[Q] S4 MJ7 SElinux change from Enforceing to permisive? - Verizon Samsung Galaxy S 4

Has any one been able to set SElinux to permissive from enforcing?
I have tried this
Code:
[email protected]:/ $ su
[email protected]:/ # pm disable com.sec.knox.seandroid
[email protected]:/ # setenforce 0
[email protected]:/ #
With the output of
Code:
[email protected]:/ $ su
[email protected]:/ # pm disable com.sec.knox.seandroid
pm disable com.sec.knox.seandroid
Package com.sec.knox.seandroid new state: disabled
[email protected]:/ # setenforce 0
setenforce 0
[email protected]:/ #
But SElinux is still showing enforcing.
Other methods I was trying was editing /etc/selinux/. This location does not exists.
I have also searched other sources, and non work for this particular build of S4.
I do not believe i can edit the md5 file and get it to flash after the mods.

Rippey574 said:
Has any one been able to set SElinux to permissive from enforcing?
I have tried this
Code:
[email protected]:/ $ su
[email protected]:/ # pm disable com.sec.knox.seandroid
[email protected]:/ # setenforce 0
[email protected]:/ #
With the output of
Code:
[email protected]:/ $ su
[email protected]:/ # pm disable com.sec.knox.seandroid
pm disable com.sec.knox.seandroid
Package com.sec.knox.seandroid new state: disabled
[email protected]:/ # setenforce 0
setenforce 0
[email protected]:/ #
But SElinux is still showing enforcing.
Other methods I was trying was editing /etc/selinux/. This location does not exists.
I have also searched other sources, and non work for this particular build of S4.
I do not believe i can edit the md5 file and get it to flash after the mods.
Click to expand...
Click to collapse
try
Code:
su
cd /system
set enforce 0
getenforce

Didn't work
[email protected]:/ $ su
[email protected]:/ # cd /system
[email protected]:/system # set enforce 0
[email protected]:/system # getenforce
Enforcing
[email protected]:/system #
Sent from my SCH-I545 using xda app-developers app

I found this in the int.rc file, I believe if I # these out, it would stop the setenforce lockout. I tried editing SElinux to 0, but it won't keep the saves. Even with permission changes on the file. Any thoughts on this?
Code:
# Configure SEAndroid booleans and enforcing mode
setsebool debugf# Configure SEAndroid booleans and enforcing mode
setsebool debugfs 1s 1
# create mountpoints
mkdir /mnt 0775 root system
# Allow system UID to setenforce and set booleans.
chown system system /selinux/enforce
chown system system /sys/fs/selinux/enforce
chown -R system system /selinux/booleans
chown -R system system /sys/fs/selinux/booleans
chown system system /selinux/commit_pending_bools
chown system system /sys/fs/selinux/commit_pending_bools
on init
sysclktz 0
loglevel 3

Rippey574 said:
I found this in the int.rc file, I believe if I # these out, it would stop the setenforce lockout. I tried editing SElinux to 0, but it won't keep the saves. Even with permission changes on the file. Any thoughts on this?
Code:
# Configure SEAndroid booleans and enforcing mode
setsebool debugf# Configure SEAndroid booleans and enforcing mode
setsebool debugfs 1s 1
# create mountpoints
mkdir /mnt 0775 root system
# Allow system UID to setenforce and set booleans.
chown system system /selinux/enforce
chown system system /sys/fs/selinux/enforce
chown -R system system /selinux/booleans
chown -R system system /sys/fs/selinux/booleans
chown system system /selinux/commit_pending_bools
chown system system /sys/fs/selinux/commit_pending_bools
on init
sysclktz 0
loglevel 3
Click to expand...
Click to collapse
What exactly are you trying to achieve? The information you want shouldn't be publicly posted. Well not yet anyways, because the ability to set SElinux to Permissive longer than just temporarily is probably needed to get safestrap working.
Sent from my SCH-I535 using XDA Premium 4 mobile app

I need it to be on when I want, as I want. It to be. It's preventing my customization of my rom. It really limits what you can do in fine detail. And quite frankly that destroys the beauty of Android!
Besides the fact it will controls my ability to slightly change something I own. If I wanted that I would go with Apple. But that's a completely different rant lol.
I use Linux, raptor and c, never dabbled in java so some of the things are different to me.
I would even take a working way to disable it temporarily.
Sent from my SCH-I545 using xda app-developers app

