Database Develop

supolicy --live fails with code 13

Hello again!
Tried launching supolicy --live as root in init context, it failed with code -13.
What gives? If I want to run supolicy --live very early in init, which context should I use ? Should I assume Zygote's context via seclabel ?

Hey, I hope I will not be comitting a gross transgression if I tag @Chainfire into this to hopefully draw attention.
Basically, what I'm trying to do is to patch Selinux policies and temporarily set Selinux to Permissive rather early during init sequence (after /system is available but before /data is properly available)
Supolicy --live says
supolicy v2.45 (ndk:arm64-v8a) - Copyright (C) 2014-2015 - Chainfire
Patching policy ...
- Failure! 13
Click to expand...
Click to collapse
What has gone wrong and how would I go about making it right ?
P.S.:
Do note that when the boot completes Supersu runs fine and Selinux can be switched to Permissive without issue (but it's too late at that point )
Android is Lollipop 5.0 and sources are not available for this specific ROM

Hello,
I tried on
supolicy v2.64 (ndk:armeabi-v7a)
same problem. Did you find a way to fix this issue ?

Error 13 is access denied. supolicy probably doesn't have the rights to read/write the sepolicy.

(Obsolete) [Magisk] [2017.1.3] phh's SuperUser topjohnwu r2

Magisk Compatible phh's SuperUser​
This thread is obsolete, please check Magisk OP for MagiskSU
Files removed to prevent confusion
Official thread to phh's SuperUser: phh's SuperUser/ OpenSource SELinux-capable SuperUser
Requirements
Magisk is required to be installed on your device!
Magisk - The Universal Systemless Interface​Features
phh's 100% open source root
Packed with my own sepolicy-injection tools, which support live patching to work on small boot image devices
Magisk compatible, no boot image modifications are required
su.d support (place scripts in /magisk/phh/su.d)
Instructions
You can install/update phh's SuperUser in Magisk Manager's Download section
If you have no root in the first place, please flash the zip in the attachment through custom recovery
A root solution is part of a proper Magisk installation.
After phh's SuperUser is installed, please install the SuperUser manager Application through the Play Store
phh's SuperUser Manager​
Source
https://github.com/topjohnwu/sepolicy-inject (sepolicy-tools)
https://github.com/topjohnwu/Superuser (Magisk repo source)
https://github.com/Magisk-Modules-Repo/phh-superuser (Magisk repo source)​

Changelog
Changelog
topjohnwu r2
- Fix binary out-of-date issue
topjohnwu r1
- Forked from phh main repo, improved daemon launching
- Fixed Samsung no-suid issue
r266-2
- Preserve /sbin binaries to prevent issues
r266
- Allow priv-app to start root
- Allow audioserver to execute from memory (for Call Recorder)
- (Magisk) Change path to /sbin, now same as official phh
r259
- Initial release on Magisk repo

This still wont disable running purenexus rom.

joeyddr said:
This still wont disable running purenexus rom.
Click to expand...
Click to collapse
+1 on stock debloated nexus 6

Magisk V1 + systemless xposed work with Android Pay.
You have stated in your Magisk thread that Android Pay won't work with Xposed enabled, old method is still needed.
Want to update you that I have used your Magisk V1 and your version of systemless Xposed with Andoid Pay for payment on 9 August and it work. Phone is Oneplus 3. I only use Magisk to unmount root. Never have to disable Xposed or reboot phone.

K I installed magisk v2 and phh su v2...unmounted root and tried to buy coffee at Starbucks... No luck! Got the usual message when device is rooted. I am stock Nexus 6p no mods and AP worked yesterday before installing magisk and phh
This is crazy

orthonovum said:
K I installed magisk v2 and phh su v2...unmounted root and tried to buy coffee at Starbucks... No luck! Got the usual message when device is rooted. I am stock Nexus 6p no mods and AP worked yesterday before installing magisk and phh
This is crazy
Click to expand...
Click to collapse
Are you using Xposed?
One of my testers tried and Xposed won't work.

Like where you live there's no AP here
I'm trying to find a way to hide root from a streaming app. I can't get root disabled (pressing 'disable' does nothing) (stock debloated nexus 6), that's why i was trying to get it to work with SuperSU.
BTW: the try with SuperUser did not make any logs, just FYI.

