Currently there are several custom roms available for Yureka Black ranging from noughat to android pie. But the roms with android versions Oreo and Pie run permissive SeLinux ( even the official roms in yuforums ). Switching to enforcing mode on these roms usually breaks the camera or the fingerprint . So are there any other custom roms available that have SeLinux enforcing by default?
Brainyboy said:
Currently there are several custom roms available for Yureka Black ranging from noughat to android pie. But the roms with android versions Oreo and Pie run permissive SeLinux ( even the official roms in yuforums ). Switching to enforcing mode on these roms usually breaks the camera or the fingerprint . So are there any other custom roms available that have SeLinux enforcing by default?
Click to expand...
Click to collapse
Probably not, enforcing mode gets in the way of a lot of things when it comes to custom ROMs and using root, permissive mode is required for certain modifications incorporated in custom ROMs.
Using stock firmware or manually switching to enforcing in your custom ROMs might be your only options.
Sent from my LGL84VL using Tapatalk
Droidriven said:
Probably not, enforcing mode gets in the way of a lot of things when it comes to custom ROMs and using root, permissive mode is required for certain modifications incorporated in custom ROMs.
Using stock firmware or manually switching to enforcing in your custom ROMs might be your only options.
Click to expand...
Click to collapse
But isn't permissive SeLinux less secure than a rooted device with enforcing SeLinux? Is permissive SeLinux still insecure even if the ROM has latest security patches?
Brainyboy said:
But isn't permissive SeLinux less secure than a rooted device with enforcing SeLinux? Is permissive SeLinux still insecure even if the ROM has latest security patches?
Click to expand...
Click to collapse
Certain mods require permissive mode, plain and simple, otherwise, the mods won't work.
The reason why custom ROMs use permissive has more to do with allowing software features and functionality to work than it does with how secure the device is or isn't.
Sent from my LGL84VL using Tapatalk
@Brainyboy, to add to what @Droidriven had already stated...
The following post explains why so many of the recent Custom Firmwares for the newer Android versions has been provided in a Permanent Permissive Mode...
https://forum.xda-developers.com/showthread.php?p=78054819
Good Luck & Enjoy!
~~~~~~~~~~~~~~~
UNLESS asked to do so, PLEASE don't PM me regarding support. Sent using The ClaRetoX Forum App on my SM-G900T device.
There are 69 ROMs with SELinux Enforcing now...
Related
Hi,
up until 7.1.2 I used to run 2-3 roms in multirom, six or nitro as primary purenexus as secondary. However six's newest Oreo rom, it would install new kernel (i think) with it which does not support kexec (don't quote me on it either). Where as before I always used Kexec supporting kenrels such as franco, elemental and b14ckb1rd. Now I understand things very basic not in depth. And I understand why custom kernels for N6 might not be out already (since google didnt push out official oreo update for N6). My question for devs is should there be kernels out there in near future that would support Oreo and multirom same way it used to be till 7.1.2? Not asking for when not asking why not yet just asking if in future will it happen? If so (this question is just to understand) would that kernel be based on kernel for N6P or N5x or Pixel?
I would greatly appreciate if anyone can explain me. If a kernel developer wants to explain in great technical details I would love to read up. Thanks.
BTW the reason I asked this, is because in my experience, current custom kernels would not boot Oreo beta rom. and I am assuming they would not boot any future 8.0 roms as support for 8.0 is not listed under them only support for until 7.1.2 is listed. I am noob so feel free to correct me wherever i was wrong.
nanunoran said:
BTW the reason I asked this, is because in my experience, current custom kernels would not boot Oreo beta rom. and I am assuming they would not boot any future 8.0 roms as support for 8.0 is not listed under them only support for until 7.1.2 is listed. I am noob so feel free to correct me wherever i was wrong.
Click to expand...
Click to collapse
Devs are working on making Oreo stable with it's core features and when that's done the kernel and feature development will start picking up. As of now you'll have to wait but by experience from seeing older phones with dropped official support that has received newer Android versions by custom roms, multirom has worked so I don't see any issue. Only time will tell. Right now getting all core features stable is prio number 1.
