SUPolicy and SELinux permission standalone (without SuperSU)? - SuperSU

My understanding of how SuperSU works since SELinux hit the scene is that Chainfire did a whole lot of work to allow SuperSU to function in SELinux enforcing mode by loading scripts at boot (in su.d) that grant SuperSU specific permission for the things that were causing problems. However, because of all of this work that Chainfire did in order to allow SuperSU to load through SELinux enforcing, he also effectively made it so that a process called SUPolicy can run scripts placed in su.d, which can allow other software to also bypass problematic parts of SELinux if a proper .sh script is inserted in su.d.
However, it seems like, from the documentation and discussions that I have read, that this whole SUPolicy thing does not actually need SuperSU to run, since it is actually the thing that SuperSU needs to run in an SELinux enforcing environment. So the million dollar question: Would it be possible to create this SUPolicy process and su.d script-loading without having to install SuperSU. That is, could it be made a standalone installation without SuperSU?

Related

[REQUESRT] Custom SELinux rules

@Chainfire: I've a request for SuperSU
Please add an option to load some user defined SELinux rules
I've the problem wiht a Nexus7+Lollipop that the Landscape/Portrait does not change because sensor is not accessible because auf missing SELinux rules. Also the fingerprint of the current device connected by adb could not be saved. Appling the missing rules if the system is started does not help, there's a soft reboot needed then...
So it would be great if i could set some own rules which are applied very early at system start
call "supolicy" from "su.d" to load your custom policies ...
Thanks! But it seems to be executed to late. With command there + full reboot the sensors are not accessible to change landscape/portrait. But after an additional soft-reboot it woks well. So I think its executed to late?
Btw, do the scripts need a special shebang? With /system/bin/sh it was not executed so i removed it
The changes are lost upon reboot (but the script is re-executed...). If soft-reboots work, it may be these scripts are executed too late, but they cannot be executed any earlier. You'd need to modify the ramdisk (kernel image). Not sure if shebang is needed - the script is executed via the current shell, which may or may not require that.
Okay, thanks!

Getting proper su at very early init via one of .rc files?

Hello dear Chainfire and community!
I have a rather obscure issue: I want to run a root script at very early init.
The script (predictably) runs afoul of Selinux policy (who'd have thought) and since it's a chinese phone no sources are available.
Good things:
I can unpack/repack boot.img without issue, and can add/start services from .rc
Phone is rootable and after proper boot, SuperSu works fine (and so does setenforce 0)
Bad things:
This is lolipop 5.0 so install-recovery.sh and anything else of that general kind is not available
Source (and thus opportunity to change sepolicy) not available
SuperSu daemon's normal start is waaaaay too late for what I'm trying to do.
Question:
Given that I can add my own service and run it as I please, is there a way to "kickstart" su functionality early-on (so I can set Selinux to permissive and run my stuff), without breaking functioning of supersu after boot completes?

[CLOSED] [OUTDATED] Magisk and MagiskHide installation and troubleshooting

This thread/guide is now closed and will no longer be updated. It is only kept for posterity.
The new guide is stickied at the top of the Magisk forum, right here.
This thread/guide is now closed and will no longer be updated. It is only kept for posterity.
The new guide is stickied at the top of the Magisk forum, right here.
Installing Magisk and Modules
Installation
Where to start
It’s always a good idea to read through, at least, the release thread for information about what Magisk is and how to install it. Other useful information can be found in the Magisk All-In-One Wiki and the support thread.
Known issues
There may be issues with certain devices, ROMs and/or apps and Magisk. Check the release thread for information about currently known issues. While you're there, make sure to also take a look at the FAQ. When a new release is imminent, there will also be useful information in the beta thread.
Things to keep on your device
There are a couple of things that are good to keep on your device, making it easier to recover from any problems that might arise.
Magisk zip (release thread).
Magisk Manager apk (release thread) or GitHub.
Uninstall zip (release thread).
Mount Magisk zip (Collection of Magisk Modules v2 thread).
A copy of a clean boot image for your ROM (can be flashed in TWRP in case of problems).
Module zips.
Installation
Installing Magisk is straightforward. Follow the installation instructions in the release thread. After that you can install Magisk Modules through the Manager or via custom recovery (e.g. TWRP).
Moving from another systemless root solution to MagiskSU
If you wan't to install Magisk but already have a systemless root solution installed (SuperSU, phh's superuser) you'll have to first remove that.
With SuperSU, most of the times you can simply use the full unroot option in the SuperSU app and let it restore your stock boot image, alternatively use the full unroot option and then flash the stock boot image in recovery before installing Magisk.
Otherwise, and this applies to any other root solution as well, you an use @osm0sis unSU script (in recovery) and then flash the stock boot image before installing Magisk.
If you're ROM is prerooted it's quite likely that you can still use the boot image from the ROM zip. Many ROMs simply flash a root zip at the end of the ROM installation. If this doesn't work you'll have to check with your ROM developer on how to find an unpatched boot image that work with your ROM. Also see "Boot image patched by other programs" below.
Updating
If there's an update to Magisk, you'll get a notification from the Magisk Manager (if you haven't turned it off, that is). You can update through the Manager or download the Magisk zip from the release thread and flash in recovery. Make sure to read the release notes and the changelog, both can be found in the release thread. Any modules you have installed may have to be updated to conform with possible changes to Magisk.
If you're having problems updating to a newer version. Flash the uninstaller in recovery, restore your stock boot image and start over.
Note that with an update to Magisk, the Uninstall zip may also have been updated. Always keep the latest version on your device.
Boot image patched by other programs
If the installation (or uninstallation) through recovery fails with a message about the boot image being patched by other programs you need to follow the instructions given with the message. You most likely have some other systemless root solution (SuperSU, phh's superuser) or there's something else that have added it's patches to the boot image that will interfere with Magisk and cause the installation/uninstallation to fail. If you're already rooted (not MagiskSU), first unroot ( @osm0sis unSU script is good for this).
You'll have to restore a stock boot image without any other patches before installing/uninstalling Magisk. If you're using TWRP you can simply flash the boot.img file pretty much the same way you would with a zip.
The boot image can usually be found in your device's factory image/firmware file. If you're using a custom ROM it's found in the ROM zip.
If your ROM comes pre-rooted this can be tricky, depending on how the ROM roots your device. Usually the ROM just flashes root at the end of the ROM flash and you can simply open up the zip, unroot and flash the clean boot image from the ROM zip. If the ROM comes pre-patched from the start, ask for advice in your ROM thread or you could try a custom kernel that modifies the ramdisk.
Of course, you can also use a ROM that does not come pre-rooted (the preferred way).
After installation or update
After the first installation or an update, it may be necessary to perform a reboot or two for Magisk and/or any modules you have installed to start functioning properly.
Issues
Long boot time
If your device get stuck on the splash screen for a minute or so, it might mean that the magisk daemon have crashed or that there is some SELinux issue. If it is the case that the magisk daemon crashed, the Magisk debug logging during boot will never finish, even after the device has booted. This will eventually cause the debug log to eat up all your storage space! Take a look in /data and see if the file magisk_debug.log is very large and growing. Save the log and report the issue. Try rebooting to see if this fixes things, otherwise you'll probably need to uninstall Magisk and wait for a fix. Also see "Nothing works!" below.
Bootloop
If you end up in a bootloop when installing Magisk, run the uninstaller script in recovery, flash a clean boot image (the uninstaller restores a copy of the untouched boot image, so this step is “just in case”) and start over. If the uninstaller fails, just flash your unmodified copy of the boot image and you should be good to go. There’ll probably be some leftover files and folders from Magisk laying around in /cache and /data, but these can be removed manually.
First make sure your system can boot up without Magisk.
Boot to recovery and install Magisk. Boot up your system without installing any modules. Also see "Module causing issues" below.
If your system bootloops again and you're using a custom kernel, try starting over without installing that kernel. If there's still a bootloop your system might just not be compatible. One possibility is to try finding another custom kernel that is compatible. Also see "Nothing works!" below.
Magisk Manager crashes
If you're having issues with the Magisk Manager force closing/crashing after an update, clear data for the Manager or uninstall it and install again.
The Manager crashing might also be caused by using a theme engine to theme the Manager (Substratum, etc). Disable it and reapply after an update.
If it still crashes, try reverting to an earlier version of the Manager (they're all on GitHub). But before you do, capture a logcat from the crash and post it in the support thread (with a detailed description of the problem).
There are no modules
If the list of modules under "Downloads" is empty, clear the repo cache (in settings) and/or reload the modules list (pull down).
Can't install modules
If there's an error installing a module, there's a couple of things to try.
If the error occurs when installing a module through the Downloads section of the Magisk Manager, then something is wrong. Capture a logcat and post in the support thread (with a detailed description of the problem).
If the error just states something along the lines "error when installing", try flashing the zip through recovery instead. It might also be that you're trying to flash a v4 template module on a Magisk version lower than v13.1. If you feel you need to stick with an outdated version of Magisk, check with the module developer if there is a v3 template module available.
If the error states that it's not a Magisk zip, or invalid zip in TWRP, something's gone wrong while packing the zip. Open up the zip and you'll probably see a folder (probably named something like <nameofmodule>-master). Take all the contents of that folder and repack it to the root of the zip and try flashing it again.
Module causing issues (Magisk functionality, bootloop, loss of root, etc)
If you have a working Magisk installation, but a module causes Magisk, the Magisk Manager or your device to not function properly (bootloop, loss of root, etc), here's a tip:
Boot to recovery and flash the Mount Magisk zip (see “Things to keep on your device” above). This mounts the Magisk image to /magisk and it can now be accessed as any other directory. You now have a couple of options to remove the module:
Simply delete the modules folder under /magisk and reboot.
Navigate to the modules directory under /magisk and rename the "module.prop" file to "remove".
In terminal you can type (without quotation marks) "touch /magisk/<module folder>/remove" (or “/magisk/<module folder>/disable”, depending on your preference).
