Related
Hello dear Chainfire and community!
I have a rather obscure issue: I want to run a root script at very early init.
The script (predictably) runs afoul of Selinux policy (who'd have thought) and since it's a chinese phone no sources are available.
Good things:
I can unpack/repack boot.img without issue, and can add/start services from .rc
Phone is rootable and after proper boot, SuperSu works fine (and so does setenforce 0)
Bad things:
This is lolipop 5.0 so install-recovery.sh and anything else of that general kind is not available
Source (and thus opportunity to change sepolicy) not available
SuperSu daemon's normal start is waaaaay too late for what I'm trying to do.
Question:
Given that I can add my own service and run it as I please, is there a way to "kickstart" su functionality early-on (so I can set Selinux to permissive and run my stuff), without breaking functioning of supersu after boot completes?
After a bit of tinkering and some insight from Chainfire and imoseyon i was finally able to get SuperSU working on AOSP roms without being permissive or having to use Chainfire's prebuilt sepolicy
sepolicy patch is here: https://github.com/PureNexusProject...mmit/0f5072de4580a5db7348917e77e4c1c35d3e3c1a
Stickied.
sorry to be that guy, but how does this affect the average joe?
does it mean theres going to be a new version of supersu with this or does this mean that custom rom makers can use this patch to make there roms not need the the custom boot.img?
WarningHPB said:
sorry to be that guy, but how does this affect the average joe?
Click to expand...
Click to collapse
It doesn't, this is for ROM devs only, they know what to do with this.
Chainfire said:
It doesn't, this is for ROM devs only, they know what to do with this.
Click to expand...
Click to collapse
Welcome back! Hope you had a good break.
Chainfire said:
Stickied.
Click to expand...
Click to collapse
Thanks after including this in my AOSP builds i have noticed a few things, certain "root" app still dont function and get selinux denials. i originally had noticed this with logcat extreme. i was getting read and write denials on logd so i did an audit2allow on my sepolicy and came up with the following allow
Code:
#============= logd ==============
allow logd init:fifo_file { read write };
i did a quick google search on this and came up with https://gist.github.com/poliva/fc5b7402bde74be27518 which is apparently an sediff of your sepolicy, which is heavily modified beyond just what i had for supersu to work in enforcing for aosp roms. so i guess my real question is do us "AOSP" devs have to update our sepolicys with these 300+ additions to get all current root apps working or is this something that you can overcome in an update to SuperSU.
thanks in advance :good:
BeansTown106 said:
Thanks after including this in my AOSP builds i have noticed a few things, certain "root" app still dont function and get selinux denials. i originally had noticed this with logcat extreme. i was getting read and write denials on logd so i did an audit2allow on my sepolicy and came up with the following allow
Code:
#============= logd ==============
allow logd init:fifo_file { read write };
i did a quick google search on this and came up with https://gist.github.com/poliva/fc5b7402bde74be27518 which is apparently an sediff of your sepolicy, which is heavily modified beyond just what i had for supersu to work in enforcing for aosp roms. so i guess my real question is do us "AOSP" devs have to update our sepolicys with these 300+ additions to get all current root apps working or is this something that you can overcome in an update to SuperSU.
thanks in advance :good:
Click to expand...
Click to collapse
There is no such thing now as "all current root apps working".
If SuperSU's deamon can be launched, and it can in turn launch the supolicy tool, most of the rules from the diff will be modified by SuperSU as needed.
What your patch needs to do (and you have already done) is make sure SuperSU can be launched in the right context, and can modify the sepolicy. You do not need to implement those 300+ additions - it will be done at boot automagically.
As for those additions themselves, they are primarily needed to:
- make sure SuperSU can work, internal communications between the different processes and such
- make processes running as the "init" context (where root apps run by default) as powerful as possible
- specifically "allow" a number of things that would otherwise still work, but would be logged (everything that starts with "allow init" or "allow recovery")
Now, even with the above, still not everything works out of the box. Everything that goes from "init" to "non-init" context should already work, but going from "non-init" context to "init" may not. In your example case, we go from "logd" to "init", which isn't specifically allowed. Often apps can be fixed to work around an issue such as this.
