Before I Rooted my GT-I9500 the SELinux status was official, now when I rooted it SELinux became Permissive, now I want to restore it to official, I tried to, 1. unroot, 2. flush new Firmware 3. reset it to factory settings. but it does not help. Please can someone explain me what is SELinux and how can I restore it to official...
waranty92 said:
Before I Rooted my GT-I9500 the SELinux status was official, now when I rooted it SELinux became Permissive, now I want to restore it to official, I tried to, 1. unroot, 2. flush new Firmware 3. reset it to factory settings. but it does not help. Please can someone explain me what is SELinux and how can I restore it to official...
Click to expand...
Click to collapse
Pleasy don't mix SELinux Status with Device or Firmware Status.
SELinux can be permissive or envorcing (since the latest MGG or MHx Firmwares)
The device status can be official or custom.
If you wan't SELinux Status envorcing and device status official, flash a ODIN Firmware and do a full wipe and never do any customications again.
Alex
I don`t mix it was official 100% and when I do exactly as you told i have my device status official and SELinux status permissive
I have rooted my new Sprint Galaxy S5 and have quarantined all the Knox apps without tripping the knox flag. I have researched setting selinux to permissive on the Sprint Galaxy S5 with the stock kernel and there seems to be no way of doing it short of flashing a different kernel.
Can a selinux permissive kernel be flashed to a stock 4.4.2 rom without tripping the knox flag?
If the kernel is odin flashable, then it should be ok. The knox flag is tripped when a custom recovery is installed.
Thanks for the info. There seems to be no selinux permissive Odin flashable kernels for 4.4.2 for the Sprint Galaxy S5(unless I missed something during my searching). Also, there seems to be no way to set selinux permissive without tripping the knox flag.
Here is a discussion on this: http://forum.xda-developers.com/showthread.php?t=2765353
And: http://forum.xda-developers.com/ver...ipt-permissive-selinux-stock-kernels-t2854364
From chainfire: http://su.chainfire.eu/#selinux-contexts-init-shell
I've been searching for a stock OG1 kernel with SELinux set to permissive on both xda app and google, and i haven't been able to find one. I need a precompiled one thats flashable through recovery, as my pc has died and im not able to use odin to flash .tars or compile it myself from source with it set to permissive. If anyone has a link to one please let me know, SELinux set to enforcing is causing me problems. Thanks in advance.
I have Samsung S5 G900f recently updated to marshmallow and this SE status enforcing is not letting me do anything neither can do any modification via framework unable to add any rom via twrp i saw many post but was unable to find any solution plzz guide me coz i want to install alliance rom.
When installing via twrp my mob is just restarting but no rom are getting installed same for cwm.
Supersu is providing root but i am unable to do any modification in my system plz provide me solution for this prob.
simms22 said:
change your selinux to permissive. google an app for it..
Click to expand...
Click to collapse
Yeah tried that Se linux mode changer but still facing problem in installing custom rom or any changes to system files
sk.shehbaz said:
Yeah tried that Se linux mode changer but still facing problem in installing custom rom or any changes to system files
Click to expand...
Click to collapse
What kernel are you running ? On samsung with MM you need a permissive kernel to change selinux from enforcing it can't be done with an app. Try flashing a permissive kernel and you should be ok
Good Luck
Sawdoctor
Hey there! I am definetly not a newbe when it comes to rooting, but sinsce xposed seems to fail with Android N and Netflix now wants "google certified" devices, which means not rooted or unlocked devices, I switched to Magisk...
The problem is, I can#t make SafetyNet to work!
my phone: xperia z5 e6653
Android 6.0.1 (5.11 build)
stock repack patched kernel (dm verity off, dmr patch, twrp)
Magisk 12.0
deodexed
developer settings off, usb debugging off
why cant I pass SafetyNet?
Is it because my ROM is deodexed? I made a reset using a clean ftf before rooting!
is it because of the patched kernel? How am I able to flash the magisk zip without a custom kernel which includes a recovery?
note: developer options OFF, Magisk Hide ON, BusyBox OFF
can anybody provide help?