ThomasC1970 said:
You have stated in your Magisk thread that Android Pay won't work with Xposed enabled, old method is still needed.
Want to update you that I have used your Magisk V1 and your version of systemless Xposed with Andoid Pay for payment on 9 August and it work. Phone is Oneplus 3. I only use Magisk to unmount root. Never have to disable Xposed or reboot phone.
Click to expand...
Click to collapse
Thanks for your feedback!
I hate that I cannot use Android Pay myself.
No tester report the same result. I'm lost

topjohnwu said:
Are you using Xposed?
One of my testers tried and Xposed won't work.
Click to expand...
Click to collapse
is there currently or will there be a way to have this so that when Android Pay is opened, both xposed and root disable temporarily X number of minutes?

The log in cache says disabling for 5 minutes , but it stays mounted. It also takes away root for apps like root explorer and busy box. I can open a terminal and su fine safety net fails, so it seems it half disables root on purenexus but never fully unmounts as df shoes the partition still mounted. Root comes back to all apps after 5 minutes

steveo17 said:
is there currently or will there be a way to have this so that when Android Pay is opened, both xposed and root disable temporarily X number of minutes?
Click to expand...
Click to collapse
Nope, Xposed cannot be disabled temporary. May you try with only phh's root and no Xposed? Thanks!!

android:targetSdkVersion="24"
Could this be the reason of Magick's Manager not showing in Marshmallow?
Sent from my OnePlus One using XDA Labs

topjohnwu said:
Nope, Xposed cannot be disabled temporary. May you try with only phh's root and no Xposed? Thanks!!
Click to expand...
Click to collapse
ah i didnt realize that a reboot was needed for xposed.

rgawenda said:
android:targetSdkVersion="24"
Could this be the reason of Magick's Manager not showing in Marshmallow?
Sent from my OnePlus One using XDA Labs
Click to expand...
Click to collapse
Nah, the min SDK is set to 21 so it should show up in Marshmallow.

topjohnwu said:
Are you using Xposed?
One of my testers tried and Xposed won't work.
Click to expand...
Click to collapse
No Xposed. just a clean unrooted system and this morning flashed TWRP->magiskV2->phh.zip->installed phh superuser from app store->went to starbucks->disabled root using magisk manager->tapped phone to POS terminal and phone tried to pay (got the vibration and AP showed on screen) but payment failed with the Unable to verify this device message.
Yesterday at 6:45pm Pacific time I used AP without issues

joeyddr said:
The log in cache says disabling for 5 minutes , but it stays mounted. It also takes away root for apps like root explorer and busy box. I can open a terminal and su fine safety net fails, so it seems it half disables root on purenexus but never fully unmounts as df shoes the partition still mounted. Root comes back to all apps after 5 minutes
Click to expand...
Click to collapse
I get the same behavior on PureNexus

chrisc93 said:
I get the same behavior on PureNexus
Click to expand...
Click to collapse
May you give me the output of the following command after disabling root on PureNexus?
Code:
adb shell which su