Recently i asked about Android 10 in the pixel experience thread, i asked because of the website saying "This version Is no longer Supported". I wanted to know if this means no more updates at ALL or just no more updates for Pie.
after this. i started the quest of Android 10, (thats what i like to call it) first i tried with treble roms and found out: everything based on pixel is very buggy and never gets out of the "Finishing Update" lag period, Also everything which wasnt the android 10 beta 5 build advertised by jarlpenguin and phhusson.
gapps which are imbedded into the rom dont work at all on treble Android 10.
Because of that, the only rom with gapps working right now is lineage 17.1..... the problem with that though is that you have no data (no signal/no sim) message and thus cant receive or send anything.
so i started looking at other motorola devices with the same chipset as our device, and search for possibilities for this already working. well i patched a version of aosp 10 from cedric aka the moto G5 which also has a snapdragon 430 processor. the kernel was well...... missing. After flashing radium for non treble roms fixed the problem. we have very similar problems though. 1. We still hav eno REAL signal, yeah it shows up but stays at 0 2.Gapps Dont Work BUT Begone "Finishing Update Lag" , what i am trying to say is: we should probably base on those builds and try if that works with different tweaks and patches to get all features working.
Also i am going to experiment further with this, for example: i am going to experiment with Pixel Experience 10 in the same way i did with Aosp!
thanks for reading i guess
Android 10 development is being postponed in favor of SELinux enforcing on Pie. Plus cedric's Android 10 builds are not Treble enabled, whereas montana's ROMs are, so it won't boot.
Of course I could release a build of LineageOS 17.1, but that would have broken camera, battery drain, possibly memory leaks, and partially broken audio playback. That is why I haven't released it.
---------- Post added at 02:42 PM ---------- Previous post was at 02:37 PM ----------
Furthermore, the reason we haven't been able to work on SELinux in P is because the non-treble policy was completely unfit for treble. When we attempted addressing SELinux denials, we hit neverallow build errors. As it turns out, our RIL blobs are too old for Treble compatibility, so we need to update them.
Oh. Okay! Thanks for the information. I guess this just means that at some point PE will get continued. Maybe I will try some modifications on my side to try and get it working.
Hmm
Guess it's set to enforcing. For security and rom compatibility reasons I did deactivate a lot of things first
Some random said:
Hmm
Click to expand...
Click to collapse
Seems spoofed. We didn't have enforcing on any Pie builds.
JarlPenguin said:
Seems spoofed. We didn't have enforcing on any Pie builds.
Click to expand...
Click to collapse
The picture is by me.... A lot of things broke afterwards tho. So it isn't just a manipulated settings screen...
This is a picture on RR pie btw
And for context: this is NOT how the ROM comes on its own, I used an application called "The Selinux switch" to set it to enforcing
Some random said:
And for context: this is NOT how the ROM comes on its own, I used an application called "The Selinux switch" to set it to enforcing
Click to expand...
Click to collapse
Right. That's what I thought. It's either spoofed or someone manually enabled it. Lots of things broken are expected.
WETA Kernel SM-G998U/U1/0 Snapdragon only
*** This will only work on Snapdragon devices with an unlocked bootloader..
SM-G998U/U1 - SM-G9980
Telegram thread at bottom of this post
See post #2 for install steps
Changelog...
R5.02
Telegram thread merged into N20.S20 group, check new links.
Upstreamed to 5.4.127
all modules now inlined, no need for magisk helper module.
added wireguard
Power usage tweaks
More
R4.04
Upstreamed to 5.4.123
R4.03
Upstreamed to 5.4.122
R4.02
Upstreamed to 5.4.121
R4.01
Upstreamed to 5.4.120
R4
Testing phase complete
Upstreamed to 5.4.119
R3
Rebased off UAG source code
R2
Upstreamed to 5.4.118
Fixed Torch/Flash
R1
built using CU8 kernel source
Upstreamed to 5.4.117
Fully permissive
KNOX disabled
Wireguard
Misc debugging disabled
Kernel Downloads
Telegram thread
--------------------->
Beer fund
XDA:DevDB Information
Kernel for the Samsung Galaxy S21 Ultra
Contributors
Mentalmuso, mentalmuso
Source Code: - Kernel Source
Kernel Special Features:
Version Information
Status: Stable
Current Stable Version: R1
Created 2021-05-10
Last Updated 2020-05-10
*** Be aware, there may be a need to wipe data if you desire to go back to stock kernel, my suggestion is to backup your stock BOOT partition and DATA before flashing. This way you can return to your original setup easily. It is unknown at this stage what data is causing an issue going back to stock. If you find it, be sure to share.
