hello XDA users
i have REDMI NOTE 4X with Unlocked bootloader and rooted Miui rom ( XIAOMI. EU ROM ),
i love this ROM it's very smooth and battery friendly,
but i just need one thing, i wanna install dolby atmos or viper4android, and i need my SELINUX to be set Permissive permanently
please i search a lot of threads but didn't find yet the best way to make it Permissive Permanently, please give me the best way to fix that thing !
thanks again
chegue4 said:
please i search a lot of threads but didn't find yet the best way to make it Permissive Permanently, please give me the best way to fix that thing !
thanks again
Click to expand...
Click to collapse
Well that doesn't seems the whole truth to me . :silly:
1)Anyways if u have magisk installed then flash the below zip and it will set selinux to permissive .
2)Also there is a terminal method to do that ,but it is not permanent so I m not writing it here .
3)Also there are ROMs like AICP that gives you the option to change selinux mode .
4) Also tere is an app available called as "selinux mode changer " which should also do the work (not tested by me tho )
5) Also u can use kernel aduitor to change mode
"0"= permissive
"1"= enforcing
U will find the selinux thing under TOOLS>build prop editor in kenrl aduitor .
Hope this is enough for now .thank you
thank you man, i did magisk method, unroot all supersu, and reroot using magisk
Related
SM-N910F - Stock Kernel
Root Android 5.1.1
We have here 2 kernel variants
Original Samsung SE enforced kernel, repacked with a patched sepolicy through SuperSU 2.50
- Recommended kernel as it runs in enforced mode if you are concerned about security
- Recommended method by Chainfire
- Supports only SuperSU 2.50 app for root
- You must update to SuperSU 2.50 before flashing kernel or you end up in a bootloop
- TIMA SecurityLogAgent service still needs to be freezed
- Selinux runs in enforced mode
- Private mode can be used
Click to expand...
Click to collapse
Compiled from stock sources permissive kernel, with NTFS support
- huge drop in security, as it runs in permissive mode
- will allow you to run any superuser app
- supports ntfs mount (needs NTFS helper for the mount ntfs binary or get them from xda or from download link
- selinux is forced to permissive because of new Android 5.1.1 restrictions
- Private mode relies on Selinux and can no more be enabled
- TIMA SecurityLogAgent service needs to be freezed as new Android 5.1.1 detects changes in kernel/SE and warns you about them
Click to expand...
Click to collapse
Why a custom kernel or a modified boot image will probably be needed to root ?
answered by the master: http://www.androidauthority.com/chainfire-rooting-android-lollipop-541458/
New selinux restrictions make it quiet hard for the su daemon to load at boot without exploiting some kernel vulnerabilities that google will patch asap any way.
It seems also that even if we only revert the selinux permissive/enforced toggle, set state to permissive at boot and then enforce security once SU daemon is loaded, many issues could still rise because of the new SE policies. Chainfire says himself that trying to do so will in any case need to drop even more the security level.
Furthermore, enabling toggling of selinux state is now more complicated since 5.0: enabling CONFIG_SECURITY_SELINUX_DEVELOP in defconfig needs androidboot.selinux=permissive in board kernel cmdline. However, this won't be processed in user builds, but only in eng and userdebug builds. This means you cannot expect any such fixes to work on a stock ROM. We now must hardcode the kernel into always permissive mode
In permissive mode, it is impossible to use any KNOX protected features and system will triggers kernel modification alarms by security TIMA agent:
http://www.samsung.com/hk_en/support/skp/faq/1028007. That's why those services must be disabled.
Seems it is not Samsung to blame, but really Google.
Chainfire came with a new approach to avoid compiling the kernel and to be able to run in enforced mode: patching the sepolicy in ramdisk to allow root while still running a stock enforced kernel. This needs version 2.50+ of SuperSU, and won't support, currently, any other root application. This needs a complex procedure documented by Chainfire. It needs rooting the reference device under 4.4 - 5.0.1 enforced mode, patching the 5.1.1 sepolicy under that reference device and export the patched sepolicy to the 5.5.1 boot image of the device. The good part is that we only need to repack boot image with a changed sepolicy, without modifying anything else, mainly the kernel.
