First, the details:
Phone: Samsung Galaxy S7 Sprint - Eng boot image flashed - Bootloader v4
The problem:
I have a script that I can hijack at boot, using the eng boot image allows me to have a root adb shell. I can place all necessary files needed for root and have done so. I can chcon the root files to match what they need to be.
I add the following to the boot script that the kernel runs:
Code:
./system/xbin/supolicy --live --sdk=26 > /dev/kmsg 2>&1 <---- This is where the errors happen.
./system/xbin/daemonsu --auto-daemon&
Everything runs but supolicy cannot open the target file. I know it exists because of the output from ls -l
I also know I am a root user in the script due to whoami returning root.
Code:
[ 82.936270] WHOAMI
[ 83.009546] ss_platform_log: [email protected]: Data SVC is acquired
[ 83.215499] root
[ 83.860941] -r--r--r-- 1 0 0 0 Jan 1 1970 /sys/fs/selinux/policy
[ 83.947108] supolicy v2.82 (ndk:arm64-v8a) - Copyright (C) 2014-2017 - Chainfire & CCMT\x0a
[ 83.947856] File [/sys/fs/selinux/policy] does not exist!
I can successfully use the adb shell with root access to execute supolicy and it works. So I have no idea what is going on. My only guess is selinux is preventing supolicy from accessing the file. But I thought changing contexts with chcon would fix that? EDIT: Current context of the hijacked script at boot: context=u:r:qti_init_shell:s0
If anyone can give me pointers, I sure would love that.
PS: I know I can root with the eng boot, but my attempt is to have supolicy working so I can flash the original boot img back due to eng boot consuming abhorrent amounts of ram. I also want stock kernel with supolicy working to allow viper4android to run.
elesbb said:
First, the details: Phone: Samsung Galaxy S7 Sprint - Eng boot image flashed - Bootloader v4..........
Click to expand...
Click to collapse
It looks like you may just need a Custom Kernel that's SEAndroid Capable which allows for the Sepolicy to be freely changed.
I don't have this device nor this Kernel but, it looks like the following thread may be helpful for what you need.
Note the phrase on the OP "Set SELinux to Permissive or Enforcing". Don't be afraid to ask for some member guidance within it.
https://forum.xda-developers.com/showthread.php?t=3462897
Good Luck!
~~~~~~~~~~~~~~~
UNLESS asked to do so, PLEASE don't PM me regarding support. Sent using The ClaRetoX Forum App on my Enigma Machine {aenigma = Latin for "Riddle"}.
Ibuprophen said:
It looks like you may just need a Custom Kernel that's SEAndroid Capable which allows for the Sepolicy to be freely changed.
I don't have this device nor this Kernel but, it looks like the following thread may be helpful for what you need.
Note the phrase on the OP "Set SELinux to Permissive or Enforcing". Don't be afraid to ask for some member guidance within it.
https://forum.xda-developers.com/showthread.php?t=3462897
Good Luck!
~~~~~~~~~~~~~~~
UNLESS asked to do so, PLEASE don't PM me regarding support. Sent using The ClaRetoX Forum App on my Enigma Machine {aenigma = Latin for "Riddle"}.
Click to expand...
Click to collapse
Hey! Thanks for the reply. Sadly I am on Sprint with the Sprint variant S7. This has a locked boot loader and I cannot use custom kernels. If so, I would have zero issues with root or selinux lol.
But, I did figure out it IS the context that the script I am hijacking is using that prevents the supolicy from finding the necessary file for patching. So, either I need to find another script, or I need to give up :crying:
elesbb said:
Hey! Thanks for the reply. Sadly I am on Sprint with the Sprint variant S7..........
Click to expand...
Click to collapse
I can't state anything that's device specific but, your situation is pretty much "in general terms" that applies to many/most devices in regards to what your trying to do.
The unfortunate situation you're in regarding the Locked Bootloader and such does prevent the ability for what your trying to do.
It's one thing to manually change to and from Enforcing and Permissive...
It's another thing for the ability to access the devices SEAndroid Policy freely in a type of "R/W Permission" (Modifiable) way.
Currently you are able to Change the SELinux State but, this is only a Temporary Change since it'll immediately default back when your device has rebooted.
