Related
SM-N910F - Stock Kernel
Root Android 5.1.1
We have here 2 kernel variants
Original Samsung SE enforced kernel, repacked with a patched sepolicy through SuperSU 2.50
- Recommended kernel as it runs in enforced mode if you are concerned about security
- Recommended method by Chainfire
- Supports only SuperSU 2.50 app for root
- You must update to SuperSU 2.50 before flashing kernel or you end up in a bootloop
- TIMA SecurityLogAgent service still needs to be freezed
- Selinux runs in enforced mode
- Private mode can be used
Click to expand...
Click to collapse
Compiled from stock sources permissive kernel, with NTFS support
- huge drop in security, as it runs in permissive mode
- will allow you to run any superuser app
- supports ntfs mount (needs NTFS helper for the mount ntfs binary or get them from xda or from download link
- selinux is forced to permissive because of new Android 5.1.1 restrictions
- Private mode relies on Selinux and can no more be enabled
- TIMA SecurityLogAgent service needs to be freezed as new Android 5.1.1 detects changes in kernel/SE and warns you about them
Click to expand...
Click to collapse
Why a custom kernel or a modified boot image will probably be needed to root ?
answered by the master: http://www.androidauthority.com/chainfire-rooting-android-lollipop-541458/
New selinux restrictions make it quiet hard for the su daemon to load at boot without exploiting some kernel vulnerabilities that google will patch asap any way.
It seems also that even if we only revert the selinux permissive/enforced toggle, set state to permissive at boot and then enforce security once SU daemon is loaded, many issues could still rise because of the new SE policies. Chainfire says himself that trying to do so will in any case need to drop even more the security level.
Furthermore, enabling toggling of selinux state is now more complicated since 5.0: enabling CONFIG_SECURITY_SELINUX_DEVELOP in defconfig needs androidboot.selinux=permissive in board kernel cmdline. However, this won't be processed in user builds, but only in eng and userdebug builds. This means you cannot expect any such fixes to work on a stock ROM. We now must hardcode the kernel into always permissive mode
In permissive mode, it is impossible to use any KNOX protected features and system will triggers kernel modification alarms by security TIMA agent:
http://www.samsung.com/hk_en/support/skp/faq/1028007. That's why those services must be disabled.
Seems it is not Samsung to blame, but really Google.
Chainfire came with a new approach to avoid compiling the kernel and to be able to run in enforced mode: patching the sepolicy in ramdisk to allow root while still running a stock enforced kernel. This needs version 2.50+ of SuperSU, and won't support, currently, any other root application. This needs a complex procedure documented by Chainfire. It needs rooting the reference device under 4.4 - 5.0.1 enforced mode, patching the 5.1.1 sepolicy under that reference device and export the patched sepolicy to the 5.5.1 boot image of the device. The good part is that we only need to repack boot image with a changed sepolicy, without modifying anything else, mainly the kernel.
Credits
@Chenglu
@Chainfire
Emotroid-Team
XDA:DevDB Information
Android 5.1.1 Kernel, Stock, Root, Enforced and Permissive, Kernel for the Samsung Galaxy Note 4
Contributors
Phil3759
Kernel Special Features: stock, enables root for 5.1.1
Version Information
Status: Stable
Created 2015-09-23
Last Updated 2015-10-30
Download + source diff
- flash kernel in recovery (zip) or odin (tar)
- flash SuperSU v2.50+ for enforced kernel or any root app for permissive kernel
Link:
https://mega.nz/#F!RV8wGT6C!rsfnBrjuqukBNLgLxIgNIA
More original third party releases by @_alexndr (untested by me): https://www.androidfilehost.com/?w=files&flid=45166
FAQ and fixes
How to fix the security notice popup for the permissive recompiled kernels ?
Using Titanium backup, freeze this service: SecurityLogAgent
How to fix Screen Mirroring after root for permissive kernels ?
This is not related to the kernel, but affects some Samsung devices with root
For the fix, check here: http://forum.xda-developers.com/showpost.php?p=63004244&postcount=11
How to fix my wifi passwords not saved on reboot / wifi disconnect for permissive kernels ?
