Database Develop

HTC Legend: full r/w access via overlay filesystem

Hey all,
No idea at all if this is possible or even applicable to the Legend [I'm not a dev, but still learning about Android ], but I thought it deserves a thread of its own just in case the method allows us to run metamorph on the Legend...
ValMar73 posted the quoted text below HERE
ValMar73 said:
Dear All,
I just noticed that people applied a trick to desire roms to obtain a kind of writing permissions on /system. Essentially, they create a "shadow" /system dir and the system looks for files in this dir before getting the ones from system.
See the details here:
http://forum.xda-developers.com/showthread.php?t=748025
People could run metamorph on the Desire with this and they applied to CM6 nightlies (Desire version)
Now, this should be applicable also to the Legend, right? All that is needed is the aufs module for the kernel. Does anyone know if this module is in the kernel in CM6 for the Legend?
Valerio
Click to expand...
Click to collapse
If the above is not applicable to the Legend... MOD: please feel free to delete thread.

I. they havn't succeed.
II. our kernel didn't include aufs, neither desire. you should compile module. it's called cross compile to get binaries via a pc.
or you can use aufs module for desire, with your own risk. anyway, it couldn't turn your legend to a bomb.
III. you should remount aufs to "the right mountpoint".
you should change fstab with update.zip <------ it could damage your system.
IV. sorry for my pool english.

Theta did succeed. The thread is listed as Fixed. On Page 6 they are discussing how to best implement it.
Sent from my Desire using Tapatalk

thx i ll try later
it could be used on legend after "cross compile".

Yes, it could be done. The principle is the same as on those Asus EEE PCs. Haven't read that Desire thread in all but I'm familiar with procedure to achive this. But the question is... is it worth? What would one gain with this? You still won't be able to remove fileas from system partition for real and you'll have references to "deleted" files on data partition which also will take space and inodes. So basically for any "deleted" file from system partition, you'll have less space on data partition.
First as lucloner said, you need aufs module. Then you'll need rw store. It can be directory on data partition or small image with file-system in it also on data partition. Then you have to mount aufs and mount-move partitions to the right places. It is imperative that this procedure is done as soon as possible in init.rc before any other service is run. Guys at Desire thread put the script into run-parts init.d script (I believe) which I wouldn't suggest. The possibility to damage the system is really infinitesimal and everything can be reversed. Also fstab is not an issue as there is no fstab in initramfs environment.
When I have time (possibly beginning of next week) I will prepare myself a cross-compiling environment for compiling kernel and try to compile aufs module for Legend's 2.6.29-5f084974 kernel. Then I will try to prepare init.rc with integrated aufs procedure.

if you will compile a kernel, plz add compcache module which already included in the kernel.
i'm lazy lucloner. lol

Have you tried compcache on some embedded device yet? I mean what's the actual gain? You have to take into acount that you have slow processor and compression would take time thus battery would drain faster.

compcache is great! it performans in my pIII laptop with 480 ram and ubuntu 10.04.
if you want to more ram, compcache is faster and better than swap. and drain battery faster for sure.
as a module, it could be disabled. i just decide to try.
in wiki:
wiki.cyanogenmod.com/index.php?title=Swap_and_Compcache
-------------
no i've not tried it on embedded device.
forgive my damn english.

OK guys, I managed to cross-compile Legend's kernel and add aufs module. I tried it and it worked.
You can download kernel and aufs module for Legend 2.03.405.3 (kernel version 2.6.29-5f084974) and give it a shot. Be advised, that there is only kernel image (not boot.img) and actual module aufs.ko in this zip archive.
You can try aufs like this (of course you have to be root and know what you are doing):
Code:
insmod /<dir_to_aufs_module>/aufs.ko
mount -o remount,rw rootfs /
mkdir /aufs
mkdir /rw
mount -o dirs=/rw:/data=ro -t aufs none /aufs
...now you should see contents of /data in /aufs. Any changes to /aufs should now be reflected in /rw and /data stays intact. Be careful not to drain all RAM as you are playing on initramfs
Please report back or feel free to continue the implementation.

