost 4 am here, so I'm going to sleep now.

Ok, guys. Checked on few different devices. Can finally say that this thin works for every 4.3++ device, except Samsung KNOX-enabled ones.
Looking for knox fix now

Just a question: why not make it set the mode on boot the init.d way, cause I want to have less apps running at boot, anyway this is cool for those too lazy to use the setenforce command in terminal (and make a script)?

Ranomez said:
Just a question: why not make it set the mode on boot the init.d way, cause I want to have less apps running at boot, anyway this is cool for those too lazy to use the setenforce command in terminal (and make a script)?
Click to expand...
Click to collapse
init.d script could be added as an option, but not as #1 variant because this app is mainly targeted to stock users, and usually(always?) stock kernels don't support init.d scripts.
Also you shouldn't care about consumption of background process, cuz it doesn't start any service. After every reboot app starts only for ~1 second to execute few commands, and closes right after.

Works on note3 vzw,. Great app

nutpn said:
Works on note3 vzw,. Great app
Click to expand...
Click to collapse
Wow. Do you have KNOX in your rom? What was the default state for SELinux for you(Does note 3 has "enforcing" mode on 4.3 by default)?

MrBIMC said:
Wow. Do you have KNOX in your rom? What was the default state for SELinux for you(Does note 3 has "enforcing" mode on 4.3 by default)?
Click to expand...
Click to collapse
VZW Note 3 is SElinux permissive by default.

MrBIMC said:
Wow. Do you have KNOX in your rom? What was the default state for SELinux for you(Does note 3 has "enforcing" mode on 4.3 by default)?
Click to expand...
Click to collapse
All my knox stuff is deleted and vzw is permissive, I checked to see if it would work and it changed to enforce then I toggled back to permissive so it worked on my note 3 thanks Im putting this one in my later folder in case anything ever happens it may work out for us.

Thanks for this useful app.
Just tried it on my Xperia mini pro running 4.3.1,unofficial CM10.2.
But after clicking the "Enforcing" button and rebooting a couple of times,my SELinux status still shows Permissive.
Am I still missing something?

Confirming that it doesn't work on my Samsung galaxy note 3 even after freezing all knox stuff. Didn't expect it to work but just so other people don't try lol
Sent from my SAMSUNG-SM-N900A using xda app-developers app

tried. on note 2 leaked 4.3 MJ5.
was permissive but tried and changed to enforcing.
now cant get back.
P.S. : we dont have knox implemented as in s4 or note 3.
and also removed all knox related things.
see pic :http://i44.tinypic.com/azjas.png