If you create the "remove" or "disable" files, Magisk will take care of removing or disabling the module on the next reboot.
You can also keep a copy of the corresponding disable or remove files on your device and copy them to the module folder as needed.
If you get an error in recovery when flashing Mount Magisk it might mean your Magisk image has become corrupted. Check the recovery log for details. Easiest way to fix this is to run the uninstaller and start from the beginning. It might also be possible to use fsck in terminal in recovery or through ADB. Google it (and check the recovery log for details).
Since Magisk v12.0 and Magisk Manager 4.3.0 you can also use the "Magisk Core Only Mode" in Manager settings. This disables all modules and only keeps the core functions of Magisk active (MagiskSU, MagiskHide, systemless hosts and, for Magisk v12.0, Busybox).
Installing/disabling/uninstalling modules through the Manager or recovery
If you’re experiencing problems with installing, disabling or uninstalling a module through the Manager, simply try it through recovery instead. For disabling or uninstalling a module through recovery, see the described method above under “Module causing issues”.
Apps are force closing
If a bunch of apps suddenly start force closing after installing Magisk, your ROM might have issues with WebView. More precisely with the signatures for Chrome and Google WebView. You can take a logcat when one of the apps crash and see if there's anything about WebView in there. The reason is that MagiskHide sets ro.build.type to "user" and this enables the signature check. Ask your ROM developer to fix the signature error... Meanwhile, you can fix it temporarily by disabling MagiskHide.
It's also possible that removing and reinstalling Chrome stable, Chrome Beta or Google WebView (or simply installing one of them if it's not already) will fix the issue.
Magisk isn't working
If you can boot up, but Magisk isn't working as expected (not detecting the Magisk installation, loss of root, etc), there's a few things you can try.
First, reboot. Sometimes this helps Magisk mount everything as it should.
Second, try removing any installed modules to see if it's a faulty module causing issues. If that seems to fix it, install the modules one at a time to find which one causes issues.
If nothing else works, try starting fresh with a new installation. Also see “Asking for help” and “Nothing works!” below.
Root issues
<insert app name here> can’t detect root
Since Magisk v11 and the included MagiskSU, some apps have started having troubles detecting root. Usually this means the app in question is looking for root in a specific location and needs to be updated to work with MagiskSU.
You can try symlinking the su binary to the location where the troublesome app is looking for it. Here’s an example on how to do this in terminal (If you don’t know about symlinking, Google it.):
Code:
ln -s /sbin/su /system/xbin/su
@laggardkernel have made a Magisk module that does this completely systemlessly. Which, of course, is preferable as we're using a systemless mask... :good: You'll find it here. Please note that doing this might have the effect of MagiskHide not being able to hide root.
Tasker and MagiskSU
Any version before Tasker v5.0 will have issues detecting MagiskSU. If you by any chance feel that you cannot update to v5+, you can use this Magisk module to enable Tasker root support. Reportedly, Secure Settings will also function with MagiskSU thanks to this module.
Another way is to use “Run Shell” in Tasker and use shell commands to do what you want, prefaced by “/sbin/su -c”. Example (copy a new host file to Magisk):
Code:
/sbin/su -c cp /sdcard/hosts /magisk/.core/hosts
If the command doesn’t work, try putting quotation marks around the command, like so:
Code:
/sbin/su -c "cp /sdcard/hosts /magisk/.core/hosts”
Randomly losing root
Some devices seem to have issues with memory management where the Magisk Manager will not be kept in memory and as a result root management is lost. This can sometimes be fixed by clearing the Manager from memory (swipe it away from recent apps list) and opening it again. Make sure the Manager is removed from any battery optimisation.
Magisk but no MagiskSU
There have been a few reports of devices/ROMs where Magisk gets installed properly, but MagiskSU fails to install. This might have to do with your device/ROM not letting Magisk symlink the required binaries and files to /sbin. See the release thread for known issues. If you know of a solution that's not listed, here or in the release thread, please let me know and I'll add it.
Other things to try
Starting fresh
If you've been trying a lot of things and can't get Magisk to work properly it can be a good idea to start fresh. Start by uninstalling Magisk, flashing a clean boot image and installing Magisk again. If that doesn't work you could try wiping your device and starting out completely clean.
Older versions of Magisk
It is possible that an older version of Magisk and MagiskHide may work if the latest does not. This is a last resort and should be considered unsupported. If the latest version of Magisk doesn’t work, but an earlier version does, please help fixing the issue by reporting it with all the necessary details (see “Asking for help” and “Nothing works!” below)
Installation files back to Magisk v12 can be found in the release thread.
Please note that there’s no guarantee that an older version of Magisk will work with the current Magisk Manager. Compatible apk's can be found inside the Magisk zip.
Asking for help
If you can't fix the problem yourself, start by looking in the support thread where you might find that someone else have had this problem as well. Search for your device and/or problem. If you can't find anything (it's a big thread), provide as much information as possible (in the support thread). For example:
Detailed description of the issue and what you've tried so far.
Details about your device and ROM, custom kernel, mods, etc.
Current and previous root solution (and what you've done to remove it, if applicable)
Logs! And when providing logs, do NOT paste them into your post. Attach as a file or use a service like Pastebin.
Recovery log from installation (in TWRP, go to Advanced - Copy log).
Magisk log (from the Manager or in /cache through recovery if you don't have root access)
Logcat. Get it via ADB or an app.
If you have boot issues (stuck or long boot time), take a look in /data for a file called magisk_debug.log (access through recovery if necessary). If it's not there, try capturing a logcat through ADB during boot (see above).
Nothing works!
If nothing works and you just can't get Magisk to install/function properly on your device, check the troubleshooting section in the release thread for instructions on how to help topjohnwu fix any compatibility issues with your device. The best thing you can do if Magisk isn't compatible with your device is to open an issue on GitHub and upload logs (recovery log, Magisk log, logcat, whatever is applicable) and a copy of your boot image. No boot image, no fix.
If you're using an older release of Magisk, take a look at the Old and outdated tips and tricks for "Installing Magisk and Modules". There might be something in there that applies to you.
Beta releases
It's also possible that whatever problem you're facing has been fixed in code, but not yet released. For this you have two options. The official beta and the unofficial beta snapshot.
The official beta is for @topjohnwu to test the release before it goes out to the masses. Read the OP carefully and follow any directions given. When reporting things about the beta, provide the necessary details and logs for whatever issue you're facing. Please don't spam the thread with "useless" posts...
If you're feeling brave you can try the unofficial beta snapshot. It's built directly from source and can sometimes be unusable. Keep an eye on the thread for current issues.
Changelog
Installing Magisk and Modules - Changelog
2017-07-21
Tasker v5.0 is released. Update "Tasker and MagiskSU" to reflect this.
2017-07-19
Added some links to the Manager apk downloads on GitHub.
Updated and moved "Magisk Manager crashes".
Updated "Module causing issues".
Updated "Nothing works!".
2017-07-17
Slight update to "Boot image patched by other programs".
2017-07-14
Added a new section, "Moving from another systemless root solution to MagiskSU".
Added a new section, "Can't install modules".
Added a new section, "Apps are force closing".
2017-07-13
Added a note about using themes with the Manager under "Magisk Manager is crashing".
2017-07-12
Updated "Boot image patched by other programs".
Added a section about "Long boot time".
Added a section about "Magisk Manager crashes".
2017-07-11
Updated for Magisk v13.1
2017-06-19
Updated info about beta releases.
2017-06-18
Moved "Outdated tips and tricks" to it's own post.
2017-05-25
Some clarifications for SuperSU pre-patched boot image.
2017-05-08
Added "Magisk but no MagiskSU"
Added a link to the solution for no MagiskSU on Sony devices by @[email protected].
2017-05-06
Added some clarifying headings.
Added an index in the OP.
2017-05-01
Slight clarification under "Asking for help".
2017-04-19
Added "Starting fresh".
2017-04-14
Added a link to a Magisk module for Tasker compatibility with MagiskSU.
2017-04-09
Updated "Losing root".
2017-04-04
Added "There are no modules".
2017-03-31
Updated for Magisk v12.
Moved old and outdated tips and tricks to the bottom.
2017-03-28
Minor clarification on Module issues.
Updated link to new Modules Collection thread.
2017-03-21
Added information about updating.
Slight restructuring.
2017-03-20
Updated for Magisk v11.6
2017-03-14
Added a link to the Beta snapshot thread.
2017-03-05
Added more ways to make Tasker recognise root with MagiskSU.
2017-03-02
Changelog started.
Refinements.
2017-02-23 - 2017-03-02
Various additions.
Refinements.
2017-02-23
Initial post.
This thread/guide is now closed and will no longer be updated. It is only kept for posterity.
The new guide is stickied at the top of the Magisk forum, right here.
Hiding root and passing Safety Net
MagiskHide works, IF your system is set up correctly and is compatible.
Basics
Requirements:
A Linux kernel version of at least 3.8 or a kernel that has the necessary features (mount namespace) backported.
MagiskHide hides:
Magisk and some modules (it depends on what the module does)
MagiskSU
Unlocked bootloader
Permissive SELinux
Things that may trigger SafetyNet and apps looking for root. Can't be hidden by MagiskHide
Magisk Manager - Some apps look specifically for the Magisk Manager and there is currently no simple way of fixing this. See "Detecting Magisk Manager or apps requiring root" below.
Other known root apps - Same as above.
Remnants of previous root method, including any root management apps (a good way to remove most remnants of root is osm0sis' unSU script).
Xposed (deactivate or uninstall). It doesn't matter if it's systemless, Magisk can't hide it.
USB/ADB Debugging (disable under Developer options). This isn't necessary on all devices/ROMs.
Make sure that your device conforms to the above requirements before continuing.
Known issues
There may be devices that have issues with MagiskHide. Check the release thread for information about currently known issues. While you're there, make sure to also take a look at the FAQ. When a new release is imminent, there will also be useful information in the beta thread.