Related

[Q] Is ADB blocked ? I can't access it

Hi,
I am trying to fix a faulty device, which bootloop very frequently, due to a faulty kernel / audio driver. I've found the problem checking logcats, as well as logcats during the boot sequence.
If anyone know how to fix the audio driver, here's the thread: http://forum.xda-developers.com/showthread.php?p=50961786
I would like to access ADB from this device, this might help, but I cannot get the device detected at all.
USB debugging is definitely enabled, and the device driver is also installed (Not even sure if I had to install a driver for this 2011 device in first place. Device is detected by computer without a problem).
If I type:
Code:
adb devices
The output is just: "List of devices attached" with a blank line.
If I try:
Code:
adb shell
This show up:
Code:
error: device not found
I can tell that ADB is working for another device - I had a LG-P500, and ADB is succesfully working for this phone.
The faulty device is a Creative ZEN Touch 2, but the name won't be of any help. Let's just pretend it's a generic Android device (Even thought no such Android exists) and forget about the name. The ROM installed on it (Froyo, 2.2.1) was customized by Creative, the manufacturer, since it's not a phone, just a multimedia device.
I was wondering if Creative "blocked" any access to ADB, if that's possible. I do know that Creative "does not encourage self-repair", according to the forums.
I also tried ADB wireless, I pressed the grey button that turned green, and then typed adb connect xxx.xxx.x.108 (IP). On the shell, I got the error:
Code:
unable to connect to xxx.xxx.x.108:5555
Altought I wasn't able to connect wirelessly to ADB using my LG phone, neither.
On the ZEN Touch 2, I found the file default.prop, which contain this:
Code:
#
# ADDITIONAL_DEFAULT_PROPERTIES
#
ro.secure=1
ro.allow.mock.location=0
ro.debuggable=0
persist.service.adb.enable=0
I honnestly don't know what the default.prop file is about, but I was wondering if the line "persist.service.adb.enable" being equal to 0 / false, could block the access to ADB shell, in some way (if that's possible).
I've read that this file is hard to modify, other than flash a new boot image.
What could I do to access ADB on this device ? Yes, the device is rooted.
EDIT: I have access to a Linux operating system, if that can make the detection easier. Although I do not have ADB installed on this OS, yet.
Thank you
GameX2 said:
Altought I wasn't able to connect wirelessly to ADB using my LG phone, neither.
On the ZEN Touch 2, I found the file default.prop, which contain this:
Code:
#
# ADDITIONAL_DEFAULT_PROPERTIES
#
ro.secure=1
ro.allow.mock.location=0
ro.debuggable=0
persist.service.adb.enable=0
I honnestly don't know what the default.prop file is about, but I was wondering if the line "persist.service.adb.enable" being equal to 0 / false, could block the access to ADB shell, in some way (if that's possible).
I've read that this file is hard to modify, other than flash a new boot image.
What could I do to access ADB on this device ? Yes, the device is rooted.
EDIT: I have access to a Linux operating system, if that can make the detection easier. Although I do not have ADB installed on this OS, yet.
Thank you
Click to expand...
Click to collapse
You should edit default.prop in this way
Code:
ro.secure=1
ro.allow.mock.location=0
ro.debuggable=1
persist.sys.usb.config=mass_storage,adb
persist.service.adb.enable=1
Also you should look through your /init.rc for lines like this
Code:
service adbd /sbin/adbd recovery
disabled
socket adbd stream 660 system system
# Always start adbd on userdebug and eng builds
on property:ro.debuggable=1
write /sys/class/android_usb/android0/enable 1
start adbd
setprop service.adb.root 1
# Restart adbd so it can run as root
on property:service.adb.root=1
write /sys/class/android_usb/android0/enable 0
restart adbd
write /sys/class/android_usb/android0/enable 1
And also you should have adbd binary in /sbin
Code:
C:\1\MtkDroidTools2.5.3\adb>adb shell
[email protected]:/ # ls -al /sbin/adbd
ls -al /sbin/adbd
-rwxr-x--- root root 141212 2013-09-27 14:37 adbd
[email protected]:/ #
lion567 said:
You should edit default.prop in this way
Code:
ro.secure=1
ro.allow.mock.location=0
ro.debuggable=1
persist.sys.usb.config=mass_storage,adb
persist.service.adb.enable=1
Also you should look through your /init.rc for lines like this
Code:
service adbd /sbin/adbd recovery
disabled
socket adbd stream 660 system system
# Always start adbd on userdebug and eng builds
on property:ro.debuggable=1
write /sys/class/android_usb/android0/enable 1
start adbd
setprop service.adb.root 1
# Restart adbd so it can run as root
on property:service.adb.root=1
write /sys/class/android_usb/android0/enable 0
restart adbd
write /sys/class/android_usb/android0/enable 1
And also you should have adbd binary in /sbin
Code:
C:\1\MtkDroidTools2.5.3\adb>adb shell
[email protected]:/ # ls -al /sbin/adbd
ls -al /sbin/adbd
-rwxr-x--- root root 141212 2013-09-27 14:37 adbd
[email protected]:/ #
Click to expand...
Click to collapse
Hi,
Thanks for the reply;
I've checked, and adbd does exists in /sbin, with the correct permissions.
Here's the contain of my init.rc file. I don't see the lines you've mentionned, althought there are a few lines related to ADB. Where should I paste your lines ?
Code:
on init
sysclktz 0
loglevel 3
# setup the global environment
export PATH /sbin:/system/sbin:/system/bin:/system/xbin
export LD_LIBRARY_PATH /system/lib
export ANDROID_BOOTLOGO 1
export ANDROID_ROOT /system
export ANDROID_ASSETS /system/app
export ANDROID_DATA /data
export EXTERNAL_STORAGE /mnt/sdcard
export EXTERNAL_STORAGE_SD /mnt/sdcard
export EXTERNAL_STORAGE_UDISK /mnt/udisk
export EXTERNAL_STORAGE_EXTSD /mnt/extsd
export ASEC_MOUNTPOINT /mnt/asec
export SHM_MOUNTPOINT /mnt/shm
export BOOTCLASSPATH /system/framework/core.jar:/system/framework/ext.jar:/system/framework/framework.jar:/system/framework/android.policy.jar:/system/framework/services.jar
export BACKLIGHT_PATH /sys/class/backlight/tps60250/brightness
export MAX_BACKLIGHT_PATH /sys/class/backlight/tps60250/max_brightness
export VPU_FW_PATH /system/lib/firmware/vpu
export CODEC_SHM_PATH /mnt/shm
export GST_PLUGIN_PATH /system/lib/gst_plugins
export CORE_REGISTER_FILE /system/etc/core_register
export COMPONENT_REGISTER_FILE /system/etc/component_register
export CONTENTPIPE_REGISTER_FILE /system/etc/contentpipe_register
export BUILD_TARGET earlgrey
export LOG_LEVEL 0
# Backward compatibility
symlink /system/etc /etc
symlink /sys/kernel/debug /d
# create mountpoints
# mkdir /mnt 0775 root system
# mkdir /mnt/sdcard 0000 system system
# mkdir /mnt/udisk 0000 system system
# mkdir /mnt/extsd 0000 system system
# Create cgroup mount point for cpu accounting
mkdir /acct
mount cgroup none /acct cpuacct
mkdir /acct/uid
# Backwards Compat - XXX: Going away in G*
symlink /mnt/sdcard /sdcard
symlink /mnt/extsd /extsd
symlink /mnt/udisk /udisk
# mkdir /system
# mkdir /data 0771 system system
mkdir /cache 0770 system cache
mkdir /config 0500 root root
# Directory for putting things only root should see.
mkdir /mnt/secure 0700 root root
# Directory for staging bindmounts
mkdir /mnt/secure/staging 0700 root root
# Directory-target for where the secure container
# imagefile directory will be bind-mounted
mkdir /mnt/secure/asec 0700 root root
# Secure container public mount points.
mkdir /mnt/asec 0700 root system
mount tmpfs tmpfs /mnt/asec mode=0755,gid=1000
# shared memory used by middleware
mkdir /mnt/shm 0777 system graphics
mount tmpfs tmpfs /mnt/shm mode=0777,uid=1000,gid=1003,size=1m
#mount rootfs rootfs / ro remount
#mkdir /factory 0751 system system
mount tmpfs tmpfs /factory size=131072
write /proc/sys/kernel/panic_on_oops 1
write /proc/sys/kernel/hung_task_timeout_secs 0
write /proc/cpu/alignment 4
write /proc/sys/kernel/sched_latency_ns 10000000
write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000
write /proc/sys/kernel/sched_compat_yield 1
write /proc/sys/kernel/sched_child_runs_first 0
# Create cgroup mount points for process groups
mkdir /dev/cpuctl
mount cgroup none /dev/cpuctl cpu
chown system system /dev/cpuctl
chown system system /dev/cpuctl/tasks
chmod 0777 /dev/cpuctl/tasks
write /dev/cpuctl/cpu.shares 1024
mkdir /dev/cpuctl/fg_boost
chown system system /dev/cpuctl/fg_boost/tasks
chmod 0777 /dev/cpuctl/fg_boost/tasks
write /dev/cpuctl/fg_boost/cpu.shares 1024
mkdir /dev/cpuctl/bg_non_interactive
chown system system /dev/cpuctl/bg_non_interactive/tasks
chmod 0777 /dev/cpuctl/bg_non_interactive/tasks
# 5.0 %
write /dev/cpuctl/bg_non_interactive/cpu.shares 52
# Set permission for FSL device node
chmod 0777 /dev/mxc_vpu
# allow access to uart port for gps module
chmod 0777 /dev/ttymxc0
chmod 0777 /dev/ttymxc1
chmod 0777 /dev/ttymxc2
# for lcd driver work mode control
chown system system /dev/ili9481
chmod 0771 /dev/ili9481
# mount ext4 partitions
# Mount /system rw first to give the filesystem a chance to save a checkpoint
mount ext4 /dev/block/mmcblk0p2 /system
mount ext4 /dev/block/mmcblk0p2 /system rw remount
chmod 0555 /system/etc/install-recovery.sh
mount ext4 /dev/block/mmcblk0p5 /data nosuid nodev
chown system system /data
chmod 0771 /data
exec /system/etc/init.first_time.sh
mount ext4 /dev/block/mmcblk0p2 /system ro remount
# We chown/chmod /data again so because mount is run as root + defaults
mount ext4 /dev/block/mmcblk0p5 /data nosuid nodev
chown system system /data
chmod 0771 /data
# Create dump dir and collect dumps.
# Do this before we mount cache so eventually we can use cache for
# storing dumps on platforms which do not have a dedicated dump partition.
mkdir /data/dontpanic
chown root log /data/dontpanic
chmod 0750 /data/dontpanic
mkdir /data/synergy
chown root log /data/synergy
chmod 0777 /data/synergy
# Collect apanic data, free resources and re-arm trigger
copy /proc/apanic_console /data/dontpanic/apanic_console
chown root log /data/dontpanic/apanic_console
chmod 0640 /data/dontpanic/apanic_console
copy /proc/apanic_threads /data/dontpanic/apanic_threads
chown root log /data/dontpanic/apanic_threads
chmod 0640 /data/dontpanic/apanic_threads
write /proc/apanic_console 1
# Same reason as /data above
mount ext4 /dev/block/mmcblk0p6 /cache nosuid nodev
chown system cache /cache
chmod 0770 /cache
# This may have been created by the recovery system with odd permissions
chown system cache /cache/recovery
chmod 0770 /cache/recovery
#change permissions on vmallocinfo so we can grab it from bugreports
chown root log /proc/vmallocinfo
chmod 0440 /proc/vmallocinfo
#change permissions on kmsg & sysrq-trigger so bugreports can grab kthread stacks
chown root system /proc/kmsg
chmod 0400 /proc/kmsg
chown root system /proc/sysrq-trigger
chmod 0220 /proc/sysrq-trigger
# create basic filesystem structure
mkdir /data/misc 01771 system misc
mkdir /data/misc/bluetoothd 0770 bluetooth bluetooth
mkdir /data/misc/bluetooth 0770 system system
mkdir /data/misc/keystore 0700 keystore keystore
mkdir /data/misc/vpn 0770 system system
mkdir /data/misc/systemkeys 0700 system system
mkdir /data/misc/vpn/profiles 0770 system system
# give system access to wpa_supplicant.conf for backup and restore
mkdir /data/misc/wifi 0770 wifi wifi
chmod 0770 /data/misc/wifi
chmod 0660 /data/misc/wifi/wpa_supplicant.conf
mkdir /data/local 0771 shell shell
mkdir /data/local/tmp 0771 shell shell
mkdir /data/data 0771 system system
mkdir /data/app-private 0771 system system
mkdir /data/app 0771 system system
mkdir /data/property 0700 root root
mkdir /data/version 0770 root root
# create dalvik-cache and double-check the perms
mkdir /data/dalvik-cache 0771 system system
chown system system /data/dalvik-cache
chmod 0771 /data/dalvik-cache
# create the lost+found directories, so as to enforce our permissions
mkdir /data/lost+found 0770
mkdir /cache/lost+found 0770
# double check the perms, in case lost+found already exists, and set owner
chown root root /data/lost+found
chmod 0770 /data/lost+found
chown root root /cache/lost+found
chmod 0770 /cache/lost+found
# change permission for keymap file temporarily
# should be removed when working out keymap later
chmod 0777 /system/usr/keychars/qwerty.kcm.bin
chmod 0777 /system/usr/keychars/Dell_Dell_USB_Keyboard.kcm.bin
chmod 0777 /system/usr/keychars/mxckpd.kcm.bin
chmod 0777 /system/usr/keychars/gpio-keys.kcm.bin
chmod 0777 /system/usr/keychars/mxc_ts-keypad.kcm.bin
chmod 0777 /system/usr/keychars/mxc_power_key.kcm.bin
chmod 0777 /system/usr/keychars/AVRCP.kcm.bin
chmod 0777 /sys/class/graphics/fb0/fsl_disp_property
chmod 0777 /sys/class/graphics/fb1/fsl_disp_property
on boot
# basic network init
ifup lo
hostname localhost
domainname localdomain
mkdir /data/system 0775 system system
#exec /sbin/ts_calibrator
exec system/xbin/flash.dump.sh
# set RLIMIT_NICE to allow priorities from 19 to -20
setrlimit 13 40 40
# Define the oom_adj values for the classes of processes that can be
# killed by the kernel. These are used in ActivityManagerService.
setprop ro.FOREGROUND_APP_ADJ 0
setprop ro.VISIBLE_APP_ADJ 1
setprop ro.SECONDARY_SERVER_ADJ 2
setprop ro.BACKUP_APP_ADJ 2
setprop ro.HOME_APP_ADJ 4
setprop ro.HIDDEN_APP_MIN_ADJ 7
setprop ro.CONTENT_PROVIDER_ADJ 14
setprop ro.EMPTY_APP_ADJ 15