As of right now, to my knowledge, you can't do what you are looking to do (unless there's something I'm missing or don't know about) but, you seem to have been pretty clear with the information that you had provided.
I hope that I had explained this okay via text...
Sorry for the bad news...
I do wish you the best of luck!
~~~~~~~~~~~~~~~
UNLESS asked to do so, PLEASE don't PM me regarding support. Sent using The ClaRetoX Forum App on my Enigma Machine {aenigma = Latin for "Riddle"}.
Hi,
try to switch selinux in permissive mode before you run your script.
So , you can log all the Selinux denied.
I backed up the OOS 9.0.5 Android Pie via TWRP 3.3.1, but I failed to restore it, about 10% of recovery process, extractTarFork() process ended with ERROR: 255 prompted out. I have searched for possible solutions but in vain, I already wiped the system before restoring, so there wasn't any user 999 exists. Any idea to fix the recovery issue?
mkcs said:
I backed up the OOS 9.0.5 Android Pie via TWRP 3.3.1, but I failed to restore it, about 10% of recovery process, extractTarFork() process ended with ERROR: 255 prompted out. I have searched for possible solutions but in vain, I already wiped the system before restoring, so there wasn't any user 999 exists. Any idea to fix the recovery issue?
Click to expand...
Click to collapse
Don't double post. Answered in your q&a post.
Sent from my OnePlus 3T using XDA Labs
mkcs said:
I backed up the OOS 9.0.5 Android Pie via TWRP 3.3.1, but I failed to restore it, about 10% of recovery process, extractTarFork() process ended with ERROR: 255 prompted out. I have searched for possible solutions but in vain, I already wiped the system before restoring, so there wasn't any user 999 exists. Any idea to fix the recovery issue?
Click to expand...
Click to collapse
THREAD CLOSED as duplicate of https://forum.xda-developers.com/oneplus-3t/help/twrp-restore-extracttarfork-process-t3986011
Despite of closure moved to Q&A as the thread doesn't belong into "Guides etc."!
XDA Forum Rules (excerpt):
...
5. Create a thread topic or post a message only once, this includes external links & streaming media.
As a large forum, we don't need unnecessary clutter. You're free to edit your message as you like, so if you do not receive an answer, revisit your message and see if you can describe your problem better. Not everyone is online at the same time so it might take a while before you receive an answer.
You can bump your unanswered question once every 24 hours
Duplicate threads and posts will be removed
Always post in an existing thread if a topic already exists, before creating a new thread.
...
15. Keep threads / posts on-topic
Whilst a minor amount of off-topic posting may be overlooked, the general rule is that your posts / threads must be relevant to the Forum / thread in which you are posting.
General Forums - For news and announcements relating to your device.
Q&A Help & Troubleshooting Forums - For all question / request threads and posts. If there is no Q&A Help & Troubleshooting forum, use the General Forum of the relevant device
Accessories Forum - For posts related to accessories relevant to the device
Development Forums (ones with the word development in the title) - For Developers to post release threads e.g. ROMs and Kernels including modifications to kernels, bootloaders, ROMs, etc., as well as R&D development discussion threads designed with an end goal
Themes and Apps Forums - For the posting of Themes and / or Apps as well as announcements & discussions including modifications made to Themes and Apps.
...
Click to expand...
Click to collapse
This is the spot for the General Support Discussion of Magisk Alpha "Public Released" fork created by @vvb2060.
Disclaimer: This Magisk Alpha fork is not supported by @topjohnwu and is not an official channel for him. Use at your own risk.
Important : This Magisk Alpha thread was created to share information about Magisk Alpha Public Releases with XDA members that do not use telegram.
If Magisk Alpha doesn't work for you try one of the other versions of Magisk (See Useful links below).
How to install Magisk Alpha?
Magisk Alpha is installed and uninstalled through the Magisk application (App). Generally, it should be done directly in the application. In special cases such as the first installation, the image should be patched and then flashed using the fastboot/odin tool. By customizing Recovery is not a supported way.
Detailed Instructions for the first installation of Magisk Alpha on Google™ Pixel™ phones.
Note: These Instructions may not apply to all Google™ Pixel™ Phones.
