How to: chroot on stock odexed mj4 knox0x0 selinux=enforcing - Sprint Samsung Galaxy Note 3

Stock odexed mj4 is my system. knox0x0 selinux enforced
su binary installed into /system/xbin and ln -s to /system/bin (system status "custom")
busybox installed
no superuser.apk or other su manager installed. (try dialer code *#1234# if your superuser/supersu.apk launches...well thats just one reason i uninstalled it...break my dialer codes? unacceptable)
xposed module wanam xposed installed (fake status official does not work)
env dir for linux deploy is /storage/extSdCard/linux
linux.img is /storage/extSdCard/linux.img
I searched for other note3 owners enjoying chroot but no luck, so hopefully others looking to chroot on note3 qualcomm variants find their way here to learn and discuss chrooting from within a selinux enforcing environment. (these steps should help s4 and s4mini users too who seem to have the same issues/errors with linux deploy)
Let it begin ~

Related

[Q] OpenVPN on stock (rooted) 10.1 3G - how to get/create tun.ko

Hi!
I successfully use(d) OpenVPN with the available tun.ko versions on my Galaxy Tab.
I tried to move that to the brand new European version of the 10.1 (no V, GT-P7500, Kernel 2.6.36.3, [email protected] #1, buildnr HMJ37 P7500XXWKG9, baseband XXKG7, ). But obviously, there is no tun.ko in the kernel and the available versions of tun.ko do not work with the 3.1 Honeycomb kernel.
Does anybody has compiled a tun.ko for this kernel already or can guide/tell me, how to do this myself?
Regards,
Questions or Problems Should Not Be Posted in the Development Forum
Please Post in the Correct Forums and Read THIS
Moving to Q&A
I am searching badly for a solution tu use PPTP VPN on my Galaxy Tab 10.1 (no v) 3G, too!
In the meantime, I learned that tun.ko is part even of the stock kernel. Nevertheless, I did not get it running with the setup I used on my Galaxy Tab.
Are you sure? I did a search for the file but nothing was found.
if preshoot already upload his git sources, I can do this for you guys.
Just wait for him,to upload his latest sources...
funky81 said:
if preshoot already upload his git sources, I can do this for you guys.
Click to expand...
Click to collapse
That would be nice.
richardtrip here told me, that tun.ko is already in the stock kernel.
I am presently trying to find out what detail makes problems in the connection to my Linux server. A connection is established, but not fully and yet not useable.
Hi!
I did some experiments with my OpenSuse 10.3 server and the Tab 10.1.
With the tun-device, I can establish a connection. But the 10.1 does not receive its address in the VPN network, ifconfig does not show the tun-device as device.
The same configuration which works flawlessly on my Galaxy Tab does not work on the 10.1.
Perhaps somebody is experienced with the OpenVPN configuration in this case.
Some more findings:
The device used is tap, but tunctl must be called to create a persistent tapx.
tunctl expects /dev/net/tun which must be either created by a symlink (/dev/tun exists, mkdir /dev/net, ln -s /dev/net/tun /dev/tun) or must be added with parameter -f on commandline.
It also seems that ifconfig has different parameters than on my Galaxy Tab. Starting OpenVPN from commandline, it complains about route/ifconfig with wrong parameters.
With special thanks to Amarok, I could get his solution also working on my Tab 10.1:
Install Busybox from Market
Install OpenVPN Installer from Market and install to
binaries: /system/xbin
route/ifconfig: /system/xbin/bb
Create /system/xbin/bb with Root Explorer or from shell
Create link to busybox for ifconfig and route
ln -s /system/xbin/busybox /system/xbin/bb/route
ln -s /system/xbin/busybox /system/xbin/bb/ifconfig
Check permissions for /system/xbin/openvpn, it should be 777 (rwxrwxrwx)
Using the openvpn binary from my galaxy tab (copy into /system/xbin, chmod 777) got OpenVPN finally working.
akxak said:
With special thanks to Amarok, I could get his solution also working on my Tab 10.1:
Install Busybox from Market
Install OpenVPN Installer from Market and install to
binaries: /system/xbin
route/ifconfig: /system/xbin/bb
Create /system/xbin/bb with Root Explorer or from shell
Create link to busybox for ifconfig and route
ln -s /system/xbin/busybox /system/xbin/bb/route
ln -s /system/xbin/busybox /system/xbin/bb/ifconfig
Check permissions for /system/xbin/openvpn, it should be 777 (rwxrwxrwx)
Using the openvpn binary from my galaxy tab (copy into /system/xbin, chmod 777) got OpenVPN finally working.
Click to expand...
Click to collapse
The last step ? From you which tab did you copy openvpn ? Is it possible to get the specific openvpn. Still not working on my side.
Thanks
Nar
Have also a look at this thread:
http://forum.xda-developers.com/showthread.php?t=1185370
Attached the openvpn binary I use.
akxak said:
Have also a look at this thread:
http://forum.xda-developers.com/showthread.php?t=1185370
Attached the openvpn binary I use.
Click to expand...
Click to collapse
So the tun.ko with stock works? When I run openvpn from either cli or openvpn settings tab it'll connect but I get no ip address. The only errors I'm getting are " Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:4: route (2.1.1)". So is using the attached openvpn binary all it took?
--
Brad
---------- Post added at 06:49 PM ---------- Previous post was at 06:42 PM ----------
jbaskew said:
So the tun.ko with stock works? When I run openvpn from either cli or openvpn settings tab it'll connect but I get no ip address. The only errors I'm getting are " Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:4: route (2.1.1)". So is using the attached openvpn binary all it took?
--
Brad
Click to expand...
Click to collapse
I missed the permissions part in your earlier post. With the openvpn binary you attached to the thread along with changing the perms I'm good to go. Such a relief! Thanks, akxak!
--
Brad
What about tun.ko???? I run the same GT as you though 7500 3.1 ??
As already stated, tun.ko is part of the stock firmware.
Sent from my Galaxy Tab 10.1 using Tapatalk.
I dont find tun.ko on my GT when I search with root explorer..
my tun.ko is located in /data/media/openvpn/openvpn/tun.ko
On my Tab, a separate tun.ko is not required. OpenVPN works anyway, as that seems to be an integral part of the kernel.
I'm trying to use the openvpn settings as well but when I try to connect I get
"Fatal:Cannot allocate TUN/TAP dev dynamically"
and when I try to insmod tun.ko using adb, I get this error:
"init.module 'tun.ko' failed <Exec format error>
I'm using pershoot's most up to date kernel (yesterday) with the tun.ko file that was included with it. I also tried with the one supplied in this thread as a .rar file and I received the same errors.
Any ideas?
Nearly there
Hey everybody.
I also have some problem with openvpn connection.
At first i turn on openvpn the start the configuration (at the same time i started a ping on my server: ping 300.300.300.300 -t)
After that my ping works for 12 - 14 times. After the 12 + 14 times then it shows "out of time" error message.
What have i done wrong? (Every 5 seconds at the bottom of my tab it shows "myvpn.openvpn: Connected"
Preferences:
Samsung Galaxy Tab 10.1 Rooted
Android 3.1
Newest Busybox
Done everything from the tutorial of this topic
Update: When i turn the tun module on then the ping only works for about 9 times.
After about 20 failed pings, the pink works again for the amount i wrote.

