desable Selinux without root - General Questions and Answers

i would like to know if there is a possibility or way to set Selinux to permissive or desable it without root ?

aldoking said:
i would like to know if there is a possibility or way to set Selinux to permissive or desable it without root ?
Click to expand...
Click to collapse
Double one @Weapon X
Continue here :
https://forum.xda-developers.com/general/help/desable-selinux-root-t3833267
^^^This.
Thread closed.

Related

Selinux permissive

Hey xda I'm looking for a kernel for PAC Man ROM that is selinux permissive to enable touch screen compatibility with my appradio 3. I've tried the selinux mode changer but it doesn't seem to do any thing except set a notification that it set selinux to permissive.
Abby suggestions it there?
Sent from my SCH-I535 using XDA Premium 4 mobile app
JakaraRuus said:
Hey xda I'm looking for a kernel for PAC Man ROM that is selinux permissive to enable touch screen compatibility with my appradio 3. I've tried the selinux mode changer but it doesn't seem to do any thing except set a notification that it set selinux to permissive.
Abby suggestions it there?
Sent from my SCH-I535 using XDA Premium 4 mobile app
Click to expand...
Click to collapse
Have you made sure that it doesn't change anything, you can check the selinux status under Settings>About Phone. I personally have never had this problem. also can you tell me why you need to change it to permissive.
SeLinux Permissive
Mtsprite said:
Have you made sure that it doesn't change anything, you can check the selinux status under Settings>About Phone. I personally have never had this problem. also can you tell me why you need to change it to permissive.
Click to expand...
Click to collapse
Thanks for your reply. What I mean about nothing changes is when I check the status in settings>about phone after setting permissive mode with the selinux mode changer app and rebooting like it requests it still says enforceing. as to why I want to change it, I said before I am trying to get the touch interface to work on my pioneer appradio 3 head unit. I can mirror but touch doesn't work on the head unit. I have read in the appradio forum that you have to set SeLinux to permissive in order to accomplish this. I was hoping that some one with knowledge of custom kernels would be able to shed some light on this since it seems that Pac Man is set to enforcing by default. Also I have read that other kernels for other devices had the permissive mode set. I am so close to having this functionality it is getting frustrating, but I like the features that pac man brings to the table so I don't really want to switch. at this point.
JakaraRuus said:
Thanks for your reply. What I mean about nothing changes is when I check the status in settings>about phone after setting permissive mode with the selinux mode changer app and rebooting like it requests it still says enforceing. as to why I want to change it, I said before I am trying to get the touch interface to work on my pioneer appradio 3 head unit. I can mirror but touch doesn't work on the head unit. I have read in the appradio forum that you have to set SeLinux to permissive in order to accomplish this. I was hoping that some one with knowledge of custom kernels would be able to shed some light on this since it seems that Pac Man is set to enforcing by default. Also I have read that other kernels for other devices had the permissive mode set. I am so close to having this functionality it is getting frustrating, but I like the features that pac man brings to the table so I don't really want to switch. at this point.
Click to expand...
Click to collapse
Ok well when i needed to do this i would always use the app described here. also its not that PAC ROM does this intentionally, in fact it was google who made 4.4.2 selinux set to enforcing, and its because of this that most if not all kernels for 4.4.2 have selinux set to enforcing.

SElinux permissive

I wanna know that can we make selinux mod to permissive for specific app through terminal or my using any other method I read about selinux in wiki but didn't got much details to do some tweaks and I am also not developer so that I don't know all codes used for this and that processes also I wanna set that specific permissive mod for "viper4android" app I want to use that app and also don't want to break out all doors of security by setting mod on permissive for all apps can anyone help me here plz !?
ChintanVyas said:
I wanna know that can we make selinux mod to permissive for specific app through terminal or my using any other method I read about selinux in wiki but didn't got much details to do some tweaks and I am also not developer so that I don't know all codes used for this and that processes also I wanna set that specific permissive mod for "viper4android" app
Click to expand...
Click to collapse
Sorry, you cannot do it for specific app..
SE Linux Enforcement has to be disabled universally throughout the system..
ChintanVyas said:
I want to use that app and also I don't want to break out all doors of security by setting mod on permissive for all apps can anyone help me here plz !?
Click to expand...
Click to collapse
Once your phone is rooted, it means it is vulnerable to all risks..
It just takes a single command (setenforce 0) for a malware app to set SE Linux to 'Permissive' if granted root permission.
So, it's just in your hands to select the right trustable apps.
Go ahead, and set it to 'Permissive'.
Nothing will happen..

Any Selinux permissives kernels out there?

