Database Develop

[MODULE][DISCONTINUED] Magisk SELinux Permissive Script

AS OF 03/07/2018
Support and development of this module have been discontinued.
A replacement module can be found here : https://forum.xda-developers.com/apps/magisk/module-magisk-selinux-manager-t3760042
This is a very simple module that installs a post-fs-data.sh script which enables SELinux Permissive Mode. This is useful for certain audio mods and removes the need to understand Magisk's file system & boot logic. No need to create your own scripts, just flash and forget.
I have only tested this on my Verizon HTC 10, but this module is so simple and generic that it should work on any Android device with SELinux.
This module has been tested on and is compatible with Magisk v11.6-15.2.
Disclaimer & Recommendations: This module should be used as a last resort only if appropriate SELinux Permissions can not be generated and injected into the SELinux Policy using selinux-inject, supolicy or magiskpolicy. Putting your device into Permissive Mode will essentially disable all of the operating system level security built into Android and allow any app in any context to do whatever it wants. Actions requiring root access will still trigger your SU Manager App, but all apps have elevated privileges due to permissive and may be able to take malicious actions on your device without needing root access. If you find that this module fixes issues you are experiencing with an app I recommend contacting the app developer and trying to work with them to isolate the necessary SELinux Permissions and have them injected into the SELinux Policy at startup.
Here is a discussion of some of concerns to consider when running your device in Permissive Mode : https://forum.xda-developers.com/general/general/discussion-root-selinux-risks-t3607295
Github Repo : https://github.com/Jman420/magisk-permissive-script
Change Log :
v1.0 - Initial Release
v1.1 - Update to Module Template v1400
v1.2 - Update to Module Template v1500

thank you brother!
LeEco LePro 3 Atmos can work finally!

huaiyue said:
thank you brother!
Can you tell me how to install LeEco LePro 3 Atmos ?
I hava supersu systemless.
Click to expand...
Click to collapse
These two things are completely unrelated.
If you want to install something, you install it. There's not much more to that.

huaiyue said:
thank you brother!
Can you tell me how to install LeEco LePro 3 Atmos ?
I hava supersu systemless.
Click to expand...
Click to collapse
In Magisk, go to the Modules section, and select the "+", and select the zip you downloaded.

Jman420 said:
This is a very simple module that installs a post-fs-data.sh script which enables SELinux Permissive Mode. This is useful for certain audio mods and removes the need to understand Magisk's file system & boot logic. No need to create your own scripts, just flash and forget.
I have only tested this on my Verizon HTC 10, but this module is so simple and generic that it should work on any Android device with SELinux.
Github Repo : https://github.com/Jman420/magisk-permissive-script
Click to expand...
Click to collapse
LeEco LePro 3 Atmos can work
however
xposed systemless failed.
---------- Post added at 01:32 ---------- Previous post was at 01:31 ----------
ahrion said:
These two things are completely unrelated.
If you want to install something, you install it. There's not much more to that.
Click to expand...
Click to collapse
http://imgur.com/a/Sbf9p
dolby fc.
---------- Post added at 01:36 ---------- Previous post was at 01:32 ----------
jhedfors said:
In Magisk, go to the Modules section, and select the "+", and select the zip you downloaded.
Click to expand...
Click to collapse
thank you brother!

Thanks a lot

huaiyue said:
thank you brother!
LeEco LePro 3 Atmos can work finally!
Click to expand...
Click to collapse
Regarding your other post mentioning Xposed (which I'm not quoting cause it's a mess). I'm running on Nougat so I can't use Xposed and haven't tested with it. If you give me more details I can try to determine what the issue is. Logs, error messages, symptoms would all be helpful.
Thor™ said:
Thanks a lot
Click to expand...
Click to collapse
I aim to please

I don't understand why this mod is usefull. In the latest version of magisk, there is a semi enforce/permissive linux bypass. The system thinks it's enforced, but in reality is permissive. Or maybe I didn't fully understand it?

its working with s5neo?

I've just flashed this zip. This allows Viper4Android to run in enforcing mode:
https://www.dropbox.com/s/k9cnruw2e1t1d4t/ViPER4Android-supolicy.zip?dl=0
I forgot the source. Maybe Google it

matssa said:
I don't understand why this mod is usefull. In the latest version of magisk, there is a semi enforce/permissive linux bypass. The system thinks it's enforced, but in reality is permissive. Or maybe I didn't fully understand it?
Click to expand...
Click to collapse
I agree that Magisk hides the actual SELinux Mode in such a way that if Magisk Hide is enabled the 'getenforce' command always returns 'Enforcing'. But if you do not run the 'setenforce 0' command the SELinux mode will still be set to 'Enforcing' rather than 'Permissive'. This script puts the SELinux mode into 'Permissive' at startup. Magisk Hide will still hide the fact that you are in Permissive Mode, which I believe is the 'pseudo permissive' mode that Magisk describes. But I can not find any settings or commands within Magisk that enable Permissive Mode.
htr5 said:
I've just flashed this zip. This allows Viper4Android to run in enforcing mode:
https://www.dropbox.com/s/k9cnruw2e1t1d4t/ViPER4Android-supolicy.zip?dl=0
I forgot the source. Maybe Google it
Click to expand...
Click to collapse
It's just a shell script, the source is in the zip file. This is really helpful and is the direction I want to take this project. Permissive Mode is great in that it gets the Apps/Mods that we want to run to work, but I consider it the equivalent of using a sledgehammer to hammer in a finishing nail. I would much rather be able to grant the specific permissions that each App needs rather than enable all permissions for all apps (which is what permissive mode does).
I plan on trying to develop an App which will assist in managing and generating a script which uses 'supolicy' to inject individual SELinux Policy Permissions. I had planned on using the Dolby Atmos LePro3 build as a guinea pig to try to isolate which permissions it needs and put together the supolicy command for them. I've hit a bit of a roadblock in verifying my supolicy command due to the format that the SELinux Policy is stored in on the device. I've found a project called sedump (https://ge0n0sis.github.io/posts/2015/12/exploring-androids-selinux-kernel-policy/) which claims to deserialize the Binary SELinux Policy to a readable format, but I can't seem to get it to work... the process seems to complete, but it generates an empty file... If anyone has experience with SELinux I'd really appreciate any feedback.

cosmin691 said:
its working with s5neo?
Click to expand...
Click to collapse
Dunno, I've only got an HTC 10 for testing. Give it a shot, if it doesn't work just uninstall the Magisk Package. Remember to disable Magisk Hide if you are testing to make sure it actually put your phone into Permissive Mode by using the 'getenforce' command.