Credits
@Chenglu
@Chainfire
Emotroid-Team
XDA:DevDB Information
Android 5.1.1 Kernel, Stock, Root, Enforced and Permissive, Kernel for the Samsung Galaxy Note 4
Contributors
Phil3759
Kernel Special Features: stock, enables root for 5.1.1
Version Information
Status: Stable
Created 2015-09-23
Last Updated 2015-10-30
Download + source diff
- flash kernel in recovery (zip) or odin (tar)
- flash SuperSU v2.50+ for enforced kernel or any root app for permissive kernel
Link:
https://mega.nz/#F!RV8wGT6C!rsfnBrjuqukBNLgLxIgNIA
More original third party releases by @_alexndr (untested by me): https://www.androidfilehost.com/?w=files&flid=45166
FAQ and fixes
How to fix the security notice popup for the permissive recompiled kernels ?
Using Titanium backup, freeze this service: SecurityLogAgent
How to fix Screen Mirroring after root for permissive kernels ?
This is not related to the kernel, but affects some Samsung devices with root
For the fix, check here: http://forum.xda-developers.com/showpost.php?p=63004244&postcount=11
How to fix my wifi passwords not saved on reboot / wifi disconnect for permissive kernels ?
Add this line in /system/build.prop
Code:
ro.securestorage.support=false
What changes are done to the permissive kernel before compiling?
selinux permissive to enable root
NTFS stock Samsung implementation enabled in kernel (needs OTG helper probably)
History changes for permissive kernels
v1.0
N910P-VPU4COG5 kernel sources + N910F-XXU1COH4 ramdisk
v1.1
revert properties to defaults: if you have issues saving wifi passwords, add this line to /system/build.prop or revert to 1.0
v2.0
N910-F latest stock sources
back to ro.securestorage.support=false for wifi password issues in permissive mode
Click to expand...
Click to collapse
Sources:
post 2 with download link
Than you. Could you make a flashable zip with your kernel?
"Somos dueños de nuestro silencio y esclavos de nuestras palabras"
antz_77 said:
Than you. Could you make a flashable zip with your kernel?
"Somos dueños de nuestro silencio y esclavos de nuestras palabras"
Click to expand...
Click to collapse
added a zip file
Which App for Root can i use for example?
Just use SuperSU, after installing kernel with TWRP use the option to add root when exiting from recovery. You'll be fine
Verstuurd vanaf mijn SM-N910F met Tapatalk
patensas said:
Just use SuperSU, after installing kernel with TWRP use the option to add root when exiting from recovery. You'll be fine
Verstuurd vanaf mijn SM-N910F met Tapatalk
Click to expand...
Click to collapse
PhilZ Touch 6.59.0 works perfectly with 5.1.1 by the way, even time with Time Daemon load
Why a custom kernel will probably be needed to root ?
answered by the master: http://www.androidauthority.com/chainfire-rooting-android-lollipop-541458/
New selinux restrictions make it quiet hard for the su daemon to load at boot without exploiting some kernel vulnerabilities that google will patch asap any way.
It seems also that even if we only revert the selinux permissive/enforced toggle, set state to permissive at boot and then enforce security once SU daemon is loaded, many issues could still rise because of the new SE policies. Chainfire says himself that trying to do so will in any case need to drop even more the security level.
So, for now, and maybe also in near future, no other way to root will be possible except using a custom kernel in a selinux permissive state. Sure some vulnerabilities could be found and used, but will probably be patched by Google.
Seems it is not Samsung to blame, but really Google.
Hello
i have installed the kernel, the TWRP and Super su and i have now root on my note 4.
But i always have in my notification bar a notification that says "security notification non authorized action have been made" (i translate from french so it is maybe not exactly what it write on english phones)
What can i do to don't have that anymore ?
Thank you
parisien99 said:
Hello
i have installed the kernel, the TWRP and Super su and i have now root on my note 4.
But i always have in my notification bar a notification that says "security notification non authorized action have been made" (i translate from french so it is maybe not exactly what it write on english phones)
What can i do to don't have that anymore ?
Thank you
Click to expand...
Click to collapse
You can freeze security log agent with TB and you're fine.