Add this line in /system/build.prop
Code:
ro.securestorage.support=false
What changes are done to the permissive kernel before compiling?
selinux permissive to enable root
NTFS stock Samsung implementation enabled in kernel (needs OTG helper probably)
History changes for permissive kernels
v1.0
N910P-VPU4COG5 kernel sources + N910F-XXU1COH4 ramdisk
v1.1
revert properties to defaults: if you have issues saving wifi passwords, add this line to /system/build.prop or revert to 1.0
v2.0
N910-F latest stock sources
back to ro.securestorage.support=false for wifi password issues in permissive mode
Click to expand...
Click to collapse
Sources:
post 2 with download link
Than you. Could you make a flashable zip with your kernel?
"Somos dueños de nuestro silencio y esclavos de nuestras palabras"
antz_77 said:
Than you. Could you make a flashable zip with your kernel?
"Somos dueños de nuestro silencio y esclavos de nuestras palabras"
Click to expand...
Click to collapse
added a zip file
Which App for Root can i use for example?
Just use SuperSU, after installing kernel with TWRP use the option to add root when exiting from recovery. You'll be fine
Verstuurd vanaf mijn SM-N910F met Tapatalk
patensas said:
Just use SuperSU, after installing kernel with TWRP use the option to add root when exiting from recovery. You'll be fine
Verstuurd vanaf mijn SM-N910F met Tapatalk
Click to expand...
Click to collapse
PhilZ Touch 6.59.0 works perfectly with 5.1.1 by the way, even time with Time Daemon load
Why a custom kernel will probably be needed to root ?
answered by the master: http://www.androidauthority.com/chainfire-rooting-android-lollipop-541458/
New selinux restrictions make it quiet hard for the su daemon to load at boot without exploiting some kernel vulnerabilities that google will patch asap any way.
It seems also that even if we only revert the selinux permissive/enforced toggle, set state to permissive at boot and then enforce security once SU daemon is loaded, many issues could still rise because of the new SE policies. Chainfire says himself that trying to do so will in any case need to drop even more the security level.
So, for now, and maybe also in near future, no other way to root will be possible except using a custom kernel in a selinux permissive state. Sure some vulnerabilities could be found and used, but will probably be patched by Google.
Seems it is not Samsung to blame, but really Google.
Hello
i have installed the kernel, the TWRP and Super su and i have now root on my note 4.
But i always have in my notification bar a notification that says "security notification non authorized action have been made" (i translate from french so it is maybe not exactly what it write on english phones)
What can i do to don't have that anymore ?
Thank you
parisien99 said:
Hello
i have installed the kernel, the TWRP and Super su and i have now root on my note 4.
But i always have in my notification bar a notification that says "security notification non authorized action have been made" (i translate from french so it is maybe not exactly what it write on english phones)
What can i do to don't have that anymore ?
Thank you
Click to expand...
Click to collapse
You can freeze security log agent with TB and you're fine.
@topic screen mirroring is not working here on note 4. Must be kernel related. Stock rooted Rom.
Gesendet von meinem SM-N910F mit Tapatalk
robotnikz said:
You can freeze security log agent with TB and you're fine.
@topic screen mirroring is not working here on note 4. Must be kernel related. Stock rooted Rom.
Gesendet von meinem SM-N910F mit Tapatalk
Click to expand...
Click to collapse
Not related to the custom kernel
http://forum.xda-developers.com/showpost.php?p=61396065&postcount=66
Or just do this:
In build.prop, add this line and reboot device
Code:
wlan.wfd.hdcp=disable
It works perfectly with my Samsung Smart TV
[N910F][Kernel][Stock][Root] Android Stock 5.1.1 Kernel for root
Hi !
Thank you @Phil.
Could you tell me if it's works on the last germany firmware COI3 for N910F please ?
Guillaume59610 said:
Hi !
Thank you
Could you tell me if it's works on the last germany firmware COI3 for N910F please ?
Click to expand...
Click to collapse
I didn't test, but normally, there are no significant changes between those micro letters. Probably just the branded stuff
Can you upload stock boot.img from COI3 ? I will look at it then
Thanks for your answer.
I 've uploaded stock boot.img from COI3. Here is the link :
https: //mega.nz/#!wAlFBTQK!G2Y09HP2mYmtgQMo2PWUGYGPBlJkgyrMDLZpCnjCnqk
Guillaume59610 said:
Thanks for your answer.
