@all Kernel devs: Removing the knox leftovers on ramdisk - Galaxy Note 3 Android Development

Hey guys I already posted this in a few kernel devs threads but I wanted to create this thread so I can share my info more easily with all the people out there.
What I found is some leftovers of knox on the ramdisk of nearly all the kernels out there - and possibilities to get rid of some more clutter.
There is this init.container.rc file which gets called from the init.rc who's job is to set up the mount points and some symlinks etc. for knox (just take a look at it). It also contains a service called "containersetup" and which's binary is located in /system/bin/containersetup.
I dont 100% know what this containersetup thingy does - but I just renamed the binary to stop it from running with no negative side-effects at all.
Disabling/removing the init.container.rc would also get rid of those reappearing data_1, data_2, data_3 etc. folders which get created by it.
---
This one is not particulary interesting for kernel devs I think, but I also found some other binaries that are or at least appear to be rather useless:
- there is "tima_dump_log" which creates some dumps related to tima on the data partition (possibly for the knox watchdog crap) - disabled that without side effects so far.
- there is "auditd" which is the audit daemon, which logs security related stuff (wether selinux allowed or disallowed stuff etc) - also disabled without side effects.
could possibly find some more.. (bootchecker, drsservice etc.. but not 100% sure on those)
P.S: Why don't you all include init.d support into the kernel? Just wondering, no attack (hard to tell in the internet hehe). Isn't that standard on linux kernel or is it a special feature which normally gets handled by the operating system / rom? (I know how to activate init.d support myself... well its not that hard.. but still wondering lol, because when switching kernels I always have to try and test if the kernel includes init.d support so scripts dont get run twice... some do some don't ...)

Just cooked my "own" custom version of faux123 v004 with the android image kitchen. (http://forum.xda-developers.com/showthread.php?t=2073775)
Removed the init.container.rc
Removed the call to init.container.rc inside init.rc
Edited the fstab.qcom to change system partitions mount flags to "ro,noatime,noauto_da_alloc,discard,journal_async_commit,errors=panic"
(you could also add init.d support to init.rc, but I already got that in my install-recovery.sh..)
--
Repacked everything together and flashed it onto my phone. This got rid of the container folders and data_1,data_2,data_3,mnt_1, etc. plus the mount "tweaks".
Unfortunately I cannot redistribute the kernel image with the modified ramdisk (its not my work, i just edited it a tiny bit...), but with the android image kitchen you can just do it yourself - until the kernel devs include this into their kernels as well. (might not be important to you guys, but I like my phone clutter free hehe)
---
ADD: By the way - this android image kitchen is awesome! I was trying to do this stuff with other versions of kernel repack tools - which are mostly made for linux. But the resulting kernels were not working. (the addresses used are not standard, and one would have had to edit the mkbootimg.c and recompile it himself to do it... but with this thing its just idiot-safe drag n drop. Just make sure you dont do any bullcrap on the ramdisk partition..
ADD2: Does anyone know how I could completely disable selinux (not just permissive, but completely turning it off)? I know it might missbehave, but I want to give it a try. The mount script already has the option to mount the firmware partition context free for the case that se-linux is disabled - so it must be possible somehow right? (what benefit does selinux give you anyway in permissive mode other than a possible nsa backdoor or smth?)

Awesome
Enviado do meu SM-N9005 através de Tapatalk

with selinux=permissive you can also deactivate the samsung drs service (this thing handles context labeling as it appears).
It consists of an app called "drsservice" and the binary /system/bin/drs. Can/could been disabled on selinux=enforcing too, but then you needed to do restorecon yourself on some occurences.
--
so on my device I disabled the following services/binaries (please lets try to find more together ...):
/system/bin/containersetup
/system/bin/auditd
/system/bin/tima_dump_log
/system/bin/kiesexe
/system/bin/drs
---
What I would like to manage (if possible) to disable the watchdog daemon and all that bullcrap that checks if the device was tempered (the watchdog daemon is related to knox right?)

zroice said:
Just cooked my "own" custom version of faux123 v004 with the android image kitchen. (http://forum.xda-developers.com/showthread.php?t=2073775)
Removed the init.container.rc
Removed the call to init.container.rc inside init.rc
Edited the fstab.qcom to change system partitions mount flags to "ro,noatime,noauto_da_alloc,discard,journal_async_commit,errors=panic"
(you could also add init.d support to init.rc, but I already got that in my install-recovery.sh..)
--
Repacked everything together and flashed it onto my phone. This got rid of the container folders and data_1,data_2,data_3,mnt_1, etc. plus the mount "tweaks".
Unfortunately I cannot redistribute the kernel image with the modified ramdisk (its not my work, i just edited it a tiny bit...), but with the android image kitchen you can just do it yourself - until the kernel devs include this into their kernels as well. (might not be important to you guys, but I like my phone clutter free hehe)
---
ADD: By the way - this android image kitchen is awesome! I was trying to do this stuff with other versions of kernel repack tools - which are mostly made for linux. But the resulting kernels were not working. (the addresses used are not standard, and one would have had to edit the mkbootimg.c and recompile it himself to do it... but with this thing its just idiot-safe drag n drop. Just make sure you dont do any bullcrap on the ramdisk partition..
ADD2: Does anyone know how I could completely disable selinux (not just permissive, but completely turning it off)? I know it might missbehave, but I want to give it a try. The mount script already has the option to mount the firmware partition context free for the case that se-linux is disabled - so it must be possible somehow right? (what benefit does selinux give you anyway in permissive mode other than a possible nsa backdoor or smth?)
Click to expand...
Click to collapse
I followed the link to the Android Image Kitchen and successfully followed your instructions from post #2 but I was wondering if you could please let me know of a good place to find some kernel tutorials for absolute beginners? Thank you for your information as well.

@zroice: Maybe you're already thinking about doing a free rom of Knox

Silverbolt said:
I followed the link to the Android Image Kitchen and successfully followed your instructions from post #2 but I was wondering if you could please let me know of a good place to find some kernel tutorials for absolute beginners? Thank you for your information as well.
Click to expand...
Click to collapse
not sure really, this was just basic scripting and editing the boot scripts, and I just found this out by playing around with the things.
I'm sure you will find a tutorial or smth on xda or google. I have yet to compile anything for android.. so I dont have a clue.
Just sharing my findings and hoping for some interesting replies what other people find out.

what about those data_x folders in a stock image?
Hi!
I've encountered these data_1 data_2 & data_3 on my stock note 3. Is there a way to remove them?