@topic screen mirroring is not working here on note 4. Must be kernel related. Stock rooted Rom.
Gesendet von meinem SM-N910F mit Tapatalk
robotnikz said:
You can freeze security log agent with TB and you're fine.
@topic screen mirroring is not working here on note 4. Must be kernel related. Stock rooted Rom.
Gesendet von meinem SM-N910F mit Tapatalk
Click to expand...
Click to collapse
Not related to the custom kernel
http://forum.xda-developers.com/showpost.php?p=61396065&postcount=66
Or just do this:
In build.prop, add this line and reboot device
Code:
wlan.wfd.hdcp=disable
It works perfectly with my Samsung Smart TV
[N910F][Kernel][Stock][Root] Android Stock 5.1.1 Kernel for root
Hi !
Thank you @Phil.
Could you tell me if it's works on the last germany firmware COI3 for N910F please ?
Guillaume59610 said:
Hi !
Thank you
Could you tell me if it's works on the last germany firmware COI3 for N910F please ?
Click to expand...
Click to collapse
I didn't test, but normally, there are no significant changes between those micro letters. Probably just the branded stuff
Can you upload stock boot.img from COI3 ? I will look at it then
Thanks for your answer.
I 've uploaded stock boot.img from COI3. Here is the link :
https: //mega.nz/#!wAlFBTQK!G2Y09HP2mYmtgQMo2PWUGYGPBlJkgyrMDLZpCnjCnqk
Guillaume59610 said:
Thanks for your answer.
I 've uploaded stock boot.img from COI3. Here is the link :
https: //mega.nz/#!wAlFBTQK!G2Y09HP2mYmtgQMo2PWUGYGPBlJkgyrMDLZpCnjCnqk
Click to expand...
Click to collapse
ramdisk changes don't seem relevant
Until we have new kernel sources for N910F, there is no need to recompile
I am using it heavily since a few days without any issue or bug I could spot
Ok, thanks @Phil !
only for F
cant't work on 910C ?
crazydeepman said:
only for F
cant't work on 910C ?
Click to expand...
Click to collapse
No way. The 910C use exynos chip. You have to request on exynos subforum.
"If it compiles, it is good, if it boots up it is perfect"
Best kernel I have seen, until now! - Works without any problems also with German (DBT) ROM: N910FXXU1COI3, that also contains final fixes for StageFright and a better fingerprint support.
THX Phil!
P.S.: Every update is welcome...
Added some info in post 1 on what changed in Android 5.0 that probably will make it near impossible to root a stock ROM while having even the option to run in enforced mode when needed. Any other way that could be found in the future will mean using kernel vulnerabilities. This obviously will be fixed asap by google. At the end, it will be probably simpler and safer (stability wise) to choose between root and a selinux enforced device, not both
This also makes it impossible to use any KNOX protected features and triggers kernel modification alarms by security TIMA agent:
http://www.samsung.com/hk_en/support/skp/faq/1028007
That's why those services must be disabled
Furthermore, enabling toggling of selinux state is now more complicated since 5.0: enabling CONFIG_SECURITY_SELINUX_DEVELOP in defconfig needs androidboot.selinux=permissive in board kernel cmdline. However, this won't be processed in user builds, but only in eng and userdebug builds. This means you cannot expect any such fixes to work on a stock ROM. We now must hardcode the kernel into always permissive mode
Click to expand...
Click to collapse
this is just a Full Stock Deodexed Oreo ROM of US Unlocked 2.42.617.1:
http://www.androidfilehost.com/?fid=817906626617957852 RE-Uploaded done
No root
No Aroma installer
No magisk by default
it will probably lag if not rooted you will need this module attached bellow also, once magisk is installed get it here
it is working fine for me so far so I decided to share it here since it is completely stock any bugs you might find beside the lag on no root, there are probably on stock also
Just curious, why would it lag?
@JEANRIVERA
THX!
Can you share full (including framework) deodex method?
I used Superr kitchen
Golv said:
@JEANRIVERA
THX!
Can you share full (including framework) deodex method?
Click to expand...
Click to collapse
All I did was use Superr kitchen
doyou37 said:
Just curious, why would it lag?
Click to expand...
