Is there a tool that will allow me to check what permissions an application has in a file or folder?

I am having a problem on my Android TV Box X96 Max Plus Ultra (s905x4 4/64) Android 11. Tested on stock and on Slimbox ATV / AOSP with root and Magisk. When I want to log in and connect to VPN in the NordVPN app, I get the error: > Exception during generating key keystore operation failed / exception during encryption keystore operation failed Which would cause the login is not possible. I did try several versions of the app. I can see the errors in the log of the app; the login procedure is: 1. Press Login in NordVPN 2. A Chrome window opens to enter the e-mail and password 3. After that, it returns to the app and login should be confirmed SELinux = permissive. I have tried around and could bypass these errors with:

Magiskpolicy deny gmscore_app keystore keystore_key gen_unique_id
chmod 660 /sys/fs/selinux/enforce
chmod 440 /sys/fs/selinux/policy #policy change not needed, just to make sure

Other things I did try: disable Google Play services (GMS) and the login and connection in NordVPN worked too (but the Google apps obviously could not work, and disabling the app is kind of equal result to denying the rule) Only these changes would let me log in and connect without error. Could anyone think of why this problem could exist and maybe how to fix it? And what impact (negative) on the system could these changes have? I have uploaded logs to Pastebin. In seconds on the timeline i did press login on .30/00 and connect on .20/50. Logcat: https://pastebin.com/GuNcqzir Log from Nordvpn: https://pastebin.com/t2r8jJH8 Log from begin of boot (1+2): https://pastebin.com/YVyF2k5a https://pastebin.com/TrtKLuwE I did find some errors in the log from boot 1 which i think could be related:

11-28 17:37:23.097     0     0 I         : [    7.136058@3]  [TEE] E/TC:? 00 tee_rpmb_verify_key_sync_counter:967 Verify key returning 0xffff000f
11-28 17:37:23.097     0     0 I         : [    7.136083@3]  [TEE] E/TC:? 00 tee_rpmb_verify_key_sync_counter:967 Verify key returning 0xffff000f
11-28 17:37:23.097     0     0 I         : [    7.136087@3]  [TEE] E/TC:? 00 tee_rpmb_init:1140 Verify key failed!
11-28 17:37:23.097     0     0 I         : [    7.136092@3]  [TEE] E/TC:? 00 tee_rpmb_init:1141 Make sure key here matches device key
[TEE] E/TC:? 00 TA panicked with code 0xffff000f

I am not sure if following errors are related to the problem:

11-28 17:37:22.473 0 0 E [ 6.511682@3] init: Unable to set property 'ro.crypto.state' from uid:0 gid:0 pid:1: Read-only property was already set
11-28 17:37:21.766 0 0 E [ 5.625557@3] selinux: SELinux: Could not set context for /mnt/vendor/odm_ext: Read-only file system
cgroup1: unknown subsys name 'schedtune' and 'blkio
11-28 17:37:21.760 0 0 E [ 2.474013@3] init: Could not set 'ro.boot.dynamic_partitions' to 'true' while loading .prop filesRead-only property was already set
11-28 17:37:21.758 0 0 E [ 1.650913@1] init: Failed to copy /avb into /metadata/gsi/dsu/avb/: No such file or directory
11-28 17:37:21.757     0     0 I [    1.609913@1]  init: [libfs_mgr]check_fs(): mount(/dev/block/by-name/metadata,/metadata,ext4)=-1: No such file or directory

11-28 17:37:25.149     0     0 I         : [    9.184167@3]  [TEE] E/TA:   fw_check_pack_version:282 The TA version (v0.2) is lower than the pkg version (v0.3).
11-28 17:37:25.149     0     0 I         : [    9.184170@3]  [TEE] E/TA:   fw_check_pack_version:283 The TA version is too low that may affect the work please update asap.
11-28 17:37:25.149     0     0 I         : [    9.184173@3]  [TEE] E/TA:   fw_check_pack_version:286 The TA ver is v0.2
11-28 17:37:25.149     0     0 I         : [    9.184176@3]  [TEE] E/TA:   fw_check_pack_version:287 The fw ver is v0.3

I have decompiled FM Radio app on my device AGM M7 (custom Lineage OS, API 27). This app doesn't have access to /dev/fm. To give this access, I wrote an SELinux rule according to one of the messages from dmesg |grep avc:

allow priv_app fm_device chr_file {read write open ioctl}

I implemented and installed this rule in a Magisk module. But I noticed according to logs that the write permission for this rule was ignored. I asked ChatGPT about it, and it wrote that context priv_app has limitations connected with this permission. Yes, I can install my FM Radio app in the /system/app folder instead of /system/priv-app, so context will probably be platform_app. But in this case, all apps will be able to have access to /dev/fm, which increases the vulnerability of our firmware. So the question is whether it is possible via Magisk to give access to **/dev/fm** to my process FM radio. I am new to Magisk modules, so please help me write a Magisk module connected to this problem. I forgot to mention, from what I noticed, that Magisk does not understand ioctl permission, because when I write something like

magiskpolicy --apply-rule "path_to_sepolicy.rule"