Passing SafetyNet
If everything works out, SafetyNet should pass with no further input from the user. Nothing needs to be added to the Hide list. You'll see in the Magisk Manager if it works by checking the SafetyNet status. If SafetyNet doesn't pass after enabling Hide, try rebooting (also see “Hide isn’t working” and the sections about SafetyNet below).
Hiding root from apps
If you have other apps that you need to hide root from, open MagiskHide and select the app in question. Just remember there are apps out there with their own ways of detecting root that may circumvent MagiskHide (also see “More things to try” below).
MagiskHide isn't working
If you can’t get MagiskHide to work, either for SafetyNet or any other app detecting root, there are a few things you can try:
First make sure Hide is actually working by using a root checker. Start by making sure the root checker can detect that your device is rooted. After that, add the root checker to the Hide list and see if it no longer can detect root. If that is the case, MagiskHide is working on your device.
Check the logs
Take a look in the Magisk log. In there you should see something like this (just an example, YMMV):
Code:
--------- beginning of main
I( [I]<numbers>: <numbers>[/I]) Magisk v13.3(1330) daemon started
I( [I] <numbers>: <numbers>[/I]) ** post-fs mode running
--------- beginning of system
I( [I]<numbers>: <numbers>[/I]) ** post-fs-data mode running
I( [I]<numbers>: <numbers>[/I]) * Mounting /data/magisk.img
I( [I]<numbers>: <numbers>[/I]) * Running post-fs-data.d scripts
[I]<Here you'll see scripts that are installed to /magisk/.core/post-fs-data.d running>[/I]
I( [I]<numbers>: <numbers>[/I]) post-fs-data.d: exec ************
I( [I]<numbers>: <numbers>[/I]) * Loading modules
[I]<Your installed modules will be loaded here.>[/I]
I( [I]<numbers>: <numbers>[/I]) ***********: loading [system.prop]
I( [I]<numbers>: <numbers>[/I]) ***********: constructing magic mount structure
I( [I]<numbers>: <numbers>[/I]) * Mounting system/vendor mirrors
I( [I]<numbers>: <numbers>[/I]) mount: /dev/block/bootdevice/by-name/system -> /dev/magisk/mirror/system
I( [I]<numbers>: <numbers>[/I]) link: /dev/magisk/mirror/system/vendor -> /dev/magisk/mirror/vendor
[I]<If you have modules that install files/folders to /system, you might see a lot of bind_mount entries.>[/I]
I( [I]<numbers>: <numbers>[/I]) bind_mount: **************
I( [I]<numbers>: <numbers>[/I]) * Running module post-fs-data scripts
[I]<Here you'll see scripts that are installed in modules running.>[/I]
I( [I]<numbers>: <numbers>[/I]) ************: exec [post-fs-data.sh]
I( [I]<numbers>: <numbers>[/I]) * Enabling systemless hosts file support
I( [I]<numbers>: <numbers>[/I]) bind_mount: /system/etc/hosts
I( [I]<numbers>: <numbers>[/I]) * Starting MagiskHide
I( [I]<numbers>: <numbers>[/I]) hide_utils: Hiding sensitive props
I( [I]<numbers>: <numbers>[/I]) hide_list: [com.google.android.gms.unstable]
[I]<Any other apps/processes added to the Hide list will be seen here.>[/I]
I( [I]<numbers>: <numbers>[/I]) proc_monitor: init ns=mnt:[[I]<numbers>[/I]]
I( [I]<numbers>: <numbers>[/I]) ** late_start service mode running
I( [I]<numbers>: <numbers>[/I]) * Running service.d scripts
[I]<Here you'll see scripts that are installed to /magisk/.core/service.d running>[/I]
I( [I]<numbers>: <numbers>[/I]) service.d: exec ***************
I( [I]<numbers>: <numbers>[/I]) * Running module service scripts
[I]<Here you'll see scripts that are installed in modules running.>[/I]
I( [I]<numbers>: <numbers>[/I]) ************: exec [service.sh]
I( [I]<numbers>: <numbers>[/I]) proc_monitor: zygote ns=mnt:[[I]<numbers>[/I]] [I]<possibly more zygotes and numbers>[/I]
I( [I]<numbers>: <numbers>[/I]) proc_monitor: com.google.android.gms.unstable (PID=[I]<numbers>[/I] ns=mnt:[[I]<numbers>[/I]])
I( [I]<numbers>: <numbers>[/I]) hide_utils: Re-linking /sbin
If there are no entries in the log about MagiskHide starting, take a look under "Restarting the MagiskHide daemon" and "Starting MagiskHide Manually" below.
Restarting the MagiskHide daemon
Sometimes the MagiskHide daemon needs to restart, or haven't properly started on a reboot. Fix this by toggling MagiskHide off and then on again in settings. You can also try disabling MagiskHide, rebooting and then enabling it again.
If you previously have had MagiskHide functioning on your device, but suddenly it stops working, it's a good chance the MagiskHide daemon hasn't properly started on boot. Toggle off and on (and possibly reboot) and you should be good. If not, keep reading to the next section, "Starting MagiskHide manually".
Starting MagiskHide manually
If MagiskHide just won't start when toggling it in the Magisk Manager, try starting it manually. This can be done in a terminal emulator (as su) by executing the following command:
Code:
su
magiskhide --disable
magiskhide --enable
Systemless hosts
Some users have reported issues with MagiskHide if systemless hosts is enabled in Magisk Manager settings. Try disabling it and rebooting to see if it fixes your issue.
Kernel logcat support
If your device's kernel doesn't have logcat support the MagiskHide process monitor won't be able to see when a process/package is started and therefore won't unmount the necessary folders to hide Magisk and it's core features. You can test for this by running the following command in a terminal app:
Code:
logcat -b events -v raw -t 10
If you get an error you might have a logcat issue. Ask in your kernel/ROM thread for advice or try a different kernel.
There's also a possibility that your issue can be fixed by using a kernel managing app like Kernel Adiutor. It might be enough just to install it to enable logcat support. This is untested (by me at least) and just speculation on my part from what I've seen around the forums (please confirm if you have information about this or tested it).
A huge thank you to @tamer7 for teaching me about this.
Logger buffer size
If you have turned off Logger buffer size under Developer Options, MagiskHide won't be able to monitor when a process/package is started and won't unmount the necessary folders to hide Magisk and it's core features.
Thank you to @Chaplan for the tip.
Mount namespace issues
If you see this line in the Magisk log: "proc_monitor: Your kernel doesn't support mount namespace", your device has a Linux kernel that is to old. The Linux kernel version have to be at least 3.8 (thank you @TheCech12), or otherwise have the necessary features backported. Ask in your ROM/kernel thread or try a different ROM and/or kernel.
SafetyNet
Google continuously updates SafetyNet. Currently, the only version of Magisk that will pass SafetyNet without workarounds is Magisk v13.3.
SafetyNet incompatible devices and ROMs
There are some devices/ROM’s that just won’t be able to pass SafetyNet fully. This has to do with how Google certifies devices, CTS certification (Compatiblity Test Suite). If a device hasn’t passed the Google certification process, or if the ROM alters how the device is perceived by Google, it won’t be able to fully pass SafetyNet (CTS profile mismatch). You might be able to get basic integrity to report as true (see Checking if Basic integrity passes below) and this means that MagiskHide is working as it should and it's most likely a CTS certification issue. If there is anything to be done about this it's most likely found in your device's forums. Go there and ask...
You can find out if your device/ROM has issues by checking SafetyNet with your current ROM without Magisk, any other root solution or mod (e.g. Xposed) You’ll also have to either relock your bootloader or flash a custom kernel that hides the bootloader state (disabled verified boot flag), set SELinux to enforcing (if it isn’t already) and possibly disable USB/ADB Debugging. If SafetyNet passes with a clean system, you’re good to go and can start troubleshooting MagiskHide. If it fails with a CTS profile mismatch you might be out of luck, but not necessarily. You can still give MagiskHide a go and see if you can get your device to pass, but if it doesn't it might be the ROM causing issues. If your device's stock ROM can pass SafetyNet, you could try finding a ROM that’s closer to stock and see if this helps.
It's also possible that you can match your ROM's ro.build.fingerprint and/or ro.build.description (or other props) with an official ROM for your device to make it pass SafetyNet fully. See Matching official prop values to pass SafetyNet below.
CTS profile mismatch vs Basic integrity
There are two parts to a SafetyNet check, CTS compatibility and Basic integrity. The CTS check is a server side checkup up that's difficult to spoof, while Basic integrity is done on the device side and is a lower level of security. Some apps only use the Basic integrity part of the SafetyNet API and thus can be used even if SafetyNet doesn't fully pass.
Checking if Basic integrity passes
You can use a SafetyNet checker app (SafetyNet Helper and SafetyNet Playground are two good examples) to see if you at least pass Basic integrity. If you can't pass SafetyNet, but Basic integrity shows as true, that basically means Google doesn't trust your device for some reason (also see "SafetyNet incompatible devices and ROMs" above). You should be able to fix this by matching prop values with a ROM that passes SafetyNet (see below).
Matching official prop values to pass SafetyNet
If you use an unofficial/developers ROM you'll have to match an official/stable ROM's details (usually ro.build.fingerprint and possibly ro.build.description) to pass SafetyNet. Check your device's forum for details. Also, see the section about "Sensitive props" below.
@coolguy_16 have made a guide for Moto G 2015 here. Thank you to @diegopirate for the tip.
Spoofing device fingerprint
As a last resort you could try changing your device's ro.build.fingerprint to a device's/ROM's that is known to pass SafetyNet. This can be done with a Magisk module or with boot script and the resetprop tool. See the section about "Sensitive props" below. Or you can use the Universal SafetyNet Fix module. Spoofing the device fingerprint is part of what it does.
SafetyNet check never finishes
If the SafetyNet status check never finishes (make sure to wait a while), it might mean that your Google Play Services aren’t working properly or have crashed. Try force closing Play Services, clearing data and/or rebooting the device.
