Related
How come this works:
Code:
[[email protected]:~/android-dev/optimus_m]$ adb shell su -c id
uid=0(root) gid=0(root)
But this:
Code:
[[email protected]:~/android-dev/optimus_m]$ adb shell su -c pm disable com.seven.Z7
Permission denied
Fails?
In the first example superuser prompts for permission and then allows the command, in the second it doesn't prompt and just instantly fails. There are no related saved settings in superuser.
If there isn't a way to fix this, is there another way to execute commands on the phone as root from a script on the host computer?
Nothing?
Looks like I'm on my own. :\
This NOT a Q&A thread. Only people working out the problem are welcome.
okay , so as of flashing even supersu beta version BETA-SuperSU-v2.49 this is the issue i'm guessing for our device
for reference the firmware release api in question is Android 5.1 , API Level 22
Code:
[email protected]:/# adb logcat -d | grep F/
F/appproc ( 305): Error changing dalvik-cache ownership : Permission denied
F/libc ( 305): Fatal signal 6 (SIGABRT), code -6 in tid 305 (app_process32_o)
F/appproc ( 1026): Error changing dalvik-cache ownership : Permission denied
F/libc ( 1026): Fatal signal 6 (SIGABRT), code -6 in tid 1026 (app_process32_o)
F/appproc ( 1389): Error changing dalvik-cache ownership : Permission denied
F/libc ( 1389): Fatal signal 6 (SIGABRT), code -6 in tid 1389 (app_process32_o)
F/appproc ( 1758): Error changing dalvik-cache ownership : Permission denied
F/libc ( 1758): Fatal signal 6 (SIGABRT), code -6 in tid 1758 (app_process32_o)
F/appproc ( 2123): Error changing dalvik-cache ownership : Permission denied
F/libc ( 2123): Fatal signal 6 (SIGABRT), code -6 in tid 2123 (app_process32_o)
F/appproc ( 2482): Error changing dalvik-cache ownership : Permission denied
F/libc ( 2482): Fatal signal 6 (SIGABRT), code -6 in tid 2482 (app_process32_o)
[email protected]:/#
after looking at the script i ran and got this
Code:
[email protected]:/# adb shell ls -al /system/bin/app*
[COLOR="Red"]lrwxrwxrwx root root 2014-03-07 10:19 app_process -> /system/xbin/daemonsu
lrwxrwxrwx root root 2014-03-07 10:19 app_process32 -> /system/xbin/daemonsu
-rwxr-xr-x root shell 13588 2015-07-02 14:29 app_process32_original[/COLOR]
-rwxr-xr-x root shell 13588 2014-03-07 10:19 app_process_init
-rwxr-xr-x root shell 57688 2015-07-02 14:29 applypatch
-rwxr-xr-x root shell 213 2015-07-02 14:29 appops
-rwxr-xr-x root shell 215 2015-07-02 14:29 appwidget
undoing that with this
Code:
rm -f app_process app_process32
ln -sf /system/bin/app_process32_original /system/bin/app_process
"resolved" the "error" so if you flashed supersu thinking YAY ROOT ! and ended up with what you got you need to run what i did to
regain what you had.
SO, linking daemonsu in a different way is probably the thing but, how?
so far selinux is still alive i am trying out a patch @RunasSudo suggested here
http://forum.xda-developers.com/goo...orrect-to-compile-permissive-selinux-t3074761
also i am trying to figure out how app_process works
@thisisapoorusernamechoice
sorry for hijacking your thread. m
Okay, so with a modified adbd in /sbin i achieve a root prompt through adb
Note - at this point i do have full control over the system. yay!
but at the cost of blank display and no functions of hardware input [no touch hard buttons] awww (frowny face)
interesting note, the stock adbd has root access/privelege when executing adb reboot recovery.
does anyone have a lead on how to bind a block device to a tcp port ?
something like this, but that works, and as a service maybe?
cat /dev/whatever | nc -l 2345
okay if i'm seeing this right...,
Code:
F/appproc ( 305): Error changing dalvik-cache ownership : [COLOR="Red"]Permission denied[/COLOR]
F/libc ( 305): Fatal signal 6 (SIGABRT), code -6 in [COLOR="Red"]tid[/COLOR] 305 (app_process32_o)
my gues would be selinux denial based on wrong/incorrect type id
from file contexts
Code:
/system/bin/app_process32 u:object_r:[COLOR="Red"]zygote_exec[/COLOR]:s0
from zygote.te
Code:
# zygote
[COLOR="Red"]type[/COLOR] zygote, domain;
type [COLOR="Red"]zygote_exec[/COLOR], exec_type, file_type;
soooooo when the shuffling around of app_process* happens and /system/xbin/daemonsu is linked to /system/bin/app_process
should daemonsu instead of being [from supersu installer script]
Code:
/system/xbin/daemonsu 0755 u:object_r:system_file:s0
be
Code:
/system/xbin/daemonsu 0755 u:object_r:zygote_exec:s0
?
i don't think it sepolicy version 26, same as sm-t530nu, i'm also using the sm-t53nu's LL kernel source release for my sm-t330nu LP kernel build, so it's not the knox ****ery in the kernel source. so it's the actual policy itself ?
I'm going to do an experiment by flashing/writing the system.img.ext4 from the sm-t530nu LP release with a modified boot.img
to the sm-t330nu [post LP release flash]
If it works it would effectively be a downgrade to 5.0.X
This has worked with @sub77 's LP builds for sm-t530nu to "port" them to sm-t330nu soooo
more to come ?
okay, sooooo
now that my sm-t330nu has the official LP release installed, i CAN flash the system.img from the official sm-t530nu to it and boot successfully,
so i was right about the tied to firmware thing.
Now after a few different tests i am unable to "downgrade" my boot.img to match the sm-t530nu release version wise, policy and all
and remain at android 5.1.1 NNNYYYAAAAAHHHHHHHHH ! [WHEW okay , glad to get that out.. ]
SO, i flashed supersu to see what would happen and got the same result as before BUT, totally sepolicy contexts
Without restoring system or doing the meatball surgery from the previous post, i instead manually changed the policy context
of /system/xbin/daemonsu through adb in recovery
[note- you must enbale dev-options--->debugging
Code:
adb reboot recovery
adb shell mount /system
adb shell
chcon u:object_r:zygote_exec:s0 /system/xbin/daemonsu
chattr +i /system/xbin/daemonsu
reboot
SHINY ! no root. but boots
Code:
[email protected]:/system/bin/.ext $ ls -Z /system/xbin/daemonsu
-rwxr-xr-x root root u:object_r:zygote_exec:s0 daemonsu
Okay so now we need to know proper context for
/system/xbin/su
/system/bin/.ext/.su
hmmmm... i am going outside to play.
