Making Selinux enforced on Boot - ONE Q&A, Help & Troubleshooting

I have seen some scripts explaining how to make SELinux permissive on boot. Does anyone know how to make SELinux Enforcing on Boot other than using third party apps?. I am Using Efidroid on my Oneplus one. It seems secondary Roms only boot when we "Force SELinux to permissive".

https://forum.xda-developers.com/xposed/how-to-set-selinux-to-permissive-boot-t3034245
Try changing it to "setenforce 1"

Related

kernels/roms selinux permissive ?

I found Tugarom, are there other roms/kernels that support selinux permissive (needed for xprivacy) that are Lollipop compatibel?
Xprivacy didn't work either on that rom (It was already installed as a system app). Anyone who had a solution?

Using Viper4Android on OPO with SElinux Enforcing?

Hi all.
Is anyone using Viper4Android with SElinux enforcing mode?
I was able to make V4A run in SElinux enforcing but found out that doing so, breaks the microphone during a call.
Example:
1. Perform a call
2. Switch from handset to Speaker mode <- so far so good
3. Switch back to handset <- the other party can't hear you anymore.
4. Switch back to speaker mode <- the other party can hear you again
The way I made V4A work in SElinux enforcing is by adding these lines to the '50Viper.sh' file under the 'su.d' folder.
Code:
#! /system/bin/sh
/su/bin/supolicy --live "allow mediaserver mediaserver_tmpfs:file { execute };"
supolicy --live "allow mediaserver mediaserver_tmpfs:file { read write execute };"
If you are running V4A in SElinux enforcing, do you encounter the issue I described?
gil80 said:
Hi all.
Is anyone using Viper4Android with SElinux enforcing mode?
I was able to make V4A run in SElinux enforcing but found out that doing so, breaks the microphone during a call.
Example:
1. Perform a call
2. Switch from handset to Speaker mode <- so far so good
3. Switch back to handset <- the other party can't hear you anymore.
4. Switch back to speaker mode <- the other party can hear you again
The way I made V4A work in SElinux enforcing is by adding these lines to the '50Viper.sh' file under the 'su.d' folder.
Code:
#! /system/bin/sh
/su/bin/supolicy --live "allow mediaserver mediaserver_tmpfs:file { execute };"
supolicy --live "allow mediaserver mediaserver_tmpfs:file { read write execute };"
If you are running V4A in SElinux enforcing, do you encounter the issue I described?
Click to expand...
Click to collapse
I'm using V4A from this thread
http://forum.xda-developers.com/nexus-6/themes-apps/viper4android-t2952137
I'm using ViPERAudio 4.7.1 Stock.zip (COS13.1.2 + SuperSU) but you can use any of them in Enforcing mode. The only caveat is that it works in Enforcing mode only when you use SuperSU, if you use SuperUser such as in CM13 Nightlies you have to change SELinux to Permissive. There is no configuration required just SuperSU. Flash the zips and enjoy V4A but read info in that thread if you have any questions, have never had any issues so far
Renosh said:
I'm using V4A from this thread
http://forum.xda-developers.com/nexus-6/themes-apps/viper4android-t2952137
I'm using ViPERAudio 4.7.1 Stock.zip (COS13.1.2 + SuperSU) but you can use any of them in Enforcing mode. The only caveat is that it works in Enforcing mode only when you use SuperSU, if you use SuperUser such as in CM13 Nightlies you have to change SELinux to Permissive. There is no configuration required just SuperSU. Flash the zips and enjoy V4A but read info in that thread if you have any questions, have never had any issues so far
Click to expand...
Click to collapse
I know, I use SuperSU as well.
The OP of the thread you gave, has actually incorporated the code I've posted in my OP to his ZIP files.
See my post here: http://forum.xda-developers.com/nexus-6/themes-apps/viper4android-t2952137/post66027160#post66027160
After my post he used this to apply this fix on the rest of the V4A variants.
But I'm not taking credit for the fix. I found it elsewhere.
Have you tried to make a call and switch back and forward with speaker mode and handset?
Did you do any change to your mixer_path.xml or build.prop?
gil80 said:
I know, I use SuperSU as well.
The OP of the thread you gave, has actually incorporated the code I've posted in my OP to his ZIP files.
See my post here: http://forum.xda-developers.com/nexus-6/themes-apps/viper4android-t2952137/post66027160#post66027160
After my post he used this to apply this fix on the rest of the V4A variants.
But I'm not taking credit for the fix. I found it elsewhere.
Have you tried to make a call and switch back and forward with speaker mode and handset?
Did you do any change to your mixer_path.xml or build.prop?
Click to expand...
Click to collapse
Zero changes to the mixer_path.xml
Completely stock except for root, removing ModioFX from system and using a different hosts file (Adaway) and installing V4A.
I haven't had a single issue with calls via speaker phone or handset for the past couple of days on current ROM. I've used a similar set up for months in various ROMs and never noticed or received reports of issues either
can you please see if you can find your 50viper.sh file under system/su.d and post it?
Thanks!

Disable SELinux Module during Kernel Compile

I want to set SELinux to disabled or permissive (either one) when I compile my custom kernel. I have tried a few things:
1) setting DECONFIG_ALWAYS_ENFORCE to false
2) changing CONFIG_SECURITY_SELINUX=n to CONFIG_SECURITY_SELINUX=y in the /arch/arm/configs/XXX_defconfig file
3) removing references to SELinux in init.rc (I edited my ramdisk)
How do I set SELinux to disabled or permissive? I am on Marshmallow 6.0.1. Thanks!

ROM - selinux disable or create new rules

I am trying to modify my phone rom to fit it with microg and I have successfully deodexed it and applied signature spoofing patch. But it started to go into bootloop, after adding some logging I have figured out that patched services.jar is triggering selinux protection. Normally on linux it is quite simple to disable but on android I am unable to find a way to disable it without recompiling kernel, where I feel too much of a greenhorn to do it.
Is there a "simple" way to modify system.img (android 9) to disable or put selinux into permissive mode or change selinux rules?

custom kernel and private data

Is secure for my personnal data to install a custom kernel ?
If the kernel you are installing is not permissive selinux then I would say yes it's secure and safe to use. Kernels are built many different ways, depending on how whatever developer compiles them and they have different things in them. Some focus on features, others speed, other kernels main focus may be battery life or security. Just read the kernel changelog and search for things that you don't know and bookmark everything so you can return later and read more... That's what I do. But the answer to your question I'd say is as long as the kernel you install is not permissive selinux then yes it's safe to use a custom kernel.
flash713 said:
this message was translated with Google translation I apologize in advance if there will be any mistakes:
thank you for your answer i would just like to know how can we know if the custom kernel is selinux permissive.
Click to expand...
Click to collapse
getenforce command is a Linux Commnand for quick confirmation of the current SELinux mode. Used without any command line parameters, getenforce reports SELinux status with just one word.
This can be done using termux app from your phone if you are rooted. Just type su (push enter) then grant root when it pops up on phone screen and then type: getenforce the reply will be what the kernel is. Example: Nowadays the most common are Enforcing selinux. If it's enforcing it will reply: enforcing after running those commands.
Edit added: The kernel log and usually the op or first post of the xda thread where the kernel is will say what it is.

Categories

Resources