If you have another version of Magisk (Beta/Stable [Forks - Cygisk/Delta] Stable) installed:
Open the Magisk Manager app and disable/remove all Magisk modules. If you hid the Magisk manager app the default name for the hidden Magisk app is settings.
If you gave it a different name and you've forgotten the name. Use TB checker to find the name of the hidden Magisk Manager. You can also use TB Checker to check if you have more than one Magisk Manager app installed.
Uninstall Magisk
Extract boot/init_boot.img from Factory Image
Download the latest Factory image to your phone.
Extract the Factory Image file (aaaaaaa-a9a9a.999999.999-factory-99a9a99a.zip) to a folder.
Open the folder you extracted the Factory image to and, extract the Image file (image-aaaaaaa-aa9a.999999.999.zip) into the folder. The, stock, boot/init_boot.img file will be in this folder.
Patch the boot/init_boot.img.
Download Magisk Alpha (app-release.apk)
Install the Magisk Alpha App
Open Magisk Alpha App
Tap Install (next to Magisk)
Tap, Select and Patch a File
Navigate to the folder that you extracted the Stock boot/init_boot.img to and select it.
Tap the ✓ (Check Mark)
Tap Let's Go
When you see done, the boot/init_boot.img has been patched (magisk_patched_xxxxxx.img), and stored in the download folder.
Reboot
Move the patched boot/init_boot.img file to your computer's Platform-tools folder or the folder that has fastboot.exe in it:
Copy it to a USB drive and transfer it to your computer.
Move it to your computer using adb push
Boot fastboot mode
Connect the phone to the Computer with USB cord.
Open a Command Prompt in the folder you copied the patched boot.img to.
Type fastboot flash boot --slot all "name of patched boot".img or fastboot flash init_boot --slot all "name of patched boot".img without the quotation marks at the Prompt and press enter.
When it finishes installing the patched boot.img or init_boot.img, type fastboot reboot at the Prompt and press enter.
Important Notes:If your phone boot loops try one of the following options:
Flash the 'stock' boot/init_boot.img to both slots: fastboot flash boot/init_boot --slot all boot/init_boot.img
Boot Safe Mode - Keep Pressing the Power Off button until you see boot Safe Mode ==> Press Ok.
"...make a 100% clean install of ANY Magisk version or fork without PC or TWRP."
Magisk General Support / Discussion
This is the place for general support and discussion regarding "Public Releases", which includes both stable and beta releases. All information, including troubleshoot guides and notes, are in the Announcement Thread
forum.xda-developers.com
Useful Links
Androidacy Module Manager
Androidacy Module Manager - Releases
Androidacy Download Center
Magisk Alpha 26101 - 12 Apr (Pubic release)
https://github.com/vvb2060/magisk_files/find/alpha/
Tap app-release.apk
Tap the 3 dot menu across from 10.9 MB
Tap Download
Magisk Beta 26.1 - 11 Apr
Magisk Canary 26103 - 23 Jun
https://github.com/topjohnwu/magisk-files/blob/5b2934603f979d7133e67bbc30c6ce3fa0d8e31e/notes.md/
Tap the 3 dot menu across from 5b2934603f
Tap Go to file
Tap app-release.apk
Tap the 3 dot menu across from 10.9 MB
Tap Download
Magisk Cygisk - Click Pages 5 for installation Instructions.
Magisk Delta
Magisk Stable 26.1 - 11 Apr
Magisk Documentation
Fox's Magisk Module Manager
Fox's Magisk Module Manager - Releases
LSPosed Framework
LSPosed - Releases
LSPosed - Shamiko Releases
kdrag0n Safetynet Fix -Releases
If Kdrag0n Safety Net Fix doesn't work for you try Displax's SafetyNet Fix, a "fork" of kdrag0n safetynet-fix.
alpha changelog
Magisk (98874be1-alpha)
- [App] Delete backup file after restoring boot image
- [App] Built-in current version update log
- [General] no longer automatically unlock device blocks
- [App] Compatible with Android 12L
- [App] Added crash statistics
- [App] Allow loading zygisk modules
- [General] Signature Verification
- [MagiskInit] Fix Android 8.0-9 not installed after booting
How to install?
Magisk is installed and uninstalled through the Magisk application. Generally, it should be done directly in the application. In special cases such as the first installation, the image should be patched and then flashed using the fastboot/odin tool. By customizing Recovery is not a supported way.