Bought an M9 two weeks ago ( just went over my buyer's remorse period so i own it now). Love the phone but why isn't there any kernel development on this device?
justthefacts said:
Bought an M9 two weeks ago ( just went over my buyer's remorse period so i own it now). Love the phone but why isn't there any kernel development on this device?
Click to expand...
Click to collapse
Because the sources they gave us break stock camera... The camera works but can't save photos taken.
Selinux is easy to set anyway.
Is there anyway to know the selinux state on this phone without using any apps? (rooted)
justthefacts said:
Is there anyway to know the selinux state on this phone without using any apps? (rooted)
Click to expand...
Click to collapse
'getenforce' command in terminal.
Use 'setenforce 0' for Permissive, 'setenforce 1' for Enforcing.
Setenforce requires su, getenforce does not.
ante0 said:
'getenforce' command in terminal.
Use 'setenforce 0' for Permissive, 'setenforce 1' for Enforcing.
Setenforce requires su, getenforce does not.
Click to expand...
Click to collapse
Do I have to do this on every boot?
justthefacts said:
Do I have to do this on every boot?
Click to expand...
Click to collapse
There are scripts/apps to set it automatically.
Here's one for example: https://forum.xda-developers.com/android/apps-games/app-selinux-switch-t3656502
ante0 said:
There are scripts/apps to set it automatically.
Here's one for example: https://forum.xda-developers.com/android/apps-games/app-selinux-switch-t3656502
Click to expand...
Click to collapse
Scripts don't stick and Selinux switch doesn't work all the time. Have there been any attempts on making Selinux permissive kernels?
justthefacts said:
Scripts don't stick and Selinux switch doesn't work all the time. Have there been any attempts on making Selinux permissive kernels?
Click to expand...
Click to collapse
There's no point if you want a working camera. As I said, Huaweis source breaks camera.
That said, making a kernel with selinux set to permissive is not hard. You can even use hexeditor to modify boot.img to always be permissive.
Check this post https://forum.xda-developers.com/showpost.php?p=59160364&postcount=23
ante0 said:
There's no point if you want a working camera. As I said, Huaweis source breaks camera.
That said, making a kernel with selinux set to permissive is not hard. You can even use hexeditor to modify boot.img to always be permissive.
Check this post https://forum.xda-developers.com/showpost.php?p=59160364&postcount=23
Click to expand...
Click to collapse
If I set selinux permissive in the kernel, would it mess up the camera?
justthefacts said:
If I set selinux permissive in the kernel, would it mess up the camera?
Click to expand...
Click to collapse
No. It's just broken in the source that Huawei released. Hacking it yourself on your firmwares boot image should keep camera intact (depending on your edits of course xD). Building kernel from source breaks the camera app regardless if you edit anything or not.
ante0 said:
No. It's just broken in the source that Huawei released. Hacking it yourself on your firmwares boot image should keep camera intact (depending on your edits of course xD). Building kernel from source breaks the camera app regardless if you edit anything or not.
Click to expand...
Click to collapse
So you can just edit the kennel to be permissive and all good? And no one has tried and reported?
This phone is almost a year old, 6 million users.
justthefacts said:
So you can just edit the kennel to be permissive and all good? And no one has tried and reported?
This phone is almost a year old, 6 million users.
Click to expand...
Click to collapse
What?
You can just edit it. I'm just saying that building a custom kernel from source is no good as it breaks camera. (this has nothing to do with selinux status)
Just edit and flash and you should be good to go.

What is SELinux and how do I know whether it is enabled on my custom ROM?