I had a syntax error, but without ioctl, according to logs, my app will not work. Another way is to reassign firmware on my device, because the original FM Radio with the original signature works without any rules, but I don't know how to change keystore signatures on firmware directly on my device. If you want to learn more details about my problem, you can see [this question on SO](https://stackoverflow.com/questions/79314583/selinux-module-to-open-fm-radio-application-access-to-dev-fm) .

**Background:** Please check following links 1. How to disable dm-verity on Android with “user” build type ROM? 2. Stuck in boot-loop when unpack and pack system.img? **Update:** So, I am trying to disable dm-verity on my Samsung S10 5G device to successfully flash an unpack, unmodified and then packed system.img.ext4.lz4 file(with another ROM files) using Odin. I have tried the following things: 1. Removed avb flag from boot.img with following commands:

# magiskboot dtb boot.img print -f
> #345900: fstab
│  [compatible]: [android,fstab]
├── #345940: vendor
│      [compatible]: [android,vendor]
│      [dev]: [/dev/block/platform/soc/8804000.sdhci/by-name/vendor]
│      [type]: [ext4]
│      [mnt_flags]: [ro,barrier=1,discard]
│      [fsmgr_flags]: [wait,slotselect,avb]
│      [status]: [ok]
└── #346156: vm-linux






#343692: fstab
│  [compatible]: [android,fstab]
├── #343732: vendor
│      [compatible]: [android,vendor]
│      [dev]: [/dev/block/platform/soc/8804000.sdhci/by-name/vendor]
│      [type]: [ext4]
│      [mnt_flags]: [ro,barrier=1,discard]
│      [fsmgr_flags]: [wait,slotselect,avb]
│      [status]: [ok]
└── #343948: vm-linux








# magiskboot dtb boot.img patch

# magiskboot dtb boot.img print -f
> #345900: fstab
│  [compatible]: [android,fstab]
├── #345940: vendor
│      [compatible]: [android,vendor]
│      [dev]: [/dev/block/platform/soc/8804000.sdhci/by-name/vendor]
│      [type]: [ext4]
│      [mnt_flags]: [ro,barrier=1,discard]
│      [fsmgr_flags]: [wait,slotselect]
│      [status]: [ok]
└── #346152: vm-linux






#343692: fstab
│  [compatible]: [android,fstab]
├── #343732: vendor
│      [compatible]: [android,vendor]
│      [dev]: [/dev/block/platform/soc/8804000.sdhci/by-name/vendor]
│      [type]: [ext4]
│      [mnt_flags]: [ro,barrier=1,discard]
│      [fsmgr_flags]: [wait,slotselect]
│      [status]: [ok]
└── #343944: vm-linux

2. Removed avb and verify flags from dtbo.img with following commands:

# magiskboot dtb dtbo.img print -f
> #126600: fstab
├── #126612: product
│      [compatible]: [android,product]
│      [dev]: [/dev/block/platform/soc/1d84000.ufshc/by-name/product]
│      [type]: [ext4]
│      [mnt_flags]: [ro,errors=panic]
│      [fsmgr_flags]: [wait,verify,avb]
└── #126800: vendor





#126596: fstab
├── #126608: product
│      [compatible]: [android,product]
│      [dev]: [/dev/block/platform/soc/1d84000.ufshc/by-name/product]
│      [type]: [ext4]# magiskboot dtb dtbo.img print -f
│      [mnt_flags]: [ro,errors=panic]
│      [fsmgr_flags]: [wait,verify,avb]
└── #126796: vendor





#126600: fstab
├── #126612: product
│      [compatible]: [android,product]
│      [dev]: [/dev/block/platform/soc/1d84000.ufshc/by-name/product]
│      [type]: [ext4]
│      [mnt_flags]: [ro,errors=panic]
│      [fsmgr_flags]: [wait,verify,avb]
└── #126800: vendor





#126600: fstab
├── #126612: product
│      [compatible]: [android,product]
│      [dev]: [/dev/block/platform/soc/1d84000.ufshc/by-name/product]
│      [type]: [ext4]
│      [mnt_flags]: [ro,errors=panic]
│      [fsmgr_flags]: [wait,verify,avb]
└── #126800: vendor





#126600: fstab
├── #126612: product
│      [compatible]: [android,product]
│      [dev]: [/dev/block/platform/soc/1d84000.ufshc/by-name/product]
│      [type]: [ext4]
│      [mnt_flags]: [ro,errors=panic]
│      [fsmgr_flags]: [wait,verify,avb]
└── #126800: vendor