Thread Closed.
New thread from BlaY0 Here: http://forum.xda-developers.com/showthread.php?p=7983387

[P905 LTE ONLY!][KERNEL][ODIN] STOCK RELOADED | su | busybox | init.d | permissive !

I am not responsible for any possible bad effects which may result from using included software! You flash it on your own risk!!!
STOCK RELOADED v1 fix 1
Kernel base: stock XXUANC3 (kernel 3.4.0-1131235)
Kernel ramdisk: modded
Features: a few...
Security level: low!
Purpose: giving everyone who loves free exploring of Android secrets and who doesn't consider security as an absolute priority and who wants to put some life in this, indeed, awesome device, a possibility of playing with his device without disturbing restrictions, forced by Samsung, at least until fully-custom kernels, compiled from sources, appear (and that may take some time, as source code available atm seems to be broken, causing all the compiled kernels to stuck at boot screen).
Features working out-of-the-box:
- su binary from SuperSU by Chainfire @ /sbin/su (binary only for scripting purposes! Flash cf-root to use SuperSU app!)
- busybox 1.22.1 binary compiled by Stericson @ /sbin/busybox
- init.d support - just put your favorite scripts into /system/etc/init.d using any file manager and chmod 755 (not 777! it's NOT smart to permit write access for "world" to any system file), chown root:root, they will run on every boot. Well, to be honest, above permissions are given to all the scripts automatically during boot, but it has not yet been tested
- SELinux: Permissive - Samsung's most recent policy of forcing SELinux Enforcing mode by pre-compiling it into a kernel binary part, found in latest KitKat builds since at least a few months, HACKED FOR THE FIRST TIME EVER using innovative method of injecting an information directly into kernel memory space and forcing overwriting potentially-persistent kernel symbol value on-line during boot!)
- unsecure adb access (not tested yet)
- ext4 tweak: 20 sec (instead of stock 5 sec) write commit delay for /data partition (significantly increases IO performance!)
- some further, minor modifications
WARNING!!!
- flashing this WILL undoubtly trip KNOX, avoiding your warranty (which atm cannot be reverted! in any way)
- flashing this WILL cause a warning message of avoided warranty to be displayed on every boot (ofc it disappears right after reverting to stock boot.img)
- flashing this WILL disable some of the very important security features provided with stock firmware!!!! For advanced and experienced users only!!! Use at your own risk!
Known issues:
- AllCast Share mirroring not working (typical for all Samsung devices running not-exactly-stock kernels since S3). WORKING FIX AT POST #16!!!
http://forum.xda-developers.com/showpost.php?p=54516532&postcount=16
Please consider solution from post #3 as not-always-working and depreciated!
Installation:
- compatibile with XXUANC3 firmwares but probably also with other (past and hope future too...) KitKat 4.4.2 Samsung branded firmwares;
- rooting by Chainfire's CF-Root first recommended as it will install SuperSU app in Android (this kernel contains su binary only giving su access without any policy settings!);
- enter download mode and plug the tablet via USB...
- ...select provided file in PDA section (and NOT touch anything except that)...
- ...and flash with Odin in a same way as CF-Root or like anything else...
- enjoy.
DOWNLOAD HERE:
Current version - STOCK RELOADED v1 fix 1
http://www63.zippyshare.com/v/87557346/file.html
FIXED: file name changed so it can be flashed directly by Odin without renaming! Sorry for this silly mistake!
=======
Changelog:
v1 fix1:
- fixed permissive mode due to trivial error;
- delayed init.d execution to a moment AFTER init process set cfq scheduler so it is not overriding mmcblk0 tweaks (if put in init.d) anymore;
- minor code cleanups
v1:
- initial release
- init.d support
- SELinux permissive
- unsecure ADB
- ext4 delayed commit for /data
=======
Stock XXUANC3 kernel (to revert changes)
http://www65.zippyshare.com/v/32441894/file.html
Revert using Odin, in the same way you've installed a Reloaded Version....