joeyddr said:
The log in cache says disabling for 5 minutes , but it stays mounted. It also takes away root for apps like root explorer and busy box. I can open a terminal and su fine safety net fails, so it seems it half disables root on purenexus but never fully unmounts as df shoes the partition still mounted. Root comes back to all apps after 5 minutes
Click to expand...
Click to collapse
chrisc93 said:
I get the same behavior on PureNexus
Click to expand...
Click to collapse
@topjohnwu here's a logcat dump from my Nexus 5x running the latest Chroma rom, from the moment I hit the "Disable Root" button in the new Magisk Manager
Code:
08-09 09:34:51.652 19739 19739 D su : starting daemon client 10201 10201
08-09 09:34:51.663 19741 19741 D su : connecting client 19738
08-09 09:34:51.678 19743 19743 D su : remote pid: 19738
08-09 09:34:51.690 19744 19744 D su : remote pts_slave:
08-09 09:34:51.703 19745 19745 D su : remote uid: 10201
08-09 09:34:51.714 19746 19746 D su : remote req pid: 18133
08-09 09:34:51.721 19747 19747 D su : remote args: 1
08-09 09:34:51.728 19751 19751 D su : su invoked.
08-09 09:34:51.733 19749 19749 D su : waiting for child exit
08-09 09:34:51.739 19752 19752 W su : hacks: Testing (com.keramidas.TitaniumBackup:0:10054)
08-09 09:34:51.764 19753 19753 D su : db allowed
08-09 09:34:51.776 19754 19754 W su : hacks: Testing (com.keramidas.TitaniumBackup:10201), 44451
08-09 09:34:51.792 19756 19756 D su : 10201 /magisk/phh/su executing 0 /system/bin/sh using binary /system/bin/sh : sh
08-09 09:34:51.822 19759 19759 I init : type=1400 audit(0.0:6447): avc: denied { execute_no_trans } for path="/sbin/magic_mask.sh" dev="rootfs" ino=9569 scontext=u:r:init:s0 tcontext=u:object_r:rootfs:s0 tclass=file permissive=1
08-09 09:34:51.832 19759 19759 I magic_mask.sh: type=1400 audit(0.0:6448): avc: denied { setenforce } for scontext=u:r:init:s0 tcontext=u:object_r:kernel:s0 tclass=security permissive=1
08-09 09:34:51.832 352 352 W auditd : type=1404 audit(0.0:6449): enforcing=0 old_enforcing=1 auid=4294967295 ses=4294967295
08-09 09:34:51.838 19760 19760 E su : unable to read int: 0
08-09 09:34:51.839 19761 19761 E su : unable to read int: 0
08-09 09:34:51.835 19762 19762 I getprop : type=1400 audit(0.0:6450): avc: denied { write } for path="pipe:[178468]" dev="pipefs" ino=178468 scontext=u:r:toolbox:s0 tcontext=u:r:init:s0 tclass=fifo_file permissive=1
08-09 09:34:51.842 19762 19762 I getprop : type=1400 audit(0.0:6451): avc: denied { getattr } for path="pipe:[178468]" dev="pipefs" ino=178468 scontext=u:r:toolbox:s0 tcontext=u:r:init:s0 tclass=fifo_file permissive=1
08-09 09:34:51.845 19759 19759 I magic_mask.sh: type=1400 audit(0.0:6452): avc: denied { append } for name="magisk.log" dev="mmcblk0p40" ino=15 scontext=u:r:init:s0 tcontext=u:object_r:cache_file:s0 tclass=file permissive=1
08-09 09:34:51.860 19763 19763 I Magisk : Temp unroot for 60 seconds
08-09 09:34:51.858 19759 19759 I magic_mask.sh: type=1400 audit(0.0:6453): avc: denied { execute } for name="busybox" dev="mmcblk0p45" ino=212578 scontext=u:r:init:s0 tcontext=u:object_r:system_data_file:s0 tclass=file permissive=1
08-09 09:34:51.858 19764 19764 I magic_mask.sh: type=1400 audit(0.0:6454): avc: denied { execute_no_trans } for path="/data/busybox/busybox" dev="mmcblk0p45" ino=212578 scontext=u:r:init:s0 tcontext=u:object_r:system_data_file:s0 tclass=file permissive=1
08-09 09:34:51.902 19764 19764 I killall : type=1400 audit(0.0:6455): avc: denied { signal } for scontext=u:r:init:s0 tcontext=u:r:su_daemon:s0 tclass=process permissive=1
08-09 09:34:52.227 479 479 I SELinux : SELinux: Loaded service_contexts from /service_contexts.
08-09 09:34:52.229 479 479 I SELinux : avc: received setenforce notice (enforcing=0)
08-09 09:34:52.232 479 479 I SELinux : avc: received setenforce notice (enforcing=1)
Like the PN users above, it results in a half-unrooted state; apps like Titanium Backup can't obtain root, but the superuser daemons are still running:
Code:
[email protected]:/ # getprop | grep magis
[init.svc.magisk_pfs]: [stopped]
[init.svc.magisk_pfsd]: [stopped]
[init.svc.magisk_service]: [stopped]
[magisk.phhsu]: [0]
[magisk.post-fs-data]: [1]
[magisk.timeout]: [60]
[email protected]:/ # ps | grep phh
u0_a112 17151 540 1477496 43768 SyS_epoll_ 7fa11841b4 S me.phh.superuser
[email protected]:/ # which su
/system/xbin/su