Nature sucks, the resolution is terrible ! xD
okay android 5.1.1 samsung policy context for system libraries is
Code:
u:object_r:system_library_file:s0
okay so far nutz..,
i found this for setool utility [setools-android-sepolicy-inject] project by @Mikos
http://forum.xda-developers.com/android/software/setools-android-sepolicy-inject-t2977563
i've forked his sources https://github.com/xmikos/setools-android
adjusted for api, and will try this method.
Android NDK
wget https://dl.google.com/android/ndk/android-ndk-r10e-linux-x86.bin
m
okay,
got Miko's toolkit compiled, this is the output of seinfo
Code:
\[email protected]:/ $ seinfo
Statistics for policy file: /sepolicy
Policy Version & Type: v.26 (binary, mls)
Classes: 86 Permissions: 271
Common classes: 5
Sensitivities: 1 Categories: 1024
Types: 1169 Attributes: 162
Users: 1 Roles: 2
Booleans: 0 Cond. Expr.: 0
Allow: 14802 Neverallow: 0
Auditallow: 0 Dontaudit: 401
Type_trans: 458 Type_change: 0
Type_member: 0 Role allow: 0
Role_trans: 0 Range_trans: 0
Constraints: 59 Validatetrans: 0
Initial SIDs: 27 Fs_use: 19
Genfscon: 43 Portcon: 0
Netifcon: 0 Nodecon: 0
Permissives: 0 Polcap: 2
[email protected]:/ $
i'm looking for someone who can run me through how sepolicy injection works specifically.
I don't know enough to interpret a generic example.
what i can understand right now is daemonsu disguised as app_process cannot access/change what it needs to in dalvik-cache due to incorrect/wrong -tid if that's the right way to say it.
this again
Code:
F/appproc ( 305): Error changing dalvik-cache ownership : Permission denied
F/libc ( 305): Fatal signal 6 (SIGABRT), code -6 in tid 305 (app_process32_o)
Mikos said the following as to command line syntax
Mikos said:
Hello, the syntax is simple, if you want comparison with supolicy, here is one example (taken from my SnooperStopper app):
Code:
supolicy --live 'allow vdc init fifo_file {read write getattr}'
is equivalent to:
Code:
sepolicy-inject -s vdc -t init -c fifo_file -p read,write,getattr -l
Click to expand...
Click to collapse
m
so how much progress you have done so far? need any help?
jazzespresso said:
so how much progress you have done so far? need any help?
Click to expand...
Click to collapse
Jazz,
have you ever done any work with sepolicy, setools ?
is there a way or do you know the right way to do the policy injection part of what Mikos described for
su and daemonsu ?
when i run strings on the sepolicy binary i do find su_exec.
so i'm still at daemonsu being the culprit. @Chainfire does make it clear the there is a hijack of app_process going on
and i do believe it works for other devices running a "state sanctioned" 5.1.1 so this is/has to be a dicky samsung move.
also how to determine the correct tid if that is indeed what i'm looking for. [see OP]
m
Will look into that, not sure how much differences between android 5.0.X and 5.1.1..
jazzespresso said:
Will look into that, not sure how much differences between android 5.0.X and 5.1.1..
Click to expand...
Click to collapse
It seems to be all sepolicy, i had to adblock and put in my usual apps minus root apps via adb push.
Swapping policy from the 5.0 boot.img reseults in no visuals or input but at adb/terminal i have access,
It just occured to me that i have not yet tried the policy swap and then applied root, hmm.
After i unscrew my system, i upgraded but forgot to change from sid so now wifi is totally boned, xD
I'll try that out, i figure it's something with ueventd.?
On disabling the policy it's complete no go so far.
In spite of modding init.rc
To disab;e sepolicy reload, to write to sys/fs/selinux/enable/0 and trying kernel cmdline edits for enforce=0 androidboot.selinux=0 etc, results
In bogus disable or no boot and dead adbd. Fun fun fun !
this is a copy/paste from my earlier sepolicy trip from galaxy tab 3 forum, putting here for reference
On-Device Policy Files
/sepolicy: Kernel binary policy
/file_contexts: File security contexts
/property_contexts: Property security contexts
/seapp_contexts: App security contexts
/system/etc/security/mac_permissions.xml: App certificate to seinfo mapping
On mac_permissions.xml
●At build time, mac_permissions.xml signature tag names (e.g. @platform) are rewritten to the actual
certificate value extracted from .pem file specified by external/sepolicy/keys.conf
.●build/tools/releasetools/sign_target_files_apks rewrites mac_permissions.xml with updated certificate values for new keys.
System Apps by Certificate
●mac_permissions.xml:
<signer signature= @platform" >
<seinfo value="platform" />
</signer>
●
seapp_contexts:
user=_app seinfo=platform domain=platform_app
type= app_data_file
---------------------------------------------------
Okay so what is this _u _r _t suffix stuff?
• _u – SELinux user
eg: system_u – used for running system services
• _r – SELinux role
eg: system_r – for daemons and background processes
• _t – SELinux type / domain
eg:httpd_t
you can change a single domain to permissive mode
-------------------------------------
the original thread is here, i forgot all about mac_permissions.xml when swapping policy
http://forum.xda-developers.com/galaxy-tab-3/general/se-linux-policy-information-thread-t2865457
moonbutt74 said:
It seems to be all sepolicy, i had to adblock and put in my usual apps minus root apps via adb push.
Swapping policy from the 5.0 boot.img reseults in no visuals or input but at adb/terminal i have access,
It just occured to me that i have not yet tried the policy swap and then applied root, hmm.
After i unscrew my system, i upgraded but forgot to change from sid so now wifi is totally boned, xD
I'll try that out, i figure it's something with ueventd.?
On disabling the policy it's complete no go so far.
In spite of modding init.rc
To disab;e sepolicy reload, to write to sys/fs/selinux/enable/0 and trying kernel cmdline edits for enforce=0 androidboot.selinux=0 etc, results
In bogus disable or no boot and dead adbd. Fun fun fun !
Click to expand...
Click to collapse
I was thinking about getting policy from the 5.0 boot.img and try and see...not sure if it would work - you may try and let me know your results
1) 5.0 sepolicy file.