Related

[CM12/12.1-UPDATED] S4 Display Color Profiles for CyanogenMod 11, 12, 12.1

### CM12(.1) UPDATE ### (see bottom)
Hey Folks,
are you also tired of the oversaturated colors of the S4 amoled display??
I found out that the S4minisettings.apk, that was originally developed for the S4 Mini by @F4k to regulate the saturation and other colour concerning features, does the job for the S4 aswell! It works very similar to the colour profiles built into samsung stock roms.
After installation you can find a new settings option "advanced settings" in systemsettings/display just like they're are built in into the carbon roms.
Installation:
Download the apk from the link below.
Then you have to manually put the s4minisettings.apk to /system/app and after that it's very important to set ownership and permissions as follows:
Owner: root, root
Permissions: rw,r,r (644)
reboot!
The main option to reduce the saturation is called "Mode - Set the mDNIe mode". I choose "natural" and the oversaturation of the display is gone!
Some other options don't apply until you switch screen off an on once.
___________________________________________________
The apk can be downloaded here:
http://forum.xda-developers.com/attachment.php?attachmentid=2443961&d=1386605141
original thread here (search for F4K's post):
http://forum.xda-developers.com/showthread.php?t=2558702&page=11
you may also want to have a look at s4miniarchive who did a good article/video about it:
http://www.s4miniarchive.com/2014/01/enable-color-saturation-galaxy-s4-mini-cyanogenmod11.html
all thanks go to @F4k for creating this nice apk!
###CM12(.1)-Instructions###
So, f4k made a new lollipop version of this tool S4MiniSettings and built it into his S4 Mini cm12 rom. I extracted it and offer it to you for download.
Instructions:
- extract zip
- copy the folder "S4Minisettings" to /system/app folder
- set permissions of the folder to rwxr-xr-x (755), the apk to rw-r--r-- (644)
- reboot
- after reboot there is a new icon in the app drawer
- if you prefered the setting "natural" from the kitkat version, now choose "movie"
Notes:
- Important: SELinux level higher than "strikt"/"enforcing" is needed to write to system folder and/or set permissions, and the apk to be loaded at boot. Custom kernels like Alucard mostly got SELinux set to "moderat".
- Don't be confused about the app name - it does work with the S4 - definitely!
Doesn't S4 4.4.2 have this by default? I can do same changes through my Display settings - no need for additional apk.
I use kernel perseus to better experience with real colors.
Enviado do meu GT-I9500
creage said:
Doesn't S4 4.4.2 have this by default? I can do same changes through my Display settings - no need for additional apk.
Click to expand...
Click to collapse
The "S4" has this by default in the Touchwiz ROM it ships with, but this thread is about CyanogenMod.
Speaking of which, it possible to adjust color cast in CM11 on my Note 8.0 under Display/Display Advanced. Maybe this feature will also come to CM11 on the i9500.
When i reboot nothing happends :/ i have everything like you said, bit it doestn appear. I have cm 11 snapshot m3, help?
Or does this only work on nightlies build?? :crying:
elmaku said:
When i reboot nothing happends :/ i have everything like you said, bit it doestn appear. I have cm 11 snapshot m3, help?
Click to expand...
Click to collapse
Did you set the permissions and owner correctly? Otherwise it can't work.
Peter Semper said:
Did you set the permissions and owner correctly? Otherwise it can't work.
Click to expand...
Click to collapse
the permissions are exactly like you have it, but still its not working. It doesnt scan my apps when I reboot :/. Also worth noting, every time i go to see the permissions or change it it says in a square. "The current file system is read-only. Do you want to remount as read-write and continue the operation?" I click yes, then i change it rw--r--r and reboot and nothing happends. When I go check it againg is the same prosses all over againg.
Edit: Also, in my settings I have Display & lights instead of "Display" as the video shows. I know nothing and I understand this may be a dumb question, but it may had to do with the problem? sorry.
Over-saturated colours of S4? Oh Dear Lord :|
elmaku said:
the permissions are exactly like you have it, but still its not working. It doesnt scan my apps when I reboot :/. Also worth noting, every time i go to see the permissions or change it it says in a square. "The current file system is read-only. Do you want to remount as read-write and continue the operation?" I click yes, then i change it rw--r--r and reboot and nothing happends. When I go check it againg is the same prosses all over againg.
Click to expand...
Click to collapse
Which file manager do you use? "root explorer" i.e. has sometimes problems and sais it's write protected. I use "root browser" which does a good job, mostly.
devilsdouble said:
Over-saturated colours of S4? Oh Dear Lord :|
Click to expand...
Click to collapse
killjoy
Peter Semper said:
Which file manager do you use? "root explorer" i.e. has sometimes problems and sais it's write protected. I use "root browser" which does a good job, mostly.
Click to expand...
Click to collapse
I have used both! and none of them works when I reboot . Man what a bad luck I have.
elmaku said:
I have used both! and none of them works when I reboot . Man what a bad luck I have.
Click to expand...
Click to collapse
And also tried the file manager provided with cm 11? Just have to "unleash" it in the options, I mean enable root mode.
Peter Semper said:
And also tried the file manager provided with cm 11? Just have to "unleash" it in the options.