Awww man,...I wish i could flash this, but I'm on the exynos =(
Sent from my SM-P900 using Tapatalk

rgolnazarian said:
Awww man,...I wish i could flash this, but I'm on the exynos =(
Sent from my SM-P900 using Tapatalk
Click to expand...
Click to collapse
Sorry pal, Qualcomm only, not even a chance to run this same way as the devices (and mostly important: provided software, ie. system structure) DIFFER A LOT between themselves.
Update 1: uploaded fix #1 which is resolving some trivial issues found in initial version; sorry for that, now we can say that every described feature has been included hope for some feedback... thank you...
Update 2: FIX FOR NOT WORKING SCREEN MIRRORING CAN BE DOWNLOADED HERE:
http://www67.zippyshare.com/v/25492738/file.html
I have personally modified a library that is being used by screen mirroring feature, which forces video encryption using keys from stock kernel, and which prevents to run mirroring at all . This is an issue of any modified kernel, on any Samsung device. Attached library fixes this, by disabling HDCP at all. It has been reported that the library resolves the issue for any Qualcomm based Samsung device running 4.4.2 KitKat and for any custom kernel. It will NOT work for Exynos devices...
Installation:
- download attached libwfdsm.so file
- overwrite genuine one in/system/vendor/lib (important! NOT /system/lib!!!!)
- chmod 644 libwfdsm.so ||| chown 0.0 libwfdsm.so ||| restorecon -R /system/vendor/lib
- mirroring will work again after reboot!!

YAY!
Beautiful, absolutely beautiful. You made ma a very happy man with this. I'll flash this as soon as I get home from work. Can't wait to try it out, the stock kernel is giving me SOD and frozen wifi issues sometimes.

esgie said:
Sorry pal, Qualcomm only, not even a chance to run this same way as the devices (and mostly important: provided software, ie. system structure) DIFFER A LOT between themselves.
Update 1: uploaded fix #1 which is resolving some trivial issues found in initial version; sorry for that, now we can say that every described feature has been included hope for some feedback... thank you...
Update 2: FIX FOR NOT WORKING SCREEN MIRRORING CAN BE DOWNLOADED HERE:
http://www67.zippyshare.com/v/25492738/file.html
I have personally modified a library that is being used by screen mirroring feature, which forces video encryption using keys from stock kernel, and which prevents to run mirroring at all . This is an issue of any modified kernel, on any Samsung device. Attached library fixes this, by disabling HDCP at all. It has been reported that the library resolves the issue for any Qualcomm based Samsung device running 4.4.2 KitKat and for any custom kernel. It will NOT work for Exynos devices...
Installation:
- download attached libwfdsm.so file
- overwrite genuine one in/system/vendor/lib (important! NOT /system/lib!!!!)
- chmod 644 libwfdsm.so ||| chown 0.0 libwfdsm.so ||| restorecon -R /system/vendor/lib
- mirroring will work again after reboot!!
Click to expand...
Click to collapse
I was literally just about to post in the old thread with bad news about the modified "libwfdsm.so" file & screen mirroring with a custom kernel...if u remember i confirmed that the file u altered would work with a custom recovery on the 8.4 lte & i just assumed that it would work with an altered boot.img as well but unfortunately thats not the case after testing the other night (unless something else is wrong with my setup). So...my question is have u changed something else since then to allow it to work again & have u personally tested this yourself?
sorry to hijack the thread...didnt know if i should pm or post in the older thread