* You must have bootloader unlocked and rooted your device with Magisk before flashing this kernel. Magisk is essential for camera and wacom.
* Boot times are approx 60-75sec at the moment, itll sit on the yellow triangle splash for approx 60sec and the bootanimation for 5sec.
* When flashing this kernel, an AnyKernel helper module is installed. This is a Magisk Module that is essential for the operation of Camera and Wacom. Removal of this module while running this kernel will break camera and spen.
* Kernel zip labels have either a P or E in them, P=Fully Permissive, E=Enforcing (switchable)
To install
download and flash the kernel installer zip in TWRP or any custom recovery
--->
mine 2
Amazing to see some development, i thought this phone thread was gonna be dev dead
I am a little surprised myself.
Status update
I have found a couple of bugs I'm working on, #1 camera module only loads on permissive version of kernel, #2 the flash doesn't work, #3 random reboots maybe 4-5 times a day.
Working on having a stable R2 this week.
Edit: so it seems the hourly bootloop happens on stock kernel for me also. So it isn't an issue with this kernel. Though I do need to fix the flash
WETA Kernel R2
Upstreamed to 5.4.118
Fixed Torch/Flash
--->
WETA Kernel R3
Starting from scratch with different source code. It seemed there were problems booting for most. The new test kernels have been successful.
This is a basic start, with the intention of upstreaming and testing along the way.
--->
WETA Kernel R4
Upstreamed to 5.4.119
* Testing was successful with the different source code kernel
* Remember you MUST have magisk installed Pryor to flashing this kernel, this kernel needs it's ak3-helper magisk module for camera operation.
--->
I have used your Kernels in the past for other devices, really loved them. Was wondering if you plan to make a custom kernel for the s21 ultra Exynos in the future ?
Excuse my ignorance but please elaborate on "knox disabled"? I have unlocked bootloader/magisk and knox is already disabled as far as I know. Would this mod to the kernel allow me to use knox locked features that have been lost, eg biometric security for some apps? Thank you for your work, look forward to trying it out
dsdavis6 said:
Excuse my ignorance but please elaborate on "knox disabled"? I have unlocked bootloader/magisk and knox is already disabled as far as I know. Would this mod to the kernel allow me to use knox locked features that have been lost, eg biometric security for some apps? Thank you for your work, look forward to trying it out
Click to expand...
Click to collapse
Kernel based Knox ncm is disabled, it has nothing to do with your "Knox fuse" which is blown when your bootloader is unlocked.
paul_cherma said:
I have used your Kernels in the past for other devices, really loved them. Was wondering if you plan to make a custom kernel for the s21 ultra Exynos in the future ?
Click to expand...
Click to collapse
I don't plan on building anything for devices I don't hold in my hand. Reliable testing is hard otherwise
WETA Kernel 4.02
Upstreamed to 5.4.121
--->
Just a note regarding boot times, I can achieve a 35sec boot time, though in doing so it breaks double tap to wake, and fingerprints. I won't release a version with those broken items.
WETA Kernel 4.03
Upstreamed to 5.4.122
--->
WETA Kernel 4.04
Upstreamed to 5.4.123
--->
Hi,
I am a noob and from India.
Recently I built lineage os 16 rom for my device Redmi 4x.
I started doing it to support latest security updates. I was able to boot the ROM and its working decently and have not encountered any major bugs yet.
I have used the source from lineage git. Same for kernel and device blobs.
Now my banking apps do not work and report that the device is root even when its not. SELinux is set to enforcing.
It used to work previously with last official lineage 16 built for device.
Is this beacuse of the ROM file being signed with public keys?
What can I do to fix this?
Hello,
my friend has a Samsung galaxy note 8 with the model SM-N950F and he was thinking about giving me his phone to install a custom ROM for him, the phone is running stock ROM.
my question is what is the most stable android 12/13 Rom ( AOSP ) that doesn't require rooting and has banking apps and the pen working fine, also what is the latest stable TWARP and Odin that works for that model ( because I had SM-G530h and some Odin versions didn't work with it ).
one more question is it available to go back to Stock ROM once again using Odin like with old Samsung phones and where can I find a trusted source as Sammobile doesn't seem to work for me for some reason?
thanks in advance for your help.