Click to expand...
Click to collapse
Nope... just tried it and it doesnt optimize the apps when rebooting. I'm stuck.
elmaku said:
Nope... just tried it and it doesnt optimize the apps when rebooting. I'm stuck.
Click to expand...
Click to collapse
Very strange, you must have done something wrong.
Peter Semper said:
Very strange, you must have done something wrong.
Click to expand...
Click to collapse
I really don't understand :/... It is just not detecting it... maybe an option I have enable? I hate these saturated colors... :/ maybe it is only on nightlies?
Another options
splitterzelle said:
Hey Folks,
are you also tired of the oversaturated colours of the S4 amoled display??
I found out that the S4minisettings.apk, that was originally developed for the S4 Mini by F4K to regulate the saturation and other colour concerning features, does the job for the S4 aswell! It works very similar to the colour profiles built into samsung stock roms.
....
The apk can be downloaded here:
http://forum.xda-developers.com/attachment.php?attachmentid=2443961&d=1386605141
....
all thanks go to F4K for creating this nice apk!
Click to expand...
Click to collapse
This apk requires way too many permissions for the task it performs... Suspicious...
There is another option: KTweaker tool which comes with Ktoonsez kernels also allows to modify this setting (works with CM11 kernel, not only with Ktoonsez) .
After all this setting can be set via kernel "/sys" filesystem. From terminal emulator execute command:
Code:
echo 2 > /sys/class/mdnie/mdnie/mode
To make this change permanent (survive reboots and ROM updates) one may use init.d supplied with CM11, and create additional script in /data/local/ (in this location script will survive CM update).
Seems like init.d in CM11-M10 doesn't start scripts in /data/local/userinit.d/ directory, so the only option is to place script code to /data/local/userinit.sh
Permissions of this script must be set to 0755 (-rwxr-xr-x).
For anyone who interested in adopting this method I've prepared template script (also it sets some other available screen options, not only mode):
Code:
#!/system/bin/sh
# For SGS4 screen mode can be chosen from:
# 0 - STANDARD
# 1 - DYNAMIC
# 2 - MOVIE
# 3 - NATURAL
echo 3 > /sys/class/mdnie/mdnie/mode
# For SGS4 screen scenario can be chosen from:
# 0 - UI_MODE
# 1 - VIDEO_MODE
# 2 - VIDEO_WARM_MODE
# 3 - VIDEO_COLD_MODE
# 4 - CAMERA_MODE
# 5 - NAVI
# 6 - GALLERY_MODE
# 7 - VT_MODE
# 8 - BROWSER
# 9 - eBOOK
echo 0 > /sys/class/mdnie/mdnie/scenario
# Other parameters are boolean: 0 - Disabled, 1 - Enabled
echo 0 > /sys/class/mdnie/mdnie/negative
echo 0 > /sys/class/mdnie/mdnie/outdoor
Additionally I've prepared TWRP (CWM should work also, but I've not tested) installable version of this script (see attachment).
In that case if you dislike my default setting you'll need to unpack it, edit "data/local/userinit.sh" and pack it back using zip.
PS
This MAY work with other Samsung AMOLED devices. I can confirm that it works with galaxy tab 7.7 (p6800).
qolob said:
This apk requires way too many permissions for the task it performs... Suspicious...
Click to expand...
Click to collapse
It's not suspicious in any way! The developer f4k who wrote this little apk is a very honorable guy, just have a look at his profile and all of the work he does...
This apk does the job perfectly and doesn't do any harm to nothing.
Your remark/comment is very unnessessary here. So why don't you go start a thread your own instead of lousing this one up?
splitterzelle said:
It's not suspicious in any way! The developer f4k who wrote this little apk is a very honorable guy, just have a look at his profile and all of the work he does...
This apk does the job perfectly and doesn't do any harm to nothing.
Click to expand...
Click to collapse
I'm not trying to blame anyone in anything.
I'm not a pro in android programming and maybe such permissions are implied to all apk's that manage system settings.
However I can't see any reason for app that manages screen settings to require permissions to make calls, access user contacts etc. and it seems suspicious to me. That's all.
splitterzelle said:
Your remark/comment is very unnessessary here. So why don't you go start a thread your own instead of lousing this one up?
Click to expand...
Click to collapse
When I was searching how to setup screen settings in CM11 on SGS4 I've found only this thread. And when I've managed to solve this problem with alternative method I've decided that other users maybe interested in this information. I've posted to Your thread because I thought that it is a good idea to post all possible solutions for 'S4 amoled display colour profiles with cyanogenmod 11' in one thread to help other people find them quickly and in one place.
Sorry if I was wrong and violated something.
qolob said:
I'm not trying to blame anyone in anything.
I'm not a pro in android programming and maybe such permissions are implied to all apk's that manage system settings.
However I can't see any reason for app that manages screen settings to require permissions to make calls, access user contacts etc.
...
Sorry if I was wrong and violated something.
Click to expand...
Click to collapse
Mostly when there are high ranking permissions for an app requested, it isn't because of maliciousness of the author, it's often just carelessness of the creator not deactivating them in the building tool's presets he uses.
And after all, just don't be so mistrustful about things coming from senior xda developers......
This method I announced here is very simple to install, safe and works perfectly even with the latest nightlies so far.