THEDEVIOUS1 said:
I was literally just about to post in the old thread with bad news about the modified "libwfdsm.so" file & screen mirroring with a custom kernel...if u remember i confirmed that the file u altered would work with a custom recovery on the 8.4 lte & i just assumed that it would work with an altered boot.img as well but unfortunately thats not the case after testing the other night (unless something else is wrong with my setup). So...my question is have u changed something else since then to allow it to work again & have u personally tested this yourself?
sorry to hijack the thread...didnt know if i should pm or post in the older thread
Click to expand...
Click to collapse
No problem, anyway, thanks for pointing the issue out! This may be an important information for mirroring users!
Since then I didn't change anything, yet. Really, I am also not sure if I have tested it with modified kernel, as the one posted here is the first kernel for P905 at all, and it's not even "fully" customized, as the kernel binary base was left unchanged.
So, I'd like to be sure: you are saying that modded lib:
- fixed the problem for custom recovery, but...
- ...didn't fix it for custom kernel
right?
I was looking for a solution to persistent enforcing mode since some time, so I was flashing test boot.imgs from time to time, then reverting to stock again, meanwhile I created above lib, I can't really be sure about if it is working when both bootimg and kernel are customized (this would also be an opposite to previous Sammy's Android releases, where a single fix was solving all the issues related to customizations of both kernel and recovery!).
We also have to be aware that the issues may not be a result of flashing different kernel at all, but a result of the changes themselves, ie. disabled knox, disabled encryption of i-dont-really-know-what, etc, etc.
And the most important thing! Since I have heard of AllShareCast/Screen Mirroring for the first time (it probably appeared for the first time in S3/Note2/Note10.1), it always required resetting the flash counter - which could be viewed in download mode and which is NOT the same as Knox flag - to ZERO and that requirement AFAIR remained totally independent from the requirement of having stock boot/kernel (or lib patch). Have you checked the counter state? Did you reset it to zero again using Chainfire's Triangle Away after flashing non-stock kernel (which, obviously, TRIPPED the counter)? Can you check if it is working? Note that at least on my P905, Triangle Away still works flawlessly and resets the counter without any problems and even without a need of reboot!
Please check above info and try if the issue is fixed after running Triangle Away. I am leaving for a short business trip soon, so I'll perform my own tests with AllShare cast until next of the week, however, neither today nor tomorrow...

I get an "md5 error! binary is invalid" when I choosse the file in Odin. I downloaded the file 6 times, and every time I get the md5 error.
What do I do?
EDIT: Renaming the file to "boot.tar.md5" seemed to solve the problem.

cavkic said:
I get an "md5 error! binary is invalid" when I choosse the file in Odin. I downloaded the file 6 times, and every time I get the md5 error.
What do I do?
EDIT: Renaming the file to "boot.tar.md5" seemed to solve the problem.
Click to expand...
Click to collapse
Argh possibly too many dots in filename... will correct it tomorrow.

cavkic said:
I get an "md5 error! binary is invalid" when I choosse the file in Odin. I downloaded the file 6 times, and every time I get the md5 error.
What do I do?
EDIT: Renaming the file to "boot.tar.md5" seemed to solve the problem.
Click to expand...
Click to collapse
same here...

Hi,
I have a problem with screen mirroring.
Installed the patch and mirroring connects to the dongle, but the TV screen turns just black.
The dongle works perfect with HTC One M8, it must be a softwareproblem?
Thanks for help!!!

Will this work on the P905V (Verizon Variant)? I need to downgrade the permissions in my Security in order to use Towelroot, because they're set to Medium and I believe that prevents Towelroot to work properly. Most of the other Note 12.2 variants have been rooted....except the Verizon version.

Can anyone give me some advice please. When I enter the command in terminal emulator I get an error saying "Unable to open chown. No such file or directory". Am I missing something obvious lol.

Will this work on p907a AT&T version of note pro 12.2?
Sent from my SAMSUNG-SM-P907A using XDA Premium 4 mobile app

cnote74 said:
Will this work on p907a AT&T version of note pro 12.2?
Sent from my SAMSUNG-SM-P907A using XDA Premium 4 mobile app
Click to expand...
Click to collapse
On the topic name it says [P905 LTE ONLY], and your device is some different..

tdetroit said:
Will this work on the P905V (Verizon Variant)? I need to downgrade the permissions in my Security in order to use Towelroot, because they're set to Medium and I believe that prevents Towelroot to work properly. Most of the other Note 12.2 variants have been rooted....except the Verizon version.
Click to expand...
Click to collapse
I would like this answered as well. I also have the "v" variant. Maybe saying LTE includes many? See my link I attached, found while investigating this specific question.
http://www.usatoday.com/story/tech/2013/07/07/sprint-att-verizon-phones-network-carriers/2486813/
Ever since I rooted my tablet it goes on random reboot kicks. I want to start over. Also TWRP will not stick when I try to flash it.
I have many issues which I'm currently posing in their appropriate forums. It would be nice to wipe to a rooted stock.