Generally speaking, the solution is not to fix the source sepolicy or the supolicy tool, the solution is for the "logcat extreme" app to run the following at launch (as documented in How-To SU):
Code:
supolicy --live "allow logd init fifo_file { read write }"
In this specific case, maybe it could be added to supolicy, it depends on what exactly generates the audit. If it's a simple logcat command, it's a candidate for inclusion. The problem might even be solved by switching contexts rather than modifying any SELinux policies. But that is something for the app developer to figure out.
In either case, it is not something you need to fix in the AOSP patches. Those already do what they need to do.
Since they started doing SELinux Enforcing though, the policies in AOSP have generally been a tad stricter than on retail devices (this was specifically the case during 4.4 days). This may lead to you sometimes having to add/remove a rule manually somewhere that was not added to SuperSU yet. It could happen, but it's unlikely, probably temporary, and it probably should not go into this AOSP patch.
A note on pof's sediff, I'm not sure it was done cleanly, as I see some modifications in there that are not done by supolicy. Either way, such a post is informative, not leading, as supolicy may do more or less modifications depending on various runtime variables (such as Android version). Additionally, due to context names and availabilities changing between Android versions, any rule modification referencing a context not available in the to-be-patched sepolicy will not be applied, and thus will not show up in an sediff.
@BeansTown106
Have you checked by any chance if this patch is enough to allow 2.61 (systemless) to work still ?
Chainfire said:
@BeansTown106
Have you checked by any chance if this patch is enough to allow 2.61 (systemless) to work still ?
Click to expand...
Click to collapse
thanks for the description above now i understand. have never developed a root app so i had not read that part of how to su, but it makes perfect sense that the root apps would handle the denials live via your supolicy
as for system less root i have not tried that yet but i will give it a shot tonight, and report back, i know some people in my ROM thread have used system less root. but i am not sure if you had packaged your sepolicy in the install script for 2.61+ and if it is overwriting mine in the kernel, if that is the case i will modify the installation to not patch the sepolicy and see if it works with my pre compiled one based on the source above
Starting 2.64, I think this addition to init.te is all that is needed:
Code:
allow init kernel:security load_policy;
Confirmation needed though. The original patch will also work with 2.64, and the ZIP installer should default to /system installation mode.
Of course, this also requires that /system isn't verified by dm-verity, and init reloads sepolicy from the standard /data/security/current location.
the link in OP its no longer working...
Also in CM13 tree we have:
Code:
# Reload policy upon setprop selinux.reload_policy 1.
# Note: this requires the following allow rule
# allow init kernel:security load_policy;
and over my builds have no problem with SuperSU system less...
Chainfire said:
Starting 2.64, I think this addition to init.te is all that is needed:
Code:
allow init kernel:security load_policy;
Confirmation needed though. The original patch will also work with 2.64, and the ZIP installer should default to /system installation mode.
Of course, this also requires that /system isn't verified by dm-verity, and init reloads sepolicy from the standard /data/security/current location.
Click to expand...
Click to collapse
will build and test with only load policy enabled, is this for system, and systemless root?
danieldmm said:
the link in OP its no longer working...
Also in CM13 tree we have:
Code:
# Reload policy upon setprop selinux.reload_policy 1.
# Note: this requires the following allow rule
# allow init kernel:security load_policy;
and over my builds have no problem with SuperSU system less...
Click to expand...
Click to collapse
updated link, so your saying systemless supersu works with no selinux modifications?
BeansTown106 said:
updated link, so your saying systemless supersu works with no selinux modifications?
Click to expand...
Click to collapse
Over my builds yes, no issues at all in cm13, although my kernel it's in permissive mode. Maybe it's why it works all good?