[Q] Compiled source for android

Hi all
Im using Galaxy Mini (Android 2.3.6) and have installed Ubuntu 9.04 jaunty via Linux Installer. Using(on phone) Ubuntu and cx_Freeze i can compile Python scripts to source code(for armv6l) and install it (on Ubuntu) and it works well but when i move it to Android and run command from Terminal Emulator im getting toast with message root get administrator privileages(a few times) to time when shows superuser force update, phone getting laggy and i must take off battery and turn it on again.
directory tree of source files:
--------------------------------------
usr(dir)
----bin(dir)
--------print(file, run print from /usr/lib/print-0.1/ dir)
----lib(dir)
--------print-0.1(dir)
------------*.so(files)
------------*.zip(archive with freezed Python libs)
------------print(file)
--------------------------------------
and files in /system/xbin/
print file
--------------------------------------
#!/system/bin/sh
su -c "/system/xbin/print.sh"
--------------------------------------
print.sh file
--------------------------------------
#!/system/bin/sh
export print="/usr/bin/print"
print
--------------------------------------
My Questions:
1. Why it not works while files are compiled on armv6l to armv6l processor?
2. Can i somehow make that works?(How? or Why?)
3. Is there a way to make linux gui for android?(Why?)

Help adding CIFS support to kernels?