It works for oneplus 3t on freedom OS rom.

Jman420 said:
This is a very simple module that installs a post-fs-data.sh script which enables SELinux Permissive Mode. This is useful for certain audio mods and removes the need to understand Magisk's file system & boot logic. No need to create your own scripts, just flash and forget.
I have only tested this on my Verizon HTC 10, but this module is so simple and generic that it should work on any Android device with SELinux.
Github Repo : https://github.com/Jman420/magisk-permissive-script
Click to expand...
Click to collapse
this zip must be flashed using twrp rite ? or stock recovery also will do fine ? because i tried many times to flash recovery for samsung e5 5.1.1 but ended up with boot loop. now running all stock !!

X_GOD said:
this zip must be flashed using twrp rite ? or stock recovery also will do fine ? because i tried many times to flash recovery for samsung e5 5.1.1 but ended up with boot loop. now running all stock !!
Click to expand...
Click to collapse
Should be able to install it through Magisk Manager or TWRP. Let me know if you have problems.

matssa said:
I don't understand why this mod is usefull. In the latest version of magisk, there is a semi enforce/permissive linux bypass. The system thinks it's enforced, but in reality is permissive. Or maybe I didn't fully understand it?
Click to expand...
Click to collapse
Now, I have magisk 11.6 on EMUI marshmallows V4A driver was abnormal because Enforcing selinux. Same happened with SuperSU 2.79. When I changed to permissive mode using terminal emulato/kernerl aduitor init.d script emulator/su.d SuperSU script, V4A driver was normal and it was processing. I like Magisk a lot because of its xposed like modules. Now using jman420's permissive magisk module.

Thor™ said:
Now, I have magisk 11.6 on EMUI marshmallows V4A driver was abnormal because Enforcing selinux. Same happened with SuperSU 2.79. When I changed to permissive mode using terminal emulato/kernerl aduitor init.d script emulator/su.d SuperSU script, V4A driver was normal and it was processing. I like Magisk a lot because of its xposed like modules. Now using jman420's permissive magisk module.
Click to expand...
Click to collapse
Without this module, ARISE is working fine, processing in 48000 on my side, so for V4A I don't think this is necessary, at least on my side.
Sent from my OnePlus3 using XDA Labs

matssa said:
Without this module, ARISE is working fine, processing in 48000 on my side, so for V4A I don't think this is necessary, at least on my side.
Click to expand...
Click to collapse
For ARISE I used to flash permissive script by osm0sis. Otherwise no luck with V4A, AM3D and Dolby.

Thor™ said:
For ARISE I used to flash permissive script by osm0sis. Otherwise no luck with V4A, AM3D and Dolby.
Click to expand...
Click to collapse
Strange... Did you enable magisk hide? If not, that is the reason.
Sent from my OnePlus3 using XDA Labs

matssa said:
Strange... Did you enable magisk hide? If not, that is the reason.
Click to expand...
Click to collapse
No, I was using SuperSU 2.79. Same happened with MagiskSU.

I cant get safetynet to pass no matter what I do.

I have a Galaxy S4 on Optimised CM14.1. I used the magisk that came with the ROM. I got safetynet to pass once, and have never been able to get it again.
Any help is appreciated!

BeastMode6 said:
I have a Galaxy S4 on Optimised CM14.1. I used the magisk that came with the ROM. I got safetynet to pass once, and have never been able to get it again.
Any help is appreciated!
Click to expand...
Click to collapse
Check to see if selinux is set to "Permissive", safetynet will fail if it detects a kernel with selinux set to permissive. To check this in the terminal type "getenforce" if it says "permissive", you can type "su" to get a root shell then type "setenforce 1" to enable Enforcing. In adb you can type the same, however you need to type "adb shell" prior to accomplish the same. Once enabled safetynet should pass. To set the selinux back to permissive type "setenforce 0" in a root shell. good luck!
Sent from my SM-T813 using Tapatalk

It says it's enforcing already.

BeastMode6 said:
It says it's enforcing already.
Click to expand...
Click to collapse
OK, make sure you have magisk-hide enabled in the magisk manager settings. I think safetynet checks for root as well, so if your rooted with magisksu, then all you should need to do is enable magisk-hide. If you don't have the magisk manager you can download it from google play.

I have hide on, still fails. I've also restarted like 5 times to no effect.

Check if Hide is working on your device by adding a root checker app to the Hide list. If it can't detect root, at least we know the Hide works.
After that, check SafetyNet with an app like SafetyNet Playground or SafetyNet Helper. Do you pass basic integrity?
Lastly, please upload a Magisk log.

When I added root checker to magisk hide, it can still detect root. The root request message pop'ed up, and I hit grant. Safetynet playground fails on absolutely everything.

BeastMode6 said:
When I added root checker to magisk hide, it can still detect root. The root request message pop'ed up, and I hit grant. Safetynet playground fails on absolutely everything.
Click to expand...
Click to collapse
if all else fails you might try uninstalling and reinstalling magisk, it might get rid of any errant files that maybe lingering around. You never really know whats really lies under the hood with pre-packed ROMs.

brians018883 said:
if all else fails you might try uninstalling and reinstalling magisk, it might get rid of any errant files that maybe lingering around. You never really know whats really lies under the hood with pre-packed ROMs.
Click to expand...
Click to collapse
I've already tried that, didn't work.