Ibe been looking for a way to remove these processes. I dont have any knox or container agents on my phone nor doea the kt747 kernel have selinux enforcing but I do see these leftovers running around. I found this thread by searching how to disable the tima log. There doeant seem to be much info about this available anywhere. I do se something else running that I suspect is a waste is called edmaudit. I suspect is enterprise device management. Not sure tho. I changed the permissions on the files you mentioned. I know its been a year but if you happen to have any new insight on thos I'd appreciate it.

Related

[Q][DEV] Kernel modules loading at boot-time : which framework ?

Hi,
Usually on linux, there is a kernel loading modules at boot-time framework, cf. modules.conf.
No longer present in android.
When typing lsmod, there is two modules loaded by default : tntfs, and bcm4329 (and voodoo_sound
if you have it).
I'm trying to figure out what is the standard procedure on android : I've noticed on the
init.rc that the tntfs.ko is loaded, but can't figure out when bcm4329.ko is loaded.
Any idea ?
Moreover, I know that voodoo controller is able to load his own kernel module (voodoo-sound)
at boot-time. Anyone knows how the voodoo dev did that ?
My current idea is to modify init.rc to source a new file - let's say init.rc.local - to keep my custom mod. It'll
allow minimal changes when updating+root : just copy the init.rc.local and change the init.rc...
Sounds like we're recreating linux boot framework. lol.
This is something I've done on the HTC Incredible and the Droid 1 in the past, but in honeycomb, this is different, not very obvious yet:
Rather than try to emulate whatever Redhat or Ubuntu has done, which usually doesn't work, I either would use the line where tntfs.ko is insmod'd in /init.ventana.rc (sorry, think that's the filename), and add in the modules you want to add right there. Make sure to save the original file so you'll have a shot at fixing it if you make a mess.
The other thing is just to find some developer that appears to know what they're doing, and download their ROM, like Roach. I just downloaded his prime 1.6 ROM and unpacked it, then noticed immediately that he's got this in there:
/system/etc/init.d/01init{stuff},
Well that seems pretty important, so I did a grep 'init.d' * -R from the / level, and could only see little of importance, not any shell file like initrc pointing to it, just that busybox is linked to it, etc.
I figured it's worth a shot to create the same file structure on the stock ROM (/system/etc/init.d/0X{name} and see if it executes :: Start it with the usual #!/system/bin/sh
# load some modules
/system/bin/inmod /system/lib/modules/cifs.ko (or whatever)
and see what happened, if anything.
Better yet, I'd just send a message to Roach or some other ROM developer and ask.
Good luck -
altsyst said:
Hi,
Usually on linux, there is a kernel loading modules at boot-time framework, cf. modules.conf.
No longer present in android.
When typing lsmod, there is two modules loaded by default : tntfs, and bcm4329 (and voodoo_sound
if you have it).
I'm trying to figure out what is the standard procedure on android : I've noticed on the
init.rc that the tntfs.ko is loaded, but can't figure out when bcm4329.ko is loaded.
Any idea ?
Moreover, I know that voodoo controller is able to load his own kernel module (voodoo-sound)
at boot-time. Anyone knows how the voodoo dev did that ?
My current idea is to modify init.rc to source a new file - let's say init.rc.local - to keep my custom mod. It'll
allow minimal changes when updating+root : just copy the init.rc.local and change the init.rc...
Sounds like we're recreating linux boot framework. lol.
Click to expand...
Click to collapse
Tested.
Does not work, because modified room probably calling busybox run-parts.
Anyway I've found a hack, I'm posting it on general section.