Guys!
I have probably found another solution for non-working Screen Mirroring / AllShare Cast when custom kernel is flashed (again, LTE devices only).
No need of modded lib
Seems that the only thing we need is to
1) run Terminal Emulator and type:
Code:
su -c setprop wlan.wfd.hdcp disable
(will work immediately; won't stick between reboots!), OR...
2) edit /system/build.prop file with any root file manager/text editor and add a line (no matter where):
Code:
wlan.wfd.hdcp=disable
(will work only after reboot; will stick between reboots).
Try this using kernel from op waiting for feedback!

Thanks. The Galaxy is connecting to theTV, but the screen is only turning black - no Display...
Any idea?
Thank you.
esgie said:
Guys!
I have probably found another solution for non-working Screen Mirroring / AllShare Cast when custom kernel is flashed (again, LTE devices only).
No need of modded lib
Seems that the only thing we need is to
1) run Terminal Emulator and type:
Code:
su -c setprop wlan.wfd.hdcp disable
(will work immediately; won't stick between reboots!), OR...
2) edit /system/build.prop file with any root file manager/text editor and add a line (no matter where):
Code:
wlan.wfd.hdcp=disable
(will work only after reboot; will stick between reboots).
Try this using kernel from op waiting for feedback!
Click to expand...
Click to collapse

esgie said:
Guys!
I have probably found another solution for non-working Screen Mirroring / AllShare Cast when custom kernel is flashed (again, LTE devices only).
No need of modded lib
Seems that the only thing we need is to
1) run Terminal Emulator and type:
Code:
su -c setprop wlan.wfd.hdcp disable
(will work immediately; won't stick between reboots!), OR...
2) edit /system/build.prop file with any root file manager/text editor and add a line (no matter where):
Code:
wlan.wfd.hdcp=disable
(will work only after reboot; will stick between reboots).
Try this using kernel from op waiting for feedback!
Click to expand...
Click to collapse
I tried both methods and still get no devices found when I turn on screen mirroring.

ColBill said:
I tried both methods and still get no devices found when I turn on screen mirroring.
Click to expand...
Click to collapse
Hm.
This is weird, as the problems with allshare cast + custom kernels is not that "no devices are found" but that devices ARE found without any problem but the connection process fails after a few secs. This solution may help with the issue i described, but it will surely not solve the problem with no peers detected at all.
No peers detected = problems with wifi direct (are you able to send files between wifi direct between devices?)
Can you tell me what is your exact device config? And are you using allsharecast dongle or other third party hardware?
@fokus
Only one: also reset flash counter with Triangle Away and then try again. And make sure you spell the value in the command as "disable" not "disabled" - it's tricky and one can miss it...
Well, there are two additional things to add.
Guys, make sure you have updated Samsung's ScreenMirroring firmware update app to the latest version. And check out the samsung mirroring fix app in google play, which solves some issues for various devices (dunno which ones exactly as i have never been in need of using it).

The fix half worked for me lol. The tablet now connects fine to the Netgear PTV3000 but all I get is black screen. Step in the right direction though as at least it connects now. Just need to get a picture to show lol.