I 've uploaded stock boot.img from COI3. Here is the link :
https: //mega.nz/#!wAlFBTQK!G2Y09HP2mYmtgQMo2PWUGYGPBlJkgyrMDLZpCnjCnqk
Click to expand...
Click to collapse
ramdisk changes don't seem relevant
Until we have new kernel sources for N910F, there is no need to recompile
I am using it heavily since a few days without any issue or bug I could spot
Ok, thanks @Phil !
only for F
cant't work on 910C ?
crazydeepman said:
only for F
cant't work on 910C ?
Click to expand...
Click to collapse
No way. The 910C use exynos chip. You have to request on exynos subforum.
"If it compiles, it is good, if it boots up it is perfect"
Best kernel I have seen, until now! - Works without any problems also with German (DBT) ROM: N910FXXU1COI3, that also contains final fixes for StageFright and a better fingerprint support.
THX Phil!
P.S.: Every update is welcome...
Added some info in post 1 on what changed in Android 5.0 that probably will make it near impossible to root a stock ROM while having even the option to run in enforced mode when needed. Any other way that could be found in the future will mean using kernel vulnerabilities. This obviously will be fixed asap by google. At the end, it will be probably simpler and safer (stability wise) to choose between root and a selinux enforced device, not both
This also makes it impossible to use any KNOX protected features and triggers kernel modification alarms by security TIMA agent:
http://www.samsung.com/hk_en/support/skp/faq/1028007
That's why those services must be disabled
Furthermore, enabling toggling of selinux state is now more complicated since 5.0: enabling CONFIG_SECURITY_SELINUX_DEVELOP in defconfig needs androidboot.selinux=permissive in board kernel cmdline. However, this won't be processed in user builds, but only in eng and userdebug builds. This means you cannot expect any such fixes to work on a stock ROM. We now must hardcode the kernel into always permissive mode
Click to expand...
Click to collapse
I am looking for a Oreo ROM that has SELinux in enforcing state by default. Some of the enterprise apps that I use refuse to initiate if the SELinux is in 'permissive' state.
I found that Omni ROM has SELinux set to enforcing by default.
Setting the SElinux to enforcing state manually via terminal results in kernel panic/hung state in roms like AOSPEX.
Can somebody list out the Oreo roms having SELinux as enforcing by default?
y2ksnoop said:
Can somebody list out the Oreo roms having SELinux as enforcing by default?
Click to expand...
Click to collapse
https://forum.xda-developers.com/re...ies--other-development/rom-atomic-os-t3640177
AOSIP
DarthJabba9 said:
https://forum.xda-developers.com/re...ies--other-development/rom-atomic-os-t3640177
Click to expand...
Click to collapse
ebrahem khedr said:
AOSIP
Click to expand...
Click to collapse
Wow that's awesome. Never thought these ROMs would have Selinux enforcing, given their small userbase.
Don't judge a rom by it's userbase. Lesson learnt.
All of ROMs based on Android Pie for kenzo I’ve tried so far have SELinux set to permissive. There was a time when even Oreo ROMs didn’t have SELinux enforcing, but later on developers had fixed it. As of now, I didn’t even find a single Android P official custom ROM having SELinux set to Enforcing.
Did anyone find any official Pie ROM having SELinux set to enforcing?
Ya_SG said:
All of ROMs based on Android Pie for kenzo I’ve tried so far have SELinux set to permissive. There was a time when even Oreo ROMs didn’t have SELinux enforcing, but later on developers had fixed it. As of now, I didn’t even find a single Android P official custom ROM having SELinux set to Enforcing.
Did anyone find any official Pie ROM having SELinux set to enforcing?
Click to expand...
Click to collapse
Do you flash magisk?
Black_Stark said:
Do you flash magisk?
Click to expand...
Click to collapse
Yes I do.
Ya_SG said:
Yes I do.
Click to expand...
Click to collapse
So u take ur security seriously. But u dont have problem in rooting ur phone. :laugh:
Just think Why all custom roms today are not prerooted ?
But u keep on crying on every thread for selinux . have u read whats the actual function of selinux and how it works and where its useful. Do u install apk files from untrusted sources from untusted sites??
Even privacy guard can protect ur userspace. Today Most of custom roms have privacy guard.
Understanding Selinux his huge work. Only OEM devs like xiaomi devs who are professional and paid by comapnies knows how to write the SEPOLICY. Custom devs here dont have that much spare time.