[DEV] Lenovo Ideapad A1 Kernel Development/Testing

Warning/disclaimer: This thread is intended for those who already know how to compile a kernel and have a working knowledge of Linux and its derivatives. There shouldn't be a great deal of risk involved, but you are responsible for what happens if you decide to follow these instructions.
Polite request: Please don't post replies to this thread that aren't of a technical nature directly related to compiling, modifying, or testing the kernel.
Introduction:
It appears as if Lenovo have released a buildable and bootable kernel source. I've done some preliminary testing with it. However, it would be better if we could get lots of people building and running the kernel, so that we can spot any remaining problems. This is also an opportunity to start hacking it to add/fix features such as USB OTG, etc.
Kernel source:
Get it from the Github repository at: https://github.com/gmarkall/lenovo_a1_07_kernel
Toolchain:
The Makefile seems to suggest that Codesourcery 2010q1 has been used by Lenovo to compile the kernel. Get it from https://sourcery.mentor.com/sgpp/lite/arm/portal/release1293, and make sure that the arm-none-linux-gnueabi-* binaries are on your path.
Building the source:
You may wish to edit the Makefile around line 192 to set CROSS_COMPILE=arm-none-linux-gnueabi- instead of the hardcoded path that is the default.
Then, to build the kernel:
Code:
make distclean
make a1_07_defconfig
make uImage
Booting the kernel
Normally, Android devices have two boot images that consist of a kernel and a ramdisk. One boot image is for the recovery, and the other is for the Android system. This makes it safe to flash a new boot image containing an untested kernel for the Android system, since the recovery can always boot up using the other boot image. However, the A1, by some bad design decision, only has one kernel - the bootloader always loads the same kernel, and just loads a different ramdisk depending whether it is to boot into recovery or system. As a result, it is not safe to flash a kernel to your A1 unless it's already been tested, since a bad kernel will make it impossible to boot from the internal memory, and you'll need a bootable SD card.
The solution to this problem is to make a bootable SD card for loading the kernel and ramdisk from. A bootable SD card consists of two partitions:
* A small bootable VFAT partition, that holds the X-Loader (MLO), U-Boot (u-boot.bin) and the kernel (uImage).
* An ext2 partition that holds the root filesystem.
In order to create a bootable SD card, use the omap3-mkcard.sh script that is attached below. To invoke it for making /dev/mmcblk0 a bootable SD card:
Code:
sudo omap3-mkcard.sh /dev/mmcblk0
You may need to hack the script if your SD card device isn't a /dev/mmcblk* one, since the script searches for partitions denoted "p1" and "p2" - this may need changing to just "1" and "2" respectively (thanks Xbdesign and Brancaleone for this).
This will create the necessary partitions, set the bootable flag, and format them. You will then need to mount the first partition (e.g. /dev/mmcblk0p1), and copy MLO and u-boot.bin to it (also linked below). Then, copy the uImage that you built from your kernel tree, which will be located in /arch/arm/boot. You can now unmount this partition.
Next, mount the second partition (e.g. /dev/mmcblk0p2). This will need to contain the same set of files that the initial ramdisk contains. There are two different ramdisks that you might want to use - one is from the Cyanogenmod 7 build, and the other one is from the stock system. Download links for these are also below. To extract the ramdisk, copy it onto the SD card second partition, then run the following commands (assuming the ramdisk is called ramdisk.ub):
Code:
dd if=ramdisk.ub of=ramdisk.img.gz bs=64 skip=1 # Strip off the U-Boot header
gunzip ramdisk.img.gz # Unzip
sudo cpio -idmv < ramdisk.img # Extract the cpio archive
Then, unmount the second partition of the SD card.
You should now be able to remove the SD card and insert it into your A1. Power down the A1 and power up again, and it should hopefully boot from the SD card and load your kernel. If it's booted from the SD card and loaded your kernel, you should be able to see that it was compiled on your host by looking in Settings -> About Phone -> Kernel Version.
Troubleshooting:
This is not a comprehensive guide, just a few pointers to where a problem might be - please post replies to the thread to get troubleshooting suggestions.
System boots up, but is not running my kernel - it didn't boot from the SD card. If the A1 is plugged into the charger/USB, you sometimes need to reboot multiple times before it boots off the SD card (I think it doesn't always turn off fully when the charger is plugged in).
The static Lenovo logo flashes up over and over again - it's booted from the SD card, but didn't manage to load your kernel
The static Lenovo logo comes up and stays there/goes to a black screen - it's probably loaded your kernel and mounted the root file system, but failed to mount /system. Try running adb shell to see what happens. If you get something like
Code:
/system/bin/sh: no such file or directory
then your kernel is running but /system isn't mounted.
IRC Channel
Join #ideapad-a1 on irc.freenode.net to discuss the kernel and other A1 development-related topics!
Download Links:
MLO
u-boot.bin
omap3-mkcard.sh
Ramdisk for Cyanogenmod 7
Ramdisk for ROW 2643 stock release
I've added the two ramdisks that I suspect will be most common - if you need another ramdisk, you'll have to extract it from an OTA.
Also, I compiled a tun.ko - www.doc.ic.ac.uk/~grm08/ideapad/tun.ko
Here's a cifs.ko - http://www.doc.ic.ac.uk/~grm08/ideapad/cifs.ko
EDIT: AutobahnA1 and infraredevans have confirmed that tun.ko works on ROW_2643.
EDIT 2/3: Please test out cifs.ko! (It doesn't work - it needs slow-work.ko. Will get that done when I can. Thanks to Ilikecokethree on the Lenovo forums for pointing that one out).
你懂中文吗,大神!
我是中国人 关注你的帖子很久了,我不懂英文,用翻译软件看的大概,我们这里很多人支持你,都在用你的rom 很棒!比联想官方的好多了,谢谢!
I think I did exactly the steps as you told, but it still boots the original kernel, may something be wrong? Thank you very much.
PS: I'm a chinese too, and my English is not good either
gmarkall said:
This is also an opportunity to start hacking it to add/fix features such as USB OTG, etc.
Click to expand...
Click to collapse
Please do not forget to try the WiFi-based geolocation, which is also missing!
I wish I had the knowledge to work on it myself but I am far from taking over such tasks...do not have the slightest idea about how these things work.
Good luck and please keep us informed!
geoponer said:
Please do not forget to try the WiFi-based geolocation, which is also missing!
Click to expand...
Click to collapse
Geolocation bug has nothing to do with kenerl. It's a missing entry in framework-res.apk in ROM from Lenovo
see : forums.lenovo.com/t5/IdeaPad-Slate-Tablets/A1-Geocode-Bug-in-Firmware-Solution/td-p/709701
betabox said:
Geolocation bug has nothing to do with kenerl. It's a missing entry in framework-res.apk in ROM from Lenovo
see : forums.lenovo.com/t5/IdeaPad-Slate-Tablets/A1-Geocode-Bug-in-Firmware-Solution/td-p/709701
Click to expand...
Click to collapse
Also, it's working in CM7.