Just flashed this on my 6P. When I disable root, it allows me to add a card on Android Pay, so I assume it's also going to work payments. I can't test it right now, but will report back when I have the chance. Looks promising though!
Sent from my Nexus 6P using Tapatalk

Twrp (DEV-ONLY) compiling op6t (NEW-TEST) twrp-op6t-unified-test-0.6.img

I made this thread so all those trying to compile twrp for op6t can come together.
We can share ideas. What we have and have not got to work. What will work and what won't work.
Basically a thread where all information regarding twrp can be found in one location.
###########
#Please pm me #
##########
If using open source built roms and you have issues with twrp we may need to modify source in the rom or our twrp source.
Please report to rom maker as well.
Things to include.
What source 9.0 or 8.1
Compiling errors.
Post #2
Is where the download links are kept and updated.
Post #3 is where the other variations of twrp for source built roms or ports will be available to download if needed.

New test. twrp-op6t-test-0.3.img TEST ONLY!
@Dameon87 & myself have been working on this recovery for a while. We think it will get better. There are still bugs and issues with twrp. We would like your feedback.
Thanks
I am not responsible for anything that can happen to your device.
Rebuilt and fully working mke2fs
Decryption works
Storage works.
Please test and let us know what works and what doesn't.
twrp-op6t-test-0.2.img
https://www.androidfilehost.com/?fid=11410963190603862182
Updated twrp
Added more functionality ability to flash all zips and Ota's
Backup and restore all partitions including data.
Twrp-op6t-test-0.3.img
https://www.androidfilehost.com/?fid=11410963190603871199
New test twrp-unified-0.4.img
Everything working as usual
Cleaned up source and added @mauronofrio notch theme
Twrp-0.4.img
https://www.androidfilehost.com/?fid=11410963190603875438
Twrp installer thanks to @mauronofrio
https://www.androidfilehost.com/?fid=11410963190603876589
Updated twrp to decrypt 9.0.10
Twrp-0.5.img
https://www.androidfilehost.com/?fid=11410963190603879261
Twrp installer
https://www.androidfilehost.com/?fid=11410963190603879262
New test
Fixed screenshot color when taking screen shots in recovery.
Fixed touch vibration.
Please test and report back.
Twrp-0.6.img
https://www.androidfilehost.com/?fid...63190603880512
Twrp installer
https://www.androidfilehost.com/?fid...63190603880513
Device source
https://github.com/TWINNFAMOUS/android_device_oneplus_fajita
Bootable recovery source
https://github.com/OP6T-TWRP/android_bootable_recovery
Hope you all enjoy

This is where I will keep other twrp variations if needed for all source built roms and ports for our device. When available these will only be meant for testing. Thanks

twinnfamous said:
I made this thread so all those trying to compile twrp for op6t can come together.
We can share ideas. What we have and have not got to work. What will work and what won't work.
Basically a thread where all information regarding twrp can be found in one location.
Things to include.
What source 9.0 or 8.1
Compiling errors.
Click to expand...
Click to collapse
You're from the HTC u11 life! You made that phone awesome while I had it. Good to see you here!

I'm trying to build with 8.1 source and I get errors so build doesn't finish.
Is there anyone that's building successfully with 8.1?

Me, can you explain what are you doing exactly? Which source are you using?

mauronofrio said:
Me, can you explain what are you doing exactly? Which source are you using?
Click to expand...
Click to collapse
I'm trying with full omni source on 8.1. I've used the device source from both op6 & op6t without modifying just to see if it would be and it fails. I'll post output error soon as I can.
I don't have issues building with 9.0 source after I modify device source but it won't boot to twrp just stock recovery like it's not selecting the rite slot

twinnfamous said:
I'm trying to build with 8.1 source and I get errors so build doesn't finish.
Is there anyone that's building successfully with 8.1?
Click to expand...
Click to collapse
Make sure if you're using a newer version of Ubuntu with GCC 7+ you do: export LC_ALL=C
That should get you past the initial build errors.