Enviado do meu A0001 através de Tapatalk
danieldmm said:
Over my builds yes, no issues at all in cm13, although my kernel it's in permissive mode. Maybe it's why it works all good?
Enviado do meu A0001 através de Tapatalk
Click to expand...
Click to collapse
that is why, these patchs are to allow you to run in enforcing
I dont know if a should post here this question: there is any way to fix this problem with the rom already installed?
Thanks
Garzla said:
I dont know if a should post here this question: there is any way to fix this problem with the rom already installed?
Thanks
Click to expand...
Click to collapse
Try the following. It works for me when needed...
http://forum.xda-developers.com/showthread.php?t=3574688
Thank you for your work!
Link in OP its no longer working...
Is there any actual guide how to add SU directly to AOSP build. I have found bits and pieces but those are mainly 4.x releases.
I'm using Android M release and quite much struggling to get it working.
I have tried to make SU default on AOSP 6.0 by using this guide.
http://forum.khadas.com/t/gapps-and-su-on-soc/118/3
I'm using user build and enabled selinux permissive on that.
i have made also ro.secure=0 ro.debuggable=1 and security.perf_harden=0 (Not sure if needed)
I have also modified to change the su permissions in fs_config.c
I managed to get this work so that when flashing rom SuperSu ask for updating su binary and after that su works.
but i then cleaned work area to verify build by deleting out dir and recompiled. No go anymore.
Why it's so hard to add su by default on AOSP rom. I woud like to have it by default so i would not need to do any tricks everytime i flash new rom.
It reminds me of Korean dramas ,
My understanding of how SuperSU works since SELinux hit the scene is that Chainfire did a whole lot of work to allow SuperSU to function in SELinux enforcing mode by loading scripts at boot (in su.d) that grant SuperSU specific permission for the things that were causing problems. However, because of all of this work that Chainfire did in order to allow SuperSU to load through SELinux enforcing, he also effectively made it so that a process called SUPolicy can run scripts placed in su.d, which can allow other software to also bypass problematic parts of SELinux if a proper .sh script is inserted in su.d.
However, it seems like, from the documentation and discussions that I have read, that this whole SUPolicy thing does not actually need SuperSU to run, since it is actually the thing that SuperSU needs to run in an SELinux enforcing environment. So the million dollar question: Would it be possible to create this SUPolicy process and su.d script-loading without having to install SuperSU. That is, could it be made a standalone installation without SuperSU?
The question title can't be much longer but I basically need to execute a script only once when each of the following events happen:
Module is installed.
Module is uninstalled.
Module is enabled.
Module is disabled.
In other words:
When the user first installs my module, I need to execute a script just once.
If the user eventually disables the module, I need to execute the same script again just once.
If the user eventually re-enables the module, I need to execute the same script again just once.
When the user decides to uninstall my module, I need to execute a script just once.
That script is basically removing a particular app's dalvik cache (rm -rf /data/dalvik-cache/<(arm|arm64)>/<app_specific_folder>), and user data (rm -rf /data/data/<package_name>).
I need some pointers on how to do this properly for those 4 events mentioned above and in a way compatible with most devices (for the record, I'm only supporting Nougat and above, if that's relevant).
Installation is easy. Make a function with your script in config.sh and call that from update-binary. Also make sure to let the module install a boot script (post-fs-data.d or service.d, depends on what you want to do) that takes care of the rest for you.
Whenever a module is disabled, there'll be a file named disable in the module folder, so you can let the boot script check for that and then run whatever code you need for the "module disabled" scenario. If you also let that code add a check file to the module folder you can let the code only run once. If both the disable and check files are present, don't run the code...
If the module then is enabled again, the disable file will be deleted. In that case you'll only have the check file, which will mean you should then run the "module enabled" code (which should also delete the check file, of course).
Also let the boot script check for the module folder. If it isn't found it means the module has been uninstalled and you can safely run your "module uninstalled" scenario, do some cleanup, and then let the boot script uninstall itself.
