Hovatek Forum DEVELOPMENT Android [Please help] How to "unlock" selinux in kernel? [MTK]
Try our Online TWRP Builder..its free!
Can't login? Please, reset your password.


[Please help] How to "unlock" selinux in kernel? [MTK]

[Please help] How to "unlock" selinux in kernel? [MTK]

28-10-2022, 05:06 PM
#1



Hi.

During my work for providing an alternative ROM for the Unihertz Atom L & XL I've encountered a strange behaviour:
Normally one should be able to set selinux into "permissive" mode by changing the kernel command line but with the latest update of the stock rom (Android 11) it's not possible anymore. Furthermore whenever I try to change it in my roms (LOS & TWRP) the device won't boot and changing it via console or adb I get an error.
It's a Helios P60 (mt6771) device and as it's always the case with Mediatek there is no source code for the kernel.
I need to set it to permissive to test and rule out some policy errors for other problems (the non booting kind with selinux in enforcing mode) I'm facing right now but it won't let me do that.
Can someone here shed some light onto this mystery? As you might have already guessed I'm not that knowledgeable when it comes to kernel programming and I couldn't find anything on the net which would explain this behaviour. Is it a new "security" feature of A11 or is it a mtk specific thing?
Furthermore does anyone know how to "unlock" the selinux switch? This forum helped me in the past with fixing the touchscreen in recovery boot mode (https://forum.hovatek.com/thread-27132.html) so I thought maybe there is a similar fix for my current issue.

wkr
ADT
01-11-2022, 02:01 PM
#2
So it is a security feature:
In the kernel config one would need to add "EXTRA_CFLAGS += -DCONFIG_ALWAYS_ENFORCE=true" (or some other similar properties) for this behaviour to be enabled. This means I'd need a new kernel to be able to disable enforcing mode. Sad
Unless I find out what this switch changes in the kernel binary. Maybe it's the same as with the touchscreen. A simple check against a value.
Has anyone already tried this?
maxpayne
maxpayne
maxpayne
Intern
3,602
02-11-2022, 04:19 PM
#3
(01-11-2022, 02:01 PM)a-dead-trousers So it is a security feature:
In the kernel config one would need to add "EXTRA_CFLAGS += -DCONFIG_ALWAYS_ENFORCE=true" (or some other similar properties) for this behaviour to be enabled. This means I'd need a new kernel to be able to disable enforcing mode. Sad
Unless I find out what this switch changes in the kernel binary. Maybe it's the same as with the touchscreen. A simple check against a value.
Has anyone already tried this?

You would have to build from source in order to disable this feature

Note!
We have a reply schedule for Free Support. Please upgrade to Private Support if you can't wait.
Users browsing this thread:
 1 Guest(s)
Users browsing this thread:
 1 Guest(s)
YtWhTl