# Define the memory thresholds at which the above process classes will
# be killed. These numbers are in pages (4k).
setprop ro.FOREGROUND_APP_MEM 1536
setprop ro.VISIBLE_APP_MEM 2048
setprop ro.SECONDARY_SERVER_MEM 4096
setprop ro.BACKUP_APP_MEM 4096
setprop ro.HOME_APP_MEM 4096
setprop ro.HIDDEN_APP_MEM 5120
setprop ro.CONTENT_PROVIDER_MEM 5632
setprop ro.EMPTY_APP_MEM 6144
# Write value must be consistent with the above properties.
# Note that the driver only supports 6 slots, so we have HOME_APP at the
# same memory level as services.
write /sys/module/lowmemorykiller/parameters/adj 0,1,2,7,14,15
write /proc/sys/vm/lowmem_reserve_ratio 1
write /proc/sys/vm/overcommit_memory 1
write /proc/sys/vm/min_free_order_shift 4
write /sys/module/lowmemorykiller/parameters/minfree 1536,2048,4096,5120,5632,6144
# Set init its forked children's oom_adj.
write /proc/1/oom_adj -16
# Tweak background writeout
write /proc/sys/vm/dirty_expire_centisecs 200
write /proc/sys/vm/dirty_background_ratio 5
# Permissions for System Server and daemons.
chown radio system /sys/android_power/state
chown radio system /sys/android_power/request_state
chown radio system /sys/android_power/acquire_full_wake_lock
chown radio system /sys/android_power/acquire_partial_wake_lock
chown radio system /sys/android_power/release_wake_lock
chown radio system /sys/power/state
chown radio system /sys/power/wake_lock
chown radio system /sys/power/wake_unlock
chmod 0660 /sys/power/state
chmod 0660 /sys/power/wake_lock
chmod 0660 /sys/power/wake_unlock
#chown system system /sys/class/timed_output/vibrator/enable
chown system system /sys/class/leds/keyboard-backlight/brightness
chown system system /sys/class/leds/lcd-backlight/brightness
chown system system /sys/class/leds/button-backlight/brightness
chown system system /sys/class/leds/jogball-backlight/brightness
chown system system /sys/class/leds/red/brightness
chown system system /sys/class/leds/green/brightness
chown system system /sys/class/leds/blue/brightness
chown system system /sys/class/leds/red/device/grpfreq
chown system system /sys/class/leds/red/device/grppwm
chown system system /sys/class/leds/red/device/blink
chown system system /sys/class/leds/red/brightness
chown system system /sys/class/leds/green/brightness
chown system system /sys/class/leds/blue/brightness
chown system system /sys/class/leds/red/device/grpfreq
chown system system /sys/class/leds/red/device/grppwm
chown system system /sys/class/leds/red/device/blink
#chown system system /sys/class/timed_output/vibrator/enable
chown system system /sys/class/haptic/oneshot
chown system system /sys/module/sco/parameters/disable_esco
chown system system /sys/kernel/ipv4/tcp_wmem_min
chown system system /sys/kernel/ipv4/tcp_wmem_def
chown system system /sys/kernel/ipv4/tcp_wmem_max
chown system system /sys/kernel/ipv4/tcp_rmem_min
chown system system /sys/kernel/ipv4/tcp_rmem_def
chown system system /sys/kernel/ipv4/tcp_rmem_max
chown root radio /proc/cmdline
# Chmod/chown FSL specific sys entry
chown radio system /sys/devices/platform/mxc_dvfs_core.0/enable
chown radio system /sys/devices/platform/busfreq.0/enable
chown system system /sys/class/backlight/tps60250/brightness
chmod 0660 /sys/devices/platform/mxc_dvfs_core.0/enable
chmod 0660 /sys/devices/platform/busfreq.0/enable
chmod 0660 /sys/class/backlight/tps60250/brightness
write /sys/devices/platform/busfreq.0/enable 1
write /sys/devices/platform/mxc_dvfs_core.0/enable 1
# allow control power for ecompass and gsensor
chown system system /sys/class/i2c-adapter/i2c-0/0-001c/akm8973_ctl
chmod 0777 /sys/class/i2c-adapter/i2c-0/0-001c/akm8973_ctl
#chown system system /sys/class/i2c-adapter/i2c-0/0-001d/power_ctl
#chmod 0777 /sys/class/i2c-adapter/i2c-0/0-001d/power_ctl
# for GPS gpio driver for gps power and bootmode control
chown system system /dev/gps_gpio
chown system system /sys/devices/virtual/gps/gps_gpio/gps_power
chown system system /sys/devices/virtual/gps/gps_gpio/gps_bootmode
chmod 0771 /dev/gps_gpio
chmod 0660 /sys/devices/virtual/gps/gps_gpio/gps_power
chmod 0771 /sys/devices/virtual/gps/gps_gpio/gps_bootmode
# for Sensor HAL
chown system system /dev/accel
chown system system /dev/akm8973_dev
chown system system /dev/akm8973_aot
chmod 0777 /dev/accel
chmod 0777 /dev/akm8973_dev
chmod 0777 /dev/akm8973_aot
# Define TCP buffer sizes for various networks
# ReadMin, ReadInitial, ReadMax, WriteMin, WriteInitial, WriteMax,
setprop net.tcp.buffersize.default 4096,87380,110208,4096,16384,110208
setprop net.tcp.buffersize.wifi 4095,87380,110208,4096,16384,110208
setprop net.tcp.buffersize.umts 4094,87380,110208,4096,16384,110208
setprop net.tcp.buffersize.edge 4093,26280,35040,4096,16384,35040
setprop net.tcp.buffersize.gprs 4092,8760,11680,4096,8760,11680
# Set property for FSL specific feature
# Init second display connection state
setprop rw.SECOND_DISPLAY_CONNECTED 0
# Define gst player property
setprop media.gstreamer.enable-player 0
# Comment the usage of stageflight media framework
setprop media.stagefright.enable-scan 0
setprop media.stagefright.enable-player 0
setprop media.stagefright.enable-record 0
setprop media.stagefright.enable-http 0
setprop media.stagefright.enable-meta 0
# Define fsl avi/aac/asf/mkv/flv/flac format support
setprop ro.FSL_AVI_PARSER 1
setprop ro.FSL_AAC_PARSER 1
setprop ro.FSL_ASF_PARSER 1
setprop ro.FSL_FLV_PARSER 1
setprop ro.FSL_MKV_PARSER 1
setprop ro.FSL_FLAC_PARSER 1
# Define fsl display init mode
setprop ro.FSL_LANDSCAPE_MODE 1
# Define fsl xec mode
setprop xec.dls.enabled 1
setprop xec.aa.enabled 1
setprop xec.dls.rate 0
setprop xec.aa.rate 100
# Define fsl dvfs property
setprop ro.dvfs.enabled 1
# Define UI to TVOUT,change this setting to 1 and uncomment below write commands
setprop ro.UI_TVOUT_DISPLAY 0
#write /sys/class/graphics/fb0/blank 1
#write /sys/class/graphics/fb1/blank 1
#write /sys/class/graphics/fb2/blank 1
#write /sys/class/graphics/fb0/fsl_disp_property 1-layer-fb
#write /sys/class/graphics/fb1/mode U:720x480i-60\n
#write /sys/class/graphics/fb1/blank 0
chown system system /sys/class/graphics/fb1/blank
chmod 0644 /sys/class/graphics/fb1/blank
chown system system /sys/class/graphics/fb1/mode
chmod 0644 /sys/class/graphics/fb1/mode
#chown system system /sys/devices/platform/mxc_sdc_fb.0/graphics/fb0/blank
#chmod 0644 /sys/devices/platform/mxc_sdc_fb.0/graphics/fb0/blank
# Define default notification_sound
setprop ro.config.notification_sound OnTheHunt.ogg
# for switch on/off framebuffer
chown system system /sys/devices/platform/mxc_sdc_fb.0/graphics/fb0/blank
chown system system /sys/devices/platform/mxc_sdc_fb.1/graphics/fb1/blank
chown system system /sys/devices/platform/mxc_sdc_fb.2/graphics/fb2/blank
chmod 0644 /sys/devices/platform/mxc_sdc_fb.0/graphics/fb0/blank
chmod 0644 /sys/devices/platform/mxc_sdc_fb.1/graphics/fb1/blank
chmod 0644 /sys/devices/platform/mxc_sdc_fb.2/graphics/fb2/blank
# ALSA mixer naming define
setprop alsa.mixer.playback.master Playback
setprop alsa.mixer.capture.master Capture
setprop alsa.mixer.playback.speaker Playback
setprop alsa.mixer.playback.headset Headphone
setprop alsa.mixer.capture.headset Capture
# Prepare for wifi
setprop wifi.interface wlan0
mkdir /data/misc/wifi/sockets 0770 wifi wifi
mkdir /data/misc/dhcp 0770 dhcp dhcp
chown dhcp dhcp /data/misc/dhcp
# DD partitions for diversity and ECD key region for access
chmod 0751 /factory
chown system system /factory
chmod 0777 /dev/block/mmcblk0
chmod 6777 /system/bin/dd
chown system system /system/bin/toolbox
exec /system/xbin/init.diversity.ecd.sh
# mount calibration data region
chown system system /dev/block/mmcblk0
chmod 0777 /dev/block/mmcblk0
chmod 0777 /sys/module/pd_ts13892/parameters/calibration
exec /system/xbin/init.calibration.sh
exec /system/bin/ts13892_calibrator
chmod 751 /system/xbin/flash_sync
# Prepare for bluetooth
# chown bluetooth bluetooth /sys/class/rfkill/rfkill0/type
# chmod 666 /sys/class/rfkill/rfkill0/state
# chown bluetooth bluetooth /sys/class/rfkill/rfkill0/state
# write /sys/class/rfkill/rfkill0/state 0
# Enable USB host1'remote wakeup event wakeup android system
# write /sys/bus/platform/drivers/fsl-ehci/fsl-ehci.1/power/wakeup enabled
# Prepare for RIL
setprop gsm.ril.delay 15
#change file permission for synergy
chown root shell /system/etc/synergy_fts.sh
chmod 0550 /system/etc/synergy_fts.sh
class_start default
## Daemon processes to be run by init.
##
service console /system/bin/sh
console
# adbd is controlled by the persist.service.adb.enable system property
service adbd /sbin/adbd
user root
group root
disabled
# adbd on at boot in emulator
#on property:ro.kernel.qemu=1
# start adbd
on property:persist.service.adb.enable=1
start adbd
on property:persist.service.adb.enable=0
stop adbd
service servicemanager /system/bin/servicemanager
user system
critical
onrestart restart zygote
onrestart restart media
service vold /system/bin/vold
socket vold stream 0660 root mount
ioprio be 2
service netd /system/bin/netd
socket netd stream 0660 root system
service dispd /system/bin/dispd
socket dispd stream 0660 root system
service debuggerd /system/bin/debuggerd
service ril-daemon /system/bin/rild -l /system/lib/libreference-ril.so -- -d /dev/ttyUSB3 -u /dev/ttyUSB0
socket rild stream 660 root radio
socket rild-debug stream 660 radio system
user root
group radio cache inet misc audio
service zygote /system/bin/app_process -Xzygote /system/bin --zygote --start-system-server
socket zygote stream 666
onrestart write /sys/android_power/request_state wake
onrestart write /sys/power/state on
onrestart restart media
service media /system/bin/mediaserver
user media
group system audio camera graphics inet net_bt net_bt_admin net_raw
ioprio rt 4
service bootanim /system/bin/bootanimation
user graphics
group graphics
disabled
oneshot
service dbus /system/bin/dbus-daemon --system --nofork
socket dbus stream 666 bluetooth bluetooth
user bluetooth
group bluetooth net_bt_admin
service bluetoothd /system/bin/bluetoothd -n
socket bluetooth stream 660 bluetooth bluetooth
socket dbus_bluetooth stream 660 bluetooth bluetooth
# init.rc does not yet support applying capabilities, so run as root and
# let bluetoothd drop uid to bluetooth with the right linux capabilities
group bluetooth net_bt_admin misc
disabled
service hcid /system/bin/hcid -s -n -f /etc/bluez/hcid.conf
socket bluetooth stream 660 bluetooth bluetooth
socket dbus_bluetooth stream 660 bluetooth bluetooth
# init.rc does not yet support applying capabilities, so run as root and
# let hcid drop uid to bluetooth with the right linux capabilities
group bluetooth net_bt_admin misc
disabled
service hciattach /system/bin/logwrapper /system/bin/sh /system/etc/mxc_bt.sh
user bluetooth
group bluetooth net_bt_admin
disabled
oneshot
service hfag /system/bin/sdptool add --channel=10 HFAG
user bluetooth
group bluetooth net_bt_admin
disabled
oneshot
service hsag /system/bin/sdptool add --channel=11 HSAG
user bluetooth
group bluetooth net_bt_admin
disabled
oneshot
service opush /system/bin/sdptool add --channel=12 OPUSH
user bluetooth
group bluetooth net_bt_admin
disabled
oneshot
service pbap /system/bin/sdptool add --channel=19 PBAP
user bluetooth
group bluetooth net_bt_admin
disabled
oneshot
service synergy_fts_init /system/etc/synergy_fts.sh
user root
group sdcard_rw
oneshot
service synergysdpops /system/etc/synergy_sdptool.sh 12 0x1105 ReservedOPPS
user root
disabled
oneshot
#service hidloopback /system/etc/insert-hiddrv.sh
# user root
# oneshot
service installd /system/bin/installd
socket installd stream 600 system system
service flash_recovery /system/etc/install-recovery.sh
oneshot
service racoon /system/bin/racoon
socket racoon stream 600 system system
# racoon will setuid to vpn after getting necessary resources.
group net_admin
disabled
oneshot
service mtpd /system/bin/mtpd
socket mtpd stream 600 system system
user vpn
group vpn net_admin net_raw
disabled
oneshot
service keystore /system/bin/keystore /data/misc/keystore
user keystore
group keystore
socket keystore stream 666
service dumpstate /system/bin/dumpstate -s
socket dumpstate stream 0660 shell log
disabled
oneshot
#service dhcpcd /system/bin/logwrapper /system/bin/dhcpcd -d -B wlan0
service dhcpcd /system/bin/dhcpcd -d -B wlan0
disabled
oneshot
service wpa_supplicant /system/bin/logwrapper /system/bin/wpa_supplicant \
-Dwext -iwlan0 -c/data/misc/wifi/wpa_supplicant.conf
user root
group wifi inet
socket wpa_wlan0 dgram 660 wifi wifi
oneshot
#service pppd_gprs /etc/init.gprs-pppd
#user root
#group radio cache inet misc
#disabled
#oneshot
service akmd2 /system/bin/akmd2
user system
group system
oneshot
# save diversity.bin from memory to emmc
service div_restore_m /system/bin/dd if=/factory/diversity.bin of=/dev/block/mmcblk0 obs=512 seek=14337 count=1
user root
group system
disabled
oneshot
# restore diversity.bin from diversity data
service div_restore_w /system/bin/dd if=/factory/diversity.master of=/dev/block/mmcblk0 obs=512 seek=14336 count=1
user root
group system
disabled
oneshot
# flash sync
service flash_sync /system/xbin/flash_sync
user root
group system
service synergy_exe /system/xbin/synergy_exe
user root
service a2dp_adapter /system/bin/csr_liba2dp_process
user root
group system audio camera graphics inet net_bt net_bt_admin
service flash_wifi /system/xbin/flash_wifi
disabled
oneshot