BeastMode6 said:
I've already tried that, didn't work.
Click to expand...
Click to collapse
hmm ... you might try enabling core only mode, it could be conflicting magisk modules, if it that's culprit then you would need to then re-enable each module one by one until you trigger the error. It could be an init script and unrelated to magisk. My best advice is to do a backup, do a clean install of lineage os, then install magisk, and see if that works.

(Removed)

brians018883 said:
hmm ... you might try enabling core only mode, it could be conflicting magisk modules, if it that's culprit then you would need to then re-enable each module one by one until you trigger the error. It could be an init script and unrelated to magisk. My best advice is to do a backup, do a clean install of lineage os, then install magisk, and see if that works.
Click to expand...
Click to collapse
YAY core only mode seemed to have fixed it. It's passing now with core only mode and magisk hide.
I've made an interesting discovery. When I go to magisk hide and try to enable hide for the google play store, it now no longer passes safety net (cts mismatch) until I reboot.

BeastMode6 said:
YAY core only mode seemed to have fixed it. It's passing now with core only mode and magisk hide.
I've made an interesting discovery. When I go to magisk hide and try to enable hide for the google play store, it now no longer passes safety net (cts mismatch) until I reboot.
Click to expand...
Click to collapse
good, glad you made some progress!
Best not to hide google play store, magisk hide by default hides safety net, blocking the store may screw with google play services.
Oh since you are on a cm/lineage based rom and to save you some headaches, avoid turning on magisk's busybox implementation, since cm roms use toybox a more enhanced version of busybox it confuses the OS by overlaying the busybox binaries over toybox's binaries and magisk eventually loses root until you do reboot, not mention makes the system sluggish and almost unusable. I learned that the hard way.
Happy Tweaking!

[BUG] MagiskHide does not work on Hanabank app. (strace log attached)

Hello, everyone.
Few days ago, I found Hanabank app (com.hanabank.ebk.channel.android.hananbank) detects Magisk hide. I ran strace against Hanabank app, and I got some suspicious openat(2) returns -EACCES and even some files are not filtered by Magisk Hide (returns file descriptor successfully)
Here are openat(2) calls which don't look good.
Code:
[pid 27855] openat(AT_FDCWD, "/sbin_orig/magisk", O_RDONLY|O_LARGEFILE) = 91
[pid 27855] openat(AT_FDCWD, "/dev/magisk/mirror/system", O_RDONLY|O_LARGEFILE) = -1 EACCES (Permission denied)
[pid 27855] openat(AT_FDCWD, "/magisk", O_RDONLY|O_LARGEFILE) = -1 EACCES (Permission denied)
[pid 27855] fstatat64(AT_FDCWD, "99-magisk.sh", {st_mode=S_IFREG|0755, st_size=2011, ...}, 0) = 0
Full strace log of Hanabank app:
Code:
https://pastebin.com/BUiViAbK
I think they should return -ENOENT to pass that magisk detection routine.
I'm using Magisk v14.0
BTW, why Magisk Github issue tracker is disabled?

Having the same issue but with another app.
https://forum.xda-developers.com/showpost.php?p=73968022&postcount=19348
How did you run strace? I used strace -f -p PID-o /sdcard/strace.txt but no reference to Magisk is shown.

olivercervera said:
Having the same issue but with another app.
https://forum.xda-developers.com/showpost.php?p=73968022&postcount=19348
How did you run strace? I used strace -f -p PID-o /sdcard/strace.txt but no reference to Magisk is shown.
Click to expand...
Click to collapse
First, sorry for late reply. I was on vacation.
I used this script to attach strace to fresh app process.
Code:
while true; do
while ! ps | grep -q -i $1; do :; done;
ps | grep -i $1 | while read a b c; do
strace -e open -f -e trace=file,ptrace -p $b 2>&1;
done;
done
For example, if you saved this script as /sdcard/strace.sh, The procedure I take to attach strace to the app is;
1. use killall command to kill all app process. Android pre-forks app, so we need to kill that first.
2. run script using sh /sdcard/strace.sh <app_process_name>. This will attach strace to the app and redirects strace's stderr output to stdout.
2-1. Do whatever you want (use tee or just redirect it to file, etc..) with stdout stream.
3. Analyze collected result.
That's all.

perillamint said:
First, sorry for late reply. I was on vacation.
I used this script to attach strace to fresh app process.
Click to expand...
Click to collapse
Hi
Just now I realised that I responded in the other thread. However your script never worked
I ran the script in a shell with root permission using
Code:
sh /sdcard/strace.sh com.barclays.android.barclaysmobilebanking
Unfortunately this is what I get when I try to run the script
Code:
/sdcard/strace.sh[5]: syntax error: 'done' unexpected
What have I done wrong?
EDIT: I've done this test on another device, a Nexus 5X stock 7.1.2 + Magisk v14. If I run strace it is not found, I have installed busybox but nothing! WAT??? I'll test with the other device later which has strace (Nexus 5).
EDIT2: Nope, I get the same error on the device which has strace.

olivercervera said:
Hi
Just now I realised that I responded in the other thread. However your script never worked
I ran the script in a shell with root permission using
Code:
sh /sdcard/strace.sh com.barclays.android.barclaysmobilebanking
Unfortunately this is what I get when I try to run the script
Code:
/sdcard/strace.sh[5]: syntax error: 'done' unexpected
What have I done wrong?
EDIT: I've done this test on another device, a Nexus 5X stock 7.1.2 + Magisk v14. If I run strace it is not found, I have installed busybox but nothing! WAT??? I'll test with the other device later which has strace (Nexus 5).
EDIT2: Nope, I get the same error on the device which has strace.
Click to expand...
Click to collapse
Hmm, I used sh which included in LineageOS.... I think Android's default sh couldn't handle that script's syntax properly. Default sh is quite crippled compared to GNU/Linux's one (bash, zsh, etc..)
Could you try running this script using bash instead of sh? If you don't have bash on your Android system, this Magisk module could inject bash binary into your system. https://forum.xda-developers.com/apps/magisk/module-magisk-bash-shell-t3609988

perillamint said:
Hmm, I used sh which included in LineageOS.... I think Android's default sh couldn't handle that script's syntax properly. Default sh is quite crippled compared to GNU/Linux's one (bash, zsh, etc..)
Could you try running this script using bash instead of sh? If you don't have bash on your Android system, this Magisk module could inject bash binary into your system. https://forum.xda-developers.com/apps/magisk/module-magisk-bash-shell-t3609988
Click to expand...
Click to collapse
Thanks for your suggestion. In the end I installed LOS on my test device and ran the script.
The funny thing is that I can't find a single reference to Magisk or Root...
The output is attached.