Often I find myself really liking a particular kernel for a particular device. The common problem I have found is that no CIFS support is added to the kernel.
I have donated to several kernel devs. I don't expect anything from them, I just wanted to show my appreciation.
However, usually my CIFS inquiries go unnoticed.
I would like to add CIFS support to other people's kernels for my personal use on my device.
I presume I will have to decompile and recompile kernels in the process?
Here is the specific case that I have :
Current setup:
Phone - Verizon Galaxy Note 2
ROM - Beans build 22 (Touchwiz)
Kernel - Perseus 36
I would like to use Imnuts' PBJ kernel. It doesn't support CIFS, whereas Perseus does.
So in theory I could extract the CIFS modules and inject them into PBJ? Any ideas? Any help would be appreciated. I would also be willing to donate to someone willing to build one for me (mods, let me know if that isn't cool to mention. ) I don't have a Linux box or the current means of acquiring a Linux box until early next year. I am curious if this can be done on Windows 7?
xdadevnube said:
Often I find myself really liking a particular kernel for a particular device. The common problem I have found is that no CIFS support is added to the kernel.
I have donated to several kernel devs. I don't expect anything from them, I just wanted to show my appreciation.
However, usually my CIFS inquiries go unnoticed.
I would like to add CIFS support to other people's kernels for my personal use on my device.
I presume I will have to decompile and recompile kernels in the process?
Here is the specific case that I have :
Current setup:
Phone - Verizon Galaxy Note 2
ROM - Beans build 22 (Touchwiz)
Kernel - Perseus 36
I would like to use Imnuts' PBJ kernel. It doesn't support CIFS, whereas Perseus does.
So in theory I could extract the CIFS modules and inject them into PBJ? Any ideas? Any help would be appreciated. I would also be willing to donate to someone willing to build one for me (mods, let me know if that isn't cool to mention. ) I don't have a Linux box or the current means of acquiring a Linux box until early next year. I am curious if this can be done on Windows 7?
Click to expand...
Click to collapse
There may be a simpler method of doing this using insmod and downloadable cifs.ko module rather then taking the developers kernel source and then compiling it to include the cifs.ko module, using the following steps:
1. Make sure you have the latest version of Busybox installed
2. Download this .7z file and extract it's contents the modules you want are md4.ko and cifs.ko (Even though the .zip says Nexus 10 it should still work on your device).
3. Take the md4.ko module and cifs.ko module and place them in your /system/lib/modules folder (Make sure to mount the /system folder as read/write first and if the /system/lib/modules folder doesn't exist make sure to create it and set the proper permissions which should be the same as the /system/lib folder).
4. Now that you have placed the md4.ko and cifs.ko module in the /system/lib/modules folder run the following command:
Code:
insmod /system/lib/modules/md4.ko
insmod /system/lib/modules/cifs.ko
5. After that completes you should now be able to use the cifs.ko module to perform your desired task.
Let me know if you still have questions I'll be happy to help you out.
shimp208 said:
There may be a simpler method of doing this using insmod and downloadable cifs.ko module rather then taking the developers kernel source and then compiling it to include the cifs.ko module, using the following steps:
1. Make sure you have the latest version of Busybox installed
2. Download this .7z file and extract it's contents the modules you want are md4.ko and cifs.ko (Even though the .zip says Nexus 10 it should still work on your device).
3. Take the md4.ko module and cifs.ko module and place them in your /system/lib/modules folder (Make sure to mount the /system folder as read/write first and if the /system/lib/modules folder doesn't exist make sure to create it and set the proper permissions which should be the same as the /system/lib folder).
4. Now that you have placed the md4.ko and cifs.ko module in the /system/lib/modules folder run the following command:
Code:
insmod /system/lib/modules/md4.ko
insmod /system/lib/modules/cifs.ko
5. After that completes you should now be able to use the cifs.ko module to perform your desired task.
Let me know if you still have questions I'll be happy to help you out.
Click to expand...
Click to collapse
I'm trying to do this on my Nexus 10 with stock 5.1.1 rooted and busyboxed but i get the following error when attempting to insmount the modules:
255|[email protected]:/ # insmod /system/lib/modules/md4.ko
insmod: init_module '/system/lib/modules/md4.ko' failed (function not implemented)
Click to expand...
Click to collapse
modules folder and files are chmod 777, btw.
Did you ever find a solution to this? I'm stuck at the same error message.