You can also try updating to a newer version (take a look at APKMirror).
Device uncertified in Play store/Some apps won't install or doesn't show up
If some apps won't install or doesn't show up in the Play store, check the Play store settings. At the bottom there's a section called "Device certification". Some apps won't install if this shows "uncertified" (a couple of known apps are Netflix and Mario Run).
The solution is to make sure your device passes SafetyNet and then clear data for the Play store and reboot. If you have multiple users on your device, you might have to clear data for all users. Next time you open up the Play store, "Device certification" should show "certified" and the apps should be able to install/show up again. You might have to wait a bit before the apps show up. Some users have reported having to wait mere minutes, others several hours up to a whole day.
Some users have reported having to add the Play store to the MagiskHide list.
I still can't pass SafetyNet
First, keep reading and see if there's anything you can try below that you haven't already.
If you've tried everything and SafetyNet still doesn't pass, give the Universal SafetyNet Fix module by @Deic a try.
Other things to try
First make sure Hide is actually working by using a root checker. Start by making sure the root checker can detect that your device is rooted. After that, add the root checker to the Hide list and see if it no longer can detect root. If that is the case, MagiskHide is working on your device.
USB/ADB debugging
If you haven’t yet, try disabling USB/ADB debugging to see if this helps you use your root detecting app or pass SafetyNet.
Dependencies
There are some apps that require one or more other apps or processes being added to MagiskHide. For example, if an app is asking for extra permissions, try hiding the corresponding app/process as well. As an example: for a banking app asking for permissions to make phone calls it might be necessary to add the Phone app as well as the banking app to MagiskHide. Unfortunately it's not necessarily the case that the app or process used for finding root asks for permissions (also see "Figuring out if an app has dependencies, looks for 'sensitive props', Busybox, etc" below).
Sensitive props
Some apps trigger if they find "sensitive props". Also, on some devices SafetyNet triggers if certain props are not set to the expected values. A few props get set to "safe" values by MagiskHide by default. Currently these are ro.debuggable, ro.secure, ro.build.type, ro.build.tags and ro.build.selinux.
Some examples of props may include:
Code:
ro.build.selinux [I](careful, it might cause issues with SELinux)[/I]
ro.build.flavor
ro.build.description
ro.build.fingerprint
ro.bootimage.build.fingerprint
ro.build.oemfingerprint
etc...
Use the command "getprop" (without quotations) on the props in a terminal emulator to see what they're set to. Note that not all props used can be found in build.prop.
The props can be changed with a Magisk module or a boot script and the resetprop tool.
If you have a ROM (stock is usually a good bet) that can pass SafetyNet or use an app on without modifications, check for props on that ROM that you can change to on the ROM you're having trouble with (also see "Figuring out if an app has dependencies, looks for 'sensitive props', Busybox, etc" below).
Please note that changing prop values may have other consequences for your device than just being able to pass SafetyNet or hide root. If you're experiencing issues after changing prop values, revert them and see if that helps.
Developer options disappeared from settings
If Developer options suddenly disappeared from settings after installing Magisk, it's probably because MagiskHide changes ro.build.type from "userdebug" to "user" (known "safe" prop value). On some devices/ROMs this prop need to be set to "userdebug" to show the Developer options. A solution is to temporarily disable MagiskHide and reboot if you need access to the Developer options.
Or, there's a much better solution... You can ask your ROM developer to add this commit: https://github.com/DirtyUnicorns/an...mmit/5a647d96432abcb1276fab695600c5233e88b8d3
Busybox
Some apps detect Busybox and see this as a sign of your device being compromised (rooted). Magisk should be able to hide any Busybox installed as a Magisk module.
Figuring out if an app has dependencies, looks for "sensitiveprops", Busybox, etc
It can be tricky figuring out if an app is dependent on another app or process for detecting root, expects certain prop values, doesn't like Busybox or whatever is triggering a root warning within the app. Apart from trying one thing/prop at a time, finding this out could mean you have to decompile the apk to look at the source code. Google it...
Detecting Magisk Manager or apps requiring root
There are apps that detect the Magisk Manager or known apps that require root and refuse to work properly or even start if that is the case. This can be worked around by uninstalling or possibly freezing the Manager or root app when you need to use these apps and reinstalling/unfreezing it afterwards. Cumbersome, but it might work. There are also some Xposed modules that can hide apps from other apps, but having Xposed installed might cause other issues with tampering detection...
Samsung...
Yeah... Samsung doesn't have the mod-friendliest devices out there. But anyway...
Parts of Magisk have had a history of breaking/not working on Samsung devices. This is constantly being worked on. Check the Known issues in the release thread, the support thread and other relevant threads in the Magisk forums for information. If you can't find anything about your issue, make sure you leave as detailed a report as possible when asking for help. See "Asking for help" below.
Lineage OS...
Yeah... Cyanogenmod had a history of breaking things for many mods and it seems like Lineage OS is continuing on this legacy.
Parts of Magisk have had a history of breaking/not working on devices with Lineage OS. Check the Known issues in the release thread, the support thread and other relevant threads in the Magisk forums for information. If you can't find anything about your issue, make sure you leave as detailed a report as possible when asking for help. See "Asking for help" below.
Magisk Core Only Mode
If you can't get MagiskHide to work, try enabling the Core Only Mode in Magisk Manager settings. No modules will be loaded and any conflicts as a result of that part of Magisk will be bypassed. Note: In Magisk v13.1 there seems to be a bug with Core Only Mode where it will disable MagiskHide and Systemless hosts. Toggle MagiskHide and Systemless hosts off and on in settings to fix this.
Starting fresh
If you've been trying a lot of things and can't pass SafetyNet it can be a good idea to start fresh. Start by uninstalling Magisk, flashing a clean boot image and installing Magisk again. If that doesn't work you could try wiping your device and starting out completely clean.
Older versions of Magisk
It is possible that an older version of Magisk and MagiskHide may work if the latest does not. This is a last resort and should be considered unsupported. If the latest version of Magisk doesn’t work, but an earlier version does, please help fixing the issue by reporting it with all the necessary details (see “Asking for help” and “Nothing works!” below)
Installation files back to Magisk v12 can be found in the release thread.
Please note that there’s no guarantee that an older version of Magisk will work with the current Magisk Manager. Compatible apk's can be found inside the Magisk zip.
Asking for help
If you can't fix the problem yourself, start by looking in the support thread where you might find that someone else have had this problem as well. Search for your device and/or problem. If you can't find anything (it's a big thread), provide as much information as possible (in the support thread).
Detailed description of the issue and what you've tried so far.
Details about your device and ROM, custom kernel, mods, etc.
Logs! And when providing logs, do NOT paste them into your post. Attach as a file or use a service like Pastebin.
Recovery log from installation (in TWRP, go to Advanced - Copy log).
Magisk log (from the Manager or in /cache through recovery if you don't have root access)
Logcat. Get it via ADB or an app.
If you have boot issues (stuck or long boot time), take a look in /data for a file called magisk_debug.log (access through recovery if necessary). If it's not there, try capturing a logcat through ADB during boot (see above).
Nothing works!
If MagiskHide does not work for you even though you've tried everything, check the troubleshooting section in the release thread for instructions on how to help topjohnwu fix any compatibility issues with your device. The best thing you can do if Magisk isn't compatible with your device is to open an issue on GitHub and upload logs (recovery log, Magisk log, logcat, whatever is applicable) and a copy of your boot image. No boot image, no fix. Just remember that there are some things @topjohnwu can't fix, like if your device's kernel doesn't have mount namespace support (you need a Linux kernel version of at least 3.8) or similar.
If you're using an older release of Magisk, take a look at the Old and outdated tips and tricks for "Hiding root and passing Safety Net". There might be something in there that applies to you.
And, if nothing else works you could try the Universal SafetyNet Fix module by @Deic.
Beta releases
It's also possible that whatever problem you're facing has been fixed in code, but not yet released. For this you have two options. The official beta and the unofficial beta snapshot.
The official beta is for @topjohnwu to test the release before it goes out to the masses. Read the OP carefully and follow any directions given.
If you're feeling brave you can try the unofficial beta snapshot. It's built directly from source and can sometimes be unusable. Keep an eye on the thread for current issues.
Changelog
Hiding root and passing SafetyNet - Changelog
2017-07-19
Updated "Check the logs".
Updated "Nothing works!".
2017-07-14
Added a link to a commit that fixes the disappearing Developer options issue on some ROMs with ro.build.type set to "user". Thank you @The Flash.
Moved "SafetyNet never finishes" to a more logical location.
2017-07-11
Updated for Magisk v13.1.
2017-07-06
Updated the section about "Magisk Manager" being detected. Renamed to "Detecting Magisk Manager or apps requiring root".
Removed duplicate information about SafetyNet being updated.
2017-06-27
Updated info about "Spoofing device fingerprint".
Small update to "Dangerous props".
2017-06-19
Updated info about beta releases.
2017-06-18
Updated info about the latest SafteyNet update and how to bypass it.
Updated info about the Universal SafetyNet fix module by @Deic.
Added section about "Spoofing ro.build.fingerprint".
Moved "Outdated tips and tricks" to it's own post.
2017-06-16
Added notes about the update to SafetyNet and how to bypass it.
2017-06-01
Removed "Unlocked bootloader, permissive SELinux and Samsung KNOX".
Moved "Samsung KNOX".
Added "Magisk Manager".
2017-05-26
Some more clarifications on "Magisk Hide isn't unmounting...".
Added info about multiuser under "Device uncertified...".
2017-05-25
Added some info about setns support under "Magisk Hide isn't unmounting folders as it should".
2017-05-19
Added "some Moto device" to known devices that need official prop values added to custom ROMs to pass SafetyNet.
Added a link to the guide to pass SafetyNet on Moto G 2015 by @coolguy_16.
Some clarifications about Samsung KNOX.
Minor clarifications on Play store certification.
2017-05-14
Minor clarifications.
2017-05-09
Added a new section, "Magisk v12 can't hide root (but v11.6 could)".