olivercervera said:
Thanks for your suggestion. In the end I installed LOS on my test device and ran the script.
The funny thing is that I can't find a single reference to Magisk or Root...
The output is attached.
Click to expand...
Click to collapse
Indeed. However the app dies shortly after reading the two property files:
/dev/__properties__/ubject_r:default_prop:s0
/dev/__properties__/ubject_r:logd_prop:s0
I would try to get the output of getprop with and without Magisk installed and see if there are any properties being leaked that could give a hint that Magisk is installed.

Fif_ said:
Indeed. However the app dies shortly after reading the two property files:
/dev/__properties__/ubject_r:default_prop:s0
/dev/__properties__/ubject_r:logd_prop:s0
I would try to get the output of getprop with and without Magisk installed and see if there are any properties being leaked that could give a hint that Magisk is installed.
Click to expand...
Click to collapse
You are the man! You definitely spotted the method being used by this app. Thanks.
I had to leave LOS ROM because even without Magisk it would not run, so I installed another ROM. I verified the app runs, got props, installed Magisk and got new props.
There are all changes:
1. [ro.build.selinux]: [1] is changed to [ro.build.selinux]: [0] when Magisk is installed
2. [ro.runtime.firstboot] shows different values but I believe it's fine
3. The following are entirely missing when Magisk is installed
[selinux.reload_policy]: [1]
[service.adb.tcp.port]: [-1]
[sys.retaildemo.enabled]: [0]
[init.svc.clear-bcb]: [stopped]
I have the feeling that [ro.build.selinux]: [1] and [selinux.reload_policy]: [1] are key elements and Magisk is not hiding them properly. I would suppose these elements show that SELinux is not enforcing anymore. I tried changing these values, but at reboot they don't change.
I know obviously Magisk does not enforce SELinux, but hides that got set to Permissive. System thinks that is enforcing, and using command getenforce i get as a result Enforcing, but Barclays (and possibly other apps) are reading that SELinux is not actually being enforced.
Interesting. Will post these finding in the main thread.
Do you have anything to add that could be helpful?

olivercervera said:
You are the man! You definitely spotted the method being used by this app. Thanks.
I had to leave LOS ROM because even without Magisk it would not run, so I installed another ROM. I verified the app runs, got props, installed Magisk and got new props.
There are all changes:
1. [ro.build.selinux]: [1] is changed to [ro.build.selinux]: [0] when Magisk is installed
2. [ro.runtime.firstboot] shows different values but I believe it's fine
3. The following are entirely missing when Magisk is installed
[selinux.reload_policy]: [1]
[service.adb.tcp.port]: [-1]
[sys.retaildemo.enabled]: [0]
[init.svc.clear-bcb]: [stopped]
I have the feeling that [ro.build.selinux]: [1] and [selinux.reload_policy]: [1] are key elements and Magisk is not hiding them properly. I would suppose these elements show that SELinux is not enforcing anymore. I tried changing these values, but at reboot they don't change.
I know obviously Magisk does not enforce SELinux, but hides that got set to Permissive. System thinks that is enforcing, and using command getenforce i get as a result Enforcing, but Barclays (and possibly other apps) are reading that SELinux is not actually being enforced.
Interesting. Will post these finding in the main thread.
Do you have anything to add that could be helpful?
Click to expand...
Click to collapse
If you use "resetprop ro.build.selinux 1" in a root shell, does the app start?
That will disappear at reboot of course, but it's easy to add to /magisk/.core/props to make it stick until Magisk is fixed.
Now, I don't think Magisk disables SELinux, why do you have it disabled?

Fif_ said:
If you use "resetprop ro.build.selinux 1" in a root shell, does the app start?
That will disappear at reboot of course, but it's easy to add to /magisk/.core/props to make it stick until Magisk is fixed.
Now, I don't think Magisk disables SELinux, why do you have it disabled?
Click to expand...
Click to collapse
Yes, Magisk changes SELinux to Permissive and hides this status.
Although my findings would be legit and those props should be hidden, in my Bank's case is not the issue.
I have discovered that if I uninstall Magisk Manager (but not uninstall root, just the app) my bank app works. However it does not work if I use "Hide Magisk".
Since the hidden app is called Unhide Magisk Manager, probably this app is looking for Magisk keyword.
For whatever reason when I run strace the app does crash and always reports that message (crash after reading prop).
I will post these findings in the support thread.
I don't know how to do it, but I would recompile Magisk Manager changing package ID and name, in theory should work.

I am having the same issue on my Galaxy S8 with the Barclays Mobile Banking app. I have tried using every option in Magisk but nothing seems to be working. In fact, the Barclays app actually asked for SU permissions when I first ran it which is odd to me.
Did anyone find a workaround for this? I read the posts in this thread but I am not savvy enough to understand all the codes and technical information written, so please excuse my ignorance in the matter. Is reverting to a completely stock ROM my only option at this point? I really need to start using this application as soon as possible.
Thank you.