2) initrd.img current one
3) initrd.img current one
It has been long time man I worked on it or dig this stuff......hmmm....hmmm....Galaxy S6 developers got root on 5.1.1, so this should be not so hard.....
okay so the sesearch string looks something like this , yielding the following output
Code:
[email protected]:/storage/AIK-Linux/ramdisk# sesearch -A -s shell -t system [COLOR="Red"]-c file[/COLOR] sepolicy
Found 3 semantic av rules:
allow shell newAttr33 : file { ioctl read write getattr lock open } ;
allow newAttr7 newAttr33 : file { ioctl read write getattr lock open } ;
allow appdomain newAttr33 : file { ioctl read write getattr lock open } ;
but if i leave out the -c [class=name] option it works sort of like a wild-card and i get this
Code:
[email protected]:/storage/AIK-Linux/ramdisk# sesearch -A -s shell -t system sepolicy
Found 20 semantic av rules:
allow shell system_server : process { transition siginh rlimitinh } ;
allow shell newAttr33 : process getattr ;
allow shell newAttr33 : file { ioctl read write getattr lock open } ;
allow shell newAttr33 : dir { ioctl read getattr search open } ;
[COLOR="Red"]allow shell newAttr33 : lnk_file { ioctl read getattr lock open } ;[/COLOR]
allow appdomain domain : process getattr ;
allow domain system_server : fd use ;
allow newAttr7 newAttr33 : file { ioctl read write getattr lock open } ;
allow newAttr7 newAttr33 : dir { ioctl read getattr search open } ;
[COLOR="Red"] allow newAttr7 newAttr33 : lnk_file { ioctl read getattr lock open } ; [/COLOR]
allow newAttr1 binderservicedomain : fd use ;
allow newAttr1 binderservicedomain : binder { call transfer } ;
allow appdomain system_server : fd use ;
allow appdomain system_server : fifo_file { ioctl read write getattr lock append open } ;
allow appdomain system_server : tcp_socket { read write getattr getopt shutdown } ;
allow appdomain system_server : unix_stream_socket { read write getattr getopt setopt shutdown } ;
allow appdomain newAttr33 : file { ioctl read write getattr lock open } ;
allow appdomain newAttr33 : dir { read getattr search open } ;
allow appdomain newAttr33 : lnk_file { read write getattr open } ;
allow appdomain system_server : binder { call transfer } ;
the lnk_file ones seem interesing, i'm not sure if write is the correct perm or if it's readwrite
using sepolicy inject i've been adding to that list like so
Code:
sepolicy-inject -s appdomain -t newAttr33 -c lnk_file -p write -P sepolicy -o sepolicy-UNdead
but nothing yet, as i go further i will learn more, i think it's finding out what need to be made permissive, getting a read on audit and allow rules don't seem to work, i'm using debian's sepolicy dev tools, as well as Miko's set, and the originating source for sepolicy-inject as well.
finding the permissions/av denial connected to daemonsu being prevented from changing dalvik-cache ownership is what i think i'm looking for
but i'm not 100% on that, though when i
Code:
chcon u:object_r:su_exec:s0 su
, i do get a denial in terminal when i reboot and run su, so i'm still uncertain if su is the culprit.
what makes you think su is the culprit, it is because 5.1.1?
jazzespresso said:
what makes you think su is the culprit, it is because 5.1.1?
Click to expand...
Click to collapse
well, su runs the daemon right the daemon and supolicy need root privelege to run and load
for the portion of the logcat, changing ownership in dalvik-cache fails because damonsu hijacks the app_process/32
changing ownership is the function of chown which needs root priveleges, that particular function happens after the init process,
the init process work with root privelege for the beginning stages of the boot process then lock down and throws over to the system,
without the system's su functioning that process of changing dalvik cache ownership fails and sigabrt , the system hangs.
the reason i'm not 100% sure it's su is because when i chcon app_process/32 -> /xbin/daemonsu to ubject_r:zygote_exec
then the process goes through so...
moonbutt74 said:
well, su runs the daemon right the daemon and supolicy need root privelege to run and load
for the portion of the logcat, changing ownership in dalvik-cache fails because damonsu hijacks the app_process/32
changing ownership is the function of chown which needs root priveleges, that particular function happens after the init process,
the init process work with root privelege for the beginning stages of the boot process then lock down and throws over to the system,
without the system's su functioning that process of changing dalvik cache ownership fails and sigabrt , the system hangs.
the reason i'm not 100% sure it's su is because when i chcon app_process/32 -> /xbin/daemonsu to ubject_r:zygote_exec
then the process goes through so...
Click to expand...
Click to collapse
re-moved
Jazz,
what i am actually going to say is;
pingpong root is a fail, i tried it a few days ago.
dumping general links into this thread is not help.
Linking DIRECTLY to kernel patches/mods etc., is better.
I am looking at the s6 source from the thread you linked to.
I don't think kernel version will make too much of a difference.
The interest, MY interest is in how to mod the default sepolicy to unbreak root.
I do NOT want permissive, i want enforcing with root functioning correctly.
I am getting a better hang of the sepolicy tools but have yet to find what needs changing adjusting
I did manage to disable [set permissive] the policy AND achieve root BUT with display,touch,input broken as before. [grumble]
In the furture please remove quoted text when you reply to post. Thanks.
m
moonbutt74 said:
Jazz,
what i am actually going to say is;
pingpong root is a fail, i tried it a few days ago.
dumping general links into this thread is not help.
Linking DIRECTLY to kernel patches/mods etc., is better.
I am looking at the s6 source from the thread you linked to.
I don't think kernel version will make too much of a difference.
The interest, MY interest is in how to mod the default sepolicy to unbreak root.
I do NOT want permissive, i want enforcing with root functioning correctly.
I am getting a better hang of the sepolicy tools but have yet to find what needs changing adjusting
I did manage to disable [set permissive] the policy AND achieve root BUT with display,touch,input broken as before. [grumble]
In the furture please remove quoted text when you reply to post. Thanks.
m
Click to expand...
Click to collapse
sorry....removed the links and references on my previous post....
jazzespresso said:
sorry....removed the links and references on my previous post....
Click to expand...
Click to collapse
Jazz,
security: SELinux: Avoid enabling enforcing by conventional flag
as to this https://github.com/djvoleur/V_925R4_BOF7/commit/3e33f1fb5538fb2f0f055e9035fe8885a3471322
i'll give it a try and see what happens, but i still want sepolicy enforcing.
@jazzespresso
EDIT - okay i tried it out straight and no-go, but looking at the diff between our selinuxfs.c
and the one you linked to i see that we have a compile/build flag
#ifdef CONFIG_ALWAYS_ENFORCE
//If build is user build and enforce option is set, selinux is always enforcing
new_value = 1;
[blah blah blah]
selinux_enforcing = new_value;
there's some more but i think you get the idea of where i'm going with this.
the new_value change has been used before to success so it will work with our kernel source,
it's just a matter of getting it right. =]
What is "Island"
"Island" is a sandbox environment to clone selected apps and isolate them from accessing your personal data outside the sandbox (including call logs, contacts, photos and etc) even if related permissions are granted. Device-bound data is still accessible (SMS, IMEI and etc).
Isolated app can be frozen on demand, with launcher icon vanish and its background behaviors completely blocked.
How does it work
Island takes advantage of the "managed profile" feature on Android 5.0+, which is the also the base of "Android for Work", to create an isolated sandbox for apps and their data.