Selinux permissive

Hey xda I'm looking for a kernel for PAC Man ROM that is selinux permissive to enable touch screen compatibility with my appradio 3. I've tried the selinux mode changer but it doesn't seem to do any thing except set a notification that it set selinux to permissive.
Abby suggestions it there?
Sent from my SCH-I535 using XDA Premium 4 mobile app
JakaraRuus said:
Hey xda I'm looking for a kernel for PAC Man ROM that is selinux permissive to enable touch screen compatibility with my appradio 3. I've tried the selinux mode changer but it doesn't seem to do any thing except set a notification that it set selinux to permissive.
Abby suggestions it there?
Sent from my SCH-I535 using XDA Premium 4 mobile app
Click to expand...
Click to collapse
Have you made sure that it doesn't change anything, you can check the selinux status under Settings>About Phone. I personally have never had this problem. also can you tell me why you need to change it to permissive.
SeLinux Permissive
Mtsprite said:
Have you made sure that it doesn't change anything, you can check the selinux status under Settings>About Phone. I personally have never had this problem. also can you tell me why you need to change it to permissive.
Click to expand...
Click to collapse
Thanks for your reply. What I mean about nothing changes is when I check the status in settings>about phone after setting permissive mode with the selinux mode changer app and rebooting like it requests it still says enforceing. as to why I want to change it, I said before I am trying to get the touch interface to work on my pioneer appradio 3 head unit. I can mirror but touch doesn't work on the head unit. I have read in the appradio forum that you have to set SeLinux to permissive in order to accomplish this. I was hoping that some one with knowledge of custom kernels would be able to shed some light on this since it seems that Pac Man is set to enforcing by default. Also I have read that other kernels for other devices had the permissive mode set. I am so close to having this functionality it is getting frustrating, but I like the features that pac man brings to the table so I don't really want to switch. at this point.
JakaraRuus said:
Thanks for your reply. What I mean about nothing changes is when I check the status in settings>about phone after setting permissive mode with the selinux mode changer app and rebooting like it requests it still says enforceing. as to why I want to change it, I said before I am trying to get the touch interface to work on my pioneer appradio 3 head unit. I can mirror but touch doesn't work on the head unit. I have read in the appradio forum that you have to set SeLinux to permissive in order to accomplish this. I was hoping that some one with knowledge of custom kernels would be able to shed some light on this since it seems that Pac Man is set to enforcing by default. Also I have read that other kernels for other devices had the permissive mode set. I am so close to having this functionality it is getting frustrating, but I like the features that pac man brings to the table so I don't really want to switch. at this point.
Click to expand...
Click to collapse
Ok well when i needed to do this i would always use the app described here. also its not that PAC ROM does this intentionally, in fact it was google who made 4.4.2 selinux set to enforcing, and its because of this that most if not all kernels for 4.4.2 have selinux set to enforcing.