Quick update guys!
The great Topjohnwu is working on a new update that includes a key feature for us: reinstalling Magisk Manager with a random package ID.
These changes are in his Github Repo. On this thread you can find unofficial versions of Magisk compiled from Github.
I have tested Magisk-v14.4-20171102-091345.zip: HELL IT WORKS!
In Magisk Manager: go to settings and you will have the option to reinstall Magisk Manager with a random package ID
Install Barclays from Play Store
Add Barclays to Magisk Hide
Open Barclays, it will behave correctly and will work!
This solves my problem, so I will be able to use the latest version of this app very soon (will wait for public beta).
On a side note, this update should als hide /Magisk partition, which was detected by @perillamint banking app, so might be worth trying it.
I have installed this Hanabank app (hopefully is the right one!) and added it to Magisk Hide. The app opens up correctly but I can't understand anything. I see some stuff moving on screen and on the upper left I see a lock icon (to login?)
If I don't add the app to Magisk Hide it shows an incomprehensible message and closes.
Hope you find this helpful.
Please see photos below.

@olivercervera
What are your exact steps? I installed the latest version from this thread, and added barclays to magisk hide, and then in settings, clicked in hide magisk manager. When I clicked in unhide magisk manager, it asked me for root permision for something with a random name, so I guess it worked, but I couldn't get the Barclays app to run. Is that a fresh install of your phone? I remember that if it detected your root once, it would be blocked forever, until you get a new ID. Did you call barclays to get your app working again?
On top of that, I clicked on hide magisk manager again, and now I can't unhide it, the app does nothing when I click on it... :crying:
Thanks for your help in any case, and thanks for the tip regading the new functionality!

mundodisco8 said:
@olivercervera
What are your exact steps? I installed the latest version from this thread, and added barclays to magisk hide, and then in settings, clicked in hide magisk manager. When I clicked in unhide magisk manager, it asked me for root permision for something with a random name, so I guess it worked, but I couldn't get the Barclays app to run. Is that a fresh install of your phone? I remember that if it detected your root once, it would be blocked forever, until you get a new ID. Did you call barclays to get your app working again?
On top of that, I clicked on hide magisk manager again, and now I can't unhide it, the app does nothing when I click on it... :crying:
Thanks for your help in any case, and thanks for the tip regading the new functionality!
Click to expand...
Click to collapse
Yes, a fresh start from a stock Nexus 5X I have at work. I did not register the app with my account during the test, all I needed to do was to get to the Welcome Screen: if Barclays detects root you don't get anything. Probably you need to reinstall Barclays App.
Once Magisk Manager is hidden with the new ID you can't go back to the original: you don't have any option. So if you still have it means there is a problem.

mundodisco8 said:
@olivercervera
What are your exact steps? I installed the latest version from this thread, and added barclays to magisk hide, and then in settings, clicked in hide magisk manager. When I clicked in unhide magisk manager, it asked me for root permision for something with a random name, so I guess it worked, but I couldn't get the Barclays app to run. Is that a fresh install of your phone? I remember that if it detected your root once, it would be blocked forever, until you get a new ID. Did you call barclays to get your app working again?
On top of that, I clicked on hide magisk manager again, and now I can't unhide it, the app does nothing when I click on it... :crying:
Thanks for your help in any case, and thanks for the tip regading the new functionality!
Click to expand...
Click to collapse
He's talking about a new Hide Manager feature that is much improved from the current implementation. It's not yet available officially, so you'll have to build yourself from the GitHub repo, or download from the unofficial snapshots thread that @olivercervera linked.

Didgeridoohan said:
He's talking about a new Hide Manager feature that is much improved from the current implementation. It's not yet available officially, so you'll have to build yourself from the GitHub repo, or download from the unofficial snapshots thread that @olivercervera linked.
Click to expand...
Click to collapse
I didn't even consider the possibility he didn't realise I was using the unofficial/self compiled version... I even linked it!!!
Thanks

olivercervera said:
I didn't even consider the possibility he didn't realise I was using the unofficial/self compiled version... I even linked it!!!
Thanks
Click to expand...
Click to collapse
It's actually quite apparent that he's talking about the current implementation, since the updated, unreleased, feature doesn't have anything named "unhide" to click.
With the new implementation you unhide the hidden Manager by reinstalling and opening it.

Hi guys,
Yes, I installed the latest version, following the link OliverCervera linked. I hid it using the usual method of going to options/hide magisk, and I got a new app, as usual. clicking on it to unhide prompted for root permissions for an app with a random ID (as expected). The next time, I wasn't that lucky, and the whole thing crashed. Anyway, it's a nightly, so I won't complain, and I will check it later, as sadly I don't have time to do it now.
In any case, my app was marked, because I opened it with the official release of Magisk and it detected root, and once it does, it keeps the "this phone is rooted" status until you do a factory reset. I think you can call them to tell them that it was a mistake, and they can unlock it but I'm not 100% sure about this last point.
Thanks for the work, anyway!

mundodisco8 said:
Hi guys,
Yes, I installed the latest version, following the link OliverCervera linked. I hid it using the usual method of going to options/hide magisk, and I got a new app, as usual. clicking on it to unhide prompted for root permissions for an app with a random ID (as expected). The next time, I wasn't that lucky, and the whole thing crashed. Anyway, it's a nightly, so I won't complain, and I will check it later, as sadly I don't have time to do it now.
In any case, my app was marked, because I opened it with the official release of Magisk and it detected root, and once it does, it keeps the "this phone is rooted" status until you do a factory reset. I think you can call them to tell them that it was a mistake, and they can unlock it but I'm not 100% sure about this last point.
Thanks for the work, anyway!
Click to expand...
Click to collapse
If you install the correct version of the Manager you won't have an unhide app after hiding the Manager. That's changed...
Your problem is probably that the unofficial Manager has a different signature, so it won't install over the official Manager. Solution: Uninstall the official Manager before installing the unofficial snapshot.
Have you tried just clearing all data for the app after it detects root? That usually works for an app that "remembers" root. But, I've never tested the app in question so...