App needs to be cloned in Island first. Afterwards, the clone can run parallel aside from the original one. (even with different accounts signed-in) It can be frozen on demand by Island. (NO ROOT REQUIRED)
Currently, all operations are manual in Island. There's a plan to integrate Greenify with Island to provide automatic freezing feature.
Common use case
Freeze frequently woken apps. Clone it into Island and uninstall the original one outside. Then you can freeze it to fully block its background behaviors. Remember to create launch shortcut for quick de-freezing and launching.
Prevent permission-hungry apps from accessing your private data. Sometimes runtime-permission may not be the solution, especially if the app refuses to work without certain permissions. App clones running in Island cannot access your contacts, call logs and sniff other apps outside. But SMS and location are exceptions since they are bound to device.
Use two accounts of the same app parallel. Clone it into Island and login the other account inside.
Archive rarely used apps. Like the first case, keep them frozen until the next time you need it.
Hide your private apps.
DISCLAIMER
This beta version may be dangerous on some Android devices, it may cause boot-loop and even brick your device. The purpose of closed beta exclusive for advanced users is to widely test and improve the device compatibility. Don't install it on your daily device and remember to BACKUP FIRST.
Install
Opt-in the open beta test on Google Play: https://play.google.com/apps/testing/com.oasisfeng.island (May take several minutes to become visible after opt-in)
Or download the APK here: https://www.dropbox.com/sh/3fmjigfejcu0kko/AABJy7du0DQx2Jn_R0uQcy6Ea?dl=0
Manual override for non-encrypted device (NO ROOT REQUIRED)
Currently, Island will prompt that it requires device encryption to work. You need either an encrypted device or the root privilege to create the Island.
If you don't want to encrypt your device, besides the root option, there's actually also a manual procedure to create Island on your device for advanced users.
Execute the following commands in the shell (in exact order):
pm create-user --profileOf 0 --managed Island
(remember the user ID shown, usually 10, use it in the following commands to replace the "<user id>".
If you got "Error: couldn't create User", execute setprop fw.max_users 10 first, then retry the command above.)
pm install -r /data/app/com.oasisfeng.island-1/base.apk
(if you get "file not found" error, use "-2" instead of "-1" in above command and execute again)
(Android 6.0+) adb shell dpm set-profile-owner --user <user id> com.oasisfeng.island/.IslandDeviceAdminReceiver
or (Android 5.x) adb shell dpm set-profile-owner com.oasisfeng.island/.IslandDeviceAdminReceiver <user id>
adb shell am start-user <user id>
Click to expand...
Click to collapse
If all goes well, Island will start, showing the app list.
Now, have fun without device encryption.
Experimental "God mode"
In normal mode, Island only takes care of apps inside the Island space. The “God mode” is an experimental mode, in which Island takes control of ALL apps, both inside and outside Island space. For example, you can freeze any app without cloning it first.
It is still in beta testing and not ready for average users. At present it is only recommended for advanced users who is well understanding what is going on the device and how to deal with unforeseeable troubles.
The limitations in “God mode”:
App Backup (Cloud backup for app data by Google Play services) will stop working on Android 5.x~6.x. (Not an issue on Android 7+)
If G Suite (Google for Work) account is logged in Island, Play store will switch to work mode and you cannot install most of the apps. Log out the G Suite account will revert Play store to normal mode.
God mode could only be setup manually:
Remove all accounts and "Work profile" (which is the Island space if you have already setup normal mode of Island) in system Settings - Accounts.
Execute in ADB shell:
Code:
dpm set-device-owner com.oasisfeng.island/.IslandDeviceAdminReceiver
If you get error message in this step, please try executing settings put global device_provisioned 0 and then above dpm ... command again, followed by settings put global device_provisioned 1. (The last command is very important, otherwise you may face status bar locked and being unable to call or SMS.).
Start Island app now and it will work in God mode.
God mode could even work together with normal mode in Island, giving you full control on apps both inside and outside of Island. Just setup God mode first and then follow the steps to setup normal mode, as mentioned above.
Is this the same concept as MoboClean? Interested to see how it works and save more battery for all of us
truemagic said:
Is this the same concept as MoboClean? Interested to see how it works and save more battery for all of us
Click to expand...
Click to collapse
No, Island never repack apk file locally, which is inherently insecure for users, since all your app data (including password input) are technically in the hand of MoboClean. (The same applies to other similar tools, e.g. LBE Parallel Space)
Instead, Island takes advantage of the underlying mechanism used by "Android for Work". This ensures that all your apps run natively in Android system and their data are securely stored in internal location of Android which is never accessible by Island. It has the same level of security as "Android for Work".
This will be another weapon against bloatwares.
绝对又是一款神器。
always here..
[email protected]:/ $ pm install --user 10 -r /data/app/com.oasisfeng.island-1/base.apk
l --user 10 -r /data/app/com.oasisfeng.island-1/base.apk <
pkg: /data/app/com.oasisfeng.island-1/base.apk
weiwei233 said:
always here..
[email protected]:/ $ pm install --user 10 -r /data/app/com.oasisfeng.island-1/base.apk
l --user 10 -r /data/app/com.oasisfeng.island-1/base.apk <
pkg: /data/app/com.oasisfeng.island-1/base.apk
Click to expand...
Click to collapse
If it hangs, try that command without "--user 10" instead.
pm install -r /data/app/com.oasisfeng.island-1/base.apk
oasisfeng said:
If it hangs, try that command without "--user 10" instead.
pm install -r /data/app/com.oasisfeng.island-1/base.apk
Click to expand...
Click to collapse
OK!Success
----
127|[email protected]:/ $ dpm set-profile-owner com.oasisfeng.island/.IslandDeviceAdminReceiver 11
et-profile-owner com.oasisfeng.island/.IslandDeviceAdminReceiver 11 <
java.lang.IllegalStateException: Not allowed to set the profile owner because there are already some accounts on the profile
at android.os.Parcel.readException(Parcel.java:1618)
at android.os.Parcel.readException(Parcel.java:1558)
at android.app.admin.IDevicePolicyManager$Stub$Proxy.setProfileOwner(IDevicePolicyManager.java:6079)
at com.android.commands.dpm.Dpm.runSetProfileOwner(Dpm.java:132)
at com.android.commands.dpm.Dpm.onRun(Dpm.java:85)
at com.android.internal.os.BaseCommand.run(BaseCommand.java:47)
at com.android.commands.dpm.Dpm.main(Dpm.java:38)
at com.android.internal.os.RuntimeInit.nativeFinishInit(Native Method)
at com.android.internal.os.RuntimeInit.main(RuntimeInit.java:251)
weiwei233 said:
OK!Success
----
127|[email protected]:/ $ dpm set-profile-owner com.oasisfeng.island/.IslandDeviceAdminReceiver 11
et-profile-owner com.oasisfeng.island/.IslandDeviceAdminReceiver 11 <
java.lang.IllegalStateException: Not allowed to set the profile owner because there are already some accounts on the profile
at android.os.Parcel.readException(Parcel.java:1618)
at android.os.Parcel.readException(Parcel.java:1558)
at android.app.admin.IDevicePolicyManager$Stub$Proxy.setProfileOwner(IDevicePolicyManager.java:6079)
at com.android.commands.dpm.Dpm.runSetProfileOwner(Dpm.java:132)
at com.android.commands.dpm.Dpm.onRun(Dpm.java:85)
at com.android.internal.os.BaseCommand.run(BaseCommand.java:47)
at com.android.commands.dpm.Dpm.main(Dpm.java:38)
at com.android.internal.os.RuntimeInit.nativeFinishInit(Native Method)
at com.android.internal.os.RuntimeInit.main(RuntimeInit.java:251)
Click to expand...
