Menu
I'm the developer on a root-app for Android.
Sadly now on some devices/ROMs there is SELinux in enforce-mode and prevents some actions of my app.
Because this is a root-app, the users are granting me root-access!
Now, SELinux is blocking some of my actions and I need to find a solution for this.
I tried to temporary disable SELinux by
setenforce permissive -> no failure, but getenforce still returns "Enforcing" echo 0 > /sys/fs/selinux/enforce -> no failure, but getenforce still returns "Enforcing" I play with the idea to edit the sepolicy-file at runtime to allow the blocked commands and trigger a reload of it, but I'm neither sure if & how this could work, nor isn't it a good idea.
Who has some more tips or resources for me?
495
Change the SELINUX value to SELINUX=disabled in the file /etc/selinux/config. Reboot the server. Reboot the server.
The main difference between "Permissive" mode and disabling SELinux is that you will not get AVC log messages anymore and that SELinux will not keep files label up-to-date so you will need to relabel your files before enabling it again.
I have been trying to disable SELinux on Android 4.3 for a while now and this is what i came up with. On Samsung S4 Android 4.3, setenforce 0 will change to Permissive mode. On Samsung Note 3 Android 4.3, setenforce 0 will NOT change SELinux status. I have tried Nexus 4 Android 4.3, however by default it is Permissive mode
Another method that can be use to enable SELinux temporarily is by using SELinux Kernel Parameters. You can pass value 1 to /sys/fs/selinux/enforce parameter to enable enforcing mode as shown in below command. Then you can again check if SELinux is Enabled or not using sestatus command.
Easily Change Your Android SELinux Mode To Permissive 1 Download and install SELinux Mode Changer from the Play Store onto your phone. 2 Run the application and set SELinux to Permissive 3 Restart the phone 4 Check the SELinux status in the About Device menu to see if it has changed. Note: This process will not only downgrade... More ...
On Samsung S4 Android 4.3, setenforce 0 will change to Permissive mode. On Samsung Note 3 Android 4.3, setenforce 0 will NOT change SELinux status. I have tried Nexus 4 Android 4.3, however by default it is Permissive mode
You can use supolicy from the SuperSU app, see the link for a detailed description when and how it may be called.
In short:
dmesg | grep "audit" allow ... rule that allows the blocked operation. They are similar (identical?) to 'allow' rules in SELinux *.te files.supolicy --live "allow ..." in a root shell and check if the operation now succeeds. If not, extend your 'allow' rule(s). You can specify multiple 'allow' rules in a single supolicy call.Note that supolicy is an expensive operation, so be sure to call it only once.
If you don't want to depend on Chainfire's SuperSU you may try sepolicy-inject. I did not test that myself.
111
I have been trying to disable SELinux on Android 4.3 for a while now and this is what i came up with.
On Samsung S4 Android 4.3, setenforce 0 will change to Permissive mode.
On Samsung Note 3 Android 4.3, setenforce 0 will NOT change SELinux status.
I have tried Nexus 4 Android 4.3, however by default it is Permissive mode
38
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