#126600: fstab
├── #126612: product
│      [compatible]: [android,product]
│      [dev]: [/dev/block/platform/soc/1d84000.ufshc/by-name/product]
│      [type]: [ext4]
│      [mnt_flags]: [ro,errors=panic]
│      [fsmgr_flags]: [wait,verify,avb]
└── #126800: vendor







# magiskboot dtb dtbo.img patch


# magiskboot dtb dtbo.img print -f
> #126600: fstab
├── #126612: product
│      [compatible]: [android,product]
│      [dev]: [/dev/block/platform/soc/1d84000.ufshc/by-name/product]
│      [type]: [ext4]
│      [mnt_flags]: [ro,errors=panic]
│      [fsmgr_flags]: [wait,]
└── #126792: vendor





#126596: fstab
├── #126608: product
│      [compatible]: [android,product]
│      [dev]: [/dev/block/platform/soc/1d84000.ufshc/by-name/product]
│      [type]: [ext4]
│      [mnt_flags]: [ro,errors=panic]
│      [fsmgr_flags]: [wait,]
└── #126788: vendor





#126600: fstab
├── #126612: product
│      [compatible]: [android,product]
│      [dev]: [/dev/block/platform/soc/1d84000.ufshc/by-name/product]
│      [type]: [ext4]
│      [mnt_flags]: [ro,errors=panic]
│      [fsmgr_flags]: [wait,]
└── #126792: vendor





#126600: fstab
├── #126612: product
│      [compatible]: [android,product]
│      [dev]: [/dev/block/platform/soc/1d84000.ufshc/by-name/product]
│      [type]: [ext4]
│      [mnt_flags]: [ro,errors=panic]
│      [fsmgr_flags]: [wait,]
└── #126792: vendor





#126600: fstab
├── #126612: product
│      [compatible]: [android,product]
│      [dev]: [/dev/block/platform/soc/1d84000.ufshc/by-name/product]
│      [type]: [ext4]
│      [mnt_flags]: [ro,errors=panic]
│      [fsmgr_flags]: [wait,]
└── #126792: vendor





#126600: fstab
├── #126612: product
│      [compatible]: [android,product]
│      [dev]: [/dev/block/platform/soc/1d84000.ufshc/by-name/product]
│      [type]: [ext4]
│      [mnt_flags]: [ro,errors=panic]
│      [fsmgr_flags]: [wait,]
└── #126792: vendor

3. Patched ramdisk.cpio with following commands:

# magiskboot cpio ./initrd 'patch false true'
Loading cpio: [./initrd]
Patch with flag KEEPVERITY=[false] KEEPFORCEENCRYPT=[false]
Found fstab file [etc/recovery.fstab]
Dump cpio: [./initrd]

# magiskboot cpio ./initrd extract
# cat etc/recovery.fstab
> # Copyright (c) 2013, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
#     * Redistributions of source code must retain the above copyright
#       notice, this list of conditions and the following disclaimer.
#     * Redistributions in binary form must reproduce the above
#       copyright notice, this list of conditions and the following
#       disclaimer in the documentation and/or other materials provided
#       with the distribution.
#     * Neither the name of The Linux Foundation nor the names of its
#       contributors may be used to endorse or promote products derived
#       from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED.  IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

#                                                
/dev/block/bootdevice/by-name/boot        /boot           emmc        defaults                  recoveryonly
/dev/block/bootdevice/by-name/recovery    /recovery       emmc        defaults                  recoveryonly
/dev/block/bootdevice/by-name/system      /               ext4        defaults                  recoveryonly
/dev/block/bootdevice/by-name/userdata    /data           ext4        defaults                  wait,length=-16384
/dev/block/bootdevice/by-name/cache       /cache          ext4        defaults                  recoveryonly
/dev/block/mmcblk0p1                      /sdcard         vfat        defaults                  recoveryonly
/dev/block/bootdevice/by-name/sec_efs     /efs            ext4        defaults                  recoveryonly
/dev/block/bootdevice/by-name/sec_efs     /sec_efs        ext4        defaults                  recoveryonly
/dev/block/bootdevice/by-name/carrier     /carrier        ext4        defaults                  recoveryonly
/dev/block/bootdevice/by-name/hidden      /preload        ext4        defaults                  recoveryonly

# FOTA
/dev/block/bootdevice/by-name/apnhlos     /modem          emmc        defaults                  recoveryonly
/dev/block/bootdevice/by-name/modem       /mdm            emmc        defaults                  recoveryonly
/dev/block/bootdevice/by-name/dsp         /dsp            emmc        defaults                  recoveryonly
/dev/block/bootdevice/by-name/vendor      /vendor         ext4        defaults                  recoveryonly
/dev/block/bootdevice/by-name/product     /product        ext4        defaults                  recoveryonly