That should work...
There are several modules that do something similar, my MagiskHide Props Config is one of them. Look around for more examples.
I see what you mean but I need to test my code with logging to make sure I'm doing things correctly. What's the best way for me to print to logcat from my Magisk module?
Use exec with xtrace.
Code:
exec 2>/path/to/log/file;
set -x;
It will redirect the command (execution) tree and their errors to the log_file.
Regards.
@JayminSuthar Sorry, I don't understand. Where should I place that code? And are you saying that all the commands (outputs and errors) on my module will be redirected to that file, no exceptions?
You should place this code in your script from where you want logging to start (mostly the beginning). This will print the command (execution) tree in the log file, and all errors (if any), It will not print the output, but the command executed itself.
The format of the logs should be like
Code:
+ >&2
+ echo 'Here logging starts, I'm stderr'
Here logging starts, I'm stderr
+ rm -f /some/non/existent/file
rm: Can't remove file: No such file or directory
These modules are not meant for everyday use. They are intended for debugging and modification of a firmware. They significantly lower security of your device while active and even could softbrick it. You've been warned.
ADB Root
Magisk Module that allows you to run "adb root". adb root is not an ordinary root (su), it's adbd daemon running on your phone with root rights. adb root allows you to "adb push/pull" to system directories and run such commands as "adb remount" or "adb disable-verify".
Download v1.0: https://github.com/evdenis/adb_root/releases/download/v1.0/adb_root.zip
Source code: https://github.com/evdenis/adb_root
Support: Telegram
SELinux Permissive
This module switches SELinux to permissive mode during boot process. This module intentionally lowers security settings of your phone. Please don't use it if there is a better solution to your problem, e.g., magiskpolicy. The module will not work if your kernel compiled with always enforcing config, e.g., stock samsung kernels. It's not possible to enable permissive mode on such kernels.
Download v2.0: https://github.com/evdenis/selinux_permissive/releases/download/v2.0/selinux_permissive_v2.0.zip
Source code: https://github.com/evdenis/selinux_permissive
Support: Telegram
Enable Eng
This Magisk Module enables engineering build props. It allows to activate debugging parts of a firmware. Please, disable Magisk Hide for this module. If you don't know what you are doing, don't use this module. It can easily softbrick your device.
Troubleshooting
If your device doesn't boot then you need to reboot to TWRP recovery and
Code:
$ adb shell rm -fr /data/adb/modules/enable_eng
If ADB doesn't work that means adbd in your firmware is build without ALLOW_ADBD_ROOT. You can fix adb autostart either by installing "ADB Root" magisk module or by disabling this module.
Download v1.0: https://github.com/evdenis/enable_eng/releases/download/v1.0/enable_eng.zip
Source code: https://github.com/evdenis/enable_eng
Support: Telegram
Kexec tools for Android
This module adds statically linked kexec binary to your system. Aarch64 only. Kexec is a system call that enables you to load and boot into another kernel from the currently running kernel. Your kernel should support kexec.
Download v1.0: https://github.com/evdenis/kexec/releases/download/v1.0/kexec.zip
Source code: https://github.com/evdenis/kexec
Support: Telegram
GDISK/Parted for Android
The module adds statically linked parted/sfdisk/fdisk/gdisk binaries to your system. Aarch64 only. These utils are standard linux tools to edit the partitions tables on disks.
Download v2.0: https://github.com/evdenis/disk/releases/download/v2.0/disk-v2.0.zip
Source code: https://github.com/evdenis/disk
Support: Telegram
Is also valid for One Plus 5 ?
Inviato dal mio ONEPLUS A5000 utilizzando Tapatalk
tmviet said:
Is also valid for One Plus 5 ?
Click to expand...
Click to collapse
Hi, these magisk modules are device independent. Yes, you can use them on One Plus 5.
evdenis said:
Hi, these magisk modules are device independent. Yes, you can use them on One Plus 5.
