I am on a bootloader locked Sprint Samsung Galaxy S7, eng boot.img flashed to phone with SELinux permissive, which gives root adb shell from where I can change system partitions, debloat, install Xposed etc. But the kernel is very bad and has RAM leak, and eventually, the phone slows to a crawl. So I unrooted by installing the stock kernel and disabling DM verity to allow a modified system to boot up.
Now, SELinux is enforcing, but I want it to be permissive which will never happen with the stock kernel. I realize that secontext is defined at kernel build times and allows certain things to run.
Another option is to have a higher context to do things like supolicy --live to patch SELinux policy and get full root access with stock kernel. I'm trying to execute a script in the data directory created by my app, but unless seenforcing=false, it doesn't get executed.
I know by using root you can chcon a file/directory. So what is the (source) context that will allow to:
- Set mode to permissive, or
- Modify the SELinux policy, or
- Execute a script on boot without avc denials
Or what is the (target) context that will allow any other (source) context to execute the script?
No comments:
Post a Comment