service wlan0_check /system/xbin/wlan0_check
disabled
oneshot
As for the default.prop file, should I just delete the contain, and simply replace it by yours? The file will save properly? Additionally, may I ask what defaut.prop is used for ?
Thank you
GameX2 said:
Hi,
Thanks for the reply;
I've checked, and adbd does exists in /sbin, with the correct permissions.
Here's the contain of my init.rc file. I don't see the lines you've mentionned, althought there are a few lines related to ADB. Where should I paste your lines ?
Code:
on init
sysclktz 0
loglevel 3
# setup the global environment
export PATH /sbin:/system/sbin:/system/bin:/system/xbin
export LD_LIBRARY_PATH /system/lib
export ANDROID_BOOTLOGO 1
export ANDROID_ROOT /system
export ANDROID_ASSETS /system/app
export ANDROID_DATA /data
export EXTERNAL_STORAGE /mnt/sdcard
export EXTERNAL_STORAGE_SD /mnt/sdcard
export EXTERNAL_STORAGE_UDISK /mnt/udisk
export EXTERNAL_STORAGE_EXTSD /mnt/extsd
export ASEC_MOUNTPOINT /mnt/asec
export SHM_MOUNTPOINT /mnt/shm
export BOOTCLASSPATH /system/framework/core.jar:/system/framework/ext.jar:/system/framework/framework.jar:/system/framework/android.policy.jar:/system/framework/services.jar
export BACKLIGHT_PATH /sys/class/backlight/tps60250/brightness
export MAX_BACKLIGHT_PATH /sys/class/backlight/tps60250/max_brightness
export VPU_FW_PATH /system/lib/firmware/vpu
export CODEC_SHM_PATH /mnt/shm
export GST_PLUGIN_PATH /system/lib/gst_plugins
export CORE_REGISTER_FILE /system/etc/core_register
export COMPONENT_REGISTER_FILE /system/etc/component_register
export CONTENTPIPE_REGISTER_FILE /system/etc/contentpipe_register
export BUILD_TARGET earlgrey
export LOG_LEVEL 0
# Backward compatibility
symlink /system/etc /etc
symlink /sys/kernel/debug /d
# create mountpoints
# mkdir /mnt 0775 root system
# mkdir /mnt/sdcard 0000 system system
# mkdir /mnt/udisk 0000 system system
# mkdir /mnt/extsd 0000 system system
# Create cgroup mount point for cpu accounting
mkdir /acct
mount cgroup none /acct cpuacct
mkdir /acct/uid
# Backwards Compat - XXX: Going away in G*
symlink /mnt/sdcard /sdcard
symlink /mnt/extsd /extsd
symlink /mnt/udisk /udisk
# mkdir /system
# mkdir /data 0771 system system
mkdir /cache 0770 system cache
mkdir /config 0500 root root
# Directory for putting things only root should see.
mkdir /mnt/secure 0700 root root
# Directory for staging bindmounts
mkdir /mnt/secure/staging 0700 root root
# Directory-target for where the secure container
# imagefile directory will be bind-mounted
mkdir /mnt/secure/asec 0700 root root
# Secure container public mount points.
mkdir /mnt/asec 0700 root system
mount tmpfs tmpfs /mnt/asec mode=0755,gid=1000
# shared memory used by middleware
mkdir /mnt/shm 0777 system graphics
mount tmpfs tmpfs /mnt/shm mode=0777,uid=1000,gid=1003,size=1m
#mount rootfs rootfs / ro remount
#mkdir /factory 0751 system system
mount tmpfs tmpfs /factory size=131072
write /proc/sys/kernel/panic_on_oops 1
write /proc/sys/kernel/hung_task_timeout_secs 0
write /proc/cpu/alignment 4
write /proc/sys/kernel/sched_latency_ns 10000000
write /proc/sys/kernel/sched_wakeup_granularity_ns 2000000
write /proc/sys/kernel/sched_compat_yield 1
write /proc/sys/kernel/sched_child_runs_first 0
# Create cgroup mount points for process groups
mkdir /dev/cpuctl
mount cgroup none /dev/cpuctl cpu
chown system system /dev/cpuctl
chown system system /dev/cpuctl/tasks
chmod 0777 /dev/cpuctl/tasks
write /dev/cpuctl/cpu.shares 1024
mkdir /dev/cpuctl/fg_boost
chown system system /dev/cpuctl/fg_boost/tasks
chmod 0777 /dev/cpuctl/fg_boost/tasks
write /dev/cpuctl/fg_boost/cpu.shares 1024
mkdir /dev/cpuctl/bg_non_interactive
chown system system /dev/cpuctl/bg_non_interactive/tasks
chmod 0777 /dev/cpuctl/bg_non_interactive/tasks
# 5.0 %
write /dev/cpuctl/bg_non_interactive/cpu.shares 52
# Set permission for FSL device node
chmod 0777 /dev/mxc_vpu
# allow access to uart port for gps module
chmod 0777 /dev/ttymxc0
chmod 0777 /dev/ttymxc1
chmod 0777 /dev/ttymxc2
# for lcd driver work mode control
chown system system /dev/ili9481
chmod 0771 /dev/ili9481
# mount ext4 partitions
# Mount /system rw first to give the filesystem a chance to save a checkpoint
mount ext4 /dev/block/mmcblk0p2 /system
mount ext4 /dev/block/mmcblk0p2 /system rw remount
chmod 0555 /system/etc/install-recovery.sh
mount ext4 /dev/block/mmcblk0p5 /data nosuid nodev
chown system system /data
chmod 0771 /data
exec /system/etc/init.first_time.sh
mount ext4 /dev/block/mmcblk0p2 /system ro remount
# We chown/chmod /data again so because mount is run as root + defaults
mount ext4 /dev/block/mmcblk0p5 /data nosuid nodev
chown system system /data
chmod 0771 /data
# Create dump dir and collect dumps.
# Do this before we mount cache so eventually we can use cache for
# storing dumps on platforms which do not have a dedicated dump partition.
mkdir /data/dontpanic
chown root log /data/dontpanic
chmod 0750 /data/dontpanic
mkdir /data/synergy
chown root log /data/synergy
chmod 0777 /data/synergy
# Collect apanic data, free resources and re-arm trigger
copy /proc/apanic_console /data/dontpanic/apanic_console
chown root log /data/dontpanic/apanic_console
chmod 0640 /data/dontpanic/apanic_console
copy /proc/apanic_threads /data/dontpanic/apanic_threads
chown root log /data/dontpanic/apanic_threads
chmod 0640 /data/dontpanic/apanic_threads
write /proc/apanic_console 1
# Same reason as /data above
mount ext4 /dev/block/mmcblk0p6 /cache nosuid nodev
chown system cache /cache
chmod 0770 /cache
# This may have been created by the recovery system with odd permissions
chown system cache /cache/recovery
chmod 0770 /cache/recovery
#change permissions on vmallocinfo so we can grab it from bugreports
chown root log /proc/vmallocinfo
chmod 0440 /proc/vmallocinfo
#change permissions on kmsg & sysrq-trigger so bugreports can grab kthread stacks
chown root system /proc/kmsg
chmod 0400 /proc/kmsg
chown root system /proc/sysrq-trigger
chmod 0220 /proc/sysrq-trigger
# create basic filesystem structure
mkdir /data/misc 01771 system misc
mkdir /data/misc/bluetoothd 0770 bluetooth bluetooth
mkdir /data/misc/bluetooth 0770 system system
mkdir /data/misc/keystore 0700 keystore keystore
mkdir /data/misc/vpn 0770 system system
mkdir /data/misc/systemkeys 0700 system system
mkdir /data/misc/vpn/profiles 0770 system system
# give system access to wpa_supplicant.conf for backup and restore
mkdir /data/misc/wifi 0770 wifi wifi
chmod 0770 /data/misc/wifi
chmod 0660 /data/misc/wifi/wpa_supplicant.conf
mkdir /data/local 0771 shell shell
mkdir /data/local/tmp 0771 shell shell
mkdir /data/data 0771 system system
mkdir /data/app-private 0771 system system
mkdir /data/app 0771 system system
mkdir /data/property 0700 root root
mkdir /data/version 0770 root root
# create dalvik-cache and double-check the perms
mkdir /data/dalvik-cache 0771 system system
chown system system /data/dalvik-cache
chmod 0771 /data/dalvik-cache
# create the lost+found directories, so as to enforce our permissions
mkdir /data/lost+found 0770
mkdir /cache/lost+found 0770
# double check the perms, in case lost+found already exists, and set owner
chown root root /data/lost+found
chmod 0770 /data/lost+found
chown root root /cache/lost+found
chmod 0770 /cache/lost+found
# change permission for keymap file temporarily
# should be removed when working out keymap later
chmod 0777 /system/usr/keychars/qwerty.kcm.bin
chmod 0777 /system/usr/keychars/Dell_Dell_USB_Keyboard.kcm.bin
chmod 0777 /system/usr/keychars/mxckpd.kcm.bin
chmod 0777 /system/usr/keychars/gpio-keys.kcm.bin
chmod 0777 /system/usr/keychars/mxc_ts-keypad.kcm.bin
chmod 0777 /system/usr/keychars/mxc_power_key.kcm.bin
chmod 0777 /system/usr/keychars/AVRCP.kcm.bin
chmod 0777 /sys/class/graphics/fb0/fsl_disp_property
chmod 0777 /sys/class/graphics/fb1/fsl_disp_property
on boot
# basic network init
ifup lo
hostname localhost
domainname localdomain
mkdir /data/system 0775 system system
#exec /sbin/ts_calibrator
exec system/xbin/flash.dump.sh
# set RLIMIT_NICE to allow priorities from 19 to -20
setrlimit 13 40 40
# Define the oom_adj values for the classes of processes that can be
# killed by the kernel. These are used in ActivityManagerService.
setprop ro.FOREGROUND_APP_ADJ 0
setprop ro.VISIBLE_APP_ADJ 1
setprop ro.SECONDARY_SERVER_ADJ 2
setprop ro.BACKUP_APP_ADJ 2
setprop ro.HOME_APP_ADJ 4
setprop ro.HIDDEN_APP_MIN_ADJ 7
setprop ro.CONTENT_PROVIDER_ADJ 14
setprop ro.EMPTY_APP_ADJ 15
# Define the memory thresholds at which the above process classes will
# be killed. These numbers are in pages (4k).
setprop ro.FOREGROUND_APP_MEM 1536
setprop ro.VISIBLE_APP_MEM 2048
setprop ro.SECONDARY_SERVER_MEM 4096
setprop ro.BACKUP_APP_MEM 4096
setprop ro.HOME_APP_MEM 4096
setprop ro.HIDDEN_APP_MEM 5120
setprop ro.CONTENT_PROVIDER_MEM 5632
setprop ro.EMPTY_APP_MEM 6144
# Write value must be consistent with the above properties.
# Note that the driver only supports 6 slots, so we have HOME_APP at the
# same memory level as services.
write /sys/module/lowmemorykiller/parameters/adj 0,1,2,7,14,15
write /proc/sys/vm/lowmem_reserve_ratio 1
write /proc/sys/vm/overcommit_memory 1
write /proc/sys/vm/min_free_order_shift 4
write /sys/module/lowmemorykiller/parameters/minfree 1536,2048,4096,5120,5632,6144
# Set init its forked children's oom_adj.
write /proc/1/oom_adj -16
# Tweak background writeout
write /proc/sys/vm/dirty_expire_centisecs 200
write /proc/sys/vm/dirty_background_ratio 5
# Permissions for System Server and daemons.
chown radio system /sys/android_power/state
chown radio system /sys/android_power/request_state
chown radio system /sys/android_power/acquire_full_wake_lock
chown radio system /sys/android_power/acquire_partial_wake_lock
chown radio system /sys/android_power/release_wake_lock
chown radio system /sys/power/state
chown radio system /sys/power/wake_lock
chown radio system /sys/power/wake_unlock
chmod 0660 /sys/power/state
chmod 0660 /sys/power/wake_lock
chmod 0660 /sys/power/wake_unlock
#chown system system /sys/class/timed_output/vibrator/enable
chown system system /sys/class/leds/keyboard-backlight/brightness
chown system system /sys/class/leds/lcd-backlight/brightness
chown system system /sys/class/leds/button-backlight/brightness
chown system system /sys/class/leds/jogball-backlight/brightness
chown system system /sys/class/leds/red/brightness
chown system system /sys/class/leds/green/brightness
chown system system /sys/class/leds/blue/brightness
chown system system /sys/class/leds/red/device/grpfreq
chown system system /sys/class/leds/red/device/grppwm
chown system system /sys/class/leds/red/device/blink
chown system system /sys/class/leds/red/brightness
chown system system /sys/class/leds/green/brightness
chown system system /sys/class/leds/blue/brightness
chown system system /sys/class/leds/red/device/grpfreq
chown system system /sys/class/leds/red/device/grppwm
chown system system /sys/class/leds/red/device/blink
#chown system system /sys/class/timed_output/vibrator/enable
chown system system /sys/class/haptic/oneshot
chown system system /sys/module/sco/parameters/disable_esco
chown system system /sys/kernel/ipv4/tcp_wmem_min
chown system system /sys/kernel/ipv4/tcp_wmem_def
chown system system /sys/kernel/ipv4/tcp_wmem_max
chown system system /sys/kernel/ipv4/tcp_rmem_min
chown system system /sys/kernel/ipv4/tcp_rmem_def
chown system system /sys/kernel/ipv4/tcp_rmem_max
chown root radio /proc/cmdline
# Chmod/chown FSL specific sys entry
chown radio system /sys/devices/platform/mxc_dvfs_core.0/enable
chown radio system /sys/devices/platform/busfreq.0/enable
chown system system /sys/class/backlight/tps60250/brightness
chmod 0660 /sys/devices/platform/mxc_dvfs_core.0/enable
chmod 0660 /sys/devices/platform/busfreq.0/enable
chmod 0660 /sys/class/backlight/tps60250/brightness
write /sys/devices/platform/busfreq.0/enable 1
write /sys/devices/platform/mxc_dvfs_core.0/enable 1
# allow control power for ecompass and gsensor
chown system system /sys/class/i2c-adapter/i2c-0/0-001c/akm8973_ctl
chmod 0777 /sys/class/i2c-adapter/i2c-0/0-001c/akm8973_ctl
#chown system system /sys/class/i2c-adapter/i2c-0/0-001d/power_ctl
#chmod 0777 /sys/class/i2c-adapter/i2c-0/0-001d/power_ctl
# for GPS gpio driver for gps power and bootmode control
chown system system /dev/gps_gpio
chown system system /sys/devices/virtual/gps/gps_gpio/gps_power
chown system system /sys/devices/virtual/gps/gps_gpio/gps_bootmode
chmod 0771 /dev/gps_gpio
chmod 0660 /sys/devices/virtual/gps/gps_gpio/gps_power
chmod 0771 /sys/devices/virtual/gps/gps_gpio/gps_bootmode
# for Sensor HAL
chown system system /dev/accel
chown system system /dev/akm8973_dev
chown system system /dev/akm8973_aot
chmod 0777 /dev/accel
chmod 0777 /dev/akm8973_dev
chmod 0777 /dev/akm8973_aot
# Define TCP buffer sizes for various networks
# ReadMin, ReadInitial, ReadMax, WriteMin, WriteInitial, WriteMax,
setprop net.tcp.buffersize.default 4096,87380,110208,4096,16384,110208
setprop net.tcp.buffersize.wifi 4095,87380,110208,4096,16384,110208
setprop net.tcp.buffersize.umts 4094,87380,110208,4096,16384,110208
setprop net.tcp.buffersize.edge 4093,26280,35040,4096,16384,35040
setprop net.tcp.buffersize.gprs 4092,8760,11680,4096,8760,11680
# Set property for FSL specific feature
# Init second display connection state
setprop rw.SECOND_DISPLAY_CONNECTED 0