Dameon87 said:
Make sure if you're using a newer version of Ubuntu with GCC 7+ you do: export LC_ALL=C
That should get you past the initial build errors.
Click to expand...
Click to collapse
Thanks for the info. I upgraded to linuxmint19 Recently. Guess I didn't pay attention to the changelog.

You also need to change two lines in the build/tools/buildinfo.sh :
echo "ro.build.version.release=$PLATFORM_VERSION"
echo "ro.build.version.security_patch=$PLATFORM_SECURITY_PATCH"
to:
echo "ro.build.version.release_orig=$PLATFORM_VERSION"
echo "ro.build.version.security_patch_orig=$PLATFORM_SECURITY_PATCH"

Dameon87 said:
You also need to change two lines in the build/tools/buildinfo.sh :
echo "ro.build.version.release=$PLATFORM_VERSION"
echo "ro.build.version.security_patch=$PLATFORM_SECURITY_PATCH"
to:
echo "ro.build.version.release_orig=$PLATFORM_VERSION"
echo "ro.build.version.security_patch_orig=$PLATFORM_SECURITY_PATCH"
Click to expand...
Click to collapse
And you need to increase the PLATFORM_VERSION to 16.1.0 ( in the new pixel 3 TWRPs is used 16 ) in build/core/version_defaults.mk to override Google's anti-rollback features

Dameon87 said:
You also need to change two lines in the build/tools/buildinfo.sh :
echo "ro.build.version.release=$PLATFORM_VERSION"
echo "ro.build.version.security_patch=$PLATFORM_SECURITY_PATCH"
to:
echo "ro.build.version.release_orig=$PLATFORM_VERSION"
echo "ro.build.version.security_patch_orig=$PLATFORM_SECURITY_PATCH"
Click to expand...
Click to collapse
mauronofrio said:
And you need to increase the PLATFORM_VERSION to 16.1.0 ( in the new pixel 3 TWRPs is used 16 ) in build/core/version_defaults.mk to override Google's anti-rollback features
Click to expand...
Click to collapse
The only issue I found was my lack of awareness. Ive been fighting with the 8.1 source all because the newer os I installed. I'm testing things out.
One thing I know is if the security patch level and date doesn't match what's in the phone then decryption won't work.
So I'm starting there.