Click to collapse
Please remove the work profile in Settings - Accounts, then follow the instructions strictly with all the commands entered one by one.
oasisfeng said:
Please remove the work profile in Settings - Accounts, then follow the instructions strictly with all the commands entered one by one.
Click to expand...
Click to collapse
i think i messed up..
sorry
Start island app still prompt "build the island"
1|[email protected]:/ $ pm create-user --profileOf 0 --managed Island
pm create-user --profileOf 0 --managed Island
Success: created user id 14
1|[email protected]:/ $ pm install -r /data/app/com.oasisfeng.island-2/base.apk
pm install -r /data/app/com.oasisfeng.island-2/base.apk
pkg: /data/app/com.oasisfeng.island-2/base.apk
Success
1|[email protected]:/ $ dpm set-profile-owner com.oasisfeng.island/.IslandDeviceAdminReceiver 14
-profile-owner com.oasisfeng.island/.IslandDeviceAdminReceiver 14 <
java.lang.IllegalStateException: Trying to set the profile owner, but profile owner is already set.
at android.os.Parcel.readException(Parcel.java:1618)
at android.os.Parcel.readException(Parcel.java:1558)
at android.app.admin.IDevicePolicyManager$Stub$Proxy.setProfileOwner(IDevicePolicyManager.java:6079)
at com.android.commands.dpm.Dpm.runSetProfileOwner(Dpm.java:132)
at com.android.commands.dpm.Dpm.onRun(Dpm.java:85)
at com.android.internal.os.BaseCommand.run(BaseCommand.java:47)
at com.android.commands.dpm.Dpm.main(Dpm.java:38)
at com.android.internal.os.RuntimeInit.nativeFinishInit(Native Method)
at com.android.internal.os.RuntimeInit.main(RuntimeInit.java:251)
1|[email protected]:/ $ am start-user 14
am start-user 14
Success: user started
127|[email protected]:/ $ am start com.oasisfeng.island
am start com.oasisfeng.island
Starting: Intent { act=android.intent.action.MAIN cat=[android.intent.category.LAUNCHER] pkg=com.oasisfeng.island }
[email protected]:/ $
@oasisfeng Hi, I've become a beta tester and operation system is 5.0.2 but still can't download from Google play ,and it says this application with all of your devices are incompatible.
Works great on my Sony E5823. Hope the automatic mode will come soon.
Really excellent work and admire your always ingenious work.
Something wrong with the cloned app Meituan. While running, the force close warning will keep poping out though after click yes, the app is still usable without being force closed.
weiwei233 said:
i think i messed up..
sorry
Start island app still prompt "build the island"
1|[email protected]:/ $ pm create-user --profileOf 0 --managed Island
pm create-user --profileOf 0 --managed Island
Success: created user id 14
1|[email protected]:/ $ pm install -r /data/app/com.oasisfeng.island-2/base.apk
pm install -r /data/app/com.oasisfeng.island-2/base.apk
pkg: /data/app/com.oasisfeng.island-2/base.apk
Success
1|[email protected]:/ $ dpm set-profile-owner com.oasisfeng.island/.IslandDeviceAdminReceiver 14
-profile-owner com.oasisfeng.island/.IslandDeviceAdminReceiver 14 <
java.lang.IllegalStateException: Trying to set the profile owner, but profile owner is already set.
at android.os.Parcel.readException(Parcel.java:1618)
at android.os.Parcel.readException(Parcel.java:1558)
at android.app.admin.IDevicePolicyManager$Stub$Proxy.setProfileOwner(IDevicePolicyManager.java:6079)
at com.android.commands.dpm.Dpm.runSetProfileOwner(Dpm.java:132)
at com.android.commands.dpm.Dpm.onRun(Dpm.java:85)
at com.android.internal.os.BaseCommand.run(BaseCommand.java:47)
at com.android.commands.dpm.Dpm.main(Dpm.java:38)
at com.android.internal.os.RuntimeInit.nativeFinishInit(Native Method)
at com.android.internal.os.RuntimeInit.main(RuntimeInit.java:251)
1|[email protected]:/ $ am start-user 14
am start-user 14
Success: user started
127|[email protected]:/ $ am start com.oasisfeng.island
am start com.oasisfeng.island
Starting: Intent { act=android.intent.action.MAIN cat=[android.intent.category.LAUNCHER] pkg=com.oasisfeng.island }
[email protected]:/ $
Click to expand...
Click to collapse
This means your existing managed profile is not correctly removed. Please try removing it first in the Settings - Accounts, or use the following shell command to remove it:
pm list users
pm remove-user <user id>
Open.Orange said:
@oasisfeng Hi, I've become a beta tester and operation system is 5.0.2 but still can't download from Google play ,and it says this application with all of your devices are incompatible.
Click to expand...
Click to collapse
Sorry, not all devices / ROMs support managed profile as the AOSP/Nexus device. If you are using 3rd-party ROM, please contact the ROM modder for support of "managed profile" feature.
Even if your device is not supported right now, please stay tuned for the incoming "God mode" which supports all devices of Android 5.0+.
oasisfeng said:
This means your existing managed profile is not correctly removed. Please try removing it first in the Settings - Accounts, or use the following shell command to remove it:
pm list users
pm remove-user <user id>
Click to expand...