Read this #4 and apply all solutions.
https://forum.xda-developers.com/showpost.php?p=71154562&postcount=4
---------- Post added at 06:14 PM ---------- Previous post was at 06:11 PM ----------
or Try unofficial v13
https://github.com/stangri/MagiskFiles
ok I reinstalled Android 6.0.1 and flashed a stock based kernel which only difference is that it has a dmr fix and a recovery
then I flashed magisk 12.0
developer options off
magisk hide on (I tested it with Titanium Backup, works just fine!)
so now my phone:
Sony Xperia E6653
Android 6.0.1 rooted via Magisk 12.0
unlocked Bootloader
TWRP recovery
dmr patched kernel
no deodex etc, but it still fails when checking SafetyNet!
sceryavuz said:
Read this #4 and apply all solutions.
https://forum.xda-developers.com/showpost.php?p=71154562&postcount=4
---------- Post added at 06:14 PM ---------- Previous post was at 06:11 PM ----------
or Try unofficial v13
https://github.com/stangri/MagiskFiles
Click to expand...
Click to collapse
Basic integrity doesnt pass
I found the problem: I need a kernel that supports SElinux enforcing!!!! anybody has a link?
freaky2xd said:
I found the problem: I need a kernel that supports SElinux enforcing!!!! anybody has a link?
Click to expand...
Click to collapse
SElinux isn't the problem, but you want to try
Use that : https://f-droid.org/repository/browse/?fdfilter=selinuxmodechanger&fdid=com.mrbimc.selinux
Direct link : http://forum.xda-developers.com/devdb/project/dl/?id=12506
sceryavuz said:
SElinux isn't the problem, but you want to try
Use that : https://f-droid.org/repository/browse/?fdfilter=selinuxmodechanger&fdid=com.mrbimc.selinux
Direct link : http://forum.xda-developers.com/devdb/project/dl/?id=12506
Click to expand...
Click to collapse
I've tried that, but even though I have root it stays at permessive. commands via terminal doesnt change anything either!
my kernel is Androplus v42
freaky2xd said:
I've tried that, but even though I have root it stays at permessive. commands via terminal doesnt change anything either!
my kernel is Androplus v42
Click to expand...
Click to collapse
Androplus not stock, contact with developer. Stock changed permissive to enforcing, or enforcing to permissive with this APK.
freaky2xd said:
I've tried that, but even though I have root it stays at permessive. commands via terminal doesnt change anything either!
my kernel is Androplus v42
Click to expand...
Click to collapse
Try with terminal, type :
su
setenforce 1
sceryavuz said:
Androplus not stock, contact with developer. Stock changed permissive to enforcing, or enforcing to permissive with this APK.
Click to expand...
Click to collapse
I don't get it
I managed to set SElinux to enforcing using the terminal and then a apk which keeps it that way after every boot, but I still get that stupid SafetyNet error where CTS and basic Integrity fail
Any updates to this? I can't pass SafetyNet using Magisk either.
sceryavuz said:
Read this #4 and apply all solutions.
https://forum.xda-developers.com/showpost.php?p=71154562&postcount=4
---------- Post added at 06:14 PM ---------- Previous post was at 06:11 PM ----------
or Try unofficial v13
https://github.com/stangri/MagiskFiles
Click to expand...
Click to collapse
Very useful link !
A Linux kernel version of at least 3.8 or a kernel that has the necessary features (mount namespace) backported.
Click to expand...
Click to collapse
doesn't tell me really much though
Is CONFIG_USER_NS meant ?
cause that afaik is used for chrome on Linux to sort of enforce security (sandboxing without suid)
well, the thing is that memcg is recommended in combination with it, too
but since we're not using it for CarbonROM, LineageOS, etc.
Also CONFIG_USER_NS is disabled in the kernel and not really sure if stock ROM would even boot with it (currently just switched to RR so can't and won't test)
edit:
CONFIG_NAMESPACES=y
is enabled by default, the others are off
CONFIG_NAMESPACES=y
# CONFIG_UTS_NS is not set
# CONFIG_USER_NS is not set
# CONFIG_PID_NS is not set
CONFIG_NET_NS=y
Click to expand...
Click to collapse
Some explanation:
https://github.com/netblue30/firejail/issues/1347#issuecomment-311038614
https://unix.stackexchange.com/questions/92177/kernel-namespaces-support
Try to repatch your kernel without busybox and any root.
gemenee said:
Try to repatch your kernel without busybox and any root.
Click to expand...
Click to collapse
Busybox was the problem. Thanks mate!