[Q] Init.d Support & SELinux

I am sure this will soon be moved into general ware it will sit among questions not related to compiling or Rom building but I am in hope it is her long enough to be read and maybe addressed.
I rely a bit on init.d support for my Rom's especially CM12. I do this so changes can be made without changing the code or default.xml as much as possible in adition to Google Apps I would like not included. My basic philosophy is if it can be installed via Play Store than I would like the first boot only to include the Google Core files and Play Store so for example if you look at the below github link will see the changes I needed in CM11 to replace the default launcher with the Now Launcher, Replace Stock Camera with Google Camera and the same for the Calendar but would like the users to decide if they would like to include whatever apps they would like as oposed to needing to remove the APK. Anyhow in short I use init.d to avoid making as little changes to code or default.xml as possible as well as what gapps package is used. Many include incompatible libs as a few for my CM based incarnation need to be replaced using either the Stock lib or libs taken from data/app that are more current so the script on first boot after flashing gapps will move files from a staging directory and place or replace ware needed and then remove the staging directory.
CM11
https://github.com/Starship-Android/android_device_starship-common/blob/cm-11.0/app-update
https://github.com/Starship-Android/android_device_starship-common/blob/cm-11.0/cleanup
CM12
https://github.com/Starship-Android/android_device_starship-common/blob/cm-12.0/app-update
https://github.com/Starship-Android/android_device_starship-common/blob/cm-12.0/cleanup
So far have done a decent amount of Google work and have learned my problem with both AOSP and CM is that SELinux is blocking init.d but have not found anything on how to address steps on fixing for what I use it for. The above links are just a small part but give enough of an idea of what I am trying to accomplish via init.d.
Any help would be appreciated. Until now I had fought a bit with SELinux once introduced to apply to the Kernel for the device I was developing at the time HTC EVo V 4g & EVO 3D but since then is still unfamiliar territory as I have not needed to learn much about it other than implementing into a Kernel when cm-10.2 was released. Both Devices had not been updated past ICS by HTC. I am thinking that maybe I need to add or change permissions in one of the rc files in the boot.img but honestly not sure as mentioned I have found plenty of mentions that SELinux is what is causing my init.d problems but have not seen anything on a solution or even just a link to an explanation of what specific changes had been made regarding SELinux or a further more detailed explanation specific to what in SELinux is responsable so can try to understand enough to figure out myself how to make the necessary changes .
Otherwise like my previous thread on What needs to be done differently developing with AOSP for developers who have gained all their experience bringing Cyanogen to new devices and other Sources who are now trying to develop AOSP Rom's for Nexus devices think this is a topic that would help developers save time and research but will probably be moved to general Q&A. Is off topic but with other Devices if questions or topics required basic knowledge of compiling source, Kernel changes or github would see the opposite in the threads being moved into developer discussions and not for example move a thread discussing say compiling the AOSP Kernel in line compiling both Rom and Kernel together or code changes needed in the build repository / Directory to stop custom recovery from being replaced with Stock recovery when users flash a custom Rom and reverting from Block based update zips to using the old school non Block based update zips. So far though I have posted these topics here as you don’t see members with such knowledge looking through the general Q&A section. Maybe I just inadvertently made an enemy of an admin as was surprised almost besides myself when a previous thread in the middle of discussing what changes would be needed for in line AOSP Kernel compiling in line like CM does compiling the Kernel along with the Rom and doing away with pre built Kernels. Needless to say the discussion was moved and died in general Q&A so if this is actually read I am asking that this thread remain in Developer Discussion long enough for an answer or at least a link to a resource covering the topic as a topic regarding the implementation of SELinux policy in a custom Rom will surely die in general Q&A, Thanks!

Are you OK with just disabling selinux? That's what I ended up doing. I recompiled the kernel with the option of using a boot command-line parameter to enable or disable as I see fit.

Gene Poole said:
Are you OK with just disabling selinux? That's what I ended up doing. I recompiled the kernel with the option of using a boot command-line parameter to enable or disable as I see fit.
Click to expand...
Click to collapse
When you have the option to disable or enable it, how do you set it to "disabled" afterwards?
I tried to compile a kernel+rom with selinux disabled many times but got only bootloops. With Kitkat it was working flawless.