I pulled this log from the phone it's only a part of it.
I've been trying everything and this is where it fails at in recovery.
e4crypt_initialize_global_de fail
So I started looking at any logs I can find in the phone and found this. Thought it might be helpful.
All the de folder locations are in the log
Also we use keymaster 4 that shows in The log as well.
I'm still using 8.1 source with 9.0 bootable recovery.
I'm thinking of focusing on trying to get get it to work with 9.0 source.
Log.
Mount system_root for mountting system
[ 1.120382] e4crypt_initialize_global_de
[ 1.120509] Keyring created with id 744456481 in process 530
[ 1.126746] I:List of Keymaster HALs found:
[ 1.126902] I:Keymaster HAL #1: Keymaster HAL: 4 from QTI SecurityLevel: TRUSTED_ENVIRONMENT HAL: [email protected]::IKeymasterDevice/default
[ 1.141729] Using Keymaster HAL: 4 from QTI for encryption. Security level:TRUSTED_ENVIRONMENT , HAL: [email protected]::IKeymasterDevice / defaulte4crypt_init_user0
[ 1.147584] Skipping non-de-key .
[ 1.147590] Skipping non-de-key ..
[ 1.152120] I:List of Keymaster HALs found:
[ 1.152266] I:Keymaster HAL #1: Keymaster HAL: 4 from QTI SecurityLevel: TRUSTED_ENVIRONMENT HAL: [email protected]::IKeymasterDevice/default
[ 1.160865] Using Keymaster HAL: 4 from QTI for encryption. Security level:TRUSTED_ENVIRONMENT , HAL: [email protected]::IKeymasterDevice / defaultInstalled de key for user 0
[ 1.160871] e4crypt_prepare_user_storage
[ 1.166977] ensure policy /data/system_de/0
[ 1.167599] I:Found policy 8372743e0b3d7924 at /data/system_de/0 which matches expected value
[ 1.167608] ensure policy /data/misc_de/0
[ 1.168197] I:Found policy 8372743e0b3d7924 at /data/misc_de/0 which matches expected value
[ 1.168206] ensure policy /data/user_de/0
[ 1.169338] I:Found policy 8372743e0b3d7924 at /data/user_de/0 which matches expected value
[ 1.358232] I:FBE enable...
[ 1.358334] Unable to locate gatekeeper password file '/data/system/gatekeeper.pattern.key'
[ 1.358412] (4294937945 ticks)(pid:530)[bootable/recovery/oem/src/main/oem.cpp]tree_init:90:efault password, decrept...
[ 1.358454] Unable to locate gatekeeper password file '/data/system/gatekeeper.pattern.key'
[ 1.358516] Skipping non-key .
[ 1.358549] Skipping non-key ..
[ 1.364930] I:List of Keymaster HALs found:
[ 1.365014] I:Keymaster HAL #1: Keymaster HAL: 4 from QTI SecurityLevel: TRUSTED_ENVIRONMENT HAL: [email protected]::IKeymasterDevice/default
[ 1.373672] Using Keymaster HAL: 4 from QTI for encryption. Security level:TRUSTED_ENVIRONMENT , HAL: [email protected]::IKeymasterDevice / defaultSuccessfully retrieved key
[ 1.373733] Installed ce key for user 0
[ 1.373765] e4crypt_prepare_user_storage
[ 1.377707] ensure policy /data/system_ce/0
[ 1.378426] I:Found policy d0acf3009500dfb4 at /data/system_ce/0 which matches expected value
[ 1.378462] ensure policy /data/misc_ce/0
[ 1.379037] I:Found policy d0acf3009500dfb4 at /data/misc_ce/0 which matches expected value
[ 1.379069] ensure policy /data/data
[ 1.380547] I:Found policy d0acf3009500dfb4 at /data/data which matches expected value
[ 1.380597] Decrypted Successfully!