2017-05-06
Added some more tips under "Magisk Hide isn't unmounting folder as it should" (Xiaomi devices).
Added some clarifying headings.
Added an index in the OP.
2017-05-03
Added a section about matching official ROM prop values to pass SafetyNet.
Added a link to Xiaomi SafetyNet fix module by @Deic.
2017-05-02
Slightly update information regarding SafetyNet incompatibility, CTS profile matching and Basic integrity.
Minor cosmetic changes, rearranging and typos.
2017-05-01
Another small clarification. This time under "Asking for help".
Slight clarification on issues with unmounting.
2017-04-28
Added a section about setting Logger buffer size to off breaking Magisk Hide.
2017-04-25
Added a command to test for kernel logcat support and a possible solution for a lack thereof.
2017-04-24
Moved info about busybox and systemless host issues to "Busybox conflict" and "Systemless hosts" under the section about Magisk hide not unmounting folders.
2017-04-20
Added a section about certification status in the Play store. "Some apps won't install or doesn't show up in the Play store".
Added "Check the logs".
Added "Magisk Hide isn't unmounting folders as it should". Again: thank you @tamer7.
More minor clarifications.
2017-04-19
Minor clarifications.
2017-04-16
Added a note about Core Only Mode.
2017-04-09
Added section about starting Magisk Hide manually.
Added section about Magisk built-in busybox or systemless hosts possibly causing SafetyNet to fail on some ROMs.
2017-04-07
Updated "Dangerous props".
Updated information about Samsung KNOX (Samsung pay probably won't work).
2017-03-31
Updated for Magisk v12.
Moved old and outdated tips and tricks to the bottom.
2017-03-22
Changing prop values may have undesired effect (duh).
Moved "Restarting Magisk Hide" to the beginning of the text and updated it. Might be a good thing to start with when troubleshooting.
2017-03-21
Added ro.build.flavor to "dangerous props".
Added information about what to try when a prop value isn't set properly.
More updates for Magisk v11.6 (resetprop added to PATH).
Clarifications.
2017-03-20
Updated for Magisk v11.6
Removed "ro.build.selinux" from "dangerous props" since it might cause issues with SELinux.
2017-03-15
Clarifications about finding out if you have "dangerous props" set to undesired values.
Added a new "dangerous prop" example (ro.build.selinux).
2017-03-14
Added a link to the Beta snapshot thread.
2017-03-10
Small update to the "Samsung..." section.
2017-03-06
Clarification about setting props and figuring out dependencies, etc.
2017-03-06
Added some info to "Dependencies".
Added section about how to figure out what an app is looking for to detect root.
2017-03-03
Added some information about "Dangerous props".
Updated information about SafetyNet CTS profile mismatch and Basic integrity.
2017-03-02
Changelog started.
Added Samsung SELinux tips.
Refinements.
2017-02-23 - 2017-03-02
Various additions.
Refinements.
2017-02-23
Initial post.
Old and outdated tips and tricks for "Installing Magisk and Modules"
Unmounting of folders is no longer showed in the Magisk log, since Magisk v13.1.
MagiskHide isn't unmounting folders as it should
If MagiskHide isn't unmounting as it chould for the processes/packages added to the Hide list (there are no "hide_daemon: Unmounted" entries in the log or there are entries showing that the unmount failed ("hide_daemon: Unmount Failed")), see "MagiskHide isn't unmounting folders as it should" below.
If you don't see any entries in the Magisk log for "hide_daemon: Unmounted", MagiskHide isn't functioning as it should and can't hide Magisk from apps and processes that trigger if root is found. There are a few reasons as to why this might happen. See "Kernel logcat support", "Logger buffer size", and "Mount namespace issues" below. Of course, these might not be the only reasons. If you're lucky, one of the solutions below will work for your particular case.
If there are entries in the Magisk log showing that the unmount failed ("hide_daemon: Unmount Failed"), take a look at what folder it's failing for and disable the corresponding Magisk module. If you can't work out what module is causing the issue, disable them all and enable one by one until you find the culprit. If it is one of your installed modules causing the issue, ask for advice in the module's support thread.
It might be that you have to rely on manually starting MagiskHide to make it unmount folders properly (known: some Xiaomi devices/MIUI). See "Starting MagiskHide manually" above.
Busybox is no longer bundled with Magisk since v13.1.
Randomly losing root
Some devices and/or ROMs (known: Lineage OS) have issues with losing root when using MagiskSU. This can sometimes be fixed by disabling busybox in Magisk Manager settings. Some users have also reported success by disabling systemless hosts instead/as well.
Magisk v13+ is fully compatible with stock Sony ROMs.
Sony and MagiskSU
If you're using a Sony device and have the above issue with MagiskSU, you're probably running a stock boot image or otherwise haven't disabled Sony RIC. Don't worry, @[email protected] have got the fix for you here.
Old and outdated tips and tricks for "Hiding root and passing Safety Net"
The changed prop values have been reintroduced with Magisk v13.1.
Magisk v12 can't hide root (but v11.6 could)
If you have an app that you can hide root from with Magisk v11.5/v11.6 but not after upgrading to v12, you need to take a look at the "Dangerous props" section below. In Magisk v11.5 and v11.6, Magisk Hide would alter a few build.prop values, specifically a couple of the usual suspects mentioned in "Dangerous props". These are ro.build.tags and ro.build.type. This was reverted with Magisk v12 since it has the potential to cause issues and is better left to the users discretion.
So, if you can fool an app with Magisk v11.5/v11.6, but not with v12. Try changing ro.build.tags and/or ro.build.type to "safe" values. Again, see "Dangerous props" below.
Scripts are no longer used in Magisk v13.1.
If you have a device where you find you have to start Magisk Hide manually to pass SafetyNet, try editing the enable script (found in /magisk/.core/magiskhide) and change the last line to:
Code:
(su -c $BINPATH/magiskhide --daemon)
This might make Magisk Hide work properly on your device.
Busybox is no longer bundled with Magisk since v13.1.
Busybox conflict
If you already have busybox installed or your ROM comes with it built-in, enabling Magisk busybox may cause a conflict that breaks Magisk Hide. Either use and update the existing installation or remove it if you want to use Magisk busybox.
Magisk v13.1 does note have these issues.
Since beginning of June 2017, SafetyNet has been updated. Magisk v12 and lower versions can't pass. The solution is to enable Core Only Mode in Magisk Manager settings and you might also have to disable systemless hosts. In Magisk v13.0 beta, this has been fixed (but of course, there might be other issues present). Note that this guide is written for Magisk v12 and the tips in it may not be applicable for Magisk v13 beta. I'll update the guide for v13 when it is released from beta.
For users of Magisk v12 @Deic have made a Magisk module that might make SafetyNet pass with modules active. Note that this module will also change your device's fingerprint to match a Xiaomi Mi 6 (for devices/ROMs that have no CTS certification), also see "Spoofing ro.build.fingerprint" below. @yochananmarqos have made a version of the module that leaves out the fingerprint part, for users that could pass SafetyNet before the update. See the links for details.
Module link removed from the guide since it does so much more than just editing the fingerprint.
@Deic have updated his Xiaomi SafetyNet fix module to be a Universal SafetyNet fix module that does just this. It'll change your devices fingerprint to match an official one for Xiaomi Mi 6. It'll also make Magisk v12 pass SafetyNet with modules installed.
IMO it'd be best if you could use a fingerprint that more closely matches your device (you'll find it in the build.prop file). If you're on a custom ROM that doesn't pass SafetyNet and the stock ROM does, use the stock ROM's prop values, etc. To change the fingerprint set by the module, unzip it and open up the post-fs-data.sh file in a text editor that can handle Unix line endings (on Windows this means Sublime, Atom, Notepad++ etc). Change the following two lines to match your device's stock ROM:
Code:
$RESETPROP "ro.build.fingerprint" "Xiaomi/sagit/sagit:7.1.1/NMF26X/V8.2.17.0.NCACNEC:user/release-keys"
$RESETPROP "ro.bootimage.build.fingerprint" "Xiaomi/sagit/sagit:7.1.1/NMF26X/V8.2.17.0.NCACNEC:user/release-keys"
No longer applicable.
An app still detects the original prop value
If Magisk Hide doesn't start properly at boot, it can be started by toggling Hide off and on again in settings. But, when doing this, some of the prop values changed by Magisk Hide may not get set properly. Try rebooting your device and see if Hide starts up properly. If it doesn't it might be one of your modules causing issues.
If it's a prop value you're changing yourself with a Magisk module and you're using system.prop to set the value, try moving the script to post-fs-data.sh and use resetprop instead. See here for more resetprop syntax. Example:
Code:
[I]system.prop code:[/I]
ro.build.tags=release-keys
[I]post-fs-data.sh code:[/I]
resetprop ro.build.tags release-keys
Removed from the guide since the feature doesn't seem to work anyway.
Samsung KNOX
If you're having issues with Samsung KNOX, use a KNOX checker app from the Play store to see if it reports as triggered or not. Samsung pay and other Samsung apps/services that check KNOX have been reported to still see the KNOX counter as triggered, even though it gets masked by Magisk Hide.
The module have been updated to a universal SafetyNet fix.
Deic have made a Magisk module for Xiaomi devices that does the above, Xiaomi SafetyNet fix.
Since Magisk v11.5 resetprop is added to PATH and can be called directly through shell and apps.
Code:
/data/magisk/resetprop ro.build.tags release-keys
This part is no longer necessary since Magisk v11.5. It's changed by Magisk by default. Only do this if you're using an earlier release.