Click to expand...
Click to collapse
Tks. A lot [emoji6]
Inviato dal mio ONEPLUS A5000 utilizzando Tapatalk
Thanks @evdenis, this module is great! I haven't gotten the 100% desired behavior (getting adbd with actual root perms) because I'm running a 32-bit architecture (armeabi-v7a) and you've supplied only the 64-bit version of adbd, but I've been using your module to swap out 32-bit versions of different versions of adbd I have lying around (older devices). I'm a n00b when it comes to building adbd from scratch using the latest sources with your patch so I'm planning on using the adbd that came with the device and using a disassembler and a hexeditor to NOP out some calls, such as the call to minijail_enter() and see if I have any success. The original device version of adbd doesn't seem to have the functions in it that you built with the patch, but instead appears to use a bunch of minijail library functions. The device is a rooted android 8.1.0 OS, but it is only rooted systemlessly so many of the ro.* build properties affecting adb are changed well after the OS-essential portion boots rendering my efforts thus-far using the original adbd ineffective I'm guessing. I can now issue the "adb root" command from my machine, but adbd on the device is always being launched with the following command line arg "--root_seclabel=u:r:su:s0" and never gains root permissions by default (the behavior I'm trying to achieve). I can manually use "su" but this doesn't help me with push/pull requests to protected parts of the OS and chainfire's "ADB Insecure" patches adbd successfully, but I still don't get the root perms.
Do you know if the system is starting the process with reduced permissions (i.e. adbd will never be able to gain root access on its own no matter what I modify) and I should go a different route like modifying something else in the system rather than adbd? Again, I've already modified the ro.* properties affecting adbd so it does attempt to re-launch itself as root, it just doesn't end up getting the root perms. Manually launching adbd after killing it from within a shell on the device doesn't seem to affect the permissions in ultimately gets.
If you are anyone has any insight as to what I need to do so that adbd gains root permission, that would be much appreciated.
bpaxda said:
I'm planning on using the adbd that came with the device and using a disassembler and a hexeditor to NOP out some calls, such as the call to minijail_enter() and see if I have any success.
Click to expand...
Click to collapse
It was my initial attempt to gain "adb root" on samsung s10. And noping a couple of calls is not enough on the phone. adbd binary on your device could be compiled without "adb root" branch. This is the case on samsung s10. If "adb root" branch exists one need to force should_drop_privileges() function to return false (https://android.googlesource.com/platform/system/core/+/refs/heads/master/adb/daemon/main.cpp#65) in order to get into the "adb root" branch of code (https://android.googlesource.com/platform/system/core/+/refs/heads/master/adb/daemon/main.cpp#151).
bpaxda said:
ro.* build properties affecting adb are changed well after the OS-essential portion boots rendering my efforts thus-far using the original adbd ineffective I'm guessing.
Click to expand...
Click to collapse
You could try enable_eng magisk module (https://github.com/evdenis/enable_eng). The module changes ro.* props to engineering build props. Depending on a firmware this could help to get "adb root". However, no guaranties that the module will not softbrick your device. In case of softbrick you will need to reboot to TWRP and delete the module, instruction is in the README.md.
bpaxda said:
I can now issue the "adb root" command from my machine, but adbd on the device is always being launched with the following command line arg "--root_seclabel=u:r:su:s0" and never gains root permissions by default (the behavior I'm trying to achieve).
Click to expand...
Click to collapse
Try to disable SELinux either with the magisk module or with a script.
Thanks for your response.
I think you're right. Despite having adjusted the ro properties post-boot, there was nothing in ADB that would change the privileges as if it has been compiled out. By sheer luck, I managed to grab adbd from an identical device that had a recent forced firmware update, but the "improved adbd" actually let me get closer. The updated adbd had code changes to its adbd_main function so that it at least looks at the properties "ro.secure" and "service.adb.root" not to mention new calls to minijail_capbset_drop(), minijail_change_gid() and minijail_change_uid(). Using magisk to dynamically replace my original adbd binary with this updated one actually worked in getting adbd to start root shells without needing to invoke "su"!
