I wanna know that can we make selinux mod to permissive for specific app through terminal or my using any other method I read about selinux in wiki but didn't got much details to do some tweaks and I am also not developer so that I don't know all codes used for this and that processes also I wanna set that specific permissive mod for "viper4android" app I want to use that app and also don't want to break out all doors of security by setting mod on permissive for all apps can anyone help me here plz !?
ChintanVyas said:
I wanna know that can we make selinux mod to permissive for specific app through terminal or my using any other method I read about selinux in wiki but didn't got much details to do some tweaks and I am also not developer so that I don't know all codes used for this and that processes also I wanna set that specific permissive mod for "viper4android" app
Click to expand...
Click to collapse
Sorry, you cannot do it for specific app..
SE Linux Enforcement has to be disabled universally throughout the system..
ChintanVyas said:
I want to use that app and also I don't want to break out all doors of security by setting mod on permissive for all apps can anyone help me here plz !?
Click to expand...
Click to collapse
Once your phone is rooted, it means it is vulnerable to all risks..
It just takes a single command (setenforce 0) for a malware app to set SE Linux to 'Permissive' if granted root permission.
So, it's just in your hands to select the right trustable apps.
Go ahead, and set it to 'Permissive'.
Nothing will happen..
I've read a dozen articles about SE Linux permissive and enforcing. I do know now that permissive allows everything and logs denials and enforcing blocks access denials.
But I wanted to know what kind of an impact it really does on Android especially on Marshmallow? What would be serious threats if it is permissive? Does it really matter?
Currently I want to use a kernel for my phone that works perfectly but does not allow enforcing as it resets to permissive. Now I'm not quite sure if I should stick to it when in my opinion enforcing is far more safe. However, I do not really know which is why I'm asking this right now.
Thanks in advance!
Macusercom said:
I've read a dozen articles about SE Linux permissive and enforcing. I do know now that permissive allows everything and logs denials and enforcing blocks access denials.
But I wanted to know what kind of an impact it really does on Android especially on Marshmallow? What would be serious threats if it is permissive? Does it really matter?
Currently I want to use a kernel for my phone that works perfectly but does not allow enforcing as it resets to permissive. Now I'm not quite sure if I should stick to it when in my opinion enforcing is far more safe. However, I do not really know which is why I'm asking this right now.
Thanks in advance!
Click to expand...
Click to collapse
can't impact alot and no it won't be serious (if) u knew what u are installing from apps ...if ur apps are basically from known deves or from google play nothing will happen to u and everything will run ok and safe for u ... almost all apps will behave as if the selinux is enabled when in permissive ....the true danger when u have ur kernel SE linux fully disabled
Basically, a lot of ROMs I've downloaded come without the ability to switch SElinux to enforcing.
Which, apart from losing the ability to use Android Pay, is extremely unsafe from my understanding.
My question is why? Why does the device crash if you try to manually change it to enforcing? Why don't these devs release the ROM with SElinux on by default? Thanks
i would like to know if there is a possibility or way to set Selinux to permissive or desable it without root ?
aldoking said:
i would like to know if there is a possibility or way to set Selinux to permissive or desable it without root ?
Click to expand...
Click to collapse
Double one @Weapon X
Continue here :
https://forum.xda-developers.com/general/help/desable-selinux-root-t3833267
^^^This.
Thread closed.
Dear XDA Community,
Sorry, this is a newbie question, but when I was asking for suggestions for a custom and also secure ROM, I was suggested Pixel Experience and I have also been told to set SELinux to permissive. What is the purpose of SELinux? Is there a guide on how to adjust it to the appropriate settings? Does it not come enabled as default? Thank you in advance.
jason.mix said:
Dear XDA Community,
Sorry, this is a newbie question, but when I was asking for suggestions for a custom and also secure ROM, I was suggested Pixel Experience and I have also been told to set SELinux to permissive. What is the purpose of SELinux? Is there a guide on how to adjust it to the appropriate settings? Does it not come enabled as default? Thank you in advance.
Click to expand...