And who told u citrus released by Adarsh is unofficial ? :laugh:
Black_Stark said:
So u take ur security seriously. But u dont have problem in rooting ur phone. :laugh:
Just think Why all custom roms today are not prerooted ?
But u keep on crying on every thread for selinux . have u read whats the actual function of selinux and how it works and where its useful. Do u install apk files from untrusted sources from untusted sites??
Even privacy guard can protect ur userspace. Today Most of custom roms have privacy guard.
Understanding Selinux his huge work. Only OEM devs like xiaomi devs who are professional and paid by comapnies knows how to write the SEPOLICY. Custom devs here dont have that much spare time.
And who told u citrus released by Adarsh is unofficial ? :laugh:
Click to expand...
Click to collapse
Having SELinux permissive blocks the use of banking apps. Turning off Google Play services' phone permission may make them work. But if you use Google Maps, you’re certainly gonna notice a message “Google Maps is having trouble, turn on phone permission of Google Play services”.
That’s the reason, I’m not using any Pie ROM.
And I wouldn’t want to use an outdated rom having bugs made by a dev who’s passed away. We all know everyone wants SELinux Enforcing in Pie ROMs.
Citrus-CAF is unofficial
Ya_SG said:
Having SELinux permissive blocks the use of banking apps. Turning off Google Play services phone permission may make them work. But if you use Google Maps, you’re certainly gonna notice a message “Google Maps is having trouble, turn on phone permission of Google Play services”.
That’s the reason, I’m not using any Pie ROM.
And I wouldn’t want to use an outdated rom having bugs made by a dev who’s passed away. We all know everyone wants SELinux Enforcing in Pie ROMs.
Click to expand...
Click to collapse
Hope we see new updated citrus build.
U from which country?
Black_Stark said:
So u take ur security seriously. But u dont have problem in rooting ur phone. :laugh:
Just think Why all custom roms today are not prerooted ?
But u keep on crying on every thread for selinux . have u read whats the actual function of selinux and how it works and where its useful. Do u install apk files from untrusted sources from untusted sites??
Even privacy guard can protect ur userspace. Today Most of custom roms have privacy guard.
Understanding Selinux his huge work. Only OEM devs like xiaomi devs who are professional and paid by comapnies knows how to write the SEPOLICY. Custom devs here dont have that much spare time.
And who told u citrus released by Adarsh is unofficial ? :laugh:
Click to expand...
Click to collapse
Nobody asked for your opinion. He simply asked about the ROMs which have se Linux permissive. You can name the ROMs or GTFO.
DarkSoul101 said:
Nobody asked for your opinion. He simply asked about the ROMs which have se Linux permissive. You can name the ROMs or GTFO.
Click to expand...
Click to collapse
We both good. U go to bed and sweet dreams.
Black_Stark said:
We both good. U go to bed and sweet dreams.
Click to expand...
Click to collapse
*Triggered*
Here are patch sets for speaker working on ze60xkl pie ROMs
<Link>
ZE600KL : http://www.mediafire.com/folder/5l0hwa9n7aice/ze600kl
ZE601KL : http://www.mediafire.com/folder/r8wbjbqjjh46j/ze601kl
<Notice>
These patch sets are only for ZE60xKL model on pie custom rom users.
DO NOT apply these for other models or Andoroid versions.
<Patch Files>
1) Kernel Packages (be careful for mistaking model).
- ze600kl-spk-pie-kernel-v1.zip (for ZE600KL(Z00L))
- ze601kl-spk-pie-kernel-v1.zip (for ZE601KL(Z00T))
2) ze60xkl-spk-pie-libs-v1-01.zip (for both ZE600KL and ZE601KL)
<Install Instructions>
1. Download 2 patches (#1 and #2) to any folder
2. Reboot recovery (TWRP)
3. Flash 2 files
4. Reboot system and you can fun sound from device
<Tested Roms>
- Lineage OS
- CrDroid
- AEX
<Features>
- Add speaker sound stream to your rom
- Stereo mic support
<Known Issue>
- Noisy sound with bluetooth and enabling reverb
<Source Code>
https://github.com/zekken1977?tab=repositories
<Change log>
[2019-05-05: v1.0]
- Add tfa9887 driver
[2019-05-26: v1.01]
- Rebased on firekernel r2.10
Finally thank you for helping to test my patch
@Rayonecma, @celtic1453, @fabricio6791 and @ndrancs
First Release On : 2019-05-05
Last Update On : 2019-05-26
Τhanks
Works ok for the ZE600KL
Sent from my MI PAD 4 using Tapatalk
test on ze601kl... working friend
And... For my ze601kl it's working too... ???
can i test the patch on other pie custom rom ?? RR, Cdroid...??
right now i have lineage pie
fabricio6791 said:
can i test the patch on other pie custom rom ?? RR, Cdroid...??
right now i have lineage pie
Click to expand...