[Android Build SU bug-RESOLVED] Need help figuring this out

I am currently helping on a new project for a ROM, we forked the AOSPA and AOSPA-Legacy repos into our githubs. What was mainly changed was the name "pa" "pa_" or "AOSPA" to "VentureROM" and the path "pa/" to "venture/". We have looked through both venturerom and venturerom legacy repos that we built and compared these with aospa repos for any differences and haven't seen any. We built AOSPA from scratch off their github and do not receive this bug.
su binary is installed to xbin folder and is symlinked to the bin folder. SUPERUSER_EMBEDDED = true is enabled in build script and points to files for binary and application. After about 8 different build attempts of changing one thing here or there, i decided to pull a logcat and found this sequence when asking for root privelage over ADB:
Code:
[ 08-30 00:24:22.616 2888: 2888 D/su ]
su invoked.
[ 08-30 00:24:22.616 2888: 2888 D/su ]
starting daemon client 2000 0
[ 08-30 00:24:22.616 2888: 2888 E/su ]
connect failed with 2: No such file or directory\
When digging through the system files, su exsists and system can call other binaries under both xbin and bin folders.
The hint is that when you flash a custom kernel over the device after building our repo from scratch, su issue is gone. But i can't quite figure out where the issue is, I've looked through kernel related files and boot related files. Any assistance would be greatly appreciated. Im using an HTC one m8 (m8vzw/m8wlv), the repo with this is under "VentureROM-Legacy" on github, but i guess i cant post that since i never use XDA. Thank you in advance
EDIT:
Found the issue.

Fix for empty app-mounted directories (CifsManager, etc.) in Android 5.0?

Android 5.0 Lollipop breaks apps that mount file systems to be shared with other apps. This includes CifsManager, Mount Manager, essentially anything that mounts cifs shares, FUSE file sytems, etc. The symptom is that the mounted contents appear fine to app that peforms the mount operation (assuming the app itself provides the ability to browse the contents), but every other app only sees an empty directory at the mount point.
Will a fix be possible for Lollipop as it was for Android 4.2?
Fix as pointed out by user glimmling.
Firstly, ensure you have the ElementalX kernel flashed onto your nexus 5.
glimmling said:
Cifs is definitily working on lollipop with my old Nexus 7. I use a patched kernel to make the mounts visible for all apps: http://forum.xda-developers.com/showpost.php?p=36908034&postcount=1
If your kernel doesn't have the patches, there is a second workaround with the SuperSU mount-master option: http://su.chainfire.eu/#how-mount
Important! Both approaches needs the SE Linux mode to be "permissive" to see the files in the mounts.
This example should work:
Code:
su
setenforce Permissive
su --mount-master -c busybox mount -o username=guest,rw,noperm,iocharset=utf8 -t cifs //192.168.178.23/cifsshare /data/media/0/mounts/cifsshare
Click to expand...
Click to collapse
If you can't be buggered typing out lengthy line 3 every time you mount you can use the patched version of Cifsmanager.v1.5a which uses prefixed mount command (su --mount-master -c) however it requires SuperSU and you still need SE Linux mode to be "permissive" to see the files in the mounts. So you can either do that manually in terminal:
Code:
su
setenforce Permissive
or download SELinux Mode Changer to switch for you (note: it's a bit buggy on switching)
After unmounting the share you should go back to Enforcing mode.
Code:
su
setenforce Enforcing
or just use SELinux Mode Changer to change back.
What is the difference between the SE for Android status: Enforcing, Permissive and Disabled?
Enforcing — SE for Android is enforcing the loaded policy. Your device is actively protected from security threats and malicious apps will be denied access.
Permissive — The SE for Android policy file is loaded, but your device is not enforcing it. If a malicious app tries to access a resource that it is not allowed to, the access will be logged but not prevented. This mode is intended for testing and debugging. It generates log files of denied app and allows Samsung to identify new app threats and update its policy files.
Disabled — The SE for Android infrastructure is not enabled, and there is no policy file loaded. Log files are not generated and your system is vulnerable to security threats.
Click to expand...
Click to collapse
bseos said:
If you can't be buggered typing out lengthy line 3 every time you mount you can use the patched version of Cifsmanager.v1.5a which uses prefixed mount command (su --mount-master -c) however it requires SuperSU and you still need SE Linux mode to be "permissive" to see the files in the mounts.
Click to expand...
Click to collapse
If you want to leave SELinux enabled, you can use that patched version of Cifsmanager above and and label the directory in the Options,
Code:
context=u:object_r:rootfs:s0
The full options string i use
Code:
vers=2.1,domain=MYDOMAIN,rw,file_mode=0777,dir_mode=0777,context=u:object_r:rootfs:s0
This works for my Nexus 6, 5.0 & 5.1.
Note: the version 2.1, isn't always enabled in the kernel so you might have to remove vers=2.1.

Categories

Resources