Some Samsung users with custom ROMs have reported that they have had to do some modifications to the permissions for a couple of files related to SELinux to pass SafetyNet. These files are "/sys/fs/selinux/enforce" and "/sys/fs/selinux/policy". The "enforce" file should have permission 640 (rw-r-----) and the "policy" file should have permission 440 (r--r-----). This can be easily automated with Magisks General Purpose Boot Scripts (see here for details) or a Magisk module. The lines needed for the script are:
Code:
#!/system/bin/sh
chmod 640 /sys/fs/selinux/enforce
chmod 440 /sys/fs/selinux/policy
Magisk Hide uses a pseudo-enforcing SELinux state to mask a permissive kernel
Permissive SELinux
You can check if it’s SELinux causing problems by typing (without quotation marks) “getenforce” in a terminal emulator. If it reports permissive you can try temporarily setting it to enforcing by typing “setenforce 1” (this requires root access) and see if this makes SafetyNet pass. To make SELinux permissive again, use “setenforce 0” or reboot your device (if it’s permissive by default). If you want a more permanent solution it can be done with Magisks General Purpose Boot Scripts. See here for details. The lines needed for the script to set SELinux to enforcing are:
Code:
#!/system/bin/sh
setenforce 1
Check the module support thread for update.
Update 20170228
Since a little syntax error in the mounting script from Magisk v11.0-v11.1, mounting link systemless-ly won't success. Hence we choose copy but not to link the su binary for v11.0-v11.1. Don't worry, both methods are systemless.
==========
Great guide. :good:
Just made a simple module try to solve the /sbin/su not detectable problem. This module will look for existing su binary, and create a link as /magisk/su_xbin_bind/system/xbin/su pointing to the real su. The link will also be mounted as /system/xbin/su systemless-ly later.
Installation
Flash it in RECOVERY, then reboot. And you will find a link /system/xbin/su. All the work is done systemless-ly.
Uninstallation
Open Magisk Manager, go to Modules, disable or uninstall the module called "Su xbin_bind". Then it will disappear after reboot.
laggardkernel said:
Great guide. :good:
Just made a simple module try to solve the /sbin/su not detectable problem. This module will look for existing su binary, and create a link as /magisk/su_xbin_bind/system/xbin/su pointing to the real su. The link will also be mounted as /system/xbin/su systemless-ly later.
Installation
Flash it in recovery, then reboot. And you will find a link /system/xbin/su. All the work is done systemless-ly.
Uninstallation
Open Magisk Manager, go to Modules, disable or uninstall the module called "Su xbin_bind". Then it will disappear after reboot.
Click to expand...
Click to collapse
Nice! I added a mention of this in the guide. You should get this in the repo...
Great guide. Apparently this contains almost all the troubleshoot steps and known issues right from the original support thread of Magisk. However it would be complete if you had added the steps that user reported working on various custom roms that are known to not pass safetynet. One of the step is below for pre rooted custom roms :
1. Go back to recovery.
2. Flash unSU.zip by osmosis
3. Flash magisk 10.2
4. Boot to system. Install Phh superuser. Update binary.
5. Update to latest magisk from magist manager. Reboot.
6. Check safetynet, it should work.
This is reported to be working for some user, and some other reported it didn't work. But still worth a try.
iubjaved said:
Great guide. Apparently this contains almost all the troubleshoot steps and known issues right from the original support thread of Magisk. However it would be complete if you had added the steps that user reported working on various custom roms that are known to not pass safetynet. One of the step is below for pre rooted custom roms :
1. Go back to recovery.
2. Flash unSU.zip by osmosis
3. Flash magisk 10.2
4. Boot to system. Install Phh superuser. Update binary.
5. Update to latest magisk from magist manager. Reboot.
6. Check safetynet, it should work.
This is reported to be working for some user, and some other reported it didn't work. But still worth a try.
Click to expand...
Click to collapse
I hadn't seen that one before. Looks a little fishy (updating the phh's superuser binary?), but I'll do some research on that and see if I can work this into the guide somehow.
2 posts removed.
Do not discuss or post warez on XDA.
Thank you.
:good:
The Merovingian said:
2 posts removed.
Do not discuss or post warez on XDA.
Thank you.
:good:
Click to expand...
Click to collapse
Sorry
Didgeridoohan said:
I hadn't seen that one before. Looks a little fishy (updating the phh's superuser binary?), but I'll do some research on that and see if I can work this into the guide somehow.
Click to expand...
Click to collapse
These steps are from the Magisk thread, i could be wrong about binary update ( considering when installing any superuser, you will get prompt for updating binary?) but rest of the steps are exactly as it was mentioned there. I wish i could link you for reference but i have to go through the whole thread again and search for these . You can post these steps on the magisk support thread for clarification. Great work once again. Good luck!
laggardkernel said:
Great guide. :good:
Just made a simple module try to solve the /sbin/su not detectable problem. This module will look for existing su binary, and create a link as /magisk/su_xbin_bind/system/xbin/su pointing to the real su. The link will also be mounted as /system/xbin/su systemless-ly later.
Installation
Flash it in recovery, then reboot. And you will find a link /system/xbin/su. All the work is done systemless-ly.
Uninstallation
Open Magisk Manager, go to Modules, disable or uninstall the module called "Su xbin_bind". Then it will disappear after reboot.
Click to expand...
Click to collapse
Hey installed ur module, but still root checker detects no su file symlinks in xbin :crying:
Xennet said:
Hey installed ur module, but still root checker detects no su file symlinks in xbin :crying:
Click to expand...
Click to collapse
Did you reboot your phone after installation? And try to check its existence in /magisk/su_xbin_bind/system/xbin. If the su link exists here, where does it point to?
laggardkernel said:
Did you reboot your phone after installation? And try to check its existence in /magisk/su_xbin_bind/system/xbin. If the su link exists here, where does it point to?
Click to expand...
Click to collapse
Yes rebooted. It is activated in magisk. The su link exists in /magisk/su_xbin_bind/system/xbin/. Opening t link directs to su...But how to check it where it directs to..
Really dis is a great module to get t apps dat look for real root location xbin/su...
Please help
Xennet said:
Yes rebooted. It is activated in magisk. The su link exists in /magisk/su_xbin_bind/system/xbin/. Opening t link directs to su...But how to check it where it directs to..
Really dis is a great module to get t apps dat look for real root location xbin/su...
Please help
Click to expand...
Click to collapse
How about /magisk/su_xbin_bind/auto_mount, does it exist? If not, create an empty file and name it as auto_moint.
laggardkernel said:
How about /magisk/su_xbin_bind/auto_mount, does it exist? If not, create an empty file and name it as auto_moint.
Click to expand...
Click to collapse
auto_mount exists too
Xennet said:
auto_mount exists too
Click to expand...
Click to collapse
Now, I need more detail to figure it out.
1. Where does the su link point to? Does it exist in /system/xbin and /dev/magisk/dummy/system/xbin. Use a explore to check su's position and the Link's property, or use a terminal
Code:
su
ls -al /magisk/su_xbin_bind/system/xbin/su
2. What is the version of your magisk? Upload your /cache/magisk.log and /sbin_orig/magisk_mask.sh for me, please.
3. Which ROM are you using and is there any root imbedded?
I'm using an op3 with OOS 3.2.7, Magisk v11.1, and the su_xbin_bind module works well now. It seems you're using an op3 or op3t. So it's weird for me the module don't work on your device.
Much obliged if you could tell me the package name of the root checker app in your picture.

[Module][10.14.2018][Discontinued] Magisk SELinux Manager

This project has been discontinued. The final state of the module can be found at the GitHub Repo https://github.com/Jman420/magisk_selinux_manager.
Magisk SELinux Manager
A Magisk Module dedicated to the manipulation and analysis of SELinux.
Features
* Select SELinux mode to set at startup
Usage
The SELinux mode to set at startup must be specified during module installation. The SELinux mode can be selected either by specifying the mode (permissive or enforcing) in the install zip's filename (ie. magisk_selinux_manager_v1.0_permissive.zip) or using your phone's volume keys when prompted.
Disclaimer & Recommendations regarding Permissive Mode
This module should be used to enable SELinux Permissive Mode only as a last resort only if appropriate SELinux Permissions can not be generated and injected into the SELinux Policy using selinux-inject, supolicy or magiskpolicy. Putting your device into Permissive Mode will essentially disable all of the operating system level security built into Android and allow any app in any context to do whatever it wants. Actions requiring root access will still trigger your SU Manager App, but all apps have elevated privileges due to permissive mode and may be able to take malicious actions on your device without needing root access. If you find that this module fixes issues you are experiencing with an app I recommend contacting the app developer and trying to work with them to isolate the necessary SELinux Permissions and have them injected into the SELinux Policy at startup.
Here is a discussion of some of concerns to consider when running your device in Permissive Mode : https://forum.xda-developers.com/gen...risks-t3607295
GitHub Repo : https://github.com/Jman420/magisk_selinux_manager
Requirements
* SELinux enabled kernel
* Magisk v15.3+
Change Log
* v1.0.5 - Update Unity Installer Files to v1.5.4
* v1.0.4 - Update Unity Installer Files to v1.5.3
* v1.0.3 - Update Unity Installer Files to v1.5.2
* v1.0.2 - Update Unity Installer Files to v1.4.1
* v1.0.1 - Update Unity Installer Files to v1.4
* v1.0.0 - Initial Release
Special thanks!
* topjohnwu - For providing Magisk and the interesting insights that its source code gave into SELinux
* ahrion & zackptg5 - For providing the Unity Installer and Vol Key Input code
* Everyone who supported the old magisk_permissive_script module and giving me a bit of motivation to keep working on SELinux stuff
Release Distribution Plans
All Releases are available on the Magisk Module Repo. Releases will not be distributed here.
Jman420 said:
Magisk SELinux Manager
A Magisk Module dedicated to the manipulation and analysis of SELinux.
Features
* Select SELinux mode to set at startup
Usage
The SELinux mode to set at startup must be specified during module installation. The SELinux mode can be selected either by specifying the mode (permissive or enforcing) in the install zip's filename (ie. magisk_selinux_manager_v1.0_permissive.zip) or using your phone's volume keys when prompted.
