I use Samsung Galaxy S9+ (Snapdragon). I am rooted with Magisk and Klabit kernel but no SElinux enforcement.
Is there any custom kernel for my phone that enforces SELinux?
Please share links with me.
Thank you.
Just root phone --> serivice.d --> setenforce 1 & you are enforced
Since Android 5 ( AOSP ) SELinux's mode is ENFORCING by default. Custom ROMs set it to PERMISSIVE by default in order to properly work.
Related
I found Tugarom, are there other roms/kernels that support selinux permissive (needed for xprivacy) that are Lollipop compatibel?
Xprivacy didn't work either on that rom (It was already installed as a system app). Anyone who had a solution?
Good day, Im looking for a kernel with permissive selinux that works with a P900 device running lollipop. Have been reading in the forums but seems like there arent any kernels working at 100% right now so was wondering if any of you could point me in the correct direction.
Trying to run Linux complete installer right now on my device but it doesnt work because of the selinux mode, thanks a lot.
I have the Lollipop ROM from @civato installed (see http://forum.xda-developers.com/gal...-civzp900lollipop-5-0-2-aroma-12-jul-t3155589) and can confirm I have permissive mode for SELinux : infact I have this with Ubuntu running on my P900 but I used Linux Deploy rather than Linux Complete Installer.
The kernel is also available separately (check the author's signature for links).
Good luck.
Thanks a lot friend
Hi, bothering again I installed this kernel separately but in the op says that selinux permissive is set to no.. How would I change it to permissive? Tried with selinux mode changer and didnt work thanks a lot
I want to set SELinux to disabled or permissive (either one) when I compile my custom kernel. I have tried a few things:
1) setting DECONFIG_ALWAYS_ENFORCE to false
2) changing CONFIG_SECURITY_SELINUX=n to CONFIG_SECURITY_SELINUX=y in the /arch/arm/configs/XXX_defconfig file
3) removing references to SELinux in init.rc (I edited my ramdisk)
How do I set SELinux to disabled or permissive? I am on Marshmallow 6.0.1. Thanks!
I have tried using selinux mode changer, 'terminal ide' and apps of that sort, looked on the internet for commands, init.d method (my kernel does not support init.d) but non of them worked. The SE (selinux) status always stays "enabled". I have the latest version of supersu on my device.
Do I have to flash custom rom of cyanogenmod on my device? If so, will the custom rom have supersu any Google apps?
From j700f (2016): android version 6.0.1
Is secure for my personnal data to install a custom kernel ?
If the kernel you are installing is not permissive selinux then I would say yes it's secure and safe to use. Kernels are built many different ways, depending on how whatever developer compiles them and they have different things in them. Some focus on features, others speed, other kernels main focus may be battery life or security. Just read the kernel changelog and search for things that you don't know and bookmark everything so you can return later and read more... That's what I do. But the answer to your question I'd say is as long as the kernel you install is not permissive selinux then yes it's safe to use a custom kernel.
flash713 said:
this message was translated with Google translation I apologize in advance if there will be any mistakes:
thank you for your answer i would just like to know how can we know if the custom kernel is selinux permissive.
Click to expand...
Click to collapse
getenforce command is a Linux Commnand for quick confirmation of the current SELinux mode. Used without any command line parameters, getenforce reports SELinux status with just one word.
This can be done using termux app from your phone if you are rooted. Just type su (push enter) then grant root when it pops up on phone screen and then type: getenforce the reply will be what the kernel is. Example: Nowadays the most common are Enforcing selinux. If it's enforcing it will reply: enforcing after running those commands.
Edit added: The kernel log and usually the op or first post of the xda thread where the kernel is will say what it is.