Click to collapse
disaster
[email protected]:/ $ pm list users
pm list users
Users:
UserInfo{0:+86:13} running
UserInfo{11:Island:30} running
1|[email protected]:/ $ pm remove-user 11
pm remove-user 11
Success: removed user
1|[email protected]:/ $ pm create-user --profileOf 0 --managed Island
pm create-user --profileOf 0 --managed Island
Success: created user id 12
1|[email protected]:/ $ pm install -r /data/app/com.oasisfeng.island-2/base.apk
pm install -r /data/app/com.oasisfeng.island-2/base.apk
pkg: /data/app/com.oasisfeng.island-2/base.apk
Success
[email protected]:/ $ dpm set-profile-owner com.oasisfeng.island/.IslandDeviceAdminReceiver 12
rofile-owner com.oasisfeng.island/.IslandDeviceAdminReceiver 12 <
java.lang.IllegalStateException: Trying to set the profile owner, but profile owner is already set.
at android.os.Parcel.readException(Parcel.java:1618)
at android.os.Parcel.readException(Parcel.java:1558)
at android.app.admin.IDevicePolicyManager$Stub$Proxy.setProfileOwner(IDevicePolicyManager.java:6079)
at com.android.commands.dpm.Dpm.runSetProfileOwner(Dpm.java:132)
at com.android.commands.dpm.Dpm.onRun(Dpm.java:85)
at com.android.internal.os.BaseCommand.run(BaseCommand.java:47)
at com.android.commands.dpm.Dpm.main(Dpm.java:38)
at com.android.internal.os.RuntimeInit.nativeFinishInit(Native Method)
at com.android.internal.os.RuntimeInit.main(RuntimeInit.java:251)
It seems the apps in "island" can't share the VPN connection in the system. Anyway to fix this?
@oasisfeng
A small correction in the heading of this thread.
"Inner Peace" instead of "Inner Peach".
Is installation through Google Play Store inside island possible?
It's safe to run this if you've already cleared parts out. It's ideal for right after you've rooted.
You will be left with a very clean Palm phone. If you use Fdroid, love open-source, and loath Google then this is for you!
Everything works well. There is one issue with the dialer where you scroll to the top with the scrollbar and it crashes. Instead of using the scrollbar just swipe on the names to scroll.
# Objectives:
1. remove all bloatware, including Google
2. Fix incorrect APN settings
3. Remove traces of Verizon
4. Battery life enhancement
5. Suppress adb debugging warning
# TODO
1. Make the script ask whether Google apps are to be removed, and differentiate.
# Pre-requisites:
1. device is rooted!
# Usage
Run ./exec.sh in a terminal and follow the instructions.
Thanks for releasing this. Do you have any data on performance or battery life increases after making all of these changes? Also, since this script seems to remove Google services, would I be able to do a factory reset of the device to restore Google services?
All Google crap is removed. You can modify the script to exclude those removals if you want (please share your changes and I'll include for others).
All changes are to /system and /vendor, so considered permanent.
If you do a factory reset chances are it won't boot and you'll need to re-root again. Best avoid.
Battery life difference is significant, as is to be expected by removing so much junk, specifically services.
One issue, it somehow removed the clock app. I'll have to remove that from the list when I find out which one it is. For now you can install it again via "Clock" on apkpure.com
snoopy20 said:
One issue, it somehow removed the clock app. I'll have to remove that from the list when I find out which one it is. For now you can install it again via "Clock" on apkpure.com
Click to expand...
Click to collapse
It's on line 30 of the palm.sh
DeskClock
g60madman said:
It's on line 30 of the palm.sh
DeskClock
Click to expand...
Click to collapse
Ah I thought that was a home widget. Now fixed.
Please let me know if there's any other bloatware crap which I've missed.
I've found /vendor/bin/mmid is writing to logcat and responsible for a lot of wakeups. Prevented it from respawning with chmod 000. No negative effect so far so will add it to the next script revision.
Also by killing that I now get new battery information in logcat and a lot less logcat messages. I believe that process was responsible for killing something related to power details as I kept getting process startup details. I now get a lot less messages and also proper battery stats in logcat -
02-18 14:01:38.354 1223 2332 D BatteryService: Processing new values: chargerAcOnline=false, chargerUsbOnline=true, chargerWirelessOnline=false, maxChargingCurrent500000, maxChargingVoltage5000000, batteryStatus=2, batteryHealth=2, batteryPresent=true, batteryLevel=97, batteryTechnology=Li-ion, batteryVoltage=4397, batteryChargeCounter=715903, batteryFullCharge=796000, batteryTemperature=240, mBatteryLevelCritical=false, mPlugType=2
Really appreciate your work on this. I edited the palm.sh file to the following to try to keep all the extra Google stuff intact:
#!/usr/bin/env sh
mount -o rw,remount /system
mount -o rw,remount /vendor
## OBJECTIVE: 1 ##
echo "Removing user installs..."
pm uninstall -k --user 0 'com.verizon.cloudsetupwizard'
pm uninstall -k --user 0 'com.verizon.mips.services'
pm uninstall -k --user 0 'com.vzw.hss.myverizon'
pm uninstall -k --user 0 'com.jrd.verizonuriintentservice'
pm uninstall -k --user 0 'com.verizon.messaging.vzmsgs'
pm uninstall -k --user 0 'com.verizon.llkagent'
pm uninstall -k --user 0 'com.vzw.apnlib'
pm uninstall -k --user 0 'com.tcl.vzwintents'
pm uninstall -k --user 0 'com.tct.vzwwifioffload'
pm uninstall -k --user 0 'com.vzw.ecid'
pm uninstall -k --user 0 'com.vzw.easvalidation'
pm uninstall -k --user 0 'com.customermobile.preload.vzw'
pm uninstall -k --user 0 'com.vcast.mediamanager'
echo "Removing system bloatware..."
cd /system/app
## WARN: no remove (will brick): GoogleExtShared SecureExtAuthService
rm -rf VerizonUrintentService verizon-wifi-offload vzwintents
cd /system/priv-app
rm -rf VerizonNameID com.customermobile.preload.vzw VZWAPNLib verizon-llk-agent
cd /vendor/app
rm -rf VzwDMClient
cd /vendor/priv-app
rm -rf MVM_vzw_app-release-phone-13.1.1-278.apk VZMessages-mobile-6.7.12-94-market-release-signed.apk Verizon_LocationAgent_vzw_v0.0.3.120_Production_NoDebug_release_signed.apk
In case anyone else wanted to try out a different version.
snoopy20 said:
I've found /vendor/bin/mmid is writing to logcat and responsible for a lot of wakeups. Prevented it from respawning with chmod 000. No negative effect so far so will add it to the next script revision.
Click to expand...
Click to collapse
Don't use "chmod 000" on mmid. If you do, you can see in the kernel log (via "dmesg") that the phone is constantly trying to restart the mmid service:
Code:
init: starting service 'mmid'..
init: cannot execve('/vendor/bin/mmid'): Permission denied
...
init: starting service 'mmid'..
init: cannot execve('/vendor/bin/mmid'): Permission denied
...
init: starting service 'mmid'..
init: cannot execve('/vendor/bin/mmid'): Permission denied
But if you remove or rename mmid (mv /vendor/bin/mmid /vendor/bin/mmid.bak), init gives up and doesn't try to restart the mmid service:
Code:
[10081.043211] init: cannot find '/vendor/bin/mmid', disabling 'mmid': No such file or directory
---------- Post added at 08:41 PM ---------- Previous post was at 08:09 PM ----------
snoopy20 said:
#TODO (please assist if you can!)