L changed a partition entry adding a selinux policy to the mounting information. You need to change this entry int fstab.hammerhead to keep it from hanging on boot:
Code:
/dev/block/platform/msm_sdcc.1/by-name/modem /firmware vfat ro,shortname=lower,uid=1000,gid=1000,dmask=227,fmask=337[COLOR="Red"],context=u:object_r:firmware_file:s0 [/COLOR] wait
Code:
/dev/block/platform/msm_sdcc.1/by-name/modem /firmware vfat ro,shortname=lower,uid=1000,gid=1000,dmask=227,fmask=337 wait
Then your kernel should boot. You can add a command line entry to the boot image to turn it off or on.
Edit:
You may also have to comment out a line at the top of init.rc. I'm not sure, but mine is commented so I must have done it for some reason.
Code:
# Copyright (C) 2012 The Android Open Source Project
#
# IMPORTANT: Do not create world writable files or directories.
# This is a common source of Android security bugs.
#
import /init.environ.rc
import /init.usb.rc
import /init.${ro.hardware}.rc
import /init.${ro.zygote}.rc
import /init.trace.rc
on early-init
# Set init and its forked children's oom_adj.
write /proc/1/oom_score_adj -1000
# Apply strict SELinux checking of PROT_EXEC on mmap/mprotect calls.
[COLOR="Red"]#write /sys/fs/selinux/checkreqprot 0[/COLOR]
# Set the security context for the init process.
# This should occur before anything else (e.g. ueventd) is started.
setcon u:r:init:s0
# Set the security context of /adb_keys if present.
restorecon /adb_keys
start ueventd
# create mountpoints
mkdir /mnt 0775 root system

Thanks, will give it a shot!
Any downside on disabling it?

Well, obviously, anything that selinux might be protecting you from would be able to get through, but as developers, we're pretty pessimistic about what we run on our devices.

Gene Poole said:
Well, obviously, anything that selinux might be protecting you from would be able to get through, but as developers, we're pretty pessimistic about what we run on our devices.
Click to expand...
Click to collapse
So its only f*** the NSA for us then!
So i add this to boardconfig: androidboot.selinux=disabled
Then do those things you said. Would i need to put on kernel defconfig :
#CONFIG_SECURITY_SELINUX=is not set
Or will i have to add that "allow selinux disabled on boot"
Or is it enough to have that boardconfig parameter and your things.
Thank you very much mate!
Oh and yes im building a full rom with inline kernel

I think that should do it. I've got a pretty hacked up boot.img so I can't be sure what's in there for what.
I have the following setting in my kernel config:
Code:
CONFIG_SECURITY_SELINUX=y
CONFIG_SECURITY_SELINUX_BOOTPARAM=y
CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1
CONFIG_SECURITY_SELINUX_DISABLE=y
CONFIG_SECURITY_SELINUX_DEVELOP=y
CONFIG_SECURITY_SELINUX_AVC_STATS=y
CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1
# CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX is not set
CONFIG_DEFAULT_SECURITY_SELINUX=y

Ok thanks for all the Selinux help but may look like I’m not able to run init.d scripts because root is disabled by default. So bringing up a new topic about starting first boot with root access. I have been looking over the CM github for a commit that turns it off so I can either manually revert or rebase a clone.

Gene Poole said:
L changed a partition entry adding a selinux policy to the mounting information. You need to change this entry int fstab.hammerhead to keep it from hanging on boot:
Code:
/dev/block/platform/msm_sdcc.1/by-name/modem /firmware vfat ro,shortname=lower,uid=1000,gid=1000,dmask=227,fmask=337[COLOR="Red"],context=u:object_r:firmware_file:s0 [/COLOR] wait
Code:
/dev/block/platform/msm_sdcc.1/by-name/modem /firmware vfat ro,shortname=lower,uid=1000,gid=1000,dmask=227,fmask=337 wait
Then your kernel should boot. You can add a command line entry to the boot image to turn it off or on.
Edit:
You may also have to comment out a line at the top of init.rc. I'm not sure, but mine is commented so I must have done it for some reason.
Code:
# Copyright (C) 2012 The Android Open Source Project
#
# IMPORTANT: Do not create world writable files or directories.
# This is a common source of Android security bugs.
#
import /init.environ.rc
import /init.usb.rc
import /init.${ro.hardware}.rc
import /init.${ro.zygote}.rc
import /init.trace.rc
on early-init
# Set init and its forked children's oom_adj.
write /proc/1/oom_score_adj -1000
# Apply strict SELinux checking of PROT_EXEC on mmap/mprotect calls.
[COLOR="Red"]#write /sys/fs/selinux/checkreqprot 0[/COLOR]
# Set the security context for the init process.
# This should occur before anything else (e.g. ueventd) is started.
setcon u:r:init:s0
# Set the security context of /adb_keys if present.
restorecon /adb_keys
start ueventd
# create mountpoints
mkdir /mnt 0775 root system
Click to expand...
Click to collapse
Bumb to this method. Something is changed in Nougat, after editin all these stuff, i will loose data and cell connections..