KingDark2010 said:
Hello,
my friend has a Samsung galaxy note 8 with the model SM-N950F and he was thinking about giving me his phone to install a custom ROM for him, the phone is running stock ROM.
my question is what is the most stable android 12/13 Rom ( AOSP ) that doesn't require rooting and has banking apps and the pen working fine, also what is the latest stable TWARP and Odin that works for that model ( because I had SM-G530h and some Odin versions didn't work with it ).
one more question is it available to go back to Stock ROM once again using Odin like with old Samsung phones and where can I find a trusted source as Sammobile doesn't seem to work for me for some reason?
thanks in advance for your help.
Click to expand...
Click to collapse
Your question is a contradiction. You're asking whether you can use a custom ROM without root but still pass Play Integrity and other checks? This is not possible. Simply having an unlocked bootloader makes your device fail. To pass Play Integrity and be able to use banking apps, the Universal SafetyNet Fix module is required for use with Magisk. Further, AOSP does not include any of the "frills" that Samsung preloads into their firmware, meaning that not all features may work, including the S Pen. If you want to try AOSP anyway, you can follow my guide here to install an AOSP GSI.
As for returning your device to stock using Odin, yes. Sammobile is a good source, but if it doesn't work for you, you can try Frija or Samfirm.js to download the firmware directly from Samsung's servers.
V0latyle said:
Your question is a contradiction. You're asking whether you can use a custom ROM without root but still pass Play Integrity and other checks? This is not possible. Simply having an unlocked bootloader makes your device fail. To pass Play Integrity and be able to use banking apps, the Universal SafetyNet Fix module is required for use with Magisk. Further, AOSP does not include any of the "frills" that Samsung preloads into their firmware, meaning that not all features may work, including the S Pen. If you want to try AOSP anyway, you can follow my guide here to install an AOSP GSI.
As for returning your device to stock using Odin, yes. Sammobile is a good source, but if it doesn't work for you, you can try Frija or Samfirm.js to download the firmware directly from Samsung's servers.
Click to expand...
Click to collapse
Frija is faster and I recommend it. SAMMobile forces users to register to their website and limit your DL-speed.
It's not strictly required to use Magisk. Some Custom ROMs by default spoof SafetyNet Attestation to BASIC and don't need Magisk.
But in the case of Custom ROMs like LineageOS (which doesn't spoof/hide the Unlocked Bootloader on purpose!), or Stock OneUI ROM, you do need to use Magisk + "MagiskHide Props Config" Magisk Module and set the fingerprint to Note8. If Note8 isnt available as a fingerprint, use SafetyNet-Fix Module.
Also, I don't use my Note 8 anymore, but we have Custom ROMs for Note8. I see we have LineageOS 20.0. Why use GSIs? They are much more unstable and buggy.
cyanGalaxy said:
Frija is faster and I recommend it. SAMMobile forces users to register to their website and limit your DL-speed.
It's not strictly required to use Magisk. Some Custom ROMs by default spoof SafetyNet Attestation to BASIC and don't need Magisk.
But in the case of Custom ROMs like LineageOS (which doesn't spoof/hide the Unlocked Bootloader on purpose!), or Stock OneUI ROM, you do need to use Magisk + "MagiskHide Props Config" Magisk Module and set the fingerprint to Note8. If Note8 isnt available as a fingerprint, use SafetyNet-Fix Module.
Also, I don't use my Note 8 anymore, but we have Custom ROMs for Note8. I see we have LineageOS 20.0. Why use GSIs? They are much more unstable and buggy.
Click to expand...
Click to collapse
LineageOS is largely developed as a GSI. Yes, in many cases, it is bundled with a device specific kernel as a complete ROM, but for Project Treble compliant devices, a Generic System Image is just that - a single generic system image that does not have any device specific functions and can be used with any kernel on any device. In that regard, the official AOSP GSIs are very stable, and any issues are usually involved with the kernel, not the system image.