twinnfamous said:
I pulled this log from the phone it's only a part of it.
I've been trying everything and this is where it fails at in recovery.
e4crypt_initialize_global_de fail
So I started looking at any logs I can find in the phone and found this. Thought it might be helpful.
All the de folder locations are in the log
Also we use keymaster 4 that shows in The log as well.
I'm still using 8.1 source with 9.0 bootable recovery.
I'm thinking of focusing on trying to get get it to work with 9.0 source.
Log.
Mount system_root for mountting system
[ 1.120382] e4crypt_initialize_global_de
[ 1.120509] Keyring created with id 744456481 in process 530
[ 1.126746] I:List of Keymaster HALs found:
[ 1.126902] I:Keymaster HAL #1: Keymaster HAL: 4 from QTI SecurityLevel: TRUSTED_ENVIRONMENT HAL: [email protected]::IKeymasterDevice/default
[ 1.141729] Using Keymaster HAL: 4 from QTI for encryption. Security level:TRUSTED_ENVIRONMENT , HAL: [email protected]::IKeymasterDevice / defaulte4crypt_init_user0
[ 1.147584] Skipping non-de-key .
[ 1.147590] Skipping non-de-key ..
[ 1.152120] I:List of Keymaster HALs found:
[ 1.152266] I:Keymaster HAL #1: Keymaster HAL: 4 from QTI SecurityLevel: TRUSTED_ENVIRONMENT HAL: [email protected]::IKeymasterDevice/default
[ 1.160865] Using Keymaster HAL: 4 from QTI for encryption. Security level:TRUSTED_ENVIRONMENT , HAL: [email protected]::IKeymasterDevice / defaultInstalled de key for user 0
[ 1.160871] e4crypt_prepare_user_storage
[ 1.166977] ensure policy /data/system_de/0
[ 1.167599] I:Found policy 8372743e0b3d7924 at /data/system_de/0 which matches expected value
[ 1.167608] ensure policy /data/misc_de/0
[ 1.168197] I:Found policy 8372743e0b3d7924 at /data/misc_de/0 which matches expected value
[ 1.168206] ensure policy /data/user_de/0
[ 1.169338] I:Found policy 8372743e0b3d7924 at /data/user_de/0 which matches expected value
[ 1.358232] I:FBE enable...
[ 1.358334] Unable to locate gatekeeper password file '/data/system/gatekeeper.pattern.key'
[ 1.358412] (4294937945 ticks)(pid:530)[bootable/recovery/oem/src/main/oem.cpp]tree_init:90:efault password, decrept...
[ 1.358454] Unable to locate gatekeeper password file '/data/system/gatekeeper.pattern.key'
[ 1.358516] Skipping non-key .
[ 1.358549] Skipping non-key ..
[ 1.364930] I:List of Keymaster HALs found:
[ 1.365014] I:Keymaster HAL #1: Keymaster HAL: 4 from QTI SecurityLevel: TRUSTED_ENVIRONMENT HAL: [email protected]::IKeymasterDevice/default
[ 1.373672] Using Keymaster HAL: 4 from QTI for encryption. Security level:TRUSTED_ENVIRONMENT , HAL: [email protected]::IKeymasterDevice / defaultSuccessfully retrieved key
[ 1.373733] Installed ce key for user 0
[ 1.373765] e4crypt_prepare_user_storage
[ 1.377707] ensure policy /data/system_ce/0
[ 1.378426] I:Found policy d0acf3009500dfb4 at /data/system_ce/0 which matches expected value
[ 1.378462] ensure policy /data/misc_ce/0
[ 1.379037] I:Found policy d0acf3009500dfb4 at /data/misc_ce/0 which matches expected value
[ 1.379069] ensure policy /data/data
[ 1.380547] I:Found policy d0acf3009500dfb4 at /data/data which matches expected value
[ 1.380597] Decrypted Successfully!
Click to expand...
Click to collapse
Was this taken from the default/stock recovery or just a standard boot? I've been using the twrp-8.1 branch (Which uses android_bootable_recovery 9.0 branch by default now). I've tried a multitude of things, but I simply just get the e4crypt_initialize_global_de fail error as well. I think the way things are done for the Pixel 3/XL are the way to proceed, but aside the device tree we don't have much else to go on.

Dameon87 said:
Was this taken from the default/stock recovery or just a standard boot? I've been using the twrp-8.1 branch (Which uses android_bootable_recovery 9.0 branch by default now). I've tried a multitude of things, but I simply just get the e4crypt_initialize_global_de fail error as well. I think the way things are done for the Pixel 3/XL are the way to proceed, but aside the device tree we don't have much else to go on.
Click to expand...
Click to collapse
Maybe Fstab files need modifying
The recovery.fstab I pulled out of the boot.Img has a data partition labeled f2fs
And a Data partition labeled ext4

twinnfamous said:
Maybe Fstab files need modifying
The recovery.fstab I pulled out of the boot.Img has a data partition labeled f2fs
And a Data partition labeled ext4
Click to expand...
Click to collapse
Already tried that but I didn't really get anything different. There's a few issues that are happening I think.
Dmesg repeats this over and over and over:
<3>[19700123_15:34:23.729788]@4 FG: fg_psy_get_property: unsupported property 27
<14>[19700123_15:34:26.049860]@4 init: starting service 'boot-1-0'...
<11>[19700123_15:34:26.050060]@4 init: property_set("ro.boottime.boot-1-0", "798060609590") failed: property already set
<11>[19700123_15:34:26.050448]@0 init: cannot execve('/sbin/[email protected]'): No such file or directory
<14>[19700123_15:34:26.051342]@4 init: Sending signal 9 to service 'boot-1-0' (pid 762) process group...
<14>[19700123_15:34:26.051372]@4 init: Successfully killed process cgroup uid 0 pid 762 in 0ms
Then just getting this according to the recovery.log:
I:File Based Encryption is present
e4crypt_initialize_global_de returned fail
e4crypt_initialize_global_de returned fail
e4crypt_initialize_global_de returned fail