Click to collapse
Suspect its the issue where the dalvik cache can't be built unless SELinux is permissive.
JEANRIVERA said:
this is just a Full Stock Deodexed Oreo ROM of US Unlocked 2.42.617.1:
http://www.androidfilehost.com/?fid=817906626617957852 RE-Uploaded done
No root
No Aroma installer
No magisk by default
it will probably lag if not rooted you will need this module attached bellow also, once magisk is installed get it here
it is working fine for me so far so I decided to share it here since it is completely stock any bugs you might find beside the lag on no root, there are probably on stock also
Click to expand...
Click to collapse
Sounds intriguing can you tell me what you removed to deox. I would be coming from another rom so I am un locked and rooted.
RKDxpress said:
Sounds intriguing can you tell me what you removed to deox. I would be coming from another rom so I am un locked and rooted.
Click to expand...
Click to collapse
I didn't do nothing special I just used Superr kitchen
Electronic Punk said:
Suspect its the issue where the dalvik cache can't be built unless SELinux is permissive.
Click to expand...
Click to collapse
yep...
from the magisk module:
# Enable SELinux Permissive Mode at Boot
setenforce 0
personally I'd rather stay odex than set SELinux to Permissive
Hi,This rom is full Deodexed .
Which perm type should I choose?
Here is a very brief summary of set_perm, set_metadata, sparse_dat, and raw_img.
Thank you for share.
All of ROMs based on Android Pie for kenzo I’ve tried so far have SELinux set to permissive. There was a time when even Oreo ROMs didn’t have SELinux enforcing, but later on developers had fixed it. As of now, I didn’t even find a single Android P official custom ROM having SELinux set to Enforcing.
Did anyone find any official Pie ROM having SELinux set to enforcing?
Ya_SG said:
All of ROMs based on Android Pie for kenzo I’ve tried so far have SELinux set to permissive. There was a time when even Oreo ROMs didn’t have SELinux enforcing, but later on developers had fixed it. As of now, I didn’t even find a single Android P official custom ROM having SELinux set to Enforcing.
Did anyone find any official Pie ROM having SELinux set to enforcing?
Click to expand...
Click to collapse
Do you flash magisk?
Black_Stark said:
Do you flash magisk?
Click to expand...
Click to collapse
Yes I do.
Ya_SG said:
Yes I do.
Click to expand...
Click to collapse
So u take ur security seriously. But u dont have problem in rooting ur phone. :laugh:
Just think Why all custom roms today are not prerooted ?
But u keep on crying on every thread for selinux . have u read whats the actual function of selinux and how it works and where its useful. Do u install apk files from untrusted sources from untusted sites??
Even privacy guard can protect ur userspace. Today Most of custom roms have privacy guard.
Understanding Selinux his huge work. Only OEM devs like xiaomi devs who are professional and paid by comapnies knows how to write the SEPOLICY. Custom devs here dont have that much spare time.
And who told u citrus released by Adarsh is unofficial ? :laugh:
Black_Stark said:
So u take ur security seriously. But u dont have problem in rooting ur phone. :laugh:
Just think Why all custom roms today are not prerooted ?
But u keep on crying on every thread for selinux . have u read whats the actual function of selinux and how it works and where its useful. Do u install apk files from untrusted sources from untusted sites??
Even privacy guard can protect ur userspace. Today Most of custom roms have privacy guard.
Understanding Selinux his huge work. Only OEM devs like xiaomi devs who are professional and paid by comapnies knows how to write the SEPOLICY. Custom devs here dont have that much spare time.
And who told u citrus released by Adarsh is unofficial ? :laugh:
Click to expand...
Click to collapse
Having SELinux permissive blocks the use of banking apps. Turning off Google Play services' phone permission may make them work. But if you use Google Maps, you’re certainly gonna notice a message “Google Maps is having trouble, turn on phone permission of Google Play services”.
That’s the reason, I’m not using any Pie ROM.
And I wouldn’t want to use an outdated rom having bugs made by a dev who’s passed away. We all know everyone wants SELinux Enforcing in Pie ROMs.
