Currently there are several custom roms available for Yureka Black ranging from noughat to android pie. But the roms with android versions Oreo and Pie run permissive SeLinux ( even the official roms in yuforums ). Switching to enforcing mode on these roms usually breaks the camera or the fingerprint . So are there any other custom roms available that have SeLinux enforcing by default?
Brainyboy said:
Currently there are several custom roms available for Yureka Black ranging from noughat to android pie. But the roms with android versions Oreo and Pie run permissive SeLinux ( even the official roms in yuforums ). Switching to enforcing mode on these roms usually breaks the camera or the fingerprint . So are there any other custom roms available that have SeLinux enforcing by default?
Click to expand...
Click to collapse
Probably not, enforcing mode gets in the way of a lot of things when it comes to custom ROMs and using root, permissive mode is required for certain modifications incorporated in custom ROMs.
Using stock firmware or manually switching to enforcing in your custom ROMs might be your only options.
Sent from my LGL84VL using Tapatalk
Droidriven said:
Probably not, enforcing mode gets in the way of a lot of things when it comes to custom ROMs and using root, permissive mode is required for certain modifications incorporated in custom ROMs.
Using stock firmware or manually switching to enforcing in your custom ROMs might be your only options.
Click to expand...
Click to collapse
But isn't permissive SeLinux less secure than a rooted device with enforcing SeLinux? Is permissive SeLinux still insecure even if the ROM has latest security patches?
Brainyboy said:
But isn't permissive SeLinux less secure than a rooted device with enforcing SeLinux? Is permissive SeLinux still insecure even if the ROM has latest security patches?
Click to expand...
Click to collapse
Certain mods require permissive mode, plain and simple, otherwise, the mods won't work.
The reason why custom ROMs use permissive has more to do with allowing software features and functionality to work than it does with how secure the device is or isn't.
Sent from my LGL84VL using Tapatalk
@Brainyboy, to add to what @Droidriven had already stated...
The following post explains why so many of the recent Custom Firmwares for the newer Android versions has been provided in a Permanent Permissive Mode...
https://forum.xda-developers.com/showthread.php?p=78054819
Good Luck & Enjoy!
~~~~~~~~~~~~~~~
UNLESS asked to do so, PLEASE don't PM me regarding support. Sent using The ClaRetoX Forum App on my SM-G900T device.
There are 69 ROMs with SELinux Enforcing now...
hi,how set selinux permissive on snapdragon version
android 10 magisk
all scripts not working
please help
Mine just switched to Enforcing as well in Q on my G9750 after talking with ATT customer service. I'm pretty sure the kernel was not enforcing earlier.
Hi i have a S20FE 5G rooted i want to know how to change the selinux plz
WETA Kernel SM-G998U/U1/0 Snapdragon only
*** This will only work on Snapdragon devices with an unlocked bootloader..
SM-G998U/U1 - SM-G9980
Telegram thread at bottom of this post
See post #2 for install steps
Changelog...
R5.02
Telegram thread merged into N20.S20 group, check new links.
Upstreamed to 5.4.127
all modules now inlined, no need for magisk helper module.
added wireguard
Power usage tweaks
More
R4.04
Upstreamed to 5.4.123
R4.03
Upstreamed to 5.4.122
R4.02
Upstreamed to 5.4.121
R4.01
Upstreamed to 5.4.120
R4
Testing phase complete
Upstreamed to 5.4.119
R3
Rebased off UAG source code
R2
Upstreamed to 5.4.118
Fixed Torch/Flash
R1
built using CU8 kernel source
Upstreamed to 5.4.117
Fully permissive
KNOX disabled
Wireguard
Misc debugging disabled
Kernel Downloads
Telegram thread
--------------------->
Beer fund
XDA:DevDB Information
Kernel for the Samsung Galaxy S21 Ultra
Contributors
Mentalmuso, mentalmuso
Source Code: - Kernel Source
Kernel Special Features:
Version Information
Status: Stable
Current Stable Version: R1
Created 2021-05-10
Last Updated 2020-05-10
*** Be aware, there may be a need to wipe data if you desire to go back to stock kernel, my suggestion is to backup your stock BOOT partition and DATA before flashing. This way you can return to your original setup easily. It is unknown at this stage what data is causing an issue going back to stock. If you find it, be sure to share.