# Define gst player property
setprop media.gstreamer.enable-player 0
# Comment the usage of stageflight media framework
setprop media.stagefright.enable-scan 0
setprop media.stagefright.enable-player 0
setprop media.stagefright.enable-record 0
setprop media.stagefright.enable-http 0
setprop media.stagefright.enable-meta 0
# Define fsl avi/aac/asf/mkv/flv/flac format support
setprop ro.FSL_AVI_PARSER 1
setprop ro.FSL_AAC_PARSER 1
setprop ro.FSL_ASF_PARSER 1
setprop ro.FSL_FLV_PARSER 1
setprop ro.FSL_MKV_PARSER 1
setprop ro.FSL_FLAC_PARSER 1
# Define fsl display init mode
setprop ro.FSL_LANDSCAPE_MODE 1
# Define fsl xec mode
setprop xec.dls.enabled 1
setprop xec.aa.enabled 1
setprop xec.dls.rate 0
setprop xec.aa.rate 100
# Define fsl dvfs property
setprop ro.dvfs.enabled 1
# Define UI to TVOUT,change this setting to 1 and uncomment below write commands
setprop ro.UI_TVOUT_DISPLAY 0
#write /sys/class/graphics/fb0/blank 1
#write /sys/class/graphics/fb1/blank 1
#write /sys/class/graphics/fb2/blank 1
#write /sys/class/graphics/fb0/fsl_disp_property 1-layer-fb
#write /sys/class/graphics/fb1/mode U:720x480i-60\n
#write /sys/class/graphics/fb1/blank 0
chown system system /sys/class/graphics/fb1/blank
chmod 0644 /sys/class/graphics/fb1/blank
chown system system /sys/class/graphics/fb1/mode
chmod 0644 /sys/class/graphics/fb1/mode
#chown system system /sys/devices/platform/mxc_sdc_fb.0/graphics/fb0/blank
#chmod 0644 /sys/devices/platform/mxc_sdc_fb.0/graphics/fb0/blank
# Define default notification_sound
setprop ro.config.notification_sound OnTheHunt.ogg
# for switch on/off framebuffer
chown system system /sys/devices/platform/mxc_sdc_fb.0/graphics/fb0/blank
chown system system /sys/devices/platform/mxc_sdc_fb.1/graphics/fb1/blank
chown system system /sys/devices/platform/mxc_sdc_fb.2/graphics/fb2/blank
chmod 0644 /sys/devices/platform/mxc_sdc_fb.0/graphics/fb0/blank
chmod 0644 /sys/devices/platform/mxc_sdc_fb.1/graphics/fb1/blank
chmod 0644 /sys/devices/platform/mxc_sdc_fb.2/graphics/fb2/blank
# ALSA mixer naming define
setprop alsa.mixer.playback.master Playback
setprop alsa.mixer.capture.master Capture
setprop alsa.mixer.playback.speaker Playback
setprop alsa.mixer.playback.headset Headphone
setprop alsa.mixer.capture.headset Capture
# Prepare for wifi
setprop wifi.interface wlan0
mkdir /data/misc/wifi/sockets 0770 wifi wifi
mkdir /data/misc/dhcp 0770 dhcp dhcp
chown dhcp dhcp /data/misc/dhcp
# DD partitions for diversity and ECD key region for access
chmod 0751 /factory
chown system system /factory
chmod 0777 /dev/block/mmcblk0
chmod 6777 /system/bin/dd
chown system system /system/bin/toolbox
exec /system/xbin/init.diversity.ecd.sh
# mount calibration data region
chown system system /dev/block/mmcblk0
chmod 0777 /dev/block/mmcblk0
chmod 0777 /sys/module/pd_ts13892/parameters/calibration
exec /system/xbin/init.calibration.sh
exec /system/bin/ts13892_calibrator
chmod 751 /system/xbin/flash_sync
# Prepare for bluetooth
# chown bluetooth bluetooth /sys/class/rfkill/rfkill0/type
# chmod 666 /sys/class/rfkill/rfkill0/state
# chown bluetooth bluetooth /sys/class/rfkill/rfkill0/state
# write /sys/class/rfkill/rfkill0/state 0
# Enable USB host1'remote wakeup event wakeup android system
# write /sys/bus/platform/drivers/fsl-ehci/fsl-ehci.1/power/wakeup enabled
# Prepare for RIL
setprop gsm.ril.delay 15
#change file permission for synergy
chown root shell /system/etc/synergy_fts.sh
chmod 0550 /system/etc/synergy_fts.sh
class_start default
## Daemon processes to be run by init.
##
service console /system/bin/sh
console
# adbd is controlled by the persist.service.adb.enable system property
service adbd /sbin/adbd
user root
group root
disabled
# adbd on at boot in emulator
#on property:ro.kernel.qemu=1
# start adbd
on property:persist.service.adb.enable=1
start adbd
on property:persist.service.adb.enable=0
stop adbd
service servicemanager /system/bin/servicemanager
user system
critical
onrestart restart zygote
onrestart restart media
service vold /system/bin/vold
socket vold stream 0660 root mount
ioprio be 2
service netd /system/bin/netd
socket netd stream 0660 root system
service dispd /system/bin/dispd
socket dispd stream 0660 root system
service debuggerd /system/bin/debuggerd
service ril-daemon /system/bin/rild -l /system/lib/libreference-ril.so -- -d /dev/ttyUSB3 -u /dev/ttyUSB0
socket rild stream 660 root radio
socket rild-debug stream 660 radio system
user root
group radio cache inet misc audio
service zygote /system/bin/app_process -Xzygote /system/bin --zygote --start-system-server
socket zygote stream 666
onrestart write /sys/android_power/request_state wake
onrestart write /sys/power/state on
onrestart restart media
service media /system/bin/mediaserver
user media
group system audio camera graphics inet net_bt net_bt_admin net_raw
ioprio rt 4
service bootanim /system/bin/bootanimation
user graphics
group graphics
disabled
oneshot
service dbus /system/bin/dbus-daemon --system --nofork
socket dbus stream 666 bluetooth bluetooth
user bluetooth
group bluetooth net_bt_admin
service bluetoothd /system/bin/bluetoothd -n
socket bluetooth stream 660 bluetooth bluetooth
socket dbus_bluetooth stream 660 bluetooth bluetooth
# init.rc does not yet support applying capabilities, so run as root and
# let bluetoothd drop uid to bluetooth with the right linux capabilities
group bluetooth net_bt_admin misc
disabled
service hcid /system/bin/hcid -s -n -f /etc/bluez/hcid.conf
socket bluetooth stream 660 bluetooth bluetooth
socket dbus_bluetooth stream 660 bluetooth bluetooth
# init.rc does not yet support applying capabilities, so run as root and
# let hcid drop uid to bluetooth with the right linux capabilities
group bluetooth net_bt_admin misc
disabled
service hciattach /system/bin/logwrapper /system/bin/sh /system/etc/mxc_bt.sh
user bluetooth
group bluetooth net_bt_admin
disabled
oneshot
service hfag /system/bin/sdptool add --channel=10 HFAG
user bluetooth
group bluetooth net_bt_admin
disabled
oneshot
service hsag /system/bin/sdptool add --channel=11 HSAG
user bluetooth
group bluetooth net_bt_admin
disabled
oneshot
service opush /system/bin/sdptool add --channel=12 OPUSH
user bluetooth
group bluetooth net_bt_admin
disabled
oneshot
service pbap /system/bin/sdptool add --channel=19 PBAP
user bluetooth
group bluetooth net_bt_admin
disabled
oneshot
service synergy_fts_init /system/etc/synergy_fts.sh
user root
group sdcard_rw
oneshot
service synergysdpops /system/etc/synergy_sdptool.sh 12 0x1105 ReservedOPPS
user root
disabled
oneshot
#service hidloopback /system/etc/insert-hiddrv.sh
# user root
# oneshot
service installd /system/bin/installd
socket installd stream 600 system system
service flash_recovery /system/etc/install-recovery.sh
oneshot
service racoon /system/bin/racoon
socket racoon stream 600 system system
# racoon will setuid to vpn after getting necessary resources.
group net_admin
disabled
oneshot
service mtpd /system/bin/mtpd
socket mtpd stream 600 system system
user vpn
group vpn net_admin net_raw
disabled
oneshot
service keystore /system/bin/keystore /data/misc/keystore
user keystore
group keystore
socket keystore stream 666
service dumpstate /system/bin/dumpstate -s
socket dumpstate stream 0660 shell log
disabled
oneshot
#service dhcpcd /system/bin/logwrapper /system/bin/dhcpcd -d -B wlan0
service dhcpcd /system/bin/dhcpcd -d -B wlan0
disabled
oneshot
service wpa_supplicant /system/bin/logwrapper /system/bin/wpa_supplicant \
-Dwext -iwlan0 -c/data/misc/wifi/wpa_supplicant.conf
user root
group wifi inet
socket wpa_wlan0 dgram 660 wifi wifi
oneshot
#service pppd_gprs /etc/init.gprs-pppd
#user root
#group radio cache inet misc
#disabled
#oneshot
service akmd2 /system/bin/akmd2
user system
group system
oneshot
# save diversity.bin from memory to emmc
service div_restore_m /system/bin/dd if=/factory/diversity.bin of=/dev/block/mmcblk0 obs=512 seek=14337 count=1
user root
group system
disabled
oneshot
# restore diversity.bin from diversity data
service div_restore_w /system/bin/dd if=/factory/diversity.master of=/dev/block/mmcblk0 obs=512 seek=14336 count=1
user root
group system
disabled
oneshot
# flash sync
service flash_sync /system/xbin/flash_sync
user root
group system
service synergy_exe /system/xbin/synergy_exe
user root
service a2dp_adapter /system/bin/csr_liba2dp_process
user root
group system audio camera graphics inet net_bt net_bt_admin
service flash_wifi /system/xbin/flash_wifi
disabled
oneshot
service wlan0_check /system/xbin/wlan0_check
disabled
oneshot
As for the default.prop file, should I just delete the contain, and simply replace it by yours? The file will save properly? Additionally, may I ask what defaut.prop is used for ?
Thank you
Click to expand...
Click to collapse
You does already have commands for starting adbd in your init.rc. Here they are.
Code:
# adbd is controlled by the [B]persist.service.adb.enable[/B] system property
service adbd /sbin/adbd
user root
group root
disabled
# adbd on at boot in emulator
#on property:ro.kernel.qemu=1
# start adbd
on property:persist.service.adb.enable=1
start adbd
on property:persist.service.adb.enable=0
stop adbd
You have to change
Code:
persist.service.adb.enable=1
in your deafult.prop and add (or change if alredy exist) for USB adb connection
Code:
persist.sys.usb.config=mass_storage,adb
And yes, to modify your default.prop file you have to unpack your boot.img, edit the file, then pack it back and flash modified boot.img to your device.
lion567 said:
You does already have commands for starting adbd in your init.rc. Here they are.
Code:
# adbd is controlled by the [B]persist.service.adb.enable[/B] system property
service adbd /sbin/adbd
user root
group root
disabled
# adbd on at boot in emulator
#on property:ro.kernel.qemu=1
# start adbd
on property:persist.service.adb.enable=1
start adbd
on property:persist.service.adb.enable=0
stop adbd
You have to change
Code:
persist.service.adb.enable=1
in your deafult.prop and add (or change if alredy exist) for USB adb connection
Code:
persist.sys.usb.config=mass_storage,adb
And yes, to modify your default.prop file you have to unpack your boot.img, edit the file, then pack it back and flash modified boot.img to your device.
Click to expand...
Click to collapse
Thank you, I will do that.
I already dumped my ROM with romdump, but I don't have my boot.img yet. I will do ressearch on how to back it up.
I have a problem related to this, I'm not sure if I'll be able to restore it, as it's currently impossible to flash ClockworkMod to this device (No image exist. Same for custom ROMs).
The only thing I have, is Android Recovery 3e, which does not support by default flashing unsigned update.zip. I did applied a patch here, which is supposed to bypass this limitation, but have not tested it yet.
So I should have my boot.img packed as a update.zip, I believe, then give it a try, and flash it through Android Recovery 3e ?
GameX2 said:
Thank you, I will do that.
I already dumped my ROM with romdump, but I don't have my boot.img yet. I will do ressearch on how to back it up.
I have a problem related to this, I'm not sure if I'll be able to restore it, as it's currently impossible to flash ClockworkMod to this device (No image exist. Same for custom ROMs).
Click to expand...
Click to collapse
Different devices have different ROM layout, you shoud try to find more infirmation about it.
IMHO the easiest way to get image of your boot partition is via dd. You should have busybox and terminal emulator installed on device to do this:
Code:
[email protected]:/ # dd if=/dev/bootimg of=/mnt/sdcard/boot.img bs=<your boot size> count=1
GameX2 said:
The only thing I have, is Android Recovery 3e, which does not support by default flashing unsigned update.zip. I did applied a patch here, which is supposed to bypass this limitation, but have not tested it yet.
So I should have my boot.img packed as a update.zip, I believe, then give it a try, and flash it through Android Recovery 3e ?
Click to expand...
Click to collapse
Yes of course you may create update.zip for flashing new boot.img, but you have to sing it, AFAIK stock recovery check update.zip signature before flashing it.
lion567 said:
Different devices have different ROM layout, you shoud try to find more infirmation about it.
IMHO the easiest way to get image of your boot partition is via dd. You should have busybox and terminal emulator installed on device to do this:
Code:
[email protected]:/ # dd if=/dev/bootimg of=/mnt/sdcard/boot.img bs=<your boot size> count=1
Yes of course you may create update.zip for flashing new boot.img, but you have to sing it, AFAIK stock recovery check update.zip signature before flashing it.
Click to expand...
Click to collapse
There is hardly any way to get more information/help on this device, that's the sad thing. You just have to try according to your Android experience, without relying much on external help.
I will check for dd to dump the partition, as well as the boot size (Boot size of boot.img, most probably), the device is rooted so has busybox and a terminal emulator as well.
Creating an update.zip might be the only way I have to flash it back in, tell me if I'm wrong. Since I can't install CWM without compiling a custom one for my device (Never done that before), I just have access to Android Recovery 3e. You're right, I does check the signature, and block it for most of the files.