Citrus-CAF is unofficial
Ya_SG said:
Having SELinux permissive blocks the use of banking apps. Turning off Google Play services phone permission may make them work. But if you use Google Maps, you’re certainly gonna notice a message “Google Maps is having trouble, turn on phone permission of Google Play services”.
That’s the reason, I’m not using any Pie ROM.
And I wouldn’t want to use an outdated rom having bugs made by a dev who’s passed away. We all know everyone wants SELinux Enforcing in Pie ROMs.
Click to expand...
Click to collapse
Hope we see new updated citrus build.
U from which country?
Black_Stark said:
So u take ur security seriously. But u dont have problem in rooting ur phone. :laugh:
Just think Why all custom roms today are not prerooted ?
But u keep on crying on every thread for selinux . have u read whats the actual function of selinux and how it works and where its useful. Do u install apk files from untrusted sources from untusted sites??
Even privacy guard can protect ur userspace. Today Most of custom roms have privacy guard.
Understanding Selinux his huge work. Only OEM devs like xiaomi devs who are professional and paid by comapnies knows how to write the SEPOLICY. Custom devs here dont have that much spare time.
And who told u citrus released by Adarsh is unofficial ? :laugh:
Click to expand...
Click to collapse
Nobody asked for your opinion. He simply asked about the ROMs which have se Linux permissive. You can name the ROMs or GTFO.
DarkSoul101 said:
Nobody asked for your opinion. He simply asked about the ROMs which have se Linux permissive. You can name the ROMs or GTFO.
Click to expand...
Click to collapse
We both good. U go to bed and sweet dreams.
Black_Stark said:
We both good. U go to bed and sweet dreams.
Click to expand...
Click to collapse
*Triggered*
Can someone explain to me what SElinux does? Also what does permissive and disabled mean? I see a lot of people not using some ROMs just because of the SElinux status.
Thank you in advance.
Basically it tells processes what files/folders they can or cannot use. You don't want some malicious activity to use them, don't you?
Soojikahalwa said:
Can someone explain to me what SElinux does? Also what does permissive and disabled mean? I see a lot of people not using some ROMs just because of the SElinux status.
Thank you in advance.
Click to expand...
Click to collapse
Selinux in Enforcing mode makes ur userspace very rigid against hacking and malware.
All official stock rom comes with enforcing mode. Its mandatory.
Putting Selinux in Enforcing mode is kind of tough. Only few devs can understand and can make it.
Nougat and oreo already in enforcing.
Now latest Aex pie Test build is already released with Enforcing mode.
Thank you guys, so basically SElinux enforced is best. I was under the impression that SElinux enforced isn't too great as your apps will have only restricted access. Thank you very much.
Dear OnePlus Lovers,
did anyone of you get the Viper4Android FX Tool to work.
I tried nearly all possible way to set SELinux in permissive mode but nothing works.. it says everytime i have to install the driver but the magisk module is already installed..
Maybe any suggestions?
How did you root?
I did what everyone is telling. I just searched in the GSI Thread.
But only for you.
Post in thread 'GSIs status + boot dump' https://forum.xda-developers.com/t/gsis-status-boot-dump.4316479/post-85472945
drumntetri5 said:
I did what everyone is telling. I just searched in the GSI Thread.
But only for you.
Post in thread 'GSIs status + boot dump' https://forum.xda-developers.com/t/gsis-status-boot-dump.4316479/post-85472945
Click to expand...
Click to collapse
im curious if your in-display FingerPrint scanner works and also Auto brightness ? Currently used GT Neo with Corvus GSI
Fingerprintsensor is working very fine.
On my Xiaomi Mi9T Pro after flashing magisk it was not useable.
For the automatic lightsensor I can't say anything because I'm not using it.. but after I activated right now it's dimming the light down..
Hi, did you make it work?
drumntetri5 said:
Dear OnePlus Lovers,
did anyone of you get the Viper4Android FX Tool to work.
I tried nearly all possible way to set SELinux in permissive mode but nothing works.. it says everytime i have to install the driver but the magisk module is already installed..
Maybe any suggestions
Click to expand...
Click to collapse
sakarya1980 said:
Hi, did you make it work?
Click to expand...
Click to collapse
Sadly, no.. and at the moment I'm afraid to dig deeper into this because we don't have TWRP...