Disclaimer & Recommendations regarding Permissive Mode
This module should be used to enable SELinux Permissive Mode only as a last resort only if appropriate SELinux Permissions can not be generated and injected into the SELinux Policy using selinux-inject, supolicy or magiskpolicy. Putting your device into Permissive Mode will essentially disable all of the operating system level security built into Android and allow any app in any context to do whatever it wants. Actions requiring root access will still trigger your SU Manager App, but all apps have elevated privileges due to permissive mode and may be able to take malicious actions on your device without needing root access. If you find that this module fixes issues you are experiencing with an app I recommend contacting the app developer and trying to work with them to isolate the necessary SELinux Permissions and have them injected into the SELinux Policy at startup.
Here is a discussion of some of concerns to consider when running your device in Permissive Mode : https://forum.xda-developers.com/gen...risks-t3607295
GitHub Repo : https://github.com/Jman420/magisk_selinux_manager
Requirements
* SELinux enabled kernel
* Magisk v15.3+
Change Log
* v1.0 - Initial Release
Special thanks!
* topjohnwu - For providing Magisk and the interesting insights that its source code gave into SELinux
* ahrion & zackptg5 - For providing the Unity Installer and Vol Key Input code
* Everyone who supported the old magisk_permissive_script module and giving me a bit of motivation to keep working on SELinux stuff
Release Distribution Plans
I have submitted a request to include this module in the Magisk Repo List. Once that request has been accepted the Magisk Repo List will be the ONLY source for up to date releases of the module. Until that time I will provide download links through this posting.
Click to expand...
Click to collapse
What are the differences with this zip and the old one?
dredq said:
What are the differences with this zip and the old one?
Click to expand...
Click to collapse
When installing the module you can choose if SELinux should be set to enforcing or permissive (it's written right there in the OP).
Didgeridoohan said:
When installing the module you can choose if SELinux should be set to enforcing or permissive (it's written right there in the OP).
Click to expand...
Click to collapse
Sorry. I saw that. I was wondering if there where any other differences.
dredq said:
Sorry. I saw that. I was wondering if there where any other differences.
Click to expand...
Click to collapse
Nope, if there were I'd have mentioned them.
I installed the module and set it to permissive, but when I restarted my phone now it is stuck in the boot animation. I tried uninstalling using the magisk uninstaller, but still the problem remains. Is there a way to undo the changes from Recovery? Thank you! Running lineage 14.
samplebird said:
I installed the module and set it to permissive, but when I restarted my phone now it is stuck in the boot animation. I tried uninstalling using the magisk uninstaller, but still the problem remains. Is there a way to undo the changes from Recovery? Thank you! Running lineage 14.
Click to expand...
Click to collapse
You can flash the zip again to uninstall, thanks to Unity Installer... but I don't expect that to do anything different than the Magisk Uninstall. You may need to debug your Magisk installation with Magisk Manager for Recovery (https://forum.xda-developers.com/apps/magisk/module-tool-magisk-manager-recovery-mode-t3693165).
samplebird said:
I installed the module and set it to permissive, but when I restarted my phone now it is stuck in the boot animation. I tried uninstalling using the magisk uninstaller, but still the problem remains. Is there a way to undo the changes from Recovery? Thank you! Running lineage 14.
Click to expand...
Click to collapse
Did you try installing the module again and choosing enforcing instead of permissive?
Update v1.0.1 has been released on Magisk Repo. No real functionality updates, just updated Unity Installer to latest (v1.4). See change logs for Unity Installer here : https://forum.xda-developers.com/android/software/module-audio-modification-library-t3579612
I've also migrated to using Semantic Versioning for this project (although it's probably not needed). See details here : https://semver.org/
The module doesn't seem to be part of the magisk repo yet. But v1.0.0 us working fine on my side anyway. :good:
PixelChris95 said:
The module doesn't seem to be part of the magisk repo yet. But v1.0.0 us working fine on my side anyway. :good:
Click to expand...
Click to collapse
Clear the repo cache (Manager settings) and reload the Downloads list (pull down).
Didgeridoohan said:
Clear the repo cache (Manager settings) and reload the Downloads list (pull down).
Click to expand...
Click to collapse
That did the trick. Thx!
Not working on Oreo b390 Huawei P10. SeLinunx remains on enforce:
watch this issue:
https://forum.xda-developers.com/p10/help/magisk-16-0-p10-orea-t3765921
mxn2000 said:
Not working on Oreo b390 Huawei P10. SeLinunx remains on enforce:
watch this issue:
https://forum.xda-developers.com/p10/help/magisk-16-0-p10-orea-t3765921
Click to expand...
Click to collapse
"Preserve Forced Encryption" doesn't have anything to do with SELinux. That's /data encryption...
Try running:
Code:
setenforce permissive
And if that still doesn't work, run this and use whatever options are available, or return with the result:
Code:
setenforce --help
Every time I setenforce 1 it always says Permissive after .. Even after reboot or in the Twrp terminal .. Anytime I type grtenforce it always says Permissive. What do I type in terminal emulator to access this mod? Am I missing something here?? Lol sorry - still learning.
Intelli69 said:
Every time I setenforce 1 it always says Permissive after .. Even after reboot or in the Twrp terminal .. Anytime I type grtenforce it always says Permissive. What do I type in terminal emulator to access this mod? Am I missing something here?? Lol sorry - still learning.
Click to expand...
Click to collapse
You don't have to do anything after installing the module. At installation your choose enforcing or permissive, and then that's what the module will set at each boot.
OK I thought that was it! Thanks!
so should use this one or old version?
or it is still the same function?
does this work on samsung?
lawong said:
does this work on samsung?
Click to expand...
Click to collapse
Yup, as long as you have magisk.

[MODULE] Debugging modules: ADB Root, SELinux Permissive, Enable Eng

These modules are not meant for everyday use. They are intended for debugging and modification of a firmware. They significantly lower security of your device while active and even could softbrick it. You've been warned.
ADB Root
Magisk Module that allows you to run "adb root". adb root is not an ordinary root (su), it's adbd daemon running on your phone with root rights. adb root allows you to "adb push/pull" to system directories and run such commands as "adb remount" or "adb disable-verify".
Download v1.0: https://github.com/evdenis/adb_root/releases/download/v1.0/adb_root.zip
Source code: https://github.com/evdenis/adb_root
Support: Telegram
SELinux Permissive
This module switches SELinux to permissive mode during boot process. This module intentionally lowers security settings of your phone. Please don't use it if there is a better solution to your problem, e.g., magiskpolicy. The module will not work if your kernel compiled with always enforcing config, e.g., stock samsung kernels. It's not possible to enable permissive mode on such kernels.
Download v2.0: https://github.com/evdenis/selinux_permissive/releases/download/v2.0/selinux_permissive_v2.0.zip
Source code: https://github.com/evdenis/selinux_permissive
Support: Telegram
Enable Eng
This Magisk Module enables engineering build props. It allows to activate debugging parts of a firmware. Please, disable Magisk Hide for this module. If you don't know what you are doing, don't use this module. It can easily softbrick your device.
Troubleshooting
If your device doesn't boot then you need to reboot to TWRP recovery and
Code:
$ adb shell rm -fr /data/adb/modules/enable_eng
If ADB doesn't work that means adbd in your firmware is build without ALLOW_ADBD_ROOT. You can fix adb autostart either by installing "ADB Root" magisk module or by disabling this module.
Download v1.0: https://github.com/evdenis/enable_eng/releases/download/v1.0/enable_eng.zip
Source code: https://github.com/evdenis/enable_eng
Support: Telegram
Kexec tools for Android
This module adds statically linked kexec binary to your system. Aarch64 only. Kexec is a system call that enables you to load and boot into another kernel from the currently running kernel. Your kernel should support kexec.
Download v1.0: https://github.com/evdenis/kexec/releases/download/v1.0/kexec.zip
Source code: https://github.com/evdenis/kexec
Support: Telegram
GDISK/Parted for Android
The module adds statically linked parted/sfdisk/fdisk/gdisk binaries to your system. Aarch64 only. These utils are standard linux tools to edit the partitions tables on disks.
Download v2.0: https://github.com/evdenis/disk/releases/download/v2.0/disk-v2.0.zip
Source code: https://github.com/evdenis/disk
Support: Telegram
Is also valid for One Plus 5 ?
Inviato dal mio ONEPLUS A5000 utilizzando Tapatalk
tmviet said:
Is also valid for One Plus 5 ?
Click to expand...
Click to collapse
Hi, these magisk modules are device independent. Yes, you can use them on One Plus 5.
evdenis said:
Hi, these magisk modules are device independent. Yes, you can use them on One Plus 5.
Click to expand...
Click to collapse
Tks. A lot [emoji6]
Inviato dal mio ONEPLUS A5000 utilizzando Tapatalk
Thanks @evdenis, this module is great! I haven't gotten the 100% desired behavior (getting adbd with actual root perms) because I'm running a 32-bit architecture (armeabi-v7a) and you've supplied only the 64-bit version of adbd, but I've been using your module to swap out 32-bit versions of different versions of adbd I have lying around (older devices). I'm a n00b when it comes to building adbd from scratch using the latest sources with your patch so I'm planning on using the adbd that came with the device and using a disassembler and a hexeditor to NOP out some calls, such as the call to minijail_enter() and see if I have any success. The original device version of adbd doesn't seem to have the functions in it that you built with the patch, but instead appears to use a bunch of minijail library functions. The device is a rooted android 8.1.0 OS, but it is only rooted systemlessly so many of the ro.* build properties affecting adb are changed well after the OS-essential portion boots rendering my efforts thus-far using the original adbd ineffective I'm guessing. I can now issue the "adb root" command from my machine, but adbd on the device is always being launched with the following command line arg "--root_seclabel=u:r:su:s0" and never gains root permissions by default (the behavior I'm trying to achieve). I can manually use "su" but this doesn't help me with push/pull requests to protected parts of the OS and chainfire's "ADB Insecure" patches adbd successfully, but I still don't get the root perms.