Didgeridoohan said:
If you install the correct version of the Manager you won't have an unhide app after hiding the Manager. That's changed...
Your problem is probably that the unofficial Manager has a different signature, so it won't install over the official Manager. Solution: Uninstall the official Manager before installing the unofficial snapshot.
Have you tried just clearing all data for the app after it detects root? That usually works for an app that "remembers" root. But, I've never tested the app in question so...
Click to expand...
Click to collapse
I think they keep your signature and store it on their servers. Barclays is really focused when it comes to not allowing people to use their app on rooted phones, but as I said, I would need to double check. And I kind of get why they do it, as they went all the way to avoid to pay Android to use Android Pay and they developed their own platform to pay over NFC (not judging here, it's up to them if they think it's the best solution). At the end of the day, root is exploited through a security flaw, and "the bad guys could get your moneys", and even though they could display a message at launch that says "hey, you are rooted, the bad guys could get AAAALLL of the moneys, it's up to you" people would still want to sue them if they mess up... but it's funny that they allow you to get into the online banking web on a rooted phone, where the bad guys could see your password...

[GUIDE] Viper4android on oreo 8.0 stystem

Hello all
viper4android refreshes very rarely and can not keep up with nexus / pixels.
I have seen many guides that suggested deleting the configuration file in /etc/audio_effects.conf.
I think it's a horrible thing! in fact, just insert few strings into another file in /vendor/etc/audio_effects.conf
Under libraries sections:
v4a_fx {
path /system/lib/soundfx/libv4a_fx_ics.so
}
Under effects sections:
v4a_standard_fx {
library v4a_fx
uuid 41d3c987-e6cf-11e3-a88a-11aba5d5c51b
}
it is very important that selinux is set to permissive mode.
Open a Shell :
$ su
# setenforce 0
P.S. install busybox first

MT88 said:
Hello all
viper4android refreshes very rarely and can not keep up with nexus / pixels.
I have seen many guides that suggested deleting the configuration file in /etc/audio_effects.conf.
I think it's a horrible thing! in fact, just insert few strings into another file in /vendor/etc/audio_effects.conf
Under libraries sections:
v4a_fx {
path /system/lib/soundfx/libv4a_fx_ics.so
}
Under effects sections:
v4a_standard_fx {
library v4a_fx
uuid 41d3c987-e6cf-11e3-a88a-11aba5d5c51b
}
it is very important that selinux is set to permissive mode.
Open a Shell :
$ su
# setenforce 0
Click to expand...
Click to collapse
Good guide but that setenforce 0 command doesn't stick after reboot as far as I know. To get it to stick you should use an app that does it or create a .sh file and add the permissive kernel code to it. Can't remember where the file goes though.

DEVILOPS 007 said:
Good guide but that setenforce 0 command doesn't stick after reboot as far as I know. To get it to stick you should use an app that does it or create a .sh file and add the permissive kernel code to it. Can't remember where the file goes though.
Click to expand...
Click to collapse
In viper's app there is an option "disable selinux".

You only have to go permissive with magisk and there's an module for it.
With SuperSU you can stay enforced.
Delete musicfx or audiofx and you're good.

Been trying for days to get viper to work,thanks man.works for me

coremania said:
You only have to go permissive with magisk and there's an module for it.
With SuperSU you can stay enforced.
Delete musicfx or audiofx and you're good.
Click to expand...
Click to collapse
personally I prefer to add two lines of code instead of installing an application that allows another application to work

Right very good guide, but you have to go and live permissive with it. The question is, what's better. If you root anyway ???

coremania said:
Right very good guide, but you have to go and live permissive with it. The question is, what's better. If you root anyway ???
Click to expand...
Click to collapse
this is a problem to be submitted to the viper developer

MT88 said:
personally I prefer to add two lines of code instead of installing an application that allows another application to work
Click to expand...
Click to collapse
Dev,you wouldn't happen to know how to get ATMOS working would you?

I prefer to go permissive as well, besides the fact that I'm always permissive even when I don't have V4A installed.
Also, you don't have to install an app, you just put a permissive script in your init.d(if not using Magisk). For Magisk, you put it in /magisk/.core/service.d/.
I've created my own flashable zips to do this, and since it's Magisk, as long as I don't clean flash, I never have to worry about it. [emoji41]
Sent from my Nexus 6P using Tapatalk

Curiousn00b said:
I prefer to go permissive as well, besides the fact that I'm always permissive even when I don't have V4A installed.
Also, you don't have to install an app, you just put a permissive script in your init.d(if not using Magisk). For Magisk, you put it in /magisk/.core/service.d/.
I've created my own flashable zips to do this, and since it's Magisk, as long as I don't clean flash, I never have to worry about it. [emoji41]
Click to expand...
Click to collapse
here we talk about viper. Magisk and company should be treated elsewhere. Just create an init file for selinux.

Not a Magisk module. If you're using Magisk, you can't stick the init.d script in /system/etc/init.d/ since the system won't being using that location IF you're using Magisk. That's why I included both locations just in case someone that's using Magisk came across the post.
Either way, I was still talking about Viper.
Sent from my Nexus 6P using Tapatalk

I've been using latest Magnum opus on 8.1 without any problems or changes needed to the system. And it works perfectly fine with viper+Dolby config

coremania said:
You only have to go permissive with magisk and there's an module for it.
With SuperSU you can stay enforced.
Delete musicfx or audiofx and you're good.
Click to expand...
Click to collapse
Maybe you can. Have never had ARISE or Viper work without permissive, on either Magisk or SuperSU.

Not maybe, supersu makes it possible to stay enforced with viper and dolby. With magisk Viper might be possible enforced but dolby will run only permissive with magisk.
Tested so many times.

coremania said:
Not maybe, supersu makes it possible to stay enforced with viper and dolby. With magisk Viper might be possible enforced but dolby will run only permissive with magisk.
Tested so many times.
Click to expand...
Click to collapse
Wrong.

snsone said:
Wrong.
Click to expand...
Click to collapse
After every reboot I guess

coremania said:
After every reboot I guess
Click to expand...
Click to collapse
Works after any reboot with enforcing, no need for permissive

Deleted

@snsone are you using android oreo? And if so, how are you doing that?