I've done this, which is supposed to bypass the signature check. I have not tested the flashing, but Android Recovery 3e was not damaged and is still accessible.
http://forum.xda-developers.com/showthread.php?p=10624454#post10624454
Will keep you updated, thanks.
GameX2 said:
There is hardly any way to get more information/help on this device, that's the sad thing. You just have to try according to your Android experience, without relying much on external help.
I will check for dd to dump the partition, as well as the boot size (Boot size of boot.img, most probably), the device is rooted so has busybox and a terminal emulator as well.
Creating an update.zip might be the only way I have to flash it back in, tell me if I'm wrong. Since I can't install CWM without compiled a custom one for my device (Never done that before), I just have access to Android Recovery 3e. You're right, I does check the signature, and block it for most of the files.
I've done this, which is supposed to bypass the signature check. I have not tested the flashing, but Android Recovery 3e was not damaged and is still accessible.
http://forum.xda-developers.com/showthread.php?p=10624454#post10624454
Will keep you updated, thanks.
Click to expand...
Click to collapse
For dd command you should use full size of boot partition or partition, where boot ramdisk lives (on some devices it can live separately from kernel). And corresponding device file (eg /dev/bootimg in my example).
If you succeed with boot.img dump via dd, you could use the same dd command, swapping if = and of= files, like this
Code:
dd if=/mnt/sdcard/new-boot.img of=/dev/bootimg bs=<size of boot partition> count=1
In this case "bs=<size of boot partition> count=1" protect you from overwriting data in partition next to bootimg in case new-boot.img exceeds the size of boot partition.
By the way, you can look in /system/build.prop file to find some information about device.
Does any ROM flashing tool exist for this device, like ODIN for Samsung, NVFlash for Tegra devices and SP FlashTool for MTK devices?
lion567 said:
For dd command you should use full size of boot partition or partition, where boot ramdisk lives (on some devices it can live separately from kernel). And corresponding device file (eg /dev/bootimg in my example).
If you succeed with boot.img dump via dd, you could use the same dd command, swapping if = and of= files, like this
Code:
dd if=/mnt/sdcard/new-boot.img of=/dev/bootimg bs=<size of boot partition> count=1
In this case "bs=<size of boot partition> count=1" protect you from overwriting data in partition next to bootimg in case new-boot.img exceeds the size of boot partition.
By the way, you can look in /system/build.prop file to find some information about device.
Does any ROM flashing tool exist for this device, like ODIN for Samsung, NVFlash for Tegra devices and SP FlashTool for MTK devices?
Click to expand...
Click to collapse
Thanks;
I'm trying to find the size of my /Boot partition, for now. Here's the terminal output of cat /proc/partitions:
Code:
$cat /proc/mtd
dev: size erasesize name
$cat /proc/partitions
major minor #blocks name
179 0 7815168 mmcblk0
179 1 4309200 mmcblk0p1
179 2 154035 mmcblk0p2
179 3 1 mmcblk0p3
179 4 10395 mmcblk0p4
179 5 3145873 mmcblk0p5
179 6 41076 mmcblk0p6
$
According to the app "Storage Analyser", I would have these partitions visibles:
/sdcard : 4.1 GB total (Internal storage);
/system: 128.68 MB total;
/data: 2.95GB total;
/cache (No info, but I assume there is one!);
And /boot, which I don't know where it's located yet.
Just a guess, the partitition 179 3 1 mmcblk0p3 might refer to /extsd. Note that the ZEN Touch 2 has an internal storage, which is /sdcard, and also an external slot for a microSD card (being /extsd). Which I believe, would make sense that the 1MB partition would be /extsd (I have no external SD card inserted at this point).
I noted a few SPECs from the device, in Elixir, myself:
ARMv7 Processor rev 5 )v7l) 800MHz (200 MHz-800 MHz)
Android ID : 65d3e923b8b46272
Model number: Creative Earlgrey 2.2.1
Kernel: SDK 8 Linux Version 2.6.31
Here's the build.prop file:
Code:
# begin build properties
# autogenerated by buildinfo.sh
ro.build.id=FRF85B
ro.build.display.id=FRF85B
ro.build.version.incremental=eng.20110408.110506
ro.build.version.sdk=8
ro.build.version.codename=REL
ro.build.version.release=2.2.1
ro.build.date=Fri Apr 8 11:15:22 HKT 2011
ro.build.date.utc=1302232522
ro.build.type=user
ro.build.user=Creative
ro.build.host=localhost.localdomain
ro.build.tags=test-keys
ro.product.model=earlgrey
ro.product.brand=Creative
ro.product.name=earlgrey
ro.product.device=earlgrey
ro.product.board=earlgrey
ro.product.cpu.abi=armeabi-v7a
ro.product.cpu.abi2=armeabi
ro.product.manufacturer=Creative
ro.product.locale.language=en
ro.product.locale.region=US
ro.wifi.channels=
ro.board.platform=earlgrey
# ro.build.product is obsolete; use ro.product.device
ro.build.product=earlgrey
# Do not try to parse ro.build.description or .fingerprint
ro.build.description=earlgrey-user 2.2.1 FRF85B eng.20110408.110506 test-keys
ro.build.fingerprint=Creative/earlgrey/earlgrey/earlgrey:2.2.1/FRF85B/eng.20110408.110506:user/test-keys
# end build properties
#
# system.prop for ZEN Touch 2
#
# density in DPI of the LCD of this board. This is used to scale the UI
# appropriately. If this property is not defined, the default value is 160 dpi.
ro.sf.lcd_density = 160
#
# ADDITIONAL_BUILD_PROPERTIES
#
dalvik.vm.heapsize=32m
dalvik.vm.checkjni=false
net.bt.name=Android
dalvik.vm.stack-trace-file=/data/anr/traces.txt
Does any ROM flashing tool exist for this device, like ODIN for Samsung, NVFlash for Tegra devices and SP FlashTool for MTK devices?
Click to expand...
Click to collapse
I never used ODIN, but I can tell that ROM Manager is useless, because the device is unlisted - officially, no ROM flashing tool was developped at all, for this specific device. I've checked, usually all those who ask these questions never got replies.
Thank for the help, I appreciate it.
GameX2 said:
Thanks;
I'm trying to find the size of my /Boot partition, for now. Here's the terminal output of cat /proc/partitions:
Code:
$cat /proc/mtd
dev: size erasesize name
$cat /proc/partitions
major minor #blocks name
179 0 7815168 mmcblk0
179 1 4309200 mmcblk0p1
179 2 154035 mmcblk0p2
179 3 1 mmcblk0p3
179 4 10395 mmcblk0p4
179 5 3145873 mmcblk0p5
179 6 41076 mmcblk0p6
$
According to the app "Storage Analyser", I would have these partitions visibles:
/sdcard : 4.1 GB total (Internal storage);
/system: 128.68 MB total;
/data: 2.95GB total;
/cache (No info, but I assume there is one!);
And /boot, which I don't know where it's located yet.
Just a guess, the partitition 179 3 1 mmcblk0p3 might refer to /extsd. Note that the ZEN Touch 2 has an internal storage, which is /sdcard, and also an external slot for a microSD card (being /extsd). Which I believe, would make sense that the 1MB partition would be /extsd (I have no external SD card inserted at this point).
I noted a few SPECs from the device, in Elixir, myself:
ARMv7 Processor rev 5 )v7l) 800MHz (200 MHz-800 MHz)
Android ID : 65d3e923b8b46272
Model number: Creative Earlgrey 2.2.1
Kernel: SDK 8 Linux Version 2.6.31
Here's the build.prop file:
Code:
# begin build properties
# autogenerated by buildinfo.sh
ro.build.id=FRF85B
ro.build.display.id=FRF85B
ro.build.version.incremental=eng.20110408.110506
ro.build.version.sdk=8
ro.build.version.codename=REL
ro.build.version.release=2.2.1
ro.build.date=Fri Apr 8 11:15:22 HKT 2011
ro.build.date.utc=1302232522
ro.build.type=user
ro.build.user=Creative
ro.build.host=localhost.localdomain
ro.build.tags=test-keys
ro.product.model=earlgrey
ro.product.brand=Creative
ro.product.name=earlgrey
ro.product.device=earlgrey
ro.product.board=earlgrey
ro.product.cpu.abi=armeabi-v7a
ro.product.cpu.abi2=armeabi
ro.product.manufacturer=Creative
ro.product.locale.language=en
ro.product.locale.region=US
ro.wifi.channels=
ro.board.platform=earlgrey
# ro.build.product is obsolete; use ro.product.device
ro.build.product=earlgrey
# Do not try to parse ro.build.description or .fingerprint
ro.build.description=earlgrey-user 2.2.1 FRF85B eng.20110408.110506 test-keys
ro.build.fingerprint=Creative/earlgrey/earlgrey/earlgrey:2.2.1/FRF85B/eng.20110408.110506:user/test-keys
# end build properties
#
# system.prop for ZEN Touch 2
#
# density in DPI of the LCD of this board. This is used to scale the UI
# appropriately. If this property is not defined, the default value is 160 dpi.
ro.sf.lcd_density = 160
#
# ADDITIONAL_BUILD_PROPERTIES
#
dalvik.vm.heapsize=32m
dalvik.vm.checkjni=false
net.bt.name=Android
dalvik.vm.stack-trace-file=/data/anr/traces.txt
I never used ODIN, but I can tell that ROM Manager is useless, because the device is unlisted - officially, no ROM flashing tool was developped at all, for this specific device. I've checked, usually all those who ask these questions never got replies.
Thank for the help, I appreciate it.
Click to expand...
Click to collapse
Try to look for /proc/dumchar_info file. If it exist, you coud find useful information in it about partitions on device. But it specific to MTK platform. If you don't find it, look for /proc/emmc.
Also look in /proc/cpuinfo for CPU information.
As for ODINand others - i asked about desktop flash tool for Windows, which can be used to flash device via USB cabel. And ROM Manager is Android tool.
lion567 said:
Try to look for /proc/dumchar_info file. If it exist, you coud find useful information in it about partitions on device. But it specific to MTK platform. If you don't find it, look for /proc/emmc.
Also look in /proc/cpuinfo for CPU information.
As for ODINand others - i asked about desktop flash tool for Windows, which can be used to flash device via USB cabel. And ROM Manager is Android tool.
Click to expand...
Click to collapse
Both the files /proc/dumchar_info and /proc/emmc doesn't exists - but here's the contain of /proc/cpuinfo:
Code:
Processor : ARMv7 Processor rev 5 (v7l)
BogoMIPS : 799.53
Features : swp half thumb fastmult vfp edsp neon vfpv3
CPU implementer : 0x41
CPU architecture: 7
CPU variant : 0x2
CPU part : 0xc08
CPU revision : 5
Hardware : ZEN Touch 2
Revision : 51030
Serial : 0000000000000000
Using the app "DiskInfo", I believe I've found which partition was /Boot. Here's what I see:
SD Card:
Mount points: /mnt/sdcard, /mnt/secure/asec
Partition name: mmcblk0p1
Total Space: 4.1GB
System:
Mount point: /system (ext4)
Partition Name: mmcblk0p2
Total Space: 128MB (17,8MB free. Is that too low for a normal device usage?)
???: (I assume this is /sdext)
Not mounted;
Partition name: mmcblk0p3
Total space: 1KB
???: (Is this /Boot ? )
Not mounted;
Partition name: mmcblk0p4
Total space: 10,2MB
Data:
Mount point: /data (ext4)
Partition name: mmcblk0p5
Total space: 3GB (2,6GB free)
Cache:
Mount point: /cache (ext4)
Partition name: mmcblk0p6
Total space: 38,7MB (32,3 MB free)
TMPFS MOUNT POINTS:
/dev: Total space: 91,6MB, 12KB used
/mnt/asec: Total space: 91,6MB, 0KB used
/mnt/shm: Total space: 1MB, used: 20KB
/factory: Total space: 128KB, used: 64KB
/mnt/sdcard/.android_secure: Unknow size
***
Using this information, I guess /Boot is mmcblk0p4 ?
GameX2 said:
Both the files /proc/dumchar_info and /proc/emmc doesn't exists - but here's the contain of /proc/cpuinfo:
Code:
Processor : ARMv7 Processor rev 5 (v7l)
BogoMIPS : 799.53
Features : swp half thumb fastmult vfp edsp neon vfpv3
CPU implementer : 0x41
CPU architecture: 7
CPU variant : 0x2
CPU part : 0xc08
CPU revision : 5
Hardware : ZEN Touch 2
Revision : 51030
Serial : 0000000000000000
Using the app "DiskInfo", I believe I've found which partition was /Boot. Here's what I see:
SD Card:
Mount points: /mnt/sdcard, /mnt/secure/asec
Partition name: mmcblk0p1
Total Space: 4.1GB
System:
Mount point: /system (ext4)
Partition Name: mmcblk0p2
Total Space: 128MB (17,8MB free. Is that too low for a normal device usage?)
???: (I assume this is /sdext)
Not mounted;
Partition name: mmcblk0p3
Total space: 1KB
???: (Is this /Boot ? )
Not mounted;
Partition name: mmcblk0p4
Total space: 10,2MB
Data:
Mount point: /data (ext4)
Partition name: mmcblk0p5
Total space: 3GB (2,6GB free)
Cache:
Mount point: /cache (ext4)
Partition name: mmcblk0p6
Total space: 38,7MB (32,3 MB free)
TMPFS MOUNT POINTS:
/dev: Total space: 91,6MB, 12KB used
/mnt/asec: Total space: 91,6MB, 0KB used
/mnt/shm: Total space: 1MB, used: 20KB
/factory: Total space: 128KB, used: 64KB
/mnt/sdcard/.android_secure: Unknow size
***
Using this information, I guess /Boot is mmcblk0p4 ?
Click to expand...
Click to collapse
May be yes. Try to dump it and unpack. If you succeded - then you are right.
But there can be different varianrs, some SoC manufactures put all non-mountable partitions, such as preloader, nvram, uboot, boot and recovery, in single partition mmcblk0p0.
It seems, that your device built on Creative's own SoC with non-standart NAND partitioning.
Here you can find info about unpacking
http://android-dls.com/wiki/index.php?title=HOWTO:_Unpack,_Edit,_and_Re-Pack_Boot_Images
or here together with scripts
http://forum.xda-developers.com/showthread.php?t=443994