Dear XDA Community,
Sorry, this is a newbie question, but when I was asking for suggestions for a custom and also secure ROM, I was suggested Pixel Experience and I have also been told to set SELinux to permissive. What is the purpose of SELinux? Is there a guide on how to adjust it to the appropriate settings? Does it not come enabled as default? Thank you in advance.
jason.mix said:
Dear XDA Community,
Sorry, this is a newbie question, but when I was asking for suggestions for a custom and also secure ROM, I was suggested Pixel Experience and I have also been told to set SELinux to permissive. What is the purpose of SELinux? Is there a guide on how to adjust it to the appropriate settings? Does it not come enabled as default? Thank you in advance.
Click to expand...
Click to collapse
SELinux policy is a security feature built into your kernel. Android is set to "enforcing" by default, you have to manually switch to permissive. A lot of custom mods and root enabled apps require your device to be in permissive mode in order to work. A classic example that I've used many times is a mod called Viper4Android, it requires permissive mode in order for it to function. This is not the only example, there are many other apps and mods that require permissive mode. Your device must be rooted in order to use permissive mode.
There is nothing special about enabling this, you just need to look for a custom kernel for your specific model number that has permissive mode built into the kernel then install the kernel or you can find an app such as SELinux Switch/SELinux Toggle, but, I'm not sure if that app is supported any more, the developer that built it hasn't been active here in quite some time.
Sent from my SM-S767VL using Tapatalk
Droidriven said:
SELinux policy is a security feature built into your kernel. Android is set to "enforcing" by default, you have to manually switch to permissive.
Click to expand...
Click to collapse
Thank you for your response. Just to clarify, should I just leave it as it comes or should I always double check after flashing the custom ROM? And is there a guide on how to adjust this option appropriately or does it depend on the ROM? I came across this thread and it states that Pixel Experience is set to permissive automatically. What should I do? And do you have any other advice for what other precautions I should take in order to have that extra security when using a custom ROM? Once again, thank you.
jason.mix said:
Thank you for your response. Just to clarify, should I just leave it as it comes or should I always double check after flashing the custom ROM? And is there a guide on how to adjust this option appropriately or does it depend on the ROM? I came across this thread and it states that Pixel Experience is set to permissive automatically. What should I do? And do you have any other advice for what other precautions I should take in order to have that extra security when using a custom ROM? Once again, thank you.
Click to expand...
Click to collapse
If you are concerned with being secure, you need to leave the device in enforcing mode, not permissive. I'm not sure exactly how you would switch the Pixel ROM from permissive to enforcing, the ROM may have a setting or you may have to use the Kernel Auditor app to switch to enforcing mode.
If you are not going to be doing any kind of modification to the system partition, you won't need to worry with permissive mode.
If the Pixel ROM is permissive by default, you won't need to change anything.
I'm not sure you understand exactly how the "switch" between enforcing/permissive is achieved. It not simply a "setting" that you enable/disable.
Here are a few ways to enable permissive mode that I know of:
1) if your stock kernel does not support permissive mode, you have to flash a kernel that has permissive support.
2) if your stock kernel does support permissive mode but doesn't have permissive mode enabled, you have to use something like the "SELinux Switch" or "SELinux Toggle" apps, these apps force the stock kernel into permissive mode and can be set to automatically enable permissive mode whenever the device boots and persist from one reboot to the next.
3) it can be enabled via adb commands or adb shell commands via PC or, if you are rooted, you can use a terminal emulator app or the terminal emulator that is built into TWRP to issue commands to enable enforcing/permissive, whichever you need.
Sent from my SM-S767VL using Tapatalk
Droidriven said:
If you are concerned with being secure, you need to leave the device in enforcing mode, not permissive. I'm not sure exactly how you would switch the Pixel ROM from permissive to enforcing, the ROM may have a setting or you may have to use the Kernel Auditor app to switch to enforcing mode.
Click to expand...
Click to collapse
I am not planning on rooting or modifying my system in any way, but is there a way to check whether I am running in enforcing mode? I am still running MIUI for now and if it helps, my kernel version is 4.9 186-perf-g1e22c7b and if you need any more details then just let me know. Thank you for helping me out.
jason.mix said:
I am not planning on rooting or modifying my system in any way, but is there a way to check whether I am running in enforcing mode? I am still running MIUI for now and if it helps, my kernel version is 4.9 186-perf-g1e22c7b and if you need any more details then just let me know. Thank you for helping me out.
Click to expand...
Click to collapse
To check whether your device is set to enforcing/permissive, you should be able to look in system settings>about phone>SELinux Status
Or
system settings>about phone>software info>SELinux Status
Or something similar, the exact location of the info is different for different devices/android versions.
Sent from my SM-S767VL using Tapatalk

Risk of running SELinux Permissive on daily basis?

Hello, I've been looking to flash a custom rom on my phone, but all the roms available are on SELinux Permissive.
From what I do understand, running permissive allows any apps to obtain root - without asking for your permission.
In theory, that sounds pretty dangerous. But how does it works in practice? Is it as dangerous as it sounds?
Should I continue to avoid these permissive roms due to the theortical security risk or just go for it?
Setting Android's SELinux mode to permissive by default is the most idiotic action you can perform on Android devices, IMO
its fine as long as you use the phone only for rooting and gaming
Guan Yu said:
its fine as long as you use the phone only for rooting and gaming
Click to expand...
Click to collapse
in what scenarios would it be considered not safe to leave it on permissive?
xXx yYy said:
Setting Android's SELinux mode to permissive by default is the most idiotic action you can perform on Android devices, IMO
Click to expand...
Click to collapse
I had that assumption too, but I think that I don't know enough to make that judgement

Categories

Resources