Upstream changelog
Magisk (704f9154) (24305)
- [App] [MagiskSU] Properly support apps using shared UID
- [Zygisk] Fix function hooking on devices running Android 12 with old kernels
- [BusyBox] Add workaround for devices running old kernels
Diffs to v24.3
- [MagiskInit] Update 2SI implementation, significantly increase device compatibility (e.g. Sony Xperia devices)
- [MagiskInit] Introduce new `sepolicy` injection mechanism
- [App] [MagiskSU] Properly support apps using shared UID
- [Zygisk] Fix function hooking on devices running Android 12 with old kernels
- [BusyBox] Add workaround for devices running old kernels
The author of Magisk Alpha is extremely untrustworthy. It is highly recommended to use the official version.
imma add my 5 cents worth, fwiw
magisk alpha was a good and useful fork (along with custom) after TopJohnWu announced he was removing magiskhide in line with his job at Google and people lost their collective shizz, even though common sense should have told them this was needed and sane. Many of us appreciated the hard work of the alpha and custom devs, but at some point, as announced again by TJW, other hiding methods would come to fruition. And they have. Not to in anyway to devalue the contribution of alpha and custom devs, but there was always goign to be a point where mainstream magisk/magisk canary was going consolidate the attention and focus of the userbase and senior members here long into magisk, again. i for one dont miss testing/switching between 4 different forks anymore. magisk alpha was my chosen fork for a long time
Magisk Alpha is fine to use as long as you understand its shoehorning in things removed from the mainstream magisk, and that was certainly appreciated at times, but those could cease to work, introduce issues not present in mainstream magisk leading to people expecting support from the main magisk threads where it would make life harder for those trying to answer questions. so temper your expectations those of you who choose to use.
For my 5 cents, id recommend using mainstream magisk, unless you have an edge case where it doesnt work, at which point ordinarily, one would file on issue on github
As for the alpha devs personality, ill admit, it could be variable at times
73sydney said:
As for the alpha devs personality, ill admit, it could be variable at times
Click to expand...
Click to collapse
Like the weather? ... But I like you fine too mate... Like the weather...
The real question re. personality here is 'Are you a maverick?'... If not, stick to official Magisk... PW
Homeboy76 said:
This thread is for Magisk alpha users: Support
Hopefully, @pndwal and others with much more knowledge of Magisk alpha ,than I, will share their knowledge with us.
Click to expand...
Click to collapse
Prolly don't qualify then; not a user! PW
mlgmxyysd said:
The author of Magisk Alpha is extremely untrustworthy. It is highly recommended to use the official version.
Click to expand...
Click to collapse
To be very honest: I hate this childish behavior of developers bashing developers.
I love both your work and the work of the LSposed developers and I have donated to both of you. Just because developers could document / announce better there's no need to move against each other.
The reason why I use Alpha is exactly, because of the removal of MagiskHide and John's involvement with Google. imho that's just gonna hurt Magisk in the end.
And your words also mean basically stay away of Shamiko. That's not gonna happen. Unfortunately Google went down that rabbithole against rooting, etc., which is why I'm still very unsure whether I even keep rooting my phones from now on...
dr4go said:
And your words also mean basically stay away of Shamiko
Click to expand...
Click to collapse
You missed the point that alpha is a personal fork, Shamiko is a team of dev work (LSPosed team), alpha's author is one of them, don't scramble between them.
pndwal said:
Prolly don't qualify then; not a user! PW
Click to expand...
Click to collapse
Any help with Magisk alpha is greatly appreciated.
For all intents and purposes, once you enable zygisk thereby removing Magisk Hide functionality, the Alpha fork is the same as the official build.
But with one key difference.
The app and package name are different, so no need to hide it. Or for that matter remember to unhide it before an update "just in case"
This is why I use it.
dr4go said:
To be very honest: I hate this childish behavior of developers bashing developers.
I love both your work and the work of the LSposed developers and I have donated to both of you. Just because developers could document / announce better there's no need to move against each other.
Click to expand...
Click to collapse
dr4go said:
The reason why I use Alpha is exactly, because of the removal of MagiskHide and John's involvement with Google. imho that's just gonna hurt Magisk in the end.