[APP][5.0+][ROOT] Network Type Switcher

I've created a little application, which is able to switch network type (e.g. GSM only, LTE only, EvDo only, etc.) on any android with API 21 (Lollipop 5.0) or higher. I created this app because on some phones (e.g. Huawei devices), you cannot change the network type, even though you've managed to open the network engineering screen.
Please note that this app requires ROOT! Here are some features of this app:
- very small (about 50 kB) :angel:
- material design! :silly:
- no ads!
- ability to change to one of 12 network types supported by android
- on Android API 23 (Marshmallow) or newer, you can also change network type on devices with multiple SIM card slot (this is what I think other apps cannot do )
- able to detect if selected network type is not supported, and will revert back to previous setting if it the device doesn't support selected network type
I've tested this app (and use it on daily basis for about 1 month) on a rooted Huawei P9 Plus dual SIM and a rooted HiSense I46D1G, and so far so good.
Example use case : This app is great for locking to LTE only mode if your carrier gives huge bonuses on 4G data (to avoid falling back to WCDMA and cost you extra ), and locking to WCDMA only mode if you need adequate data speed while retaining the ability to place and receive CS calls and SMSes.
Download link for version 4:
Droid Host
Historical:
Download links for version 3:
Droid Host
Google Drive
Hi. Do you have a copy of your app in different host,not in mega? Thanks
xgneilx said:
Hi. Do you have a copy of your app in different host,not in mega? Thanks
Click to expand...
Click to collapse
Added Google Drive link. See my edited post. Thanks for your interest!
Thanks dev..
I'm on Xiaomi Mi Max Prime, MIUI 8.0.3 Global stable, marshmallow ROM. I can see the option to change network type for 2 SIM cards, but when i change one, the other one automatically follows. Meaning, whatever i change the sim 1 to, the SIM 2 gets changed as well. Is that supposed to be the logical outworking of your design?
cm14.1, apps not working.
already given superuser permission.
Sent from my peregrine using XDA Labs
VERY good app!
You made something what I started looking a week ago. A hell of "Thanks" mate. you made my day.
xgneilx said:
I'm on Xiaomi Mi Max Prime, MIUI 8.0.3 Global stable, marshmallow ROM. I can see the option to change network type for 2 SIM cards, but when i change one, the other one automatically follows. Meaning, whatever i change the sim 1 to, the SIM 2 gets changed as well. Is that supposed to be the logical outworking of your design?
Click to expand...
Click to collapse
No it doesn't. On marshmallow or higher, it should be able to switch network from those 2 slots independently. However, some OEM or device doesn't support switching it independently. Usually devices that comes with android lollipop or earlier doesn't support independent network switching. But as always, there will be some exceptions. I apologize if it doesn't work.
schrickz said:
cm14.1, apps not working.
already given superuser permission.
Click to expand...
Click to collapse
I've not tested in CM yet, since I don't have a device which has RIL and has CM ROM for it. This app has to negotiate with selinux. I heard that CM has pretty restrictive selinux policy. Maybe you can try to disable selinux by executing"setenforce 0" on a superuser shell. Please note that this disables selinux temporarily until reboot.
when I open the app it show this message.
i can't give root permission in cm13 beacuse there isn't a popoup where privacy guard ake you root access like other appps
Me Zoo, root is given but same error on android 5.1 ...
ivifly said:
Me Zoo, root is given but same error on android 5.1 ...
Click to expand...
Click to collapse
filip2805 said:
when I open the app it show this message.
i can't give root permission in cm13 beacuse there isn't a popoup where privacy guard ake you root access like other appps
Click to expand...
Click to collapse
Well, it seems that I have to investigate more about this. Thank you for your problem reports.
Sorry that I can't give an ETA at the moment. I am a little bit busy lately
Take your time...it'd your lifetime!
By the way, I don't gonna use lucky patcher seem to be a unsafe software and kind of black sheep of XDA......greetings ivi
I'm getting same error on CM13 (Root shell access is denied) whereas app don't ask for root permission, Even app don't show any permission in privacy guard
Please fix this
Thanks
Reinstalling the app is temporary fix, after reboot, getting same error...
Fixed : new version 4 is working fine for me, using from last 2 days
Thanks a lot jnakoda. Very useful app
Replies for the following posts:
schrickz said:
cm14.1, apps not working.
already given superuser permission.
Sent from my peregrine using XDA Labs
Click to expand...
Click to collapse
filip2805 said:
when I open the app it show this message.
i can't give root permission in cm13 beacuse there isn't a popoup where privacy guard ake you root access like other appps
Click to expand...
Click to collapse
ivifly said:
Me Zoo, root is given but same error on android 5.1 ...
Click to expand...
Click to collapse
spacexgen said:
I'm getting same error on CM13 (Root shell access is denied) whereas app don't ask for root permission, Even app don't show any permission in privacy guard
Please fix this
Thanks
Reinstalling the app is temporary fix, after reboot, getting same error...
Click to expand...
Click to collapse
Hi guys, could you try the new version 4 (on my edited 1st post)? See if it fixes the problem. Thanks.
now it works
jnakoda said:
Replies for the following posts:
Hi guys, could you try the new version 4 (on my edited 1st post)? See if it fixes the problem. Thanks.
Click to expand...
Click to collapse
still not working.
schrickz said:
still not working.
Click to expand...
Click to collapse
OK. Judging from the screenshot that you posted earlier, your issue doesn't stem from SELinux, and the app get root access properly. Seems like an issue with nougat API 25. Unfortunately, I don't have a nougat device at the moment . Will investigate the issue after getting a nougat device (or AVD!)
It's good work on my SM-Note 4 N9100 dual SIM(but i just used one),Marshmallow.
Good job,Thx!

