Disable SELinux Module during Kernel Compile - Galaxy S6 Q&A, Help & Troubleshooting

I want to set SELinux to disabled or permissive (either one) when I compile my custom kernel. I have tried a few things:
1) setting DECONFIG_ALWAYS_ENFORCE to false
2) changing CONFIG_SECURITY_SELINUX=n to CONFIG_SECURITY_SELINUX=y in the /arch/arm/configs/XXX_defconfig file
3) removing references to SELinux in init.rc (I edited my ramdisk)
How do I set SELinux to disabled or permissive? I am on Marshmallow 6.0.1. Thanks!

Related

kernels/roms selinux permissive ?

I found Tugarom, are there other roms/kernels that support selinux permissive (needed for xprivacy) that are Lollipop compatibel?
Xprivacy didn't work either on that rom (It was already installed as a system app). Anyone who had a solution?

Making Selinux enforced on Boot

I have seen some scripts explaining how to make SELinux permissive on boot. Does anyone know how to make SELinux Enforcing on Boot other than using third party apps?. I am Using Efidroid on my Oneplus one. It seems secondary Roms only boot when we "Force SELinux to permissive".
https://forum.xda-developers.com/xposed/how-to-set-selinux-to-permissive-boot-t3034245
Try changing it to "setenforce 1"

ROM - selinux disable or create new rules

I am trying to modify my phone rom to fit it with microg and I have successfully deodexed it and applied signature spoofing patch. But it started to go into bootloop, after adding some logging I have figured out that patched services.jar is triggering selinux protection. Normally on linux it is quite simple to disable but on android I am unable to find a way to disable it without recompiling kernel, where I feel too much of a greenhorn to do it.
Is there a "simple" way to modify system.img (android 9) to disable or put selinux into permissive mode or change selinux rules?

Custom kernel with SELinux enforcing?

I use Samsung Galaxy S9+ (Snapdragon). I am rooted with Magisk and Klabit kernel but no SElinux enforcement.
Is there any custom kernel for my phone that enforces SELinux?
Please share links with me.
Thank you.
Just root phone --> serivice.d --> setenforce 1 & you are enforced
Since Android 5 ( AOSP ) SELinux's mode is ENFORCING by default. Custom ROMs set it to PERMISSIVE by default in order to properly work.

custom kernel and private data

Is secure for my personnal data to install a custom kernel ?
If the kernel you are installing is not permissive selinux then I would say yes it's secure and safe to use. Kernels are built many different ways, depending on how whatever developer compiles them and they have different things in them. Some focus on features, others speed, other kernels main focus may be battery life or security. Just read the kernel changelog and search for things that you don't know and bookmark everything so you can return later and read more... That's what I do. But the answer to your question I'd say is as long as the kernel you install is not permissive selinux then yes it's safe to use a custom kernel.
flash713 said:
this message was translated with Google translation I apologize in advance if there will be any mistakes:
thank you for your answer i would just like to know how can we know if the custom kernel is selinux permissive.
Click to expand...
Click to collapse
getenforce command is a Linux Commnand for quick confirmation of the current SELinux mode. Used without any command line parameters, getenforce reports SELinux status with just one word.
This can be done using termux app from your phone if you are rooted. Just type su (push enter) then grant root when it pops up on phone screen and then type: getenforce the reply will be what the kernel is. Example: Nowadays the most common are Enforcing selinux. If it's enforcing it will reply: enforcing after running those commands.
Edit added: The kernel log and usually the op or first post of the xda thread where the kernel is will say what it is.

Categories

Resources