Do you know if the system is starting the process with reduced permissions (i.e. adbd will never be able to gain root access on its own no matter what I modify) and I should go a different route like modifying something else in the system rather than adbd? Again, I've already modified the ro.* properties affecting adbd so it does attempt to re-launch itself as root, it just doesn't end up getting the root perms. Manually launching adbd after killing it from within a shell on the device doesn't seem to affect the permissions in ultimately gets.
If you are anyone has any insight as to what I need to do so that adbd gains root permission, that would be much appreciated.
bpaxda said:
I'm planning on using the adbd that came with the device and using a disassembler and a hexeditor to NOP out some calls, such as the call to minijail_enter() and see if I have any success.
Click to expand...
Click to collapse
It was my initial attempt to gain "adb root" on samsung s10. And noping a couple of calls is not enough on the phone. adbd binary on your device could be compiled without "adb root" branch. This is the case on samsung s10. If "adb root" branch exists one need to force should_drop_privileges() function to return false (https://android.googlesource.com/platform/system/core/+/refs/heads/master/adb/daemon/main.cpp#65) in order to get into the "adb root" branch of code (https://android.googlesource.com/platform/system/core/+/refs/heads/master/adb/daemon/main.cpp#151).
bpaxda said:
ro.* build properties affecting adb are changed well after the OS-essential portion boots rendering my efforts thus-far using the original adbd ineffective I'm guessing.
Click to expand...
Click to collapse
You could try enable_eng magisk module (https://github.com/evdenis/enable_eng). The module changes ro.* props to engineering build props. Depending on a firmware this could help to get "adb root". However, no guaranties that the module will not softbrick your device. In case of softbrick you will need to reboot to TWRP and delete the module, instruction is in the README.md.
bpaxda said:
I can now issue the "adb root" command from my machine, but adbd on the device is always being launched with the following command line arg "--root_seclabel=u:r:su:s0" and never gains root permissions by default (the behavior I'm trying to achieve).
Click to expand...
Click to collapse
Try to disable SELinux either with the magisk module or with a script.
Thanks for your response.
I think you're right. Despite having adjusted the ro properties post-boot, there was nothing in ADB that would change the privileges as if it has been compiled out. By sheer luck, I managed to grab adbd from an identical device that had a recent forced firmware update, but the "improved adbd" actually let me get closer. The updated adbd had code changes to its adbd_main function so that it at least looks at the properties "ro.secure" and "service.adb.root" not to mention new calls to minijail_capbset_drop(), minijail_change_gid() and minijail_change_uid(). Using magisk to dynamically replace my original adbd binary with this updated one actually worked in getting adbd to start root shells without needing to invoke "su"!
However its a weird type of root that can't read certain files like /verity_key but I can see some things I should be able to see as root. I'm no SELinux expert, but my guess is that if everything is functioning correctly, I may be getting an SELinux "restricted" root. In this case, it might be the most I can expect from an SELinux enabled kernel launching adbd as root. Let me explain: since I'm using Magisk, post-boot systemlessly, (the system boots restricted and then I use the mtk_su exploit, to gain root and disable permissive SELinux mode), I'm getting permissive root on a session by session basis. I think the nature of this type of root means the kernel is probably still locked down and thus whatever daemon may be responsible for launching adbd remains locked down. Does this sound correct to you? If so, I can live with that
I'd love to get TWRP on this device, but I'm not sure its possible since TWRP doesn't list my device as supported on their website nor can I get into fastboot mode (I didn't try that hard because I wanted to exhaust other options before flashing anything). Do you think enable_eng would work *after* the ACTION_BOOT_COMPLETE event is processed? I.e. my device is rooted after bootup by a script which runs the exploit, but it is well after the system is fully running and locked-down. Luckily Magisk has a utility to change ro properties, but some of those properties are not looked-at by the system this late in the boot stage. Do you think in this case "enable_eng" would work for me? Thanks again!
bpaxda said:
Let me explain: since I'm using Magisk, post-boot systemlessly, (the system boots restricted and then I use the mtk_su exploit, to gain root and disable permissive SELinux mode), I'm getting permissive root on a session by session basis.
Click to expand...
Click to collapse
I'm not sure that my modules will work with this rooting scenario. As far as I could understand, magisk by default replaces the init process, patches selinux policy before it is loaded and next, calls the original init binary. I don't think that it will be possible to alter selinux policy with different boot scenario for magisk.
bpaxda said:
Do you think enable_eng would work *after* the ACTION_BOOT_COMPLETE event is processed? I.e. my device is rooted after bootup by a script which runs the exploit, but it is well after the system is fully running and locked-down. Luckily Magisk has a utility to change ro properties, but some of those properties are not looked-at by the system this late in the boot stage. Do you think in this case "enable_eng" would work for me?
Click to expand...
Click to collapse
I'm not sure that enable_eng will work. adbd daemon check some properties such as ro.secure dynamically, but they could be cached after the boot. I don't know the ways to drop the cache and re-read these properties (altered with magisk) after the boot. Here are the main properties the modules changes https://github.com/evdenis/enable_eng/blob/master/system.prop
Thanks for making this tool! I'm just wondering if I need to modify my adb to use the module - I run "adb root" normally and get "adbd cannot run as root in production builds" still
Anyone know why when i install SELinux Permissive version 2.0 of the module it still states version 1 in Magisk?
I flashed this in Magisk and rebooted. Now my phone is stuck in a boot loop. Any ideas? I'm using Sony Xperia XZ1 compact.
cheeklitched said:
I flashed this in Magisk and rebooted. Now my phone is stuck in a boot loop. Any ideas? I'm using Sony Xperia XZ1 compact.
Click to expand...
Click to collapse
If you have twrp installed just uninstall and reinstall magisk.
Otherwise,
Boot to bootloader and flash your boot.img file
Code:
fastboot flash boot boot.img
Then let phone boot. Reboot to bootloader again. Flash magisk_patched.img
Code:
fastboot flash boot magisk_patched.img
During startup, as soon as you get to the Google logo, hold the volume button down. This should start the phone in safe mode. See if it loads. If not, reboot phone, and execute this in terminal/command prompt:
Code:
adb wait-for-device shell magisk --remove-modules
This should allow the phone to start up all the way. Enable whatever modules you want. You may need to flash magisk_patched.img again.
This has fixed multiple problems for me. It's redundant, but it tends to work.
I installed the Magisk selinux script, but after installing it no longer shows in Magisk, so how do I dissable/undo/uninstall the script? I installed a Selinux checker and it says it is on permissive, so the scrip must have installed, but I want to remove it. Is there an undo script, or can I manually delete the script in my root filesystem? THX
Hello guys
I used Redmi K20 pro with Eu rom 10.4, android 10.
I used the lastest version of this module but my devices was not found on ADB system on my computer.
So what I do now? I tried to fix it but I cannot find anything about it.
Recently, setting SElinux to permissive is not advised. I had a issue with V4A setting my SElinux to permissive permenantly, but editing the magisk module to set SElinux to enforcing instead of permissive also works.
This is probs the only module that actually sets SElinux properly.
Here's the modded magisk module with the same credited creator, but just sets SElinux to Enforcing instead of permissive
OMFG I THINK THIS IS WHAT IVE BEEN LOOKING FOR. TEH HOLY GRAILLLLL OMGOMGOMG THANK YOU THANK YOU THANK YOUUUUU
Will ADB Root work for Android 8.1?
evdenis said:
These modules are not meant for everyday use. They are intended for debugging and modification of a firmware. They significantly lower security of your device while active and even could softbrick it. You've been warned.
ADB Root
Magisk Module that allows you to run "adb root". adb root is not an ordinary root (su), it's adbd daemon running on your phone with root rights. adb root allows you to "adb push/pull" to system directories and run such commands as "adb remount" or "adb disable-verify".
Download v1.0: https://github.com/evdenis/adb_root/releases/download/v1.0/adb_root.zip
Source code: https://github.com/evdenis/adb_root
Support: Telegram
SELinux Permissive
This module switches SELinux to permissive mode during boot process. This module intentionally lowers security settings of your phone. Please don't use it if there is a better solution to your problem, e.g., magiskpolicy. The module will not work if your kernel compiled with always enforcing config, e.g., stock samsung kernels. It's not possible to enable permissive mode on such kernels.
Download v2.0: https://github.com/evdenis/selinux_permissive/releases/download/v2.0/selinux_permissive_v2.0.zip
Source code: https://github.com/evdenis/selinux_permissive
Support: Telegram
Enable Eng
This Magisk Module enables engineering build props. It allows to activate debugging parts of a firmware. Please, disable Magisk Hide for this module. If you don't know what you are doing, don't use this module. It can easily softbrick your device.
Troubleshooting
If your device doesn't boot then you need to reboot to TWRP recovery and
Code:
$ adb shell rm -fr /data/adb/modules/enable_eng
If ADB doesn't work that means adbd in your firmware is build without ALLOW_ADBD_ROOT. You can fix adb autostart either by installing "ADB Root" magisk module or by disabling this module.
Download v1.0: https://github.com/evdenis/enable_eng/releases/download/v1.0/enable_eng.zip
Source code: https://github.com/evdenis/enable_eng
Support: Telegram
Kexec tools for Android
This module adds statically linked kexec binary to your system. Aarch64 only. Kexec is a system call that enables you to load and boot into another kernel from the currently running kernel. Your kernel should support kexec.
Download v1.0: https://github.com/evdenis/kexec/releases/download/v1.0/kexec.zip
Source code: https://github.com/evdenis/kexec
Support: Telegram
GDISK/Parted for Android
The module adds statically linked parted/sfdisk/fdisk/gdisk binaries to your system. Aarch64 only. These utils are standard linux tools to edit the partitions tables on disks.
Download v2.0: https://github.com/evdenis/disk/releases/download/v2.0/disk-v2.0.zip
Source code: https://github.com/evdenis/disk
Support: Telegram
Click to expand...
Click to collapse
how can i make permissive enfocing because in 2022 i heard thats a BIG security risk and my custom ROM (havoc os) if selinux permissive

Categories

Resources