Please root n920v

Unreal.... can a group of professionals get together and spend a day cracking the bootloader and root the Verizon version note 5 not even one custom rom for this device all other models have gotten there attention we need to crack this note 5 please

so far no one can hack n920v bootloader. Me also waiting for this info. Until now my n920v still not root yet. huhuu

It does not bypass bootloader
It's funny, in the UART logs running an engineering s-boot, it will say that an invalid image was detected, and it will reboot to avoid tripping Knox. A t-mobile phone I got, I accidentally flashed a Verizon image, and there went Knox, before I had intended to. Verizon has probably drastically reduced the unexplained returns, with the lies suggested on here to use by doing that. That might be a main motivation to consider.
But back to the subject, before I ever tried attempted to understand Magisk (which I used on my XT1575), which sort of does the same thing I did, but still allows selinux, was to use the engineering kernel, and did the following:
& Mount /system as loopback in /data/systemmirror
& Mount a loop back image over /system, which effectively hides it
& Link to each file in the loopback to the mirror, except for what I didn't want, and add what I did want. I even got xposed, microg/unifiednlp working like that. I didn't want to use supersu, but I imagine it can be done too. Some files had to be on the loopback system because uh I think it didn't like dynamic linking some library files that were links, that was fun to debug again and again and again until it worked.
& Set selinux permissive, because links aren't normally allowed, and I couldn't figure out how to make that work in the policy, and I could have reloaded it with the tools in the supersu apk if I knew what I was doing.
Thus, a tethered root is made. Tethered. Every boot up, you have to log in with adb to run the shell script that mounts everything, changes selinux, and kills system_server, effectively rebooting it. I could not figure out another way. It worked, minus samsung pay.
While that doesn't sound so bad, I went into the subway, was playing my hacked up version of shattered pixel dungeon, and the kernel crashed. Man, I that was a bummer. Still haven't rooted it properly.
If there's a fwbl1 or something that breaks the chain of trust from a developers SDK, sboot could be modified to load any binary without tripping Knox into an existing sboot probably.
I've removed so much stuff from this post so many times while preparing the draft to submit to my comment editor, I wonder how many times before I'm forced to decide whether a sign post visible in 1/9th of a picture is part of a street sign or not.

Replacing file before bootanimation is loaded

hi!
is there any way to replace the bootanimation binary on samsung devices before it gets loaded? i've dived into the magisk documentary a lot already and tried many methods to make a working module, but in every case the file either got replaced after the boot is done or just didn't get replaced at all.
if someone would please point me to the right direction, i was planning to release this module for other samsung phone owners to use!

Magic mounting often happens too late for the boot animation to successfully be replaced. There used to be an early mount stage, but that was buggy and therefore dropped a long time ago...
The earliest you could get away with is probably if you use a script in post-fs-data.d to bind mount the file from the module directory. Although, it is bad practice for modules to be placing scripts in post-fs-data.d, this could be necessary to get the earliest possible excecution. Just make sure to use the module uninstall.sh to delete the script and also leave in a self-destruct in the script if the module is removed without utilising the uninstall.sh file.
Also, bind mounts can trigger SafetyNet, but that depends a bit on what is actually mounted so keep an eye out for that.
No guarantees the above will work.