Click to collapse
Please
I think this patch will be available for other pie roms unless modified audio HAL or enforced SElinux.
Ze60xkl sound patch
Thx a lot, i've made patch for oreo, but i didn't find any time to work on the pie version .
Great job !!!
You are awesome! Thank you for this work ^-^
zekken1977 said:
Please
I think this patch will be available for other pie roms unless modified audio HAL or enforced SElinux.
Click to expand...
Click to collapse
You are doing Gods work bro!
Hats off to you.
One question.
What about enforced SELinux? LOS will eventually get SELinux to enforcing. What after that? This won't work?
[email protected] said:
You are doing Gods work bro!
Hats off to you.
One question.
What about enforced SELinux? LOS will eventually get SELinux to enforcing. What after that? This won't work?
Click to expand...
Click to collapse
Enforcing SELinux is enabled in stock rom from Oreo (maybe... ) but most custom roms are disabled (permissive) like attached.
Exactly after enabled SELinux, this patch will not work because of enforcing SELinux.
If so, my ideas which we can choose are :
1. Add sepolicy file into patch to access driver
-> It seems to be good but we need to be aware differences of sepolicy between custom roms
2. Change patch design for hold all amp device (tfa9887) controls in userspace (this means kernel patch will be disappeared)
-> It also seems to be good but we need a new designed libs, and making completely independent module from SELinux is difficult, I think.
To be honest, I have no ieda for the best solution
zekken1977 said:
Enforcing SELinux is enabled in stock rom from Oreo (maybe... ) but most custom roms are disabled (permissive) like attached.
Exactly after enabled SELinux, this patch will not work because of enforcing SELinux.
If so, my ideas which we can choose are :
1. Add sepolicy file into patch to access driver
-> It seems to be good but we need to be aware differences of sepolicy between custom roms
2. Change patch design for hold all amp device (tfa9887) controls in userspace (this means kernel patch will be disappeared)
-> It also seems to be good but we need a new designed libs, and making completely independent module from SELinux is difficult, I think.
To be honest, I have no ieda for the best solution
Click to expand...
Click to collapse
We did not have Stock Oreo i guess (Only Custom).
I personally was checking things and found the kernel zip different. That was great thinking on your part though. I tried building this a long ago, but failed (I never thought about patching the kernel).
Hey @Superbezo, can you give some insights in this? What could be possible when we have SELinux as Enforcing on pie?
The LOS 16 has SELinux in bugs, The dev will eventually fix it and turn it to Enforcing.
[email protected] said:
We did not have Stock Oreo i guess (Only Custom).
I personally was checking things and found the kernel zip different. That was great thinking on your part though. I tried building this a long ago, but failed (I never thought about patching the kernel).
Hey @Superbezo, can you give some insights in this? What could be possible when we have SELinux as Enforcing on pie?
The LOS 16 has SELinux in bugs, The dev will eventually fix it and turn it to Enforcing.
Click to expand...
Click to collapse
And another idea is that custom rom maintainers implement tfa9887 driver and sepolicy.
The driver is disappeared without device tree because driver probing doesn't work, this means the driver will not affect to other models except ZE60xKL (strictly other models which are made dtb from not ZE60xKL's device tree).
Otherside we'll distribute patches including audio/amp HALs and audio routing cofigs.
I think this is the most reasonable idea like similar style until Oreo...
zekken1977 said:
And another idea is that custom rom maintainers implement tfa9887 driver and sepolicy.
The driver is disappeared without device tree because driver probing doesn't work, this means the driver will not affect to other models except ZE60xKL (strictly other models which are made dtb from not ZE60xKL's device tree).
Otherside we'll distribute patches including audio/amp HALs and audio routing cofigs.