KingDark2010 said:
Hello,
my friend has a Samsung galaxy note 8 with the model SM-N950F and he was thinking about giving me his phone to install a custom ROM for him, the phone is running stock ROM.
my question is what is the most stable android 12/13 Rom ( AOSP ) that doesn't require rooting and has banking apps and the pen working fine, also what is the latest stable TWARP and Odin that works for that model ( because I had SM-G530h and some Odin versions didn't work with it ).
one more question is it available to go back to Stock ROM once again using Odin like with old Samsung phones and where can I find a trusted source as Sammobile doesn't seem to work for me for some reason?
thanks in advance for your help.
Click to expand...
Click to collapse
To be able to use Banking Apps, the following practices are good.
Passing SafetyNet (you can check this with YASNAC from Play Store).
If you don't pass SafetyNet, use Magisk with one of the 2 modules mentioned above.
You may also need to enable Zygisk, Enforce DenyList, and add your Banking Apps to Magisk DenyList.
I use a Xiaomi Poco F3 with ArrowOS Custom ROM, it already contains patches to force SafetyNet to BASIC, and so I dont need any modules, but only Zygisk, Force DenyList, and add my Banking Apps to the DenyList and reboot ^^
V0latyle said:
LineageOS is largely developed as a GSI. Yes, in many cases, it is bundled with a device specific kernel as a complete ROM, but for Project Treble compliant devices, a Generic System Image means the system image can be used with the OEM kernel on any device, because everything specific to that device is contained within the kernel. In that regard, the official AOSP GSIs are very stable, and any issues are usually involved with the kernel, not the system image.
Click to expand...
Click to collapse
My Xiaomi Poco F3 (2021) supports Treble and GSI's are not at all usable/daily-drivable. Scratchy Sound, Missing Vibration etc..
cyanGalaxy said:
My Xiaomi Poco F3 (2021) supports Treble and GSI's are not at all usable/daily-drivable. Scratchy Sound, Missing Vibration etc..
Click to expand...
Click to collapse
What GSIs have you tried? I suspect that the device kernel is not fully Treble compliant.
V0latyle said:
What GSIs have you tried? I suspect that the device kernel is not fully Treble compliant.
Click to expand...
Click to collapse
V0latyle said:
What GSIs have you tried? I suspect that the device kernel is not fully Treble compliant.
Click to expand...
Click to collapse
Generic System Image releases | Platform | Android Developers
developer.android.com
The official Googley ones. Tho I don't mind, since I use an AOSP Custom ROM anyway (on my Xiaomi phone). My Note 8 is kept on OneUI 1.0... i miss the "Samsung Experience" dayz.. Yknow, the OS that came after TouchWiz. It had a rather professional-looking boxy design. Don't like the Huge padding and Rounded Corners of OneUI. The modern OneUI versions are also eh. Due to Samsung stuffing additional apps like TikTok and other rubbish as pre-installed apps.
cyanGalaxy said:
Generic System Image releases | Platform | Android Developers
developer.android.com
The official Googley ones. Tho I don't mind, since I use an AOSP Custom ROM anyway (on my Xiaomi phone). My Note 8 is kept on OneUI 1.0... i miss the "Samsung Experience" dayz.. Yknow, the OS that came after TouchWiz. It had a rather professional-looking boxy design. Don't like the Huge padding and Rounded Corners of OneUI. The modern OneUI versions are also eh. Due to Samsung stuffing additional apps like TikTok and other rubbish as pre-installed apps.
Click to expand...
Click to collapse
Huh. I've used both the "pure" GSIs from Android CI, as well as the Android Developer GSIs on my Tab A 8.0 with the CUK4 kernel. Everything works like it should. Make sure you're using the correct architecture and bitness for your device - most are arm64 - but in the off case that your Xiaomi isn't ARM, there will likely be a lot of issues.
Remember that while a Treble kernel should run any GSI, you still have to wipe data. You can't go from OEM firmware to GSI or vice versa without a data wipe; that cause a a lot of stability issues.
thanks for the replays and information guys regarding official releases of AOSP ROMs I haven't seen one that is higher than android 9 ( which is mainly the reason why we want to install a higher version due to compatibility issues with the company portal apps ) so any idea what is the most stable ROM for that model running android 10 or above