Click to expand...
Click to collapse
Disagree. However, isn't MagiskHide gone from alpha now?
dr4go said:
And your words also mean basically stay away of Shamiko. That's not gonna happen. Unfortunately Google went down that rabbithole against rooting, etc.,
Click to expand...
Click to collapse
When? What? Where?... Think you're a bit confused... But you wouldn't be the first.
dr4go said:
which is why I'm still very unsure whether I even keep rooting my phones from now on...
Click to expand...
Click to collapse
Of course you can!... Who's going to stop you?... Unless you buy late Huawei! PW
Stillhard said:
You missed the point that alpha is a personal fork, Shamiko is a team of dev work (LSPosed team), alpha's author is one of them, don't scramble between them.
Click to expand...
Click to collapse
I never intended to - sorry if that was suggested. I just meant: if one of the developers of Shamiko isn't trusted and it's closed source, would you use it?
pndwal said:
Disagree. However, isn't MagiskHide gone from alpha now?
Click to expand...
Click to collapse
Yes it is. There is still a fork around that uses it, but not Alpha.
pndwal said:
When? What? Where?... Think you're a bit confused... But you wouldn't be the first.
Click to expand...
Click to collapse
See previous post. I am definitely confused, but not regarding that.
pndwal said:
Of course you can!... Who's going to stop you?... Unless you buy late Huawei! PW
Click to expand...
Click to collapse
Google. Once HW backed SafetyNet is enforced there is no way around it. But let's not get offtopic here and keep talking about Alpha if the thread was created for it...
pndwal said:
Mate, I can read and did not disagree... I said "Quite."... as in "I agree... enough is enough... Fine!" ...
You seem to be lifting my remark right out of context, So Please read my edit carefully, (you are the OP) and what I was addressing; it won't change;
You said:
I said:
and that until then I'd prefer to post non-Alpha Magisk information in existing TJW General Support / Discussion thread... If I'm just not interested in taking it to "PM" or "Conversations", what's the problem?
... and I edited the earlier post so as not to further congest this thread...
...three more posts wasted. PW
Click to expand...
Click to collapse
I have now created a cat-and-mouse-game discussion thread:
https://forum.xda-developers.com/t/...ng-and-mod-hiding-cat-and-mouse-game.4425939/
HippoMan said:
I have now created a cat-and-mouse-game discussion thread:
https://forum.xda-developers.com/t/...ng-and-mod-hiding-cat-and-mouse-game.4425939/
Click to expand...
Click to collapse
Thank you!
PSA:
I recently asked here if anyone had been been surprised by unusual actions in the April 1 release of Magisk Alpha (changelog posted in OP post #2 here) being referred to in the TG Alpha Magisk discussion group as the 'April fools limited edition'.
This was in view of these official notices accompanying the build in the separate 'Magisk alpha' update thread (Chinese translated):
Warning to developers: In libsu v4.0.0 and later, Shell.rootAccess() has a behavior change that returns true even if the user refuses to grant root privileges.
Click to expand...
Click to collapse
and
Warning to developers: Magisk 24302 and later, the magiskpolicy tool may not exist or be inconsistent with the Magisk version.
Click to expand...
Click to collapse
My query has been inexplicably deleted from this s thread!
However, those 'Warning' messages are still up, so, as nobody has responded here (not surprisingly), I have just installed this Alpha build and tested it on a secondary device.
I can confirm that, despite some claims of in-app messages stating that root has been granted to apps despite users denying access, I could not produce / have not seen such worrying behaviour...
So it appears that the Dev's "Warning to developers" notices themselves are the only 'April fools' joke.
Of course there is also NO substance to the assertions either that John's libsu root app solution has or is responsible for such behaviour, or that there are inconsistencies with the magiskpolicy tool (or consequently with SELinux policies) post 24302.
This may allay concerns if anyone translates / reads those 'warnings' in Magisk alpha TG.
Regarding the removal of my initial post regarding this and my posts in general, I accept and understand that some have been off topic, and have said that I agree to stay on topic several times (responses now removed). The OP here has however misconstrued my intentions. For whatever reasons, alpha related posts put up in good faith are now being removed without communication. This saddens me...