hohoxu_hao115 said:
I think I did exactly the steps as you told, but it still boots the original kernel, may something be wrong?
Click to expand...
Click to collapse
Sounds like it's booting from eMMC instead.
Can you post the partition table of the SD card as listed by fdisk, and also a directory listing of each of the two partitions? I ask this to confirm what's happened - seems like you're the first person to follow these instructions, and it's quite possible I made a mistake somewhere.
betabox said:
Geolocation bug has nothing to do with kenerl. It's a missing entry in framework-res.apk in ROM from Lenovo
see : forums.lenovo.com/t5/IdeaPad-Slate-Tablets/A1-Geocode-Bug-in-Firmware-Solution/td-p/709701
Click to expand...
Click to collapse
Apologies for the off-topic, but I think that we are discussing two different things here: I am referring to the Geolocation bug, which prevents me from e.g. checking in with Foursquare by using only WiFi location information (active GPS signal is needed) while you have solved the Geocoding bug, which has nothing to do with the Geolocation one...
Please correct me if I am wrong.
@Graham: I plan to install the CM7 that you have been working on (with the feedback from other users - I keep an eye on that thread!) but since I use my A1 for professional purposes as well, I would like to make sure that everything is working fine before moving to CM7. Apologies for not being able to contribute to the beta testing of CM7 but I am really looking forward to seeing a version based on the source code provided by Lenovo, which I think will lead to a more stable version of your CM7. I cannot thank you enough for taking the time to work on this, really!
geoponer said:
Apologies for the off-topic, but I think that we are discussing two different things here: I am referring to the Geolocation bug, which prevents me from e.g. checking in with Foursquare by using only WiFi location information (active GPS signal is needed) while you have solved the Geocoding bug, which has nothing to do with the Geolocation one...
Please correct me if I am wrong.
Click to expand...
Click to collapse
I think that whether it works in CM7 or not, it almost certainly isn't a kernel issue. I'll test it by signing up for Foursquare and give it a try out on CM7 to see if it works later on. Will post my findings in the CM7 thread.
Hi Graham,
just gonna pile up several questions/thinkings and feel free to comment them the or answer on your liking
We do have few hickups on CM7 but I am more excited about idea of having proper recovery then ironing current CM rom that works more than satisfactory right now. Do we have enough code (I assume that target here is u-boot) on our hands that someone can implement necessary changes to internal partitions and boot procedures?
what is your opinion on replacement of u-boot with something else? for example LK loader or to be more precise with its current HD2 implementation known as cLK. it allready has some neat features like HBOOT like GUI, ability to change partition sizes on device itself (without computer), ability to boot from different partitions (would be nice to have android and ubuntu side by side loaded on our devices) and last but not least it has fastboot support enabled...or is it better way fill up u-boot with desired features if possible?
so...just my wishful thinking...not enough knowledge on my side to do anything regarding all this just hoping that some of you, more capable guys gets interested in this
dusko_m said:
Hi Graham,
just gonna pile up several questions/thinkings and feel free to comment them the or answer on your liking
We do have few hickups on CM7 but I am more excited about idea of having proper recovery then ironing current CM rom that works more than satisfactory right now. Do we have enough code (I assume that target here is u-boot) on our hands that someone can implement necessary changes to internal partitions and boot procedures?
what is your opinion on replacement of u-boot with something else? for example LK loader or to be more precise with its current HD2 implementation known as cLK. it allready has some neat features like HBOOT like GUI, ability to change partition sizes on device itself (without computer), ability to boot from different partitions (would be nice to have android and ubuntu side by side loaded on our devices) and last but not least it has fastboot support enabled...or is it better way fill up u-boot with desired features if possible?
so...just my wishful thinking...not enough knowledge on my side to do anything regarding all this just hoping that some of you, more capable guys gets interested in this
Click to expand...
Click to collapse
I do want to implement something that's pretty much as you describe. My biggest motivation is that it's currently not safe to flash a kernel since you can break both system and recovery that way in one go - I really want to make the boot process more robust.
gmarkall said:
Also, I compiled a tun.ko - tun.ko
I haven't tested it yet - is anyone able to try it please?
Click to expand...
Click to collapse
The module loaded without a problem on my 2643_ROW Kernel. Installed "Rooted AnyConnect" from the "Play Place". Now I can connect to my company VPN.
gmarkall: YOU ROCK! THANK YOU!!!
tun.ko
Graham
The tun.ko module works perfectly with openvpn on 2643_ROW.
I can now access my Amahi home server,awsome.
Thanks a lot you are doing a great job.
Dont want to sound presumptuous but any chance of a cifs.ko to go with it .
Cheers
Infraredevans said:
Dont want to sound presumptuous but any chance of a cifs.ko to go with it .
Click to expand...
Click to collapse
I'll give it a whirl... give me a few minutes.
gmarkall said:
I'll give it a whirl... give me a few minutes.
Click to expand...
Click to collapse
Here it is: http://www.doc.ic.ac.uk/~grm08/ideapad/cifs.ko
To compile it I had to copy md5.h from another kernel source to fs/cifs in the kernel tree. I also had to edit init/Kconfig so that CONFIG_SLOW_WORK defaulted to yes. I configured the module with the options:
Support Legacy LANMAN servers which use weaker security
CIFS Extended attributes
CIFS POSIX attributes
and without statistics, debugging, or experimental features. Let me know if this is a suitable config - I could always tweak it and build another one.
arm-2010q1-202-arm-none-linux-gnueabi.bin
Did someone manage to install arm-2010q1-202-arm-none-linux-gnueabi.bin on 64bit system?
xbdesign said:
Did someone manage to install arm-2010q1-202-arm-none-linux-gnueabi.bin on 64bit system?
Click to expand...
Click to collapse
I did - I didn't have any problems, but my random guess about how to solve it could be to install ia32-libs. If installing that doesn't solve it, can you post a bit more detail about the problem?
I am using ubuntu 10.04 LTS and just cant install / find Getlibs to install a 32-bit version of xulrunner :-(
xbdesign said:
I am using ubuntu 10.04 LTS and just cant install / find Getlibs to install a 32-bit version of xulrunner :-(
Click to expand...
Click to collapse
Do you need that to run the installer? I just downloaded the tar version instead and extracted it. I saw there was an installer as well, but I thought it would be more hassle than using the tarball so I just ignored it.