Any Selinux permissives kernels out there?

Bought an M9 two weeks ago ( just went over my buyer's remorse period so i own it now). Love the phone but why isn't there any kernel development on this device?
justthefacts said:
Bought an M9 two weeks ago ( just went over my buyer's remorse period so i own it now). Love the phone but why isn't there any kernel development on this device?
Click to expand...
Click to collapse
Because the sources they gave us break stock camera... The camera works but can't save photos taken.
Selinux is easy to set anyway.
Is there anyway to know the selinux state on this phone without using any apps? (rooted)
justthefacts said:
Is there anyway to know the selinux state on this phone without using any apps? (rooted)
Click to expand...
Click to collapse
'getenforce' command in terminal.
Use 'setenforce 0' for Permissive, 'setenforce 1' for Enforcing.
Setenforce requires su, getenforce does not.
ante0 said:
'getenforce' command in terminal.
Use 'setenforce 0' for Permissive, 'setenforce 1' for Enforcing.
Setenforce requires su, getenforce does not.
Click to expand...
Click to collapse
Do I have to do this on every boot?
justthefacts said:
Do I have to do this on every boot?
Click to expand...
Click to collapse
There are scripts/apps to set it automatically.
Here's one for example: https://forum.xda-developers.com/android/apps-games/app-selinux-switch-t3656502
ante0 said:
There are scripts/apps to set it automatically.
Here's one for example: https://forum.xda-developers.com/android/apps-games/app-selinux-switch-t3656502
Click to expand...
Click to collapse
Scripts don't stick and Selinux switch doesn't work all the time. Have there been any attempts on making Selinux permissive kernels?
justthefacts said:
Scripts don't stick and Selinux switch doesn't work all the time. Have there been any attempts on making Selinux permissive kernels?
Click to expand...
Click to collapse
There's no point if you want a working camera. As I said, Huaweis source breaks camera.
That said, making a kernel with selinux set to permissive is not hard. You can even use hexeditor to modify boot.img to always be permissive.
Check this post https://forum.xda-developers.com/showpost.php?p=59160364&postcount=23
ante0 said:
There's no point if you want a working camera. As I said, Huaweis source breaks camera.
That said, making a kernel with selinux set to permissive is not hard. You can even use hexeditor to modify boot.img to always be permissive.
Check this post https://forum.xda-developers.com/showpost.php?p=59160364&postcount=23
Click to expand...
Click to collapse
If I set selinux permissive in the kernel, would it mess up the camera?
justthefacts said:
If I set selinux permissive in the kernel, would it mess up the camera?
Click to expand...
Click to collapse
No. It's just broken in the source that Huawei released. Hacking it yourself on your firmwares boot image should keep camera intact (depending on your edits of course xD). Building kernel from source breaks the camera app regardless if you edit anything or not.
ante0 said:
No. It's just broken in the source that Huawei released. Hacking it yourself on your firmwares boot image should keep camera intact (depending on your edits of course xD). Building kernel from source breaks the camera app regardless if you edit anything or not.
Click to expand...
Click to collapse
So you can just edit the kennel to be permissive and all good? And no one has tried and reported?
This phone is almost a year old, 6 million users.
justthefacts said:
So you can just edit the kennel to be permissive and all good? And no one has tried and reported?
This phone is almost a year old, 6 million users.
Click to expand...
Click to collapse
What?
You can just edit it. I'm just saying that building a custom kernel from source is no good as it breaks camera. (this has nothing to do with selinux status)
Just edit and flash and you should be good to go.

What is SELinux and how do I know whether it is enabled on my custom ROM?