However its a weird type of root that can't read certain files like /verity_key but I can see some things I should be able to see as root. I'm no SELinux expert, but my guess is that if everything is functioning correctly, I may be getting an SELinux "restricted" root. In this case, it might be the most I can expect from an SELinux enabled kernel launching adbd as root. Let me explain: since I'm using Magisk, post-boot systemlessly, (the system boots restricted and then I use the mtk_su exploit, to gain root and disable permissive SELinux mode), I'm getting permissive root on a session by session basis. I think the nature of this type of root means the kernel is probably still locked down and thus whatever daemon may be responsible for launching adbd remains locked down. Does this sound correct to you? If so, I can live with that
I'd love to get TWRP on this device, but I'm not sure its possible since TWRP doesn't list my device as supported on their website nor can I get into fastboot mode (I didn't try that hard because I wanted to exhaust other options before flashing anything). Do you think enable_eng would work *after* the ACTION_BOOT_COMPLETE event is processed? I.e. my device is rooted after bootup by a script which runs the exploit, but it is well after the system is fully running and locked-down. Luckily Magisk has a utility to change ro properties, but some of those properties are not looked-at by the system this late in the boot stage. Do you think in this case "enable_eng" would work for me? Thanks again!
bpaxda said:
Let me explain: since I'm using Magisk, post-boot systemlessly, (the system boots restricted and then I use the mtk_su exploit, to gain root and disable permissive SELinux mode), I'm getting permissive root on a session by session basis.
Click to expand...
Click to collapse
I'm not sure that my modules will work with this rooting scenario. As far as I could understand, magisk by default replaces the init process, patches selinux policy before it is loaded and next, calls the original init binary. I don't think that it will be possible to alter selinux policy with different boot scenario for magisk.
bpaxda said:
Do you think enable_eng would work *after* the ACTION_BOOT_COMPLETE event is processed? I.e. my device is rooted after bootup by a script which runs the exploit, but it is well after the system is fully running and locked-down. Luckily Magisk has a utility to change ro properties, but some of those properties are not looked-at by the system this late in the boot stage. Do you think in this case "enable_eng" would work for me?
Click to expand...
Click to collapse
I'm not sure that enable_eng will work. adbd daemon check some properties such as ro.secure dynamically, but they could be cached after the boot. I don't know the ways to drop the cache and re-read these properties (altered with magisk) after the boot. Here are the main properties the modules changes https://github.com/evdenis/enable_eng/blob/master/system.prop
Thanks for making this tool! I'm just wondering if I need to modify my adb to use the module - I run "adb root" normally and get "adbd cannot run as root in production builds" still
Anyone know why when i install SELinux Permissive version 2.0 of the module it still states version 1 in Magisk?
I flashed this in Magisk and rebooted. Now my phone is stuck in a boot loop. Any ideas? I'm using Sony Xperia XZ1 compact.
cheeklitched said:
I flashed this in Magisk and rebooted. Now my phone is stuck in a boot loop. Any ideas? I'm using Sony Xperia XZ1 compact.
Click to expand...
Click to collapse
If you have twrp installed just uninstall and reinstall magisk.
Otherwise,
Boot to bootloader and flash your boot.img file
Code:
fastboot flash boot boot.img
Then let phone boot. Reboot to bootloader again. Flash magisk_patched.img
Code:
fastboot flash boot magisk_patched.img
During startup, as soon as you get to the Google logo, hold the volume button down. This should start the phone in safe mode. See if it loads. If not, reboot phone, and execute this in terminal/command prompt:
Code:
adb wait-for-device shell magisk --remove-modules
This should allow the phone to start up all the way. Enable whatever modules you want. You may need to flash magisk_patched.img again.