* You must have bootloader unlocked and rooted your device with Magisk before flashing this kernel. Magisk is essential for camera and wacom.
* Boot times are approx 60-75sec at the moment, itll sit on the yellow triangle splash for approx 60sec and the bootanimation for 5sec.
* When flashing this kernel, an AnyKernel helper module is installed. This is a Magisk Module that is essential for the operation of Camera and Wacom. Removal of this module while running this kernel will break camera and spen.
* Kernel zip labels have either a P or E in them, P=Fully Permissive, E=Enforcing (switchable)
To install
download and flash the kernel installer zip in TWRP or any custom recovery
--->
mine 2
Amazing to see some development, i thought this phone thread was gonna be dev dead
I am a little surprised myself.
Status update
I have found a couple of bugs I'm working on, #1 camera module only loads on permissive version of kernel, #2 the flash doesn't work, #3 random reboots maybe 4-5 times a day.
Working on having a stable R2 this week.
Edit: so it seems the hourly bootloop happens on stock kernel for me also. So it isn't an issue with this kernel. Though I do need to fix the flash
WETA Kernel R2
Upstreamed to 5.4.118
Fixed Torch/Flash
--->
WETA Kernel R3
Starting from scratch with different source code. It seemed there were problems booting for most. The new test kernels have been successful.
This is a basic start, with the intention of upstreaming and testing along the way.
--->
WETA Kernel R4
Upstreamed to 5.4.119
* Testing was successful with the different source code kernel
* Remember you MUST have magisk installed Pryor to flashing this kernel, this kernel needs it's ak3-helper magisk module for camera operation.
--->
I have used your Kernels in the past for other devices, really loved them. Was wondering if you plan to make a custom kernel for the s21 ultra Exynos in the future ?
Excuse my ignorance but please elaborate on "knox disabled"? I have unlocked bootloader/magisk and knox is already disabled as far as I know. Would this mod to the kernel allow me to use knox locked features that have been lost, eg biometric security for some apps? Thank you for your work, look forward to trying it out
dsdavis6 said:
Excuse my ignorance but please elaborate on "knox disabled"? I have unlocked bootloader/magisk and knox is already disabled as far as I know. Would this mod to the kernel allow me to use knox locked features that have been lost, eg biometric security for some apps? Thank you for your work, look forward to trying it out
Click to expand...
Click to collapse
Kernel based Knox ncm is disabled, it has nothing to do with your "Knox fuse" which is blown when your bootloader is unlocked.
paul_cherma said:
I have used your Kernels in the past for other devices, really loved them. Was wondering if you plan to make a custom kernel for the s21 ultra Exynos in the future ?
Click to expand...
Click to collapse
I don't plan on building anything for devices I don't hold in my hand. Reliable testing is hard otherwise
WETA Kernel 4.02
Upstreamed to 5.4.121
--->
Just a note regarding boot times, I can achieve a 35sec boot time, though in doing so it breaks double tap to wake, and fingerprints. I won't release a version with those broken items.
WETA Kernel 4.03
Upstreamed to 5.4.122
--->
WETA Kernel 4.04
Upstreamed to 5.4.123
--->
Hi,
I am a noob and from India.
Recently I built lineage os 16 rom for my device Redmi 4x.
I started doing it to support latest security updates. I was able to boot the ROM and its working decently and have not encountered any major bugs yet.
I have used the source from lineage git. Same for kernel and device blobs.
Now my banking apps do not work and report that the device is root even when its not. SELinux is set to enforcing.
It used to work previously with last official lineage 16 built for device.
Is this beacuse of the ROM file being signed with public keys?
What can I do to fix this?