I hope this thread can become useful for Alpha users / enquiriors... PW
pndwal said:
PSA:
I recently asked here if anyone had been been surprised by unusual actions in the April 1 release of Magisk Alpha (changelog posted in OP post #2 here) being referred to in the TG Alpha Magisk discussion group as the 'April fools limited edition'.
This was in view of these official notices accompanying the build in the separate 'Magisk alpha' update thread (Chinese translated):
and
My query has been inexplicably deleted from this s thread!
However, those 'Warning' messages are still up, so, as nobody has responded here (not surprisingly), I have just installed this Alpha build and tested it on a secondary device.
I can confirm that, despite some claims of in-app messages stating that root has been granted to apps despite users denying access, I could not produce / have not seen such worrying behaviour...
So it appears that the Dev's "Warning to developers" notices themselves are the only 'April fools' joke.
Of course there is also NO substance to the assertions either that John's libsu root app solution has or is responsible for such behaviour, or that there are inconsistencies with the magiskpolicy tool (or consequently with SELinux policies) post 24302.
This may allay concerns if anyone translates / reads those 'warnings' in Magisk alpha TG.
Regarding the removal of my initial post regarding this and my posts in general, I accept and understand that some have been off topic, and have said that I agree to stay on topic several times (responses now removed). The OP here has however misconstrued my intentions. For whatever reasons, alpha related posts put up in good faith are now being removed without communication. This saddens me...
I hope this thread can become useful for Alpha users / enquiriors... PW
Click to expand...
Click to collapse
I saw that on Alpha TG and I was worried about, although I don't use Alpha, since they mentioned libsu
I don't really know if roots grants from the Magisk app go through libsu, but I tested with the latest Canary 24305 and everything was ok:
- I revoked the root grant to the Reboot app (by Petrus).
With the app you can easily reboot, reboot to Recovery or Fastboot.
Obviously, the app requires root grant to work
- I opened Reboot app and chose to reboot, and I was immediately popped-up to grant the root
- I denied to grant the root and I choose again to reboot, but it didn't reboot (correct behavior, without the root grant Reboot app cannot execute reboot)
- Again through Magisk app, Superuser tab, this time I granted the root and then Reboot app worked to reboot
In parallel I was checking in magisk.db, Policies, and everything looked ok (you can see by UID and policy values if the root grant is given/revoked to the particular app)
zgfg said:
I saw that on Alpha TG and I was worried about, although I don't use Alpha, since they mentioned libsu
I don't really know if roots grants through the Magisk app go by libsu,
Click to expand...
Click to collapse
Yup, since Jan 2018, Magisk Manager / App "uses `libsu` for all root related operations".
zgfg said:
but I tested with the latest Canary 24305 and everything was ok:
- I revoked the root grant to the Reboot app (by Petrus).
With the app you can easily reboot, reboot to Recovery or Fastboot.
Obviously, the app requires root grant to work
- I opened Reboot app and chose to reboot, and I was immediately popped-out to grant the root
- I denied to grant the root and I choose again to reboot, but it didn't reboot (correct behavior, without the root grant Reboot app cannot execute reboot)
- Again through Magisk app, Superuser tab, this time I granted the root and then Reboot app worked to reboot
In parallel I was checking in magisk.db, Policies, and everything looked ok (you can see by UID and policy values if the root grant is given/revoked to the particular app)
Click to expand...
Click to collapse
Did similar test on Alpha; just wanted to see if it somehow claimed root granted when denied...
I wasn't worried about TJW Magisk as I was certain libsu & magiskpolicy 'warnings' were an 'April fools' hoax, but I wouldn't have put it past Devs to also implement false indicators... (Appears that if done at all, this must have expired after April 1 ?) I didn't find any...
Have to wonder how John views this hoax, especially since, surprisingly, there's been no retraction...
Thanks for confirming.
Nb. As I speak speak, TG Alpha discussion group name is being changed between names w/ sexual overtones by admin Canyie... Kids!
PW
As per Nb. above, Canyie's original "Alpha 讨论组" (Alpha discussion group)" is currently simply named 西大师 奶子... !?
No real idea why; Joking around? Trying to disguise Alpha discussion group? Deter 'foreigners'?
Members there are also asking questions... PW
... now it's 西大师 live! ... PW