PS Remote Play version 4.1.0 detects root (ver 3.0 & 4.0 ok)

Hey all,
Android 7.1.1, Magisk 20.4 (on Stable update channel), Magisk Manager is hidden (as "Manager", tried "MM" as well) and the updated Sony app was added to Magisk Hide list.
Data & Cache were cleared for the app as well.
https://play.google.com/store/apps/details?id=com.playstation.remoteplay
But on launch, it crashes with error 88001003, which seems to indicate root detection.
The previous version 3.0 has worked flawlessly on the same system with same settings.
Does anyone know a workaround, could the app now be checking the system for root-compatible apps and block from there ?
Any way to find out how the app detects root?
Any feedback is very welcome.

Full Manager obfuscation capabilities aren't available on Android versions lower than 9. Could be what's causing your issues...
For what it's worth I can start the app just fine on my Android 9 OP3T with Canary build 21004 and hidden Canary Manager 310.
Try uninstalling the Manager and see if that makes a difference.

Log Cat info :
Code:
[10-15 14:29:26.760 4218:4218 D/PRCNT_#RecentsModel#]
#createTaskStack# :: task=PS Remote Play, isTopRunningTask=false, isVisible=false, isLocked=false, isKnoxTask=false, isHideThumbnail=false, isLongLive=false

Didgeridoohan said:
Try uninstalling the Manager and see if that makes a difference.
Click to expand...
Click to collapse
Sadly no difference (and deleted app's data + cache of course). Would you have any other ideas?
Spartacus500 said:
Log Cat info :
Code:
[10-15 14:29:26.760 4218:4218 D/PRCNT_#RecentsModel#]
#createTaskStack# :: task=PS Remote Play, isTopRunningTask=false, isVisible=false, isLocked=false, isKnoxTask=false, isHideThumbnail=false, isLongLive=false
Click to expand...
Click to collapse
Thanks but I'm not sure how it's supposed to help?

Ps24u said:
Sadly no difference (and deleted app's data + cache of course). Would you have any other ideas?
Click to expand...
Click to collapse
Many things may trigger detection, not only Magisk:
https://www.didgeridoohan.com/magisk/MagiskHide#hn_Hiding_root_from_apps

Thanks Didgeridoohan, after many hours I found 2 culprits that triggered root detection on my system.
For the Sony Remote Play app mentionned in this thread: SELinux set to permissive was the culprit.
After disabling the Magisk module for SElinux, the app runs normally, no crash, all good.
But it's pretty annyoing having to reboot to enable/disable SELinux just to run this app.
Would you know if there's a way to either toggle SElinux in realtime while the os is running or to have the Sony app always believe SElinux is set to enforcing ?
For the second app, it was dumb, it looked for "twrp" folder on internal storage. After I renamed the folder, the app launches and runs perfectly.
But again it's far from ideal to do it manually all the time. So for this case also, is there a way to hide the "twrp" folder from this app, either via magisk module, script or otherwise?
Thanks a lot for your tips and awesome site, probably the best ressource for all things Magisk. :bow:

Ps24u said:
Would you know if there's a way to either toggle SElinux in realtime while the os is running or to have the Sony app always believe SElinux is set to enforcing ?
Click to expand...
Click to collapse
That's just a simple terminal command (which is exactly what the module uses and runs at boot). You can run that whenever and it'll change selinux to the state you want on the fly, no need for a reboot.
Permissive:
Code:
setenforce 0
Enforcing:
Code:
setenforce 1
Needs to be run as su, of course (you could add "su -c" in front of the command to make it easy).
You could either set up a script with an app like Tasker or use an app that's made for toggling selinux (if you look around there should be a few available).
For the second app, it was dumb, it looked for "twrp" folder on internal storage. After I renamed the folder, the app launches and runs perfectly.
But again it's far from ideal to do it manually all the time. So for this case also, is there a way to hide the "twrp" folder from this app, either via magisk module, script or otherwise?
Click to expand...
Click to collapse
To hide the TWRP directory you could use an isolation app to stop the app from detecting what you have on your device. When it comes up the internal storage, Storage isolation is the most powerful.
Another option could be to set up a Tasker task (or similar) that renames the folder and then launches the app. Another Tasker profile could then keep track of when the app is running and rename the folder again once it's closed. Or it might be more reliable to run a task manually when you're done with the app. I'm just mentioning this to show some options. It's nowhere near as elegant as using an isolation app...
Thanks a lot for your tips and awesome site, probably the best ressource for all things Magisk. :bow:
Click to expand...
Click to collapse
No worries, I'm glad you found it useful and could get things figured out.

Didgeridoohan said:
That's just a simple terminal command (which is exactly what the module uses and runs at boot). You can run that whenever and it'll change selinux to the state you want on the fly, no need for a reboot.
Permissive:
Code:
setenforce 0
Enforcing:
Code:
setenforce 1
Needs to be run as su, of course (you could add "su -c" in front of the command to make it easy).
You could either set up a script with an app like Tasker or use an app that's made for toggling selinux (if you look around there should be a few available).
Click to expand...
Click to collapse
That strangely doesn't do the trick. If SElinux is set to permissive at boot via Magisk module, toggling to Enforcing afterwards doesn't allow the app to launch (crashes with same error 88001003, even after deleting data+cache).
It seems the app somehow knows if SElinux was set to permissive on boot and doesn't care if SElinux is switched to Enforcing afterwards.
Due to how my setup works I need Permissive at boot (mount cifs folders) so I'm in pinch.
I use selinux_permissive_v2.zip on Magisk 20.4.
I also tried to set SElinux to permissive via a script in /data/adb/service.d
Code:
#!/system/bin/sh
setenforce 0
But same results, toggling to Enforcing afterwards doesn't allow the app to launch.
I tried toggling with "su -c setenforce 1" in Termux, and with SELinux Toggler.
However, If the phone boots with Enforcing, and then I toggle to Permissive after boot and then back to Enforcing, the app launches without issues, strange!
There is a mystery going on here...
Didgeridoohan said:
To hide the TWRP directory you could use an isolation app to stop the app from detecting what you have on your device. When it comes up the internal storage, Storage isolation is the most powerful.
Click to expand...
Click to collapse
That worked straight away, awesome!