weirdly rooted Chinese tablet

Hi all,
I have a weird Chinese (MT6592T) tablet, which appears to be rooted (/system/xbin/su) is installed (came rooted already), but this root is not usable (supersu does not like it), probably because of the permissions:
130|[email protected]:/ $ ls -al /system/xbin/su
-rwsr-x--- root shell 67060 2016-08-26 14:11 su
I cannot change the permissions, because I cannot remount /system rw:
[email protected]:/ $ su
[email protected]:/ # id
uid=0(root) gid=0(root) groups=1003(graphics),1004(input),1007(log),1011(adb),1015(sdcard_rw),1028(sdcard_r),3001(net_bt_admin),3002(net_bt),3003(inet),3006(net_bw_stats) context=kernel
[email protected]:/ # mount -o rw,remount -t ext4 /system
mount: Operation not permitted
The system is noname, so no chances to get another ROM...
Two questions:
1. Any idea why would they set such permissions to su?
2. Any idea how can I get proper root?

Help including SuperSU and su binaries in stock ROM.

I would like some help in modifying my stock rom to include the SuperSU apk and all five su binaries (su, daemonsu, sukernel, supolicy and suinit).
I am aware that there are multiple tutorials out there for this kind of thing but what I'm trying to do requires the system be repacked into a sparse image to flash through fastboot as the phone has no TWRP build available.
Thank You.
Bythos73 said:
I would like some help in modifying my stock rom to include the SuperSU apk and all five su binaries (su, daemonsu, sukernel, supolicy and suinit).
I am aware that there are multiple tutorials out there for this kind of thing but what I'm trying to do requires the system be repacked into a sparse image to flash through fastboot as the phone has no TWRP build available.
Thank You.
Click to expand...
Click to collapse
Hello, you can unzip the flashable SuperSu zip and take a look at the update-binary script, this will shed some light on how the installation works, for example this is an excerpt taken from version 2.82:
Code:
#!/sbin/sh
#
# SuperSU installer ZIP
# Copyright (c) 2012-2017 - Chainfire, CCMT
#
# ----- GENERIC INFO ------
#
# The following su binary versions are included in the full package. Each
# should be installed only if the system has the same or newer API level
# as listed. The script may fall back to a different binary on older API
# levels. supolicy are all ndk/pie/19+ for 32 bit, ndk/pie/20+ for 64 bit.
#
# binary ARCH/path build type API
#
# arm-v5te arm ndk non-pie 7+
# x86 x86 ndk non-pie 7+
#
# x86 x86 ndk pie 17+ (su.pie, naming exception)
# arm-v7a armv7 ndk pie 17+
# mips mips ndk pie 17+
#
# arm64-v8a arm64 ndk pie 20+
# mips64 mips64 ndk pie 20+
# x86_64 x64 ndk pie 20+
#
# Non-static binaries are supported to be PIE (Position Independent
# Executable) from API level 16, and required from API level 20 (which will
# refuse to execute non-static non-PIE).
#
# The script performs several actions in various ways, sometimes
# multiple times, due to different recoveries and firmwares behaving
# differently, and it thus being required for the correct result.
#
# Overridable variables (shell):
# BIN - Location of architecture specific files (native folder)
# COM - Location of common files (APK folder)
# LESSLOGGING - Reduce ui_print logging (true/false)
# NOOVERRIDE - Do not read variables from /system/.supersu or
# /data/.supersu
#
# Overridable variables (shell, /system/.supersu, /cache/.supersu,
# /data/.supersu):
# SYSTEMLESS - Do a system-less install? (true/false, 6.0+ only)
# PATCHBOOTIMAGE - Automatically patch boot image? (true/false,
# SYSTEMLESS only)
# BOOTIMAGE - Boot image location (PATCHBOOTIMAGE only)
# STOCKBOOTIMAGE - Stock boot image location (PATCHBOOTIMAGE only)
# BINDSYSTEMXBIN - Poor man's overlay on /system/xbin (true/false,
# SYSTEMLESS only)
# PERMISSIVE - Set sepolicy to fake-permissive (true/false, PATCHBOOTIMAGE
# only)
# KEEPVERITY - Do not remove dm-verity (true/false, PATCHBOOTIMAGE only)
# KEEPFORCEENCRYPT - Do not replace forceencrypt with encryptable (true/
# false, PATCHBOOTIMAGE only)
# REMOVEENCRYPTABLE - Remove the encryptable flag, needed on newer
# Samsung devices to disable forced encryption
# (true/false, PATCHBOOTIMAGE only)
# FRP - Place files in boot image that allow root to survive a factory
# reset (true/false, PATCHBOOTIMAGE only). Reverts to su binaries
# from the time the ZIP was originall flashed, updates are lost.
# Shell overrides all, /data/.supersu overrides /cache/.supersu overrides
# /system/.supersu
#
# Note that if SELinux is set to enforcing, the daemonsu binary expects
# to be run at startup (usually from install-recovery.sh, 99SuperSUDaemon,
# app_process, or init.supersu.rc) from u:r:supersu:s0 (7.0+), u:r:init:s0 or
# u:r:kernel:s0 contexts. Depending on the current policies, it can also
# deal with u:r:init_shell:s0 and u:r:toolbox:s0 contexts. Any other context
# will lead to issues eventually.
#
# ----- "SYSTEM" INSTALL -----
#
# "System" install puts all the files needed in /system and does not need
# any boot image modifications. Default install method pre-Android-6.0
# (excluding Samsung-5.1).
#
# Even on Android-6.0+, the script attempts to detect if the current
# firmware is compatible with a system-only installation (see the
# "detect_systemless_required" function), and will prefer that
# (unless the SYSTEMLESS variable is set) if so. This will catch the
# case of several custom ROMs that users like to use custom boot images
# with - SuperSU will not need to patch these. It can also catch some
# locked bootloader cases that do allow security policy updates.
#
# To install SuperSU properly, aside from cleaning old versions and
# other superuser-type apps from the system, the following files need to
# be installed:
#
# API source target chmod chcon required
#
# 7-19 common/Superuser.apk /system/app/Superuser.apk 0644 u:object_r:system_file:s0 gui
# 20+ common/Superuser.apk /system/app/SuperSU/SuperSU.apk 0644 u:object_r:system_file:s0 gui
#
# 17+ common/install-recovery.sh /system/etc/install-recovery.sh 0755 *1 required
# 17+ /system/bin/install-recovery.sh (symlink to /system/etc/...) required
# *1: same as /system/bin/toolbox: u:object_r:system_file:s0 if API < 20, u:object_r:toolbox_exec:s0 if API >= 20
#
# 7+ ARCH/su *2 /system/xbin/su *3 u:object_r:system_file:s0 required
# 7+ /system/bin/.ext/.su *3 u:object_r:system_file:s0 gui
# 17+ /system/xbin/daemonsu 0755 u:object_r:system_file:s0 required
# *2: su.pie for 17+ x86(_32) only
# *3: 06755 if API < 18, 0755 if API >= 18
#
# 19+ ARCH/supolicy /system/xbin/supolicy 0755 u:object_r:system_file:s0 required
# 19+ ARCH/libsupol.so /system/lib(64)/libsupol.so 0644 u:object_r:system_file:s0 required
#
# 21+ /system/bin/app_process32 *5 /system/bin/app_process32_original 0755 u:object_r:zygote_exec:s0 required
# 21+ /system/bin/app_process64 *5 /system/bin/app_process64_original 0755 u:object_r:zygote_exec:s0 required
# 21+ /system/bin/app_processXX *5 /system/bin/app_process_init 0755 u:object_r:system_file:s0 required
# 21+ /system/bin/app_process (symlink to /system/xbin/daemonsu) required
# 21+ *5 /system/bin/app_process32 (symlink to /system/xbin/daemonsu) required
# 21+ *5 /system/bin/app_process64 (symlink to /system/xbin/daemonsu) required
# *5: Only do this for the relevant bits. On a 64 bits system, leave the 32 bits files alone, or dynamic linker errors
# will prevent the system from fully working in subtle ways. The bits of the su binary must also match!
#
# 17+ common/99SuperSUDaemon *6 /system/etc/init.d/99SuperSUDaemon 0755 u:object_r:system_file:s0 optional
# *6: only place this file if /system/etc/init.d is present
#
# 17+ 'echo 1 >' or 'touch' *7 /system/etc/.installed_su_daemon 0644 u:object_r:system_file:s0 optional
# *7: the file just needs to exist or some recoveries will nag you. Even with it there, it may still happen.
#
# It may seem some files are installed multiple times needlessly, but
# it only seems that way. Installing files differently or symlinking
# instead of copying (unless specified) will lead to issues eventually.
#
# After installation, run '/system/xbin/su --install', which may need to
# perform some additional installation steps. Ideally, at one point,
# a lot of this script will be moved there.
#
# The included chattr(.pie) binaries are used to remove ext2's immutable
# flag on some files. This flag is no longer set by SuperSU's OTA
# survival since API level 18, so there is no need for the 64 bit versions.
# Note that chattr does not need to be installed to the system, it's just
# used by this script, and not supported by the busybox used in older
# recoveries.
#
# ----- "SYSTEM-LESS" INSTALL -----
#
# "System-less" install requires a modified boot image (the script can patch
# many boot images on-the-fly), but does not touch /system at all. Instead
# it keeps all the needed files in an image (/data/su.img) which is mounted
# to /su. Default install method on all Android-6.0+ and Samsung-5.1+
# devices.
#
# Note that even on 6.0+, system compatibility is checked. See the "SYSTEM"
# install section above.
#
# An ext4 image is created as /data/su.img, or /cache/su.img if /data could
# not be mounted. Similarly, the APK is placed as either /data/SuperSU.apk
# or /cache/SuperSU.apk. This is so we are not dependent on /data decryption
# working in recovery, which in the past has proved an issue on brand-new
# Android versions and devices.
#
# /sbin/launch_daemonsu.sh, which is added a service to init.rc, will mount
# the image at /su, and launch daemonsu from /su/bin/daemonsu. But before it
# does that, it will try to merge /data/su.img and /cache/su.img (leading),
# if both are present. It will also try to install the SuperSU APK.
#
# Files are expected at the following places (/su being the mountpoint of
# the ext4 image):
#
# API source target chmod chcon required
#
# 22+ common/Superuser.apk /[data|cache]/SuperSU.apk 0644 u:object_r:system_file:s0 gui
#
# 22+ ARCH/su *1 /su/bin/su 0755 u:object_r:system_file:s0 required
# 22+ /su/bin/daemonsu 0755 u:object_r:system_file:s0 required
# *1: su.pie for 17+ x86(_32) only
#
# 22+ ARCH/supolicy /su/bin/supolicy_wrapped 0755 u:object_r:system_file:s0 required
# 22+ /su/bin/su (symlink) *2 /su/bin/supolicy 0755 u:object_r:system_file:s0 required
# 22+ ARCH/libsupol.so /su/lib/libsupol.so 0644 u:object_r:system_file:s0 required
# *2: when called this way, su sets the correct LD_LIBRARY_PATH and calls supolicy_wrapped
#
# 22+ ARCH/sukernel /su/bin/sukernel 0755 u:object_r:system_file:s0 required
#
# These files are automatically created on launch by daemonsu as needed:
# 22+ /system/bin/sh /su/bin/sush 0755 u:object_r:system_file:s0 required
# 22+ /system/bin/app_process[64] /su/bin/app_process 0755 u:object_r:system_file:s0 required
#
# These files are injected into the boot image ramdisk:
# 22+ common/launch_daemonsu.sh /sbin/launch_daemonsu.sh 0700 u:object_r:rootfs:s0 required
#
# On devices where / is in the system partition:
# 22+ ARCH/suinit /init 0750 u:object_r:rootfs:s0 required
#
# The automated boot image patcher included makes the following modifications
# to the ramdisk:
#
# - Uses the supolicy tool to patch the sepolicy file
# - Injects /sbin/launch_daemon.sh
# - Creates /su
# - Removes /verity_key
# - Patches /*fstab*
# --- Removes support_scfs and verify flags
# --- Changes forceencrypt/forcefdeorfbe into encryptable
# --- Set ro mounts to use noatime
# - Patches /init.rc
# --- Removes 'setprop selinux.reload_policy' occurences
# --- Adds a SuperSU:PATCH marker with the version of the sukernel tool
# --- Adds a SuperSU:STOCK marker listed the SHA1 of the original boot image
# - Adds /init.supersu.rc
# --- Adds a sukernel.mount property trigger that mounts /data/su.img to /su
# --- Adds the daemonsu service that launches /sbin/launch_daemon.sh
# --- Adds exec /sbin/launch_daemonsu.sh on post-fs-data
# - Patches /init.environ.rc
# --- Adds PATH variable if it does not exist
# --- Prepends /su/bin to the PATH variable
# - Patches /*.rc
# --- Adds a seclabel to services and execs that are missing one
# - In case the device has the root directory inside the system partition:
# --- /system_root contents are copied to /boot
# --- All files mentioned above are modified in /boot instead of /
# --- /boot/*fstab* is modified to mount / to /system_root, and
# bind-mount /system to /system_root/system
# --- Kernel binary is patched to load from initramfs instead of system
#
# In case this documentation becomes outdated, please note that the sukernel
# tool is very chatty, and its output tells you exactly what it is doing
# and how. In TWRP, you can view this output by catting /tmp/recovery.log
# after flashing the ZIP.
#
# The boot image patcher creates a backup of the boot image it patches, for
# future restoration. It cannot re-patch a patched boot image, it will restore
# the previous boot image first. /[data|cache]/stock_boot_*.gz
#
# The boot image patcher currently only supports GZIP compressed ramdisks, and
# boot images in the standard Android boot image format.
#
# During boot image patch, /data/custom_ramdisk_patch.sh will be called,
# with the name of the ramdisk cpio file as parameter. The script must
# replace the input file and return a 0 exit code.
#
# Just before flashing, the boot image patcher will call
# /data/custom_boot_image_patch.sh with the name of the patched boot image
# as parameter. A device-specific patcher can further patch the boot image
# if needed. It must replace the input file and return a 0 exit code.
OUTFD=$2
ZIP=$3
getvar() {
local VARNAME=$1
local VALUE=$(eval echo \$"$VARNAME");
for FILE in /data/.supersu /cache/.supersu /system/.supersu; do
if [ -z "$VALUE" ]; then
LINE=$(cat $FILE 2>/dev/null | grep "$VARNAME=")
if [ ! -z "$LINE" ]; then
VALUE=${LINE#*=}
fi
fi
done
eval $VARNAME=\$VALUE
}
readlink /proc/$$/fd/$OUTFD 2>/dev/null | grep /tmp >/dev/null
if [ "$?" -eq "0" ]; then
# rerouted to log file, we don't want our ui_print commands going there
OUTFD=0
# we are probably running in embedded mode, see if we can find the right fd
# we know the fd is a pipe and that the parent updater may have been started as
# 'update-binary 3 fd zipfile'
for FD in `ls /proc/$$/fd`; do
readlink /proc/$$/fd/$FD 2>/dev/null | grep pipe >/dev/null
if [ "$?" -eq "0" ]; then
ps | grep " 3 $FD " | grep -v grep >/dev/null
if [ "$?" -eq "0" ]; then
OUTFD=$FD
break
fi
fi
done
fi
ui_print_always() {
echo -n -e "ui_print $1\n" >> /proc/self/fd/$OUTFD
echo -n -e "ui_print\n" >> /proc/self/fd/$OUTFD
}
if [ -z "$LESSLOGGING" ]; then
LESSLOGGING=false
fi
UI_PRINT_LAST=""
ui_print() {
if (! $LESSLOGGING); then
UI_PRINT_LAST="$1"
ui_print_always "$1"
fi
}
ui_print_less() {
if ($LESSLOGGING); then
ui_print_always "$1"
fi
}
ch_con() {
LD_LIBRARY_PATH=$SYSTEMLIB /system/bin/toybox chcon -h u:object_r:system_file:s0 $1 1>/dev/null 2>/dev/null
LD_LIBRARY_PATH=$SYSTEMLIB /system/toolbox chcon -h u:object_r:system_file:s0 $1 1>/dev/null 2>/dev/null
LD_LIBRARY_PATH=$SYSTEMLIB /system/bin/toolbox chcon -h u:object_r:system_file:s0 $1 1>/dev/null 2>/dev/null
chcon -h u:object_r:system_file:s0 $1 1>/dev/null 2>/dev/null
LD_LIBRARY_PATH=$SYSTEMLIB /system/bin/toybox chcon u:object_r:system_file:s0 $1 1>/dev/null 2>/dev/null
LD_LIBRARY_PATH=$SYSTEMLIB /system/toolbox chcon u:object_r:system_file:s0 $1 1>/dev/null 2>/dev/null
LD_LIBRARY_PATH=$SYSTEMLIB /system/bin/toolbox chcon u:object_r:system_file:s0 $1 1>/dev/null 2>/dev/null
chcon u:object_r:system_file:s0 $1 1>/dev/null 2>/dev/null
}
ch_con_ext() {
LD_LIBRARY_PATH=$SYSTEMLIB /system/bin/toybox chcon $2 $1 1>/dev/null 2>/dev/null
LD_LIBRARY_PATH=$SYSTEMLIB /system/toolbox chcon $2 $1 1>/dev/null 2>/dev/null
LD_LIBRARY_PATH=$SYSTEMLIB /system/bin/toolbox chcon $2 $1 1>/dev/null 2>/dev/null
chcon $2 $1 1>/dev/null 2>/dev/null
}
Thanks for the quick response. I have attempted to copy some of the files stated in excerpt to my system image but it seems that I might have missed a few. But I see it stating some chcon commands so I'm just wondering if it'd be possible to chcon the files needed on a linux pc and have it work.
Bythos73 said:
Thanks for the quick response. I have attempted to copy some of the files stated in excerpt to my system image but it seems that I might have missed a few. But I see it stating some chcon commands so I'm just wondering if it'd be possible to chcon the files needed on a linux pc and have it work.
Click to expand...
Click to collapse
I'm not sure what will happen if you run those chcon commands, what happened when you tried it?
Yup, this manual way may be a bit tricky
http://su.chainfire.eu/#embed said:
6. Embedding
6.1. Files
All the files you need are in the latest SuperSU flashable ZIP. The latest 'stable' build can always be retrieved from my server, for the latest 'beta' release you need to check the beta thread in the SuperSU forums.
The installation script inside the ZIP is META-INF/com/google/android/update-binary. This is not a binary as the name suggests, but a shell script, and the standard update ZIP's updater-script file is just a dummy.
This script has comments which document which files go where on which API level, and what their file permissions, ownerhips, and security labels must be. If you have done this exactly right, SuperSU will not complain when you open the app after booting.
6.2. Custom ROMs
It is non-trivial to include SuperSU exactly right on your own. It is therefore often easiest to include the latest SuperSU ZIP inside your own flashable ZIP, and chain its installation.
Click to expand...
Click to collapse
Can you tell us a bit more about your device model & android version, and which files you copied/commands you ran so far?
What errors if any do you get after flashing your modified img?
I secretly hope a custom recovery exists for your device, or porting one proves easier :fingers-crossed:
I'm repacking the image now using img2simg for my first boot attempt.
I have an Alcatel 3 5052A, Device CodeName A3A running Android Oreo 8.1.0. So far I don't believe I can get a custom recovery for this device as the line of devices that this phone was released with seem to have a bootloader which doesn't boot unsigned images, nevermind the fact that it's impossible to flash any partition other than system through fastboot. It's a real pain. Thankfully it does boot GSIs like Phh-Treble so not all hope is lost on that front.
I've copied the su and supolicy binaries, I got daemonsu by copying the su bin, I also copied the SuperSU apk and the libsupol.so library into all of their respective directories.
It has booted but no su, and SuperSU was not in the Launcher so I'm gonna retry it.
Don't give up! there are lots of avenues yet to explore if you want to give the manual method a rest for a while.
What do you get when you try unlocking the bootloader from fastboot?
Are you familiar with SP Flash tools? This is an alternative way to flash images onto various MTK devices.