1. Verizon boot animation.
Click to expand...
Click to collapse
To get rid of the Verizon boot animation, you can just rename/remove the bootanimation.zip file.
Code:
mount -o rw,remount /vendor
mv /vendor/JRD_custres/media/bootanimation.zip /vendor/JRD_custres/media/bootanimation.zip.bak
This will give you a default pulsing "android" boot animation instead of the Verizon boot animation.
Alternatively, you can use the below "PALM" boot animation that I put together. I don't know what boot animation the non-Verizon phone uses, but it's probably similar to this.
drive [dot] google.com/file/d/114Q9BUSrkjjIt9fPT4B-s3VH0ExGClDi/view
Code:
adb push bootanimation.zip /data/local/tmp/
adb shell
su
mount -o rw,remount /vendor
mv /data/local/tmp/bootanimation.zip /vendor/JRD_custres/media/bootanimation.zip
hi
does anyone know how to remove/change the boot image of "Your device has loaded a different operating system"?
thanks in advance
hi
will deleting all the bloatware from verizon make it unable to work on the CDMA network?
Doubt it, should be fine.
Funny that mmid didn't show in journalctl but does show with dmesg. I'll make the change. I'll remove the boot animation as well. - CHANGES MADE
If you want to modify the script to ask the user whether they want to keep Google crap, I can add that.
I'm just now trying to run this script, but I'm not all that familiar with running terminal scripts and I'm having an issue that I couldn't find the answer to. I'm rooted on the 1AMG software.
I keep getting "Read-only file system" errors, which searching tells me I have some permissions issues. The script says to grant access for Superuser, which I've done. Below is a screenshot of my terminal with the errors. I've received the same errors on Windows 10 and in Linux terminal on Chromebook.
https://imgur.com/a/XTkrHN8
Any help would be appreciated. Thanks!
tmrodden said:
I'm just now trying to run this script, but I'm not all that familiar with running terminal scripts and I'm having an issue that I couldn't find the answer to. I'm rooted on the 1AMG software.
I keep getting "Read-only file system" errors, which searching tells me I have some permissions issues. The script says to grant access for Superuser, which I've done. Below is a screenshot of my terminal with the errors. I've received the same errors on Windows 10 and in Linux terminal on Chromebook.
https://imgur.com/a/XTkrHN8
Any help would be appreciated. Thanks!
Click to expand...
Click to collapse
When the SU request came up did you grant or deny?
What happens when you run mount -o rw,remount /system?
snoopy20 said:
When the SU request came up did you grant or deny?
What happens when you run mount -o rw,remount /system?
Click to expand...
Click to collapse
I have got the same "not permitted" problem
When I'm trying to mount the /system it says:
Code:
PS C:\adb\palm> adb shell
Pepito:/ $ mount -o rw,remount /system
mount: '/dev/block/platform/soc/7824900.sdhci/by-name/system' not user mountable in fstab
I've tried to execute ANY "palm.sh" commands manually:
Code:
Pepito:/ $ cd /sdcard && su - -c \"sh palm.sh\"
: sh palm.sh: not found
On any other command I'm getting "Read only" reply
snoopy20 said:
When the SU request came up did you grant or deny?
What happens when you run mount -o rw,remount /system?
Click to expand...
Click to collapse
I granted the SU request, and it shows as enabled within Magisk, just as it does in the screenshot in al07th's post above.
The mount -o rw,remount /system command you suggested gives the following responses when I tried:
https://imgur.com/i0UWfWx
This is all after having completely wiped the phone, restored to the latest stock firmware using Sugar (1AMGGFG0), and going through the whole process again with a fresh root.
Also wanted to mention that any commands involving the "/sdcard" folder usually result in an error. Only adding a second backslash ("/sdcard/") allows them to be accepted.
tmrodden said:
I granted the SU request, and it shows as enabled within Magisk, just as it does in the screenshot in al07th's post above.
The mount -o rw,remount /system command you suggested gives the following responses when I tried:
https://imgur.com/i0UWfWx
This is all after having completely wiped the phone, restored to the latest stock firmware using Sugar (1AMGGFG0), and going through the whole process again with a fresh root.
Also wanted to mention that any commands involving the "/sdcard" folder usually result in an error. Only adding a second backslash ("/sdcard/") allows them to be accepted.
Click to expand...
Click to collapse
>> So this fails - adb push push/palm.sh /sdcard
>> But this works? adb push push/palm.sh /sdcard/
Strange!
mount -o rw,remount /system -> you are not running as su, hence the error you have.
In the console enter su bash then run mount -o rw,remount /system and it should work without error.
This is what the cd /sdcard && su - -c "sh palm.sh" command is doing. Assuming everything is pushed already and you've in a su bash shell then you can cd to the /sdcard directory and run the palm.sh directly.
al07th said:
I have got the same "not permitted" problem
When I'm trying to mount the /system it says:
Code:
PS C:\adb\palm> adb shell
Pepito:/ $ mount -o rw,remount /system
mount: '/dev/block/platform/soc/7824900.sdhci/by-name/system' not user mountable in fstab
I've tried to execute ANY "palm.sh" commands manually:
Code:
Pepito:/ $ cd /sdcard && su - -c \"sh palm.sh\"
: sh palm.sh: not found
On any other command I'm getting "Read only" reply
Click to expand...
Click to collapse
If you don't have the script in the /sdcard directory you haven't run the exec.sh first. This implies you didn't look at the README.
snoopy20 said:
This implies you didn't look at the README.
Click to expand...
Click to collapse
No, I DID check your readme. :silly: It has the same description as your topic
When I'm trying to execute "exec.sh", I get this:
Code:
C:\adb\palm> bash exec.sh
We're about to install some APKs. If you have ones you'd like to install stick them into apks/myapps now.
Ready?y
exec.sh: line 8: adb: command not found
exec.sh: line 11: adb: command not found
exec.sh: line 12: adb: command not found
exec.sh: line 13: adb: command not found
exec.sh: line 16: adb: command not found
That's why I've tried to execute "palm.sh" manually.
--------------------------------------------------
Executing
Code:
su -c mount -o rw,remount /system
su -c mount -o rw,remount /vendor
didn't resolve any problem.
I have manually added "palm.sh" to sdcard and executed it:
Code:
C:\adb\palm\push> adb shell
Pepito:/ $ cd /sdcard
Pepito:/sdcard $ su - -c "sh palm.sh"
Removing user installs...