On my Samsung Galaxy S7 edge Custom Pie 9.0 Rom NFE root Magisk, this application does not work, keeps saying "something went wrong", I changed the twrp folder to aaaTWRPaaa but still the application won't work. I also changed selinux mode changer to permisive, but after this change also doesn't work, my antivirus screams selinux permisive is dangerous. Any ideas ?

Spartacus500 said:
On my Samsung Galaxy S7 edge Custom Pie 9.0 Rom NFE root Magisk, this application does not work, keeps saying "something went wrong", I changed the twrp folder to aaaTWRPaaa but still the application won't work. I also changed selinux mode changer to permisive, but after this change also doesn't work, my antivirus screams selinux permisive is dangerous. Any ideas ?
Click to expand...
Click to collapse
From my testing, PS Remote Play doesn't care about TWRP folder.
Spartacus, for now try to boot with SElinux to Enforced, and clear data/cache for the app.
I hope Didgeridoohan can help solve the SElinux pemissive at boot mystery.

Ps24u said:
I hope Didgeridoohan can help solve the SElinux pemissive at boot mystery.
Click to expand...
Click to collapse
Not really... I've no idea why the app would behave like that.
But I have a thought: how do you set up your cifs folders mounting? With a script? If so, could you temporarily set SELinux permissive only during that time? If you're lucky, it might be that's enough... I have no idea how cifs folder mounting works, so I'm just throwing ideas aimed at your head.

Ps24u said:
From my testing, PS Remote Play doesn't care about TWRP folder.
Spartacus, for now try to boot with SElinux to Enforced, and clear data/cache for the app.
I hope Didgeridoohan can help solve the SElinux pemissive at boot mystery.
Click to expand...
Click to collapse
I did as you said, deleted the TWRP folder from internal storage, also deleted the Titanium backup folder, no result, Selinux I have enforcing, the application still shows an error on startup
I also have a question, is your audit error the same as mine? Maybe there is a bug here
audit (error)
Code:
type=1400 audit(1603135249.830:2343): avc: denied { read } for pid=7381 comm="zCloudWorkerThr" name="enforce" dev="selinuxfs" ino=4 scontext=u:r:untrusted_app:s0:c212,c259,c512,c768 tcontext=u:object_r:selinuxfs:s0 tclass=file permissive=1 SEPF_SM-N935F_9_0001 audit_filtered
Code:
type=1400 audit(1603135249.830:2344): avc: denied { open } for pid=7381 comm="zCloudWorkerThr" path="/sys/fs/selinux/enforce" dev="selinuxfs" ino=4 scontext=u:r:untrusted_app:s0:c212,c259,c512,c768 tcontext=u:object_r:selinuxfs:s0 tclass=file permissive=1 SEPF_SM-N935F_9_0001 audit_filtered

Didgeridoohan said:
Not really... I've no idea why the app would behave like that.
But I have a thought: how do you set up your cifs folders mounting? With a script? If so, could you temporarily set SELinux permissive only during that time? If you're lucky, it might be that's enough... I have no idea how cifs folder mounting works, so I'm just throwing ideas aimed at your head.
Click to expand...
Click to collapse
In the context of Cifs, I need SELinux permissive during actual use, not only during the mounting phase, so it cannot be done unfortunately.
Spartacus500 said:
I did as you said, deleted the TWRP folder from internal storage, also deleted the Titanium backup folder, no result, Selinux I have enforcing, the application still shows an error on startup
I also have a question, is your audit error the same as mine? Maybe there is a bug here
audit (error)
Click to expand...
Click to collapse
I'm not sure what / how to "audit" ?

I'm back again, Samsung Galaxy S7 edge Custom Pie 9.0 Rom. Selinux enforcing, PS Remote Play 4.0.0 keeps crashing, I uninstalled Magisk root and PS Remote Play 4.0.0 app works fine on my S7, I reload Magisk root via TWRP and PS Remote Play 4.0.0 shows error again ...

You've added PS Remote Play to the "Magisk Hide" list already, right ?
If not, add it, then clear data/cache or Uninstall and reinstall the app but don't launch it, and reboot.

Ps24u said:
You've added PS Remote Play to the "Magisk Hide" list already, right ?
If not, add it, then clear data/cache or Uninstall and reinstall the app but don't launch it, and reboot.
Click to expand...
Click to collapse
Of course, right after installing Magisk I hid hide root for PS Remote Play 4.0.0 and also changed the name of Magisk manager to something else, cleaning the memory for this application does not help either, every time I open the application it says "something went wrong" and error code ... All I need to do is remove the Magisk root and the app works. I'm using Magisk 20400, tested 21000 and Canary 21005 version and on neither of these versions this app shows the same error

Sorry I can't help more. I'm on Magisk 20.4 and M.Manager 7.5.1, also on Android 7.1.1 official Sony rom.

I performed the test, removed the Magisk root, PS Remote Play 4.0.0 works, when I install only Magisk manager, then PS REMOTE PLAY 4.0.0 detects Magisk and shows an error, after removing Magisk manager, PS Remote Play 4.0.0 works again, but it's enough that I will upload root Magisk, hide root hide, remove Magisk manager then PS Remote Play 4.0.0 shows error ...

I've got the same issue, anyone find a workaround?

Same here. This app work in the past, now it doesnt open. I dont know why Sony now dont left we use it because of root. It thinks that we will hack something. Mas, if Sony continues to do this and **** the past generation with last updates I will left consoles for while.
Im using Android 8.1