Click to collapse
SELinux policy is a security feature built into your kernel. Android is set to "enforcing" by default, you have to manually switch to permissive. A lot of custom mods and root enabled apps require your device to be in permissive mode in order to work. A classic example that I've used many times is a mod called Viper4Android, it requires permissive mode in order for it to function. This is not the only example, there are many other apps and mods that require permissive mode. Your device must be rooted in order to use permissive mode.
There is nothing special about enabling this, you just need to look for a custom kernel for your specific model number that has permissive mode built into the kernel then install the kernel or you can find an app such as SELinux Switch/SELinux Toggle, but, I'm not sure if that app is supported any more, the developer that built it hasn't been active here in quite some time.
Sent from my SM-S767VL using Tapatalk
Droidriven said:
SELinux policy is a security feature built into your kernel. Android is set to "enforcing" by default, you have to manually switch to permissive.
Click to expand...
Click to collapse
Thank you for your response. Just to clarify, should I just leave it as it comes or should I always double check after flashing the custom ROM? And is there a guide on how to adjust this option appropriately or does it depend on the ROM? I came across this thread and it states that Pixel Experience is set to permissive automatically. What should I do? And do you have any other advice for what other precautions I should take in order to have that extra security when using a custom ROM? Once again, thank you.
jason.mix said:
Thank you for your response. Just to clarify, should I just leave it as it comes or should I always double check after flashing the custom ROM? And is there a guide on how to adjust this option appropriately or does it depend on the ROM? I came across this thread and it states that Pixel Experience is set to permissive automatically. What should I do? And do you have any other advice for what other precautions I should take in order to have that extra security when using a custom ROM? Once again, thank you.
Click to expand...
Click to collapse
If you are concerned with being secure, you need to leave the device in enforcing mode, not permissive. I'm not sure exactly how you would switch the Pixel ROM from permissive to enforcing, the ROM may have a setting or you may have to use the Kernel Auditor app to switch to enforcing mode.
If you are not going to be doing any kind of modification to the system partition, you won't need to worry with permissive mode.
If the Pixel ROM is permissive by default, you won't need to change anything.
I'm not sure you understand exactly how the "switch" between enforcing/permissive is achieved. It not simply a "setting" that you enable/disable.
Here are a few ways to enable permissive mode that I know of:
1) if your stock kernel does not support permissive mode, you have to flash a kernel that has permissive support.
2) if your stock kernel does support permissive mode but doesn't have permissive mode enabled, you have to use something like the "SELinux Switch" or "SELinux Toggle" apps, these apps force the stock kernel into permissive mode and can be set to automatically enable permissive mode whenever the device boots and persist from one reboot to the next.
3) it can be enabled via adb commands or adb shell commands via PC or, if you are rooted, you can use a terminal emulator app or the terminal emulator that is built into TWRP to issue commands to enable enforcing/permissive, whichever you need.
Sent from my SM-S767VL using Tapatalk
Droidriven said:
If you are concerned with being secure, you need to leave the device in enforcing mode, not permissive. I'm not sure exactly how you would switch the Pixel ROM from permissive to enforcing, the ROM may have a setting or you may have to use the Kernel Auditor app to switch to enforcing mode.
Click to expand...
Click to collapse
I am not planning on rooting or modifying my system in any way, but is there a way to check whether I am running in enforcing mode? I am still running MIUI for now and if it helps, my kernel version is 4.9 186-perf-g1e22c7b and if you need any more details then just let me know. Thank you for helping me out.
jason.mix said:
I am not planning on rooting or modifying my system in any way, but is there a way to check whether I am running in enforcing mode? I am still running MIUI for now and if it helps, my kernel version is 4.9 186-perf-g1e22c7b and if you need any more details then just let me know. Thank you for helping me out.
Click to expand...
Click to collapse
To check whether your device is set to enforcing/permissive, you should be able to look in system settings>about phone>SELinux Status
Or
system settings>about phone>software info>SELinux Status
Or something similar, the exact location of the info is different for different devices/android versions.
Sent from my SM-S767VL using Tapatalk