[CUSTOM][KERNEL][HOWTO] Droidwall on the Samsung Galaxy Y

Hi there
I got droidwall running on the SGY.
Please first read the whole post. I add changes at the end of it.
Here's what I did:
1. follow this great tut from irfanbagus. Thanks a lot irfanbagus!
2. After running "make bcm21553_totoro_05_defconfig", set this in .config:
CONFIG_IP_NF_TARGET_REJECT=y
CONFIG_NETFILTER_XT_MATCH_OWNER=y
and continue irfanbagus's steps
3. Install the new boot.img, e.g. via mai77's method as shown here
4. Profit! (as in: use droidwall )
Notes:
Alternatively the changes in .config could be set in cm21553_totoro_05_defconfig or via make menuconfig
If you don't have your boot.img as a normal file, run this in adb, then pull the file:
dd if=/dev/block/bml7 of=/data/local/boot.img
I was surprised that there was no such modified kernel till now. Maybe this is because the TARGET_REJECT option is essential but only XT_MATCH_OWNER is largely discussed when dealing with droidwall.
See attachment (mikstev_SGY_Kernel_netfilter_for_droidwall_boot.img.zip) for a boot.img with only these modifications.
Please test and report. I only tested blacklist/whitelist mode with Google Play blocked/allowed on Wifi connection, but it worked.
Edit 1: I've added the necessary (and probably some more) modules so that droidwall's logging works. Use the second attached file instead the first one.
Here are the changes I made, compared to normal .config:
CONFIG_NETFILTER_NETLINK=y
CONFIG_NETFILTER_NETLINK_LOG=y
CONFIG_NETFILTER_XT_MATCH_OWNER=y
CONFIG_IP_NF_TARGET_REJECT=y
CONFIG_IP_NF_TARGET_LOG=y
CONFIG_IP_NF_TARGET_ULOG=y
I guess the first two aren't necessary but I didn't bother to check every single module if it's the correct one which droidwall needs for logging. However this shouldn't matter anyway. See mikstev_SGY_Kernel_netfilter_for_droidwall_with_log_boot.img.zip
Edit 2: Due to request I've added init.d support to the latest release. Thanks irfanbagus! See mikstev_SGY_Kernel_droidwall_initd_boot.img.zip
Edit 2.5: Seems only the following modules are required but that only as a side note:
CONFIG_NETFILTER_XT_MATCH_OWNER=y
CONFIG_IP_NF_TARGET_REJECT=y
CONFIG_IP_NF_TARGET_LOG=y
Edit 3: New method for adding init.d support to a (newest) boot.img, with kernel modules for droidwall (+logging) and init.d scripts to load these modules. Please read the readme, if you have questions, post here. Special thanks to irfanbagus See mikstev_add_initd_to_boot.img__kernel_modules_initd_scripts_for_droidwall.zip
Edit 4: Thanks to an idea by irfanbagus and another tutorial to include init.d support by kurotsugi, here's another release. Adding init.d support is now easier with kurotsugi's method plus there's a update.zip (modules_droidwall_signed.zip) which does the other steps for you (copying the modules, init.d scripts and applying the correct permissions for these files). NOTE: this update.zip is yet untested. If you test it please report. See mikstev_add_initd_to_boot.img__kernel_modules_initd_scripts_for_droidwall_v2.zip
Edit 5: The update.zip from edit 4 seems to work. If you're using a kernel with init.d support you only need to install the update.zip and it should work fine.
good job. i know droidwall depend on other kernel features beside CONFIG_NETFILTER_XT_MATCH_OWNER. since i don't have plan to use droidwall, i don't bother to find it.
Profit indeed! It works! Good job, mikstev! I was able to block dolphin HD on my phone just to test if it works and it did, much to my delight!
And to irfanbagus as well for that wonderful guide on how to compile a kernel.
Great job, guys!
Now let's hope that all the other kernel developers include this small bit of configuration in their builts
finally! ive been waiting for this for ages. thank you very muchhhh!
Sent from my GT-S5360 using xda premium
Logging doesn't work yet. I'll try the solution from highlandsun: http://forum.xda-developers.com/showpost.php?p=11110889&postcount=357 tonight and upload new kernel if successful.
No need for so much hassel
Just use "lbe privacy guard" (free in store) it has much more features than droidwall and it doesnt require any special kind of kernel.
Y u no press "thanks"!?
Sent from my GT-S5360 using XDA
Ok, logging works now, I'll upload the new kernel. See first post.
devilrulz4ever said:
No need for so much hassel
Just use "lbe privacy guard" (free in store) it has much more features than droidwall and it doesnt require any special kind of kernel.
Y u no press "thanks"!?
Sent from my GT-S5360 using XDA
Click to expand...
Click to collapse
It seems that there're at least some people who see this differently. Here're some of my reasons, why I prefer droidwall over LBE Privacy Guard:
- it's a good and easy to use firewall. Not more, nor less. That's what I want.
- no "hassel" (to use your words) with resticting internet access of "trusted" apps
- I did not find a way in LBE to block LBE from using internet. In the iptables rules created by Droidwall I can clearly see that droidwall is not allowed = blocked
@mikstev: I'm just curious...is it based on sgy's newest kernel?
I think so, the source code is the one mentioned in irfanbagus' post (update2) which I linked above.
nice...I can integrate dualboot and data-2sd mod into this kernel easily. thx
i got other option to make droidwall work.
on init.rc i added this line:
service netfilter /system/bin/iptables
disabled
oneshot
this also work with avast firewall..
gear12 said:
i got other option to make droidwall work.
on init.rc i added this line:
service netfilter /system/bin/iptables
disabled
oneshot
this also work with avast firewall..
Click to expand...
Click to collapse
Can anyone confirm this? I can't see how this could replace the missing kernel modules.
mikstev said:
Can anyone confirm this? I can't see how this could replace the missing kernel modules.
Click to expand...
Click to collapse
nope. iptables only a user space application that depend on kernel features. and you can't call iptables without command/params.
the firewall works great, also, I can see the logs but after disconnecting from the internet and a few minutes the log is empty again, is this normal or a bug?
off topic:
and can I make a request? can you make the your boot.img support init.d as well? please...
Adam_Blade said:
the firewall works great, also, I can see the logs but after disconnecting from the internet and a few minutes the log is empty again, is this normal or a bug?
Click to expand...
Click to collapse
Yep, I noticed this too. The droidwall source seems ok at first glance and I don't think it's related to the netfilter modules etc. My guess would be that it's dmesg's fault, maybe the log is truncated or something but this is just speculation. I'll investigate in this in a few days. Maybe someone else knows why this happens?
Adam_Blade said:
and can I make a request? can you make the your boot.img support init.d as well? please...
Click to expand...
Click to collapse
Sorry, I currently don't have the necessary skills, so if you're looking for a quick solution you might better ask someone else for help. (Especially since there're already kernels with this feature and including the modifications for netfilter/droidwall should be trivial). However as I wanted to build up my knowledge regarding android/kernel development anyway, I'll try to add this feature one time, but that surely would take >1 week.
Regarding dmesg: the buffer size is set by CONFIG_LOG_BUF_SHIFT=19 which means 2^19 Bytes = 512KiB. I'll check later if this relatively huge size is really used up.
@mikstev: make init.d support kernel is easy. we only have to add a few script inside init.rc file. we can do it easily by using dsixda's kitchen or put the script manually. you can see my modified init.rc here http://www.mediafire.com/?cc1kg8s7cx27onb
I believe the script that have to be added is
service sysinit /system/bin/logwrapper /system/xbin/busybox run-parts /system/etc/init.d
disabled
oneshot
Just to get sure: the init.rc which needs to be modified is the one in the initial ramdisk and not in the kernel (zImage), right?