Dameon87 said:
Already tried that but I didn't really get anything different. There's a few issues that are happening I think.
Dmesg repeats this over and over and over:
<3>[19700123_15:34:23.729788]@4 FG: fg_psy_get_property: unsupported property 27
<14>[19700123_15:34:26.049860]@4 init: starting service 'boot-1-0'...
<11>[19700123_15:34:26.050060]@4 init: property_set("ro.boottime.boot-1-0", "798060609590") failed: property already set
<11>[19700123_15:34:26.050448]@0 init: cannot execve('/sbin/[email protected]'): No such file or directory
<14>[19700123_15:34:26.051342]@4 init: Sending signal 9 to service 'boot-1-0' (pid 762) process group...
<14>[19700123_15:34:26.051372]@4 init: Successfully killed process cgroup uid 0 pid 762 in 0ms
Then just getting this according to the recovery.log:
I:File Based Encryption is present
e4crypt_initialize_global_de returned fail
e4crypt_initialize_global_de returned fail
e4crypt_initialize_global_de returned fail
Click to expand...
Click to collapse
This is probably why it won't even boot twrp built with 9.0

twinnfamous said:
This is probably why it won't even boot twrp built with 9.0
Click to expand...
Click to collapse
Are you doing a minimal build env, or pulling in the entire Omni tree? There is only a twrp-8.1 branch for the minimal manifest, but that does pull in android_bootable_recovery 9.0 branch. I can get both to compile and boot fine.

Dameon87 said:
Are you doing a minimal build env, or pulling in the entire Omni tree? There is only a twrp-8.1 branch for the minimal manifest, but that does pull in android_bootable_recovery 9.0 branch. I can get both to compile and boot fine.
Click to expand...
Click to collapse
Full sources on both 8.1 and 9.0

twinnfamous said:
Full sources on both 8.1 and 9.0
Click to expand...
Click to collapse
Alright I'm doing a full sync of the omni repo and will give that a try next. I had been just using the minimal manifest.

LinageOS 16 - Overlay permission denied - but it is checked

Can someone help me with this error?
Overlay permission is already checked...
Code:
04-23 21:34:41.328 9075 9075 W GH.PermissionChecker: Overlay permission denied: android.view.WindowManager$BadTokenException: Unable to add window [email protected] -- permission denied for window type 2010
04-23 21:34:41.432 9075 9075 W GH.PermissionChecker: Overlay permission denied: android.view.WindowManager$BadTokenException: Unable to add window [email protected] -- permission denied for window type 2010
04-23 21:34:41.537 9075 9075 W GH.PermissionChecker: Overlay permission denied: android.view.WindowManager$BadTokenException: Unable to add window [email protected] -- permission denied for window type 2010

I'm encountering this problem too, on a Redmi Note 2. The Android Auto check won't see that I ticked the Overlay permission.

I know this thread is quite old, but I figured out that the issue is in the current Android Auto app.
AA tries the wrong method to request overlay permission.
That's because it checks the Android version in the ROM signature (ro.build.fingerprint).
Most of custom ROMs keep the original phone signature to preserve Android CTS although they upgrade the Android OS version.
As an example, for Redmi4X, the latest lineageos version available is 16.0 (Android 9), but the ROM signature inside is still "santoni-user 7.1.2 N2G47H V9.2.1.0.NAMCNEK release-keys".
AA catches "7.1.2" and believes it is on Android Nougat whereas the system is Pie.
Overlay permission request is different between Nougat and Pie, AA calls the wrong methods, leading to this "permission denied".
Workarounds are:
- change your /system/build.prop, changing ro.build.fingerprint to avoid the pattern "7.1.2", but you will loose CTS
- Use Magisk SafetyPatch v3 as proposed here (this modifies the fingerprint+security patch to a newer version, in order to keep CTS)
- spoof build fingerprint like done here , but for "com.google.android.projection.gearhead" (package name for AA).

tcpdump/ethtool on rooted S10

I am trying to run ethtool on a rooted Galaxy S10 but I get the following error:
Code:
beyond1:/ # ethtool -k wlan0
Cannot get driver information: Permission denied
I am already root. Do I need to enable some more permissions?
I believe this is why tcpdump is also not working:
Code:
beyond1:/ # tcpdump
tcpdump: wlan0: SIOCETHTOOL(ETHTOOL_GLINK) ioctl failed: Permission denied