Failure [not installed for 0]
Failure [not installed for 0]
Failure [not installed for 0]
Failure [not installed for 0]
Failure [not installed for 0]
Failure [not installed for 0]
Failure [not installed for 0]
Failure [not installed for 0]
Failure [not installed for 0]
Failure [not installed for 0]
Failure [not installed for 0]
Failure [not installed for 0]
Failure [not installed for 0]
Failure [not installed for 0]
Failure [not installed for 0]
Failure [not installed for 0]
Failure [not installed for 0]
Failure [not installed for 0]
Failure [not installed for 0]
Failure [not installed for 0]
Failure [not installed for 0]
Removing system bloatware...
rm: YouTube: Device or resource busy
rm: AutoKillService.apk: Read-only file system
rm: AutoKillService.odex: Read-only file system
rm: AutoKillService.vdex: Read-only file system
rm: Fota.apk: Read-only file system
rm: Fota.odex: Read-only file system
rm: Fota.vdex: Read-only file system
rm: ConfigUpdater.apk: Read-only file system
rm: ConfigUpdater.odex: Read-only file system
rm: ConfigUpdater.vdex: Read-only file system
rm: GoogleBackupTransport.apk: Read-only file system
rm: GoogleBackupTransport.odex: Read-only file system
rm: GoogleBackupTransport.vdex: Read-only file system
rm: GoogleServicesFramework.apk: Read-only file system
rm: GoogleServicesFramework.odex: Read-only file system
rm: GoogleServicesFramework.vdex: Read-only file system
rm: StatementService.apk: Read-only file system
rm: StatementService.odex: Read-only file system
rm: StatementService.vdex: Read-only file system
rm: VerizonNameID.apk: Read-only file system
rm: VerizonNameID.odex: Read-only file system
rm: VerizonNameID.vdex: Read-only file system
rm: GmsCore.apk: Read-only file system
rm: GmsCore.odex: Read-only file system
rm: GmsCore.vdex: Read-only file system
rm: GmsCore.odex: Read-only file system
rm: GmsCore.vdex: Read-only file system
rm: TagGoogle.apk: Read-only file system
rm: TagGoogle.odex: Read-only file system
rm: TagGoogle.vdex: Read-only file system
rm: WiFiActivation.apk: Read-only file system
rm: WiFiActivation.odex: Read-only file system
rm: WiFiActivation.vdex: Read-only file system
rm: com.customermobile.preload.vzw.apk: Read-only file system
rm: com.customermobile.preload.vzw.odex: Read-only file system
rm: com.customermobile.preload.vzw.vdex: Read-only file system
rm: Elabel.apk: Read-only file system
rm: Elabel.odex: Read-only file system
rm: Elabel.vdex: Read-only file system
rm: GoogleFeedback.apk: Read-only file system
rm: GoogleFeedback.odex: Read-only file system
rm: GoogleFeedback.vdex: Read-only file system
rm: GoogleOneTimeInitializer.apk: Read-only file system
rm: GoogleOneTimeInitializer.odex: Read-only file system
rm: GoogleOneTimeInitializer.vdex: Read-only file system
rm: GooglePartnerSetup.apk: Read-only file system
rm: GooglePartnerSetup.odex: Read-only file system
rm: GooglePartnerSetup.vdex: Read-only file system
rm: Phonesky.apk: Read-only file system
rm: Phonesky.odex: Read-only file system
rm: Phonesky.vdex: Read-only file system
rm: SetupWizardOverlay.apk: Read-only file system
rm: SetupWizardOverlay.odex: Read-only file system
rm: SetupWizardOverlay.vdex: Read-only file system
rm: SetupWizard.apk: Read-only file system
rm: SetupWizard.odex: Read-only file system
rm: SetupWizard.vdex: Read-only file system
rm: VZWAPNLib.apk: Read-only file system
rm: VZWAPNLib.odex: Read-only file system
rm: VZWAPNLib.vdex: Read-only file system
rm: VZWAPNLib.odex: Read-only file system
rm: VZWAPNLib.vdex: Read-only file system
rm: Velvet.apk: Read-only file system
rm: Velvet.odex: Read-only file system
rm: Velvet.vdex: Read-only file system
rm: verizon-llk-agent.odex: Read-only file system
rm: verizon-llk-agent.vdex: Read-only file system
rm: verizon-llk-agent.apk: Read-only file system
mv: bad '/data/app/rkr.simplekeyboard.inputmethod-*': No such file or directory
Removing Verizon traces...
Removing Unsold-product-on-shelf battery decay limit...
Removing adb debugging nag
Done! - rebooting.
Still getting 'Read-only file system' even though /system /vendor was mounted with no errors.
--------------------------------------------------
After reboot i got multiple system.android stopped working
'Erase all data (factory reset)' "bricked" the phone on Verizon's welcome screen 'initialization'. Whatever app is needed for the fresh setup - needs to be freezed, not deleted.
To anyone who have executed the script I do not recommend doing 'Erase all data (factory reset)' on your device. Otherwise you'll be forced to flash and root the firmware again (in case you did make a rooted backup).
--------------------------------------------------
snoopy20 said:
>> So this fails - adb push push/palm.sh /sdcard
>> But this works? adb push push/palm.sh /sdcard/
Click to expand...
Click to collapse
Yes, exactly. Here is a screenshot showing the results of both commands: https://imgur.com/9QqSxwo
snoopy20 said:
mount -o rw,remount /system -> you are not running as su, hence the error you have.
In the console enter su bash then run mount -o rw,remount /system and it should work without error.
Click to expand...
Click to collapse
Thank you. The su bash command did seem to allow the mount -o rw,remount /system to execute correctly without errors, but the rm commands in the palm.sh script still result in "Read-only file system" errors. You can see in the below screenshot all the commands I entered.
https://imgur.com/ztAjkdc
Hello
I have Realme C2 devices that I use for automation, however I am facing an issue with Realme C2 devices
I have enable developer option and enable Disable permission monitoring
When use appium to execute my automation for Chrome browser I got this error message
Code:
WebDriverException: Message: An unknown server-side error occurred while processing the command. Original error: Error executing adbExec. Original error: 'Command 'adb -P 5037 -s emulator-5554 shell pm clear com.android.chrome' exited with code 255'; Stderr: 'Security exception: adb clearing user data is forbidden.
java.lang.SecurityException: adb clearing user data is forbidden.
at com.android.server.am.ActivityManagerService.clearApplicationUserData(ActivityManagerService.java:7612)
at com.android.server.pm.PackageManagerShellCommand.runClear(PackageManagerShellCommand.java:1616)
What should I do to allow adb to clear the data or which option that I should enable in Developer options for Realme C2?
Thanks
When you clear app data, it's similar to uninstalling and re-installing the application. May be super-user rights are needed to clear app data in question - what requires phone's Android is rooted.
Code:
adb shell "su -c 'pm clear <PKG-NAME>'"
@jwoegerbauer my devices not rooted
Code:
/system/bin/sh: su: not found
Is there any possible solution for that? Seems only occuring on Realme devices, I have another devices Samsung and working fine after enable developer options