[MOD] Universal Init.d Injector v3.1 [Deprecated]

This is a flashable zip that enables init.d scripts to run depending on the root method you have installed.
To uninstall, just flash the zip again and it'll restore everything to how it was before
If magisk:
Boot scripts will be installed that will run all exectuable scripts in init.d as post-fs-data except any that end in '-ls' which will be run as late start. Also note that if you're trying to create the init.d folder, the original directory when using magisk is actually /sbin/.core/mirror/system/etc. It goes without saying that this could break safetynet (honestly though, just copy your script to /sbin/.core/img/.core/service.d or post-fs-data.d instead and set permissions to 0755 rather than creating an init.d directory - using the in-house magisk solution is always the better option. Magisk users have almost no reason to create an init.d directory)
The rest of this is for non-magisk/supersu installs
Otherwise: the boot img and part of the system will be modified to enable init.d support.
What it does:
Search for sysinit in any rc file. If found and seclabel is intact and equal to target seclabel for my init rc script, then that seclabel will be set to permissive in sepolicy if needbe instead of using my solution
If sysinit with seclabel isn't found, a custom rc file and system/bin/script file will be installed and sepolicy will be patched accordingly to add init.d support. Init.d scripts will be run the same way as with magisk installs above
Adds magiskpolicy to sbin. It's more up to date and complete than setools so why not?
If there is an error on unpacking your boot image, check the binary inclusion section here to see if your device needs one: https://github.com/osm0sis/AnyKernel3#-binary-inclusion
If it does, place it in addon/AnyKernel3/tools/arm (or x86 - whichever your architecture is - probably arm)
I am not responsible for any oddities that happen to your device because of this, use common sense. For example, if you know your device has a weird boot img, check first.
BACKUP BOOT AND SYSTEM PARTITIONS BEFORE FLASHING
Compatibility: Any device magisk is compatible with
Confirmed working (boot img method):
Nexus 5x
Verizon LG G2
Oneplus 3/3T
Oneplus 5T
Nexus 9
Redmi Note
Zuk Edge
Axon 7 (A2017U)
Nexus 5
SM-N900T
SM-T350
LeEco Pro 3
Confirm your device works and I'll add it to the list!
Special thanks to: @osm0sis, @CosmicDan, @Ricky Divjakovski, @JustArchi
Source: https://github.com/Zackptg5/Init.d-Injector
Download
Good stuff :good:
Good idea with the removal of other/old init.d capabilities. It's annoying that so many ROM's/kernels claim to have init.d but they're fake or hacky (well, I guess the sepolicy injection is pretty hacky too lol). You might also want to consider looking for install-recovery hijack method of init.d and disabling that too - shouldn't be too hard, just check if the file exists in known locations and grep for init.d. The harder part though is what to actually *do* if found - probably best to comment-out the line that contains "run-parts" and/or "init.d" rather than erase the whole file.
CosmicDan said:
Good stuff :good:
Good idea with the removal of other/old init.d capabilities. It's annoying that so many ROM's/kernels claim to have init.d but they're fake or hacky (well, I guess the sepolicy injection is pretty hacky too lol). You might also want to consider looking for install-recovery hijack method of init.d and disabling that too - shouldn't be too hard, just check if the file exists in known locations and grep for init.d. The harder part though is what to actually *do* if found - probably best to comment-out the line that contains "run-parts" and/or "init.d" rather than erase the whole file.
Click to expand...
Click to collapse
Good idea, I'll look into that. Thanks!
Will try this soon on Honor 8 Pro and report back.
Quick update to v1.1
Just bought a used nexus 9 and found that the boot partition layout for it and other nvidia tegra devices is different from typical android devices. So I added support for nvidia tegra devices
So github screwed with my EOL again and converted a few of the files to windows eol which broke everything. I just fixed it and reuploaded v1.1 with the fixes so just redownload it and flash away. Thanks to @dmgZero for finding the issue
Just updated to v1.2. I added support for pixels and nexus5x/6p avb-signing. I haven't been able to test it out myself as my bullhead doesn't even need signing to work so any feedback would be great. Also updated the OP on how to modify this for any weird boot imgs you may have
Edit: No point in spamming the thread with another post: updated to v1.3. Just adds capability to remove any init.d stuff present from install-recovery.sh. Thanks to @CosmicDan for pointing it out
Works fine on Redmi Note (a MediaTek Helio X20 device) running MIUI 9 (Android 6.0).
One tiny detail, maybe just do an mkdir /system/etc/init.d after the patch succeeds, if it doesn't already exist. I could imagine that some other zips could check for the existence of this folder for a simple way to determine if init.d is supported.
CosmicDan said:
Works fine on Redmi Note (a MediaTek Helio X20 device) running MIUI 9 (Android 6.0).
One tiny detail, maybe just do an mkdir /system/etc/init.d after the patch succeeds, if it doesn't already exist. I could imagine that some other zips could check for the existence of this folder for a simple way to determine if init.d is supported.
Click to expand...
Click to collapse
Sweet, I already have that in the sysinit script but it would make more sense to move that to the installer so I'll put that into the next version. Thanks!
Is that supposed to work systemlessly?
You should probably add Samsung to the weird/hexed/Satan kernels. Tried flashing your zip and recovery came back with Invalid Partition upon failure, my device is a Galaxy Note 5 running RR 7.1.2. I do love the idea and your work though bro. Thanks.
Metabolic12 said:
You should probably add Samsung to the weird/hexed/Satan kernels. Tried flashing your zip and recovery came back with Invalid Partition upon failure, my device is a Galaxy Note 5 running RR 7.1.2. I do love the idea and your work though bro. Thanks.
Click to expand...
Click to collapse
I tried to originally but it was basically impossible to detect all bootimg types and they need extract binaries which if I included them all, would make the zip over 70mb. I updated the op a few days ago with instructions on how to add support for weird boot imgs (it's basically adding a few files to the zip)
I completely understand, I wasn't gonna ask you to include my kernel regardless that's rather selfish, and I did follow your guide in the OP to get it to work. I was just suggesting maybe add Samsung kernels next to LG in your OP. Great work bro, thank you.
Zackptg5 said:
I tried to originally but it was basically impossible to detect all bootimg types and they need extract binaries which if I included them all, would make the zip over 70mb. I updated the op a few days ago with instructions on how to add support for weird boot imgs (it's basically adding a few files to the zip)
Click to expand...
Click to collapse
---------- Post added at 02:58 AM ---------- Previous post was at 02:51 AM ----------
I'm a retard, I read the OP wrong earlier. Disregard the adding Samsung part ha.
Zackptg5 said:
I tried to originally but it was basically impossible to detect all bootimg types and they need extract binaries which if I included them all, would make the zip over 70mb. I updated the op a few days ago with instructions on how to add support for weird boot imgs (it's basically adding a few files to the zip)
Click to expand...
Click to collapse
sscheib01 said:
Is that supposed to work systemlessly?
Click to expand...
Click to collapse
The boot img is not part of the system partition so that's systemless. However, it installs an addon.d script and modifies the sysinit and install_recovery files if present which are on the system. It won't break safetynet if that's what you're wondering
Zackptg5 said:
The boot img is not part of the system partition so that's systemless. However, it installs an addon.d script and modifies the sysinit and install_recovery files if present which are on the system. It won't break safetynet if that's what you're wondering
Click to expand...
Click to collapse
I thought *any* System modification trips the Safety net?
I use the Universal Safetynet Bypass module for Magisk so it doesn't bother me, but curious.
Sent from my Redmi Note 4 using Tapatalk
CosmicDan said:
I thought *any* System modification trips the Safety net?
I use the Universal Safetynet Bypass module for Magisk so it doesn't bother me, but curious.
Sent from my Redmi Note 4 using Tapatalk
Click to expand...
Click to collapse
That's what I thought initially too but I've found lots of system modifications doesn't break safetynet such as editing the hosts file. Modifications to the zygote such as xposed framework for sure break safetynet but I'm not sure exactly which system modifications would. Other than testing them myself, I'm not really sure what would break it. I've found that you can completely alter parts of the system like with arise sound systems which adds a whole slew of libs and other modifications and safetynet still won't break (I found through my work there that having the system mounted as rw via a boot script will trigger safetynet but you can even go so far as to mount it as rw, make your changes, and then remount it as ro before boot completes and safetynet will still pass). It's weird man
Zackptg5 said:
That's what I thought initially too but I've found lots of system modifications doesn't break safetynet such as editing the hosts file. Modifications to the zygote such as xposed framework for sure break safetynet but I'm not sure exactly which system modifications would. Other than testing them myself, I'm not really sure what would break it. I've found that you can completely alter parts of the system like with arise sound systems which adds a whole slew of libs and other modifications and safetynet still won't break (I found through my work there that having the system mounted as rw via a boot script will trigger safetynet but you can even go so far as to mount it as rw, make your changes, and then remount it as ro before boot completes and safetynet will still pass). It's weird man
Click to expand...
Click to collapse
Kind of makes sense actually.
Hosts is in etc right, nothing in there is executable. So I imagine any changes to etc won't trip it because nothing in there would mess with device security. Sound mods... Well yeah they ADD libs but they don't replace any do they? They just add sound filters through the mixer configs in etc.
So I guess it makes sense. Sysinit is just added to xbin or whatever and I guess that doesn't trip it. But if you replaced, say, dex2oat with a proxy script to intercept oat generation, then it would definitely trip it.
Sent from my Redmi Note 4 using Tapatalk
Is it really needed??
I want to flash Dolby Atmos for Redmi Note 4, but init.d support is needed as mentioned by developer.
I tried Dolby Atmos without it sound is loud and great
I can't understand, why init.d is still needed?
Can anyone explain here?
amit.tiger12 said:
Is it really needed??
I want to flash Dolby Atmos for Redmi Note 4, but init.d support is needed as mentioned by developer.
I tried Dolby Atmos without it sound is loud and great
I can't understand, why init.d is still needed?
Can anyone explain here?
Click to expand...
Click to collapse
If it's working, then you don't need it or already have it. Init.d support is needed for Dolby if you are not using magisk or supersu and you have selinux set to enforcing
Zackptg5 said:
If it's working, then you don't need it or already have it. Init.d support is needed for Dolby if you are not using magisk or supersu and you have selinux set to enforcing
Click to expand...
Click to collapse
That's with respect to Dolby, what does it provide as a general point of view? What is it's significance?
Explain if you've enough time or just throw a link, it will help out.