Dear XDA Community,
Sorry, this is a newbie question, but when I was asking for suggestions for a custom and also secure ROM, I was suggested Pixel Experience and I have also been told to set SELinux to permissive. What is the purpose of SELinux? Is there a guide on how to adjust it to the appropriate settings? Does it not come enabled as default? Thank you in advance.
jason.mix said:
Dear XDA Community,
Sorry, this is a newbie question, but when I was asking for suggestions for a custom and also secure ROM, I was suggested Pixel Experience and I have also been told to set SELinux to permissive. What is the purpose of SELinux? Is there a guide on how to adjust it to the appropriate settings? Does it not come enabled as default? Thank you in advance.
Click to expand...
Click to collapse
SELinux policy is a security feature built into your kernel. Android is set to "enforcing" by default, you have to manually switch to permissive. A lot of custom mods and root enabled apps require your device to be in permissive mode in order to work. A classic example that I've used many times is a mod called Viper4Android, it requires permissive mode in order for it to function. This is not the only example, there are many other apps and mods that require permissive mode. Your device must be rooted in order to use permissive mode.
There is nothing special about enabling this, you just need to look for a custom kernel for your specific model number that has permissive mode built into the kernel then install the kernel or you can find an app such as SELinux Switch/SELinux Toggle, but, I'm not sure if that app is supported any more, the developer that built it hasn't been active here in quite some time.
Sent from my SM-S767VL using Tapatalk
Droidriven said:
SELinux policy is a security feature built into your kernel. Android is set to "enforcing" by default, you have to manually switch to permissive.
Click to expand...
Click to collapse
Thank you for your response. Just to clarify, should I just leave it as it comes or should I always double check after flashing the custom ROM? And is there a guide on how to adjust this option appropriately or does it depend on the ROM? I came across this thread and it states that Pixel Experience is set to permissive automatically. What should I do? And do you have any other advice for what other precautions I should take in order to have that extra security when using a custom ROM? Once again, thank you.
jason.mix said:
Thank you for your response. Just to clarify, should I just leave it as it comes or should I always double check after flashing the custom ROM? And is there a guide on how to adjust this option appropriately or does it depend on the ROM? I came across this thread and it states that Pixel Experience is set to permissive automatically. What should I do? And do you have any other advice for what other precautions I should take in order to have that extra security when using a custom ROM? Once again, thank you.
Click to expand...
Click to collapse
If you are concerned with being secure, you need to leave the device in enforcing mode, not permissive. I'm not sure exactly how you would switch the Pixel ROM from permissive to enforcing, the ROM may have a setting or you may have to use the Kernel Auditor app to switch to enforcing mode.
If you are not going to be doing any kind of modification to the system partition, you won't need to worry with permissive mode.
If the Pixel ROM is permissive by default, you won't need to change anything.
I'm not sure you understand exactly how the "switch" between enforcing/permissive is achieved. It not simply a "setting" that you enable/disable.
Here are a few ways to enable permissive mode that I know of:
1) if your stock kernel does not support permissive mode, you have to flash a kernel that has permissive support.
2) if your stock kernel does support permissive mode but doesn't have permissive mode enabled, you have to use something like the "SELinux Switch" or "SELinux Toggle" apps, these apps force the stock kernel into permissive mode and can be set to automatically enable permissive mode whenever the device boots and persist from one reboot to the next.
3) it can be enabled via adb commands or adb shell commands via PC or, if you are rooted, you can use a terminal emulator app or the terminal emulator that is built into TWRP to issue commands to enable enforcing/permissive, whichever you need.
Sent from my SM-S767VL using Tapatalk
Droidriven said:
If you are concerned with being secure, you need to leave the device in enforcing mode, not permissive. I'm not sure exactly how you would switch the Pixel ROM from permissive to enforcing, the ROM may have a setting or you may have to use the Kernel Auditor app to switch to enforcing mode.
Click to expand...
Click to collapse
I am not planning on rooting or modifying my system in any way, but is there a way to check whether I am running in enforcing mode? I am still running MIUI for now and if it helps, my kernel version is 4.9 186-perf-g1e22c7b and if you need any more details then just let me know. Thank you for helping me out.
jason.mix said:
I am not planning on rooting or modifying my system in any way, but is there a way to check whether I am running in enforcing mode? I am still running MIUI for now and if it helps, my kernel version is 4.9 186-perf-g1e22c7b and if you need any more details then just let me know. Thank you for helping me out.
Click to expand...
Click to collapse
To check whether your device is set to enforcing/permissive, you should be able to look in system settings>about phone>SELinux Status
Or
system settings>about phone>software info>SELinux Status
Or something similar, the exact location of the info is different for different devices/android versions.
Sent from my SM-S767VL using Tapatalk

Categories

Resources