I think this is the most reasonable idea like similar style until Oreo...
Click to expand...
Click to collapse
I guess, the Devs will implement this driver in to their ROM. But it is more prudent to have a Patch (Like we had upto Oreo). Reason being, there are tens of ROMS. Convincing each dev will be counter productive. The patch can be applied more efficiently.
We'll have to wait and see when the SEPolicy enforcement occurs.
About update patch
Hi patch users,
These patches are based on Firekernel r2.9, then already r2.10 is updated.
So if you'll need to update based on r2.10, pleaase let me know
Thanks
Workaround
[email protected] said:
We did not have Stock Oreo i guess (Only Custom).
I personally was checking things and found the kernel zip different. That was great thinking on your part though. I tried building this a long ago, but failed (I never thought about patching the kernel).
Hey @Superbezo, can you give some insights in this? What could be possible when we have SELinux as Enforcing on pie?
The LOS 16 has SELinux in bugs, The dev will eventually fix it and turn it to Enforcing.
Click to expand...
Click to collapse
Thé selinuxswitch from [email protected] will ne a working workaround to keep selinux disabled even on enforcing mode ROM...
---------- Post added at 05:44 AM ---------- Previous post was at 05:33 AM ----------
zekken1977 said:
Hi patch users,
These patches are based on Firekernel r2.9, then already r2.10 is updated.
So if you'll need to update based on r2.10, pleaase let me know
Thanks
Click to expand...
Click to collapse
Yes, i'm interrested in ...
Please zekken1977 , Can you made jour kernel patch code public ?
Thx a lot.
Superbezo said:
Thé selinuxswitch from [email protected] will ne a working workaround to keep selinux disabled even on enforcing mode ROM...
---------- Post added at 05:44 AM ---------- Previous post was at 05:33 AM ----------
Yes, i'm interrested in ...
Please zekken1977 , Can you made jour kernel patch code public ?
Thx a lot.
Click to expand...
Click to collapse
OK. I'll update but next version will be available on this weekend.
And about source code, please see the link in my 1st post
Thanks
Can you make sound patch for Zenfone Selfie Z00UD (Z00T)?
Because I will try this rom (https://forum.xda-developers.com/zenfone-2-laser/development/rom-prometheusoneui-z00t-t3929198) to my Zenfone Selfie Z00UD (Z00T), but the sound patch only for Zenfone 2 Laser ZE601KL (Z00T). Thanks in advance!
ManOfFeel said:
Zenfone Selfie did not have speaker issue lol
Click to expand...
Click to collapse
But, the prometheusoneui said that need to flash sound patch
fuady7 said:
But, the prometheusoneui said that need to flash sound patch
Click to expand...
Click to collapse
Hi, my patch made for drive spk amp device tfa9887 which mounts on only ZE600 or ZE601KL.
So I guess this patch isn't valuable for other zenfones.
I checked Z00UD schematic and I couldn't find tfa amp.
If you are facing sound issue, my patch can't improve your problem.
Hello, i'll glad to know if someone else encountered the same issue:
I have tested this patch with los ans crdroid with thé same results.
I flashed successfully the ROM & patch and all was working fine (sound ,data ans GSM connexion) for few hours. Then the phone freezes and after reboot,no GSM network détectéd at all... The only way to recover was to do a factory reset with twrp or revert back to oreo backup... Any idea?
Can someone explain to me what SElinux does? Also what does permissive and disabled mean? I see a lot of people not using some ROMs just because of the SElinux status.
Thank you in advance.
Basically it tells processes what files/folders they can or cannot use. You don't want some malicious activity to use them, don't you?
Soojikahalwa said:
Can someone explain to me what SElinux does? Also what does permissive and disabled mean? I see a lot of people not using some ROMs just because of the SElinux status.
Thank you in advance.
Click to expand...
Click to collapse
Selinux in Enforcing mode makes ur userspace very rigid against hacking and malware.
All official stock rom comes with enforcing mode. Its mandatory.
Putting Selinux in Enforcing mode is kind of tough. Only few devs can understand and can make it.
Nougat and oreo already in enforcing.
Now latest Aex pie Test build is already released with Enforcing mode.
Thank you guys, so basically SElinux enforced is best. I was under the impression that SElinux enforced isn't too great as your apps will have only restricted access. Thank you very much.