This has fixed multiple problems for me. It's redundant, but it tends to work.
I installed the Magisk selinux script, but after installing it no longer shows in Magisk, so how do I dissable/undo/uninstall the script? I installed a Selinux checker and it says it is on permissive, so the scrip must have installed, but I want to remove it. Is there an undo script, or can I manually delete the script in my root filesystem? THX
Hello guys
I used Redmi K20 pro with Eu rom 10.4, android 10.
I used the lastest version of this module but my devices was not found on ADB system on my computer.
So what I do now? I tried to fix it but I cannot find anything about it.
Recently, setting SElinux to permissive is not advised. I had a issue with V4A setting my SElinux to permissive permenantly, but editing the magisk module to set SElinux to enforcing instead of permissive also works.
This is probs the only module that actually sets SElinux properly.
Here's the modded magisk module with the same credited creator, but just sets SElinux to Enforcing instead of permissive
OMFG I THINK THIS IS WHAT IVE BEEN LOOKING FOR. TEH HOLY GRAILLLLL OMGOMGOMG THANK YOU THANK YOU THANK YOUUUUU
Will ADB Root work for Android 8.1?
evdenis said:
These modules are not meant for everyday use. They are intended for debugging and modification of a firmware. They significantly lower security of your device while active and even could softbrick it. You've been warned.
ADB Root
Magisk Module that allows you to run "adb root". adb root is not an ordinary root (su), it's adbd daemon running on your phone with root rights. adb root allows you to "adb push/pull" to system directories and run such commands as "adb remount" or "adb disable-verify".
Download v1.0: https://github.com/evdenis/adb_root/releases/download/v1.0/adb_root.zip
Source code: https://github.com/evdenis/adb_root
Support: Telegram
SELinux Permissive
This module switches SELinux to permissive mode during boot process. This module intentionally lowers security settings of your phone. Please don't use it if there is a better solution to your problem, e.g., magiskpolicy. The module will not work if your kernel compiled with always enforcing config, e.g., stock samsung kernels. It's not possible to enable permissive mode on such kernels.
Download v2.0: https://github.com/evdenis/selinux_permissive/releases/download/v2.0/selinux_permissive_v2.0.zip
Source code: https://github.com/evdenis/selinux_permissive
Support: Telegram
Enable Eng
This Magisk Module enables engineering build props. It allows to activate debugging parts of a firmware. Please, disable Magisk Hide for this module. If you don't know what you are doing, don't use this module. It can easily softbrick your device.
Troubleshooting
If your device doesn't boot then you need to reboot to TWRP recovery and
Code:
$ adb shell rm -fr /data/adb/modules/enable_eng
If ADB doesn't work that means adbd in your firmware is build without ALLOW_ADBD_ROOT. You can fix adb autostart either by installing "ADB Root" magisk module or by disabling this module.
Download v1.0: https://github.com/evdenis/enable_eng/releases/download/v1.0/enable_eng.zip
Source code: https://github.com/evdenis/enable_eng
Support: Telegram
Kexec tools for Android
This module adds statically linked kexec binary to your system. Aarch64 only. Kexec is a system call that enables you to load and boot into another kernel from the currently running kernel. Your kernel should support kexec.
Download v1.0: https://github.com/evdenis/kexec/releases/download/v1.0/kexec.zip
Source code: https://github.com/evdenis/kexec
Support: Telegram
GDISK/Parted for Android
The module adds statically linked parted/sfdisk/fdisk/gdisk binaries to your system. Aarch64 only. These utils are standard linux tools to edit the partitions tables on disks.
Download v2.0: https://github.com/evdenis/disk/releases/download/v2.0/disk-v2.0.zip
Source code: https://github.com/evdenis/disk
Support: Telegram
Click to expand...
Click to collapse
how can i make permissive enfocing because in 2022 i heard thats a BIG security risk and my custom ROM (havoc os) if selinux permissive