hacking a old discontinued android tv box(airtel internet tv, codename: ganesa)

A old thread about the same topic: https://forum.xda-developers.com/android/software-hacking/rooting-set-box-lge-sh960s-airtel-t3826462
So I have temp root using dirty-cow and have tried to edit default.prop to get adb by usb. didnt work, all are mounted read-only. tried remounting, fail, turning off SELinux, fail. heres the shell:
Code:
$ adb shell
[email protected]:/ $ /data/local/tmp/dcow /data/local/tmp/run-as /system/bin/run-a>
dcow /data/local/tmp/run-as /system/bin/run-as
warning: new file size (9804) and destination file size (17920) differ
[*] size 17920
[*] mmap 0xb6d64000
[*] currently 0xb6d64000=464c457f
[*] using /proc/self/mem method
[*] madvise = 0xb6d64000 17920
[*] madvise = 0 17449
[*] /proc/self/mem 10931200 610
[*] exploited 0 0xb6d64000=464c457f
[email protected]:/ $ /system/bin/run-as
uid /system/bin/run-as 2000
uid 0
0 u:r:runas:s0
context 0 u:r:shell:s0
[email protected]:/ # Hehehe
/system/bin/sh: Hehehe: not found
127|[email protected]:/ # which touch
/system/bin/touch
[email protected]:/ # touch Hi.txt
touch: 'Hi.txt': Read-only file system
1|[email protected]:/ # mount -o rw,remount /system
mount: Permission denied
255|[email protected]:/ # ls -ladZ sys
sys/ system/
255|[email protected]:/ # ls -ladZ system
drwxr-xr-x root root u:object_r:system_file:s0 system
[email protected]:/ # setenforce 0
setenforce: Couldn't set enforcing status to '0': Permission denied
1|[email protected]:/ # sestatus
/system/bin/sh: sestatus: not found
127|[email protected]:/ # cat
^C
130|[email protected]:/ #
130|[email protected]:/ #
130|[email protected]:/ #
130|[email protected]:/ #
130|[email protected]:/ #
130|[email protected]:/ # cat /etc/selinux/config
/system/bin/sh: cat: /etc/selinux/config: No such file or directory
1|[email protected]:/ # cd etc
[email protected]:/etc # ls
18p
NOTICE.html.gz
audio_effects.conf
audio_policy.conf
bluetooth
clatd.conf
dhcpcd
event-log-tags
fallback_fonts.xml
fonts.xml
gps.conf
hosts
media_codecs.xml
media_codecs_google_audio.xml
media_codecs_google_tv.xml
media_codecs_google_video.xml
media_codecs_performance.xml
media_profiles.xml
mkshrc
permissions
ppp
preloaded-classes
recovery-resource.dat
security
sysconfig
system_fonts.xml
wifi
[email protected]:/etc # touch lol
touch: 'lol': Read-only file system
1|[email protected]:/etc # mount -o rw,remount /
mount: Permission denied
255|[email protected]:/etc # su mount -o rw,remount /
/system/bin/sh: su: not found
127|[email protected]:/etc # sudo mount -o rw,remount /
/system/bin/sh: sudo: not found
127|[email protected]:/etc #
127|[email protected]:/etc #
so can I know why I am denied even tho I am root? Also can some-one guide me to write a blob extraction script? There is no fastboot.
as its a Android Marshmallow (6.0) device try to dump boot.img and flash modified magisk_patched.img on locked bootloader. Magisk has an option to by-pass dm-verity. this is confirmed method on some Mediatek devices, if you are lucky this will work
Code:
ls -d $(find /dev/block -name by-name)/*
cat /dev/block/.../by-name/boot > /sdcard/boot.img
if that works, adb pull the img, patch with Magisk Manager, make sure you have enabled both checkboxes for preserve encryption + keep AVB/dm-verity, push it back to device and try to flash
Code:
cat /sdcard/magisk_patched.img > /dev/block/.../by-name/boot
however, if the img is flashed and dm-verity is preventing from boot this is a permanently brick
FaIl
aIecxs said:
as its a Android Marshmallow (6.0) device try to dump boot.img and flash modified magisk_patched.img on locked bootloader. Magisk has an option to by-pass dm-verity. this is confirmed method on some Mediatek devices, if you are lucky this will work
Code:
ls -d $(find /dev/block -name by-name)/*
cat /dev/block/.../by-name/boot > /sdcard/boot.img
if that works, adb pull the img, patch with Magisk Manager, make sure you have enabled both checkboxes for preserve encryption + keep AVB/dm-verity, push it back to device and try to flash
Code:
cat /sdcard/magisk_patched.img > /dev/block/.../by-name/boot
however, if the img is flashed and dm-verity is preventing from boot this is a permanently brick
Click to expand...
Click to collapse
I dont have full root i guess: find: /dev/block: Permission denied
check /proc/partitions for two similar partitions with 10 or 16 MB one of these should be boot. try to dump the partition (for example on my device it's mmcblk0p7)
Code:
cat /proc/partitions
cat /dev/block/mmcblk0p7 > /sdcard/mmcblk0p7.img
if that fails try to disable selinux
Code:
echo 0 > /sys/fs/selinux/enforce
or
echo 0 > /data/local/tmp/enforce
mount -o bind /data/local/tmp/enforce /sys/fs/selinux/enforce
chmod 0644 /sys/fs/selinux/enforce
chown 0.0 /sys/fs/selinux/enforce
chcon u:object_r:selinuxfs:s0 /sys/fs/selinux/enforce
Can someone help with steps to root the device and backup current ROM
seniornoob58432 said:
A old thread about the same topic: https://forum.xda-developers.com/android/software-hacking/rooting-set-box-lge-sh960s-airtel-t3826462
So I have temp root using dirty-cow and have tried to edit default.prop to get adb by usb. didnt work, all are mounted read-only. tried remounting, fail, turning off SELinux, fail. heres the shell:
Code:
$ adb shell
[email protected]:/ $ /data/local/tmp/dcow /data/local/tmp/run-as /system/bin/run-a>
dcow /data/local/tmp/run-as /system/bin/run-as
warning: new file size (9804) and destination file size (17920) differ
[*] size 17920
[*] mmap 0xb6d64000
[*] currently 0xb6d64000=464c457f
[*] using /proc/self/mem method
[*] madvise = 0xb6d64000 17920
[*] madvise = 0 17449
[*] /proc/self/mem 10931200 610
[*] exploited 0 0xb6d64000=464c457f
[email protected]:/ $ /system/bin/run-as
uid /system/bin/run-as 2000
uid 0
0 u:r:runas:s0
context 0 u:r:shell:s0
[email protected]:/ # Hehehe
/system/bin/sh: Hehehe: not found
127|[email protected]:/ # which touch
/system/bin/touch
[email protected]:/ # touch Hi.txt
touch: 'Hi.txt': Read-only file system
1|[email protected]:/ # mount -o rw,remount /system
mount: Permission denied
255|[email protected]:/ # ls -ladZ sys
sys/ system/
255|[email protected]:/ # ls -ladZ system
drwxr-xr-x root root u:object_r:system_file:s0 system
[email protected]:/ # setenforce 0
setenforce: Couldn't set enforcing status to '0': Permission denied
1|[email protected]:/ # sestatus
/system/bin/sh: sestatus: not found
127|[email protected]:/ # cat
^C
130|[email protected]:/ #
130|[email protected]:/ #
130|[email protected]:/ #
130|[email protected]:/ #
130|[email protected]:/ #
130|[email protected]:/ # cat /etc/selinux/config
/system/bin/sh: cat: /etc/selinux/config: No such file or directory
1|[email protected]:/ # cd etc
[email protected]:/etc # ls
18p
NOTICE.html.gz
audio_effects.conf
audio_policy.conf
bluetooth
clatd.conf
dhcpcd
event-log-tags
fallback_fonts.xml
fonts.xml
gps.conf
hosts
media_codecs.xml
media_codecs_google_audio.xml
media_codecs_google_tv.xml
media_codecs_google_video.xml
media_codecs_performance.xml
media_profiles.xml
mkshrc
permissions
ppp
preloaded-classes
recovery-resource.dat
security
sysconfig
system_fonts.xml
wifi
[email protected]:/etc # touch lol
touch: 'lol': Read-only file system
1|[email protected]:/etc # mount -o rw,remount /
mount: Permission denied
255|[email protected]:/etc # su mount -o rw,remount /
/system/bin/sh: su: not found
127|[email protected]:/etc # sudo mount -o rw,remount /
/system/bin/sh: sudo: not found
127|[email protected]:/etc #
127|[email protected]:/etc #
so can I know why I am denied even tho I am root? Also can some-one guide me to write a blob extraction script? There is no fastboot.
Click to expand...
Click to collapse
Can you help me the steps you used to root via ditry cow?
aIecxs said:
check /proc/partitions for two similar partitions with 10 or 16 MB one of these should be boot. try to dump the partition (for example on my device it's mmcblk0p7)
Code:
cat /proc/partitions
cat /dev/block/mmcblk0p7 > /sdcard/mmcblk0p7.img
if that fails try to disable selinux
Code:
echo 0 > /sys/fs/selinux/enforce
or
echo 0 > /data/local/tmp/enforce
mount -o bind /data/local/tmp/enforce /sys/fs/selinux/enforce
chmod 0644 /sys/fs/selinux/enforce
chown 0.0 /sys/fs/selinux/enforce
chcon u:object_r:selinuxfs:s0 /sys/fs/selinux/enforce
Click to expand...
Click to collapse
How to disable selinux?

SELinux cannot be permissive in the stock kernel of Honor 6X (Hi6250) and other kernels are unstable

Stock kernel does not support Selinux Permissive
└─$ adb shell
:/ $ su
:/ # setenforce 0
setenforce: Couldn't set enforcing status to '0': Invalid argument
There is no /etc/selinux/config
Tried to create the file /etc/selinux/config
└─$ adb shell
prague:/ # echo "SELINUX=permissive
> SELINUXTYPE=targeted" > /etc/selinux/config
/sbin/sh: can't create /etc/selinux/config: No such file or directory
1|prague:/ # mkdir /etc/selinux
prague:/ # echo "SELINUX=permissive^JSELINUXTYPE=targeted" > /etc/selinux/config
prague:/ # cat /etc/selinux/config
SELINUX=permissive
SELINUXTYPE=targeted
prague:/ # exit
Same error:
└─$ adb shell
:/ $ su
:/ # setenforce 0
setenforce: Couldn't set enforcing status to '0': Invalid argument

Categories

Resources