Is it possible to root the "Nokia 8110 4G" running KaiOS ?

Hello everyone.
Can we please get root on this phone?
Specs are:
Operating System: KaiOS
System chip: Qualcomm Snapdragon 205 MSM8905
Processor: Dual-core, 1100 MHz, ARM Cortex-A7, 32-bit, 28 nm
Graphics processor: Adreno 304
System memory: 0.5 GB RAM
Built-in storage: 4 GB
Storage expansion: up to 64 GB
sgmarouf said:
Hello everyone.
Can we please get root on this phone?
Specs are:
Operating System: KaiOS
System chip: Qualcomm Snapdragon 205 MSM8905
Processor: Dual-core, 1100 MHz, ARM Cortex-A7, 32-bit, 28 nm
Graphics processor: Adreno 304
System memory: 0.5 GB RAM
Built-in storage: 4 GB
Storage expansion: up to 64 GB
Click to expand...
Click to collapse
Im also wondering the same thing
Yes, have been able to flash my own system and it is also possible to get ADB.
I am currently working on it, but it might take some days to get something useful out of it. As I just created a new account here, I am currently not able to post any links, but you can find my stuff linked on Twitter via @nexus511.
nexus511 said:
Yes, have been able to flash my own system and it is also possible to get ADB.
I am currently working on it, but it might take some days to get something useful out of it. As I just created a new account here, I am currently not able to post any links, but you can find my stuff linked on Twitter via @nexus511.
Click to expand...
Click to collapse
Good job! :good:
0312birdzhang said:
Good job! :good:
Click to expand...
Click to collapse
Short update:
I have been able to gain root and I have also been able to modify selinux policies on the device. Then I have been running into some strange behavior. It actually looks like the kernel is telling to be running in permissive mode but even a permissive context seems to be enforcing instead.
I will try to use something like "Magisk" instead and see, if a service can solve this issue.
For anyone interested: The kernel-config can be extracted via /proc/config.gz. The dtb is compiled into the kernel image. Maybe I try extracting the dtb and building a codeaurora kernel for the device and see, how far I get with that. This might resolve the strange selinux issues I currently see.
nexus511 said:
Short update:
I have been able to gain root and I have also been able to modify selinux policies on the device. Then I have been running into some strange behavior. It actually looks like the kernel is telling to be running in permissive mode but even a permissive context seems to be enforcing instead.
I will try to use something like "Magisk" instead and see, if a service can solve this issue.
For anyone interested: The kernel-config can be extracted via /proc/config.gz. The dtb is compiled into the kernel image. Maybe I try extracting the dtb and building a codeaurora kernel for the device and see, how far I get with that. This might resolve the strange selinux issues I currently see.
Click to expand...
Click to collapse
This is a good news! I just bought a "banana" today, waiting for your good news :fingers-crossed:
nexus511 said:
Short update:
I have been able to gain root and I have also been able to modify selinux policies on the device. Then I have been running into some strange behavior. It actually looks like the kernel is telling to be running in permissive mode but even a permissive context seems to be enforcing instead.
I will try to use something like "Magisk" instead and see, if a service can solve this issue.
For anyone interested: The kernel-config can be extracted via /proc/config.gz. The dtb is compiled into the kernel image. Maybe I try extracting the dtb and building a codeaurora kernel for the device and see, how far I get with that. This might resolve the strange selinux issues I currently see.
Click to expand...
Click to collapse
Sounds like you've made some impressive progress here, can't wait for more details!
Will you be posting a more detailed tutorial/how-to here or on your blog in the future?
Keep up the great work! :good:
Great work, would be great to uninstalled preinstalled *tty demo games.
@nexus511, any way you could please share the root procedure or point to some resources?
Or...at the very least when you get a spare second, how you did manage to unlock your bootloader knowing Nokia has publicly acknowledge disabling Device > Developer?
Muchas,
nexus511 said:
Short update:
I have been able to gain root and I have also been able to modify selinux policies on the device. Then I have been running into some strange behavior. It actually looks like the kernel is telling to be running in permissive mode but even a permissive context seems to be enforcing instead.
I will try to use something like "Magisk" instead and see, if a service can solve this issue.
For anyone interested: The kernel-config can be extracted via /proc/config.gz. The dtb is compiled into the kernel image. Maybe I try extracting the dtb and building a codeaurora kernel for the device and see, how far I get with that. This might resolve the strange selinux issues I currently see.
Click to expand...
Click to collapse
fpb4 said:
@nexus511, any way you could please share the root procedure or point to some resources?
Or...at the very least when you get a spare second, how you did manage to unlock your bootloader knowing Nokia has publicly acknowledge disabling Device > Developer?
Muchas,
Click to expand...
Click to collapse
Use OmniJB can enable "Developer Mode".
Tested on sideload mode
0312birdzhang said:
Use OmniJB can enable "Developer Mode".
Tested on sideload mode
Click to expand...
Click to collapse
Cheers mate :good: , that's a step forward (and cookie points to OmniJB's dev for the firefox 52.9 esr trick) - now WebIDE lists all runtime apps in Unrestricted DevTools privileges...which is great should I be willing to debug any of those or create my own. What I am looking for though is a way to *delete/un-install/remove* (no cigar remounting /system/b2g/webapps rw without root) some of the certified pre-installed applications (assistant to start with or the bunch of packaged Gameloft bloatware). Any idea - i've pm'ed @nexus511 for some root procedure but no answer yet?
0312birdzhang said:
Use OmniJB can enable "Developer Mode".
Tested on sideload mode
Click to expand...
Click to collapse
Is there anyway I could revert installing omniJB? I'd love to be able to install factory updates again.
hello all, just give an update on how's everything regarding nokia 8110 is going
fpb4 said:
Cheers mate :good: , that's a step forward (and cookie points to OmniJB's dev for the firefox 52.9 esr trick) - now WebIDE lists all runtime apps in Unrestricted DevTools privileges...which is great should I be willing to debug any of those or create my own. What I am looking for though is a way to *delete/un-install/remove* (no cigar remounting /system/b2g/webapps rw without root) some of the certified pre-installed applications (assistant to start with or the bunch of packaged Gameloft bloatware). Any idea - i've pm'ed @nexus511 for some root procedure but no answer yet?
Click to expand...
Click to collapse
Could you remove the pre-installed apps?
Hi!
It's possible, to get full ADB-Root by injecting a patched adbd-binary. And with real swap instead of zram, the device is more responsive (background-tasks like Launcher/Homescreen are killed less often...)
As soon, as I have build my own patched adbd, I will provide an 'update.zip' -- it seems chainfire doens't like others to use his version. (OpenSource -- anyone? )
BTW: no, I don't have 'su' -- only my own priviledged additional startscript and ADB-Root but for me this is more than enough to 'work'
(my goal is to create native apps with Ada/Gnoga - meaning native but with HTML5-GUI. First tests are working well...)
I would love to have this phone without the pre-installed social media and game garbage, would your planned update.zip allow someone reasonably competent at following instructions to do this easily or is experience required?
It should be possible to remove those apps - but for me it's hard to say how. On my device there were no preinstalled apps/games other than snake. Everything else is (un)installable normally. Could be a region-thing
(I've got the european/german version)
-- but on my device the store seems to be a 'static' bunch of zips - so it could kill the store to just remove those.
(i think I would need to adjust configs for the store if I want to clean them up)
If I remember correctly, there is a flag in the app-manifest to config if an app is removeable... my first try would be to edit this flag and check if I could uninstall it normally after this
On the other hand: there is nearly no need to uninstall - KaiOS-Apps are small and with a sdcard....
(I created an extra 1GB-Swap on /data - even then enough space left)
BTW: if You have a little experience with android-stuff, rooting is simple when You know how
Enable adb --> just type *#*#33284#*#* on keypad of your phone (the digits spell 'debug' )
-- build an update.zip - sign with AOSP-Test-Keys
--- let it create '/data/opt', '/data/opt/bin'
--- put an patched adbd (chainfire's v22 works) in /data/opt/bin
--- create /data/opt/init as a shellscript, remounting / rw, replace /sbin/adbd with patched one, remount / ro kill adbd so it restarts the patched version. (you may add commands for other stuff on boot - I disable zram, enable swapfile, start en Ada-Server....)
--- and add a call to '/data/opt/init' as last line to '/etc/init.qcom.post_boot.sh' so this 'init' will start with root-rights on startup.
This way /data/opt/init will inherit root from /etc/init.qcom.post_boot.sh, so it can replace adbd - and because the patched version won't drop it's root-rights you'll have a root shell over adb.
As You see - it's quite trivial, but at the moment I don't have a patched adbd which I'm allowed to include.
(I hadn't time to build an AOSP-tree until now)
Has anyone tried installing OmniJB from 4pda.ru website? (Sorry can't post links)
If you google "4pda 890710" it will bring it up.
Also, anyway of installing whatsapp yet?
PolePolisher said:
I would love to have this phone without the pre-installed social media and game garbage, would your planned update.zip allow someone reasonably competent at following instructions to do this easily or is experience required?
Click to expand...
Click to collapse
root or create an update to edit /data/local/webapps/webapps.json
it worked on my phone no more s*** games and google stuff
Can I not just replace the /sbin/adbd from the boot.img?
(by extracting the boot.img with a flashable zip, and then unpack/repack with kitchen)

Categories

Resources