# Add misc for GOTA
/dev/block/bootdevice/by-name/misc        /misc           emmc        defaults                  recoveryonly

# Samsung ODE
/dev/block/bootdevice/by-name/keydata     /keydata        ext4        defaults                  recoveryonly
/dev/block/bootdevice/by-name/keyrefuge   /keyrefuge      ext4        defaults                  recoveryonly

#Auto-generated code by FOTA Portal
/dev/block/bootdevice/by-name/dtbo	/dtbo	emmc	default	recoveryonly

After patching, I have converted dtbo.img to dtbo.img.lz4 using lz4 compression tool and created new recovery.img image with patched initrd file. After that. I have tried to flash magisk_patched.tar file with AP contents as one of the following: - Overwritten all three patched file in points 1, 2 and 3 above. -> Stuck at splash screen when trying to go to recovery after successfully flash with Odin. Download mode is appearing on splash screen. - Overwritten 1.boot.img and 2.dtbo.img.lz4 above. -> Successfully rooted but when trying to edit the system_root partition then I am facing the following problem:

D:\>adb shell
beyondxq:/ $ su
beyondxq:/ # mount -o rw,remount /system
beyondxq:/ # cd system
beyondxq:/system # echo "Test /system mounting" > temp.txt
beyondxq:/system # cat temp.txt
Test /system mounting
beyondxq:/system # cd ..
beyondxq:/ # mount -o rw,remount /system_root
beyondxq:/ # echo "Test /system_root mounting" > temp.txt
/system/bin/sh: can't create temp.txt: Read-only file system           ---> Error here
1|beyondxq:/ # cat system/temp.txt
Test /system mounting
beyondxq:/ # cat system_root/temp.txt
cat: system_root/temp.txt: No such file or directory              ---> Verify: File not created
1|beyondxq:/ # exit
1|beyondxq:/ $ exit

D:\>adb remount
Not running as root. Try "adb root" first.

D:\>adb root              ---> It didn't work as the next command is not working

D:\>adb remount                            
Not running as root. Try "adb root" first.

D:\>adb shell
beyondxq:/ $ su
beyondxq:/ # ls sdcard
Alarms Android DCIM Download Movies Music Notifications Pictures Podcasts Ringtones Samsung selinux_policy_modified
beyondxq:/ # mount -o rw,remount /system_root
beyondxq:/ # cp sdcard/selinux_policy_modified /system_root/sepolicy
cp: /system_root/sepolicy: Permission denied      ---> Permission Denied here
1|beyondxq:/ #

- Overwritten 1.boot.img and 2.dtbo.img.lz4 above with unpack and packed system.img.ext4.lz4 -> The result is boot-loop after successful flashing. Please suggest what went wrong or am I missing any step.

I have OnePlus 6T device which has A/B partition system and has a ROM of user type i.e [ro.build.type]: [user]. This device is rooted with Magisk. I have a requirement(Want to place customized sepolicy file under system_root directory ) to modify system.img. I have tried different tools like: 1. simg2img :

OMEN-by-HP-Laptop-15-dc0xxx:~/WorkArea/img-tools$ ./simg2img system.img sys.raw
Invalid sparse file format at header magi
Failed to read sparse file
OMEN-by-HP-Laptop-15-dc0xxx:~/WorkArea/img-tools$

2. imgtools

OMEN-by-HP-Laptop-15-dc0xxx:~/WorkArea/imgtool$ sudo ./imgtool system.img extract
[sudo] password for OMEN: 
system.img is not a recognized image. Sorry
OMEN-by-HP-Laptop-15-dc0xxx:~/WorkArea/imgtool$

3. and more tools even on windows.. but none of them is capable of parsing my system.img. I have copied system.img directly from OnePlus6T ROM setup which installs Android 9 on this device without any issue. Any help on: 1. How to fix the system.img so it will be extracted and repacked fine? 2. Any command that can unpack/repack system.img? 3. Any working tool to accomplish this task? **Update 1**: I have run file system.img and I found that its ext2 image and the tools support ext4.

system.img: Linux rev 1.0 ext2 filesystem data, UUID=d09c08e9-628d-590e-a610-3a14de2a8db0 (extents) (large files) (huge files)

**Update 2**: Tried to find the magic number and have following result:

OMEN-by-HP-Laptop-15-dc0xxx:~/WorkArea/imgtool$ xxd system.img | head
00000000: 0000 0000 0000 0000 0000 0000 0000 0000  ................
00000010: 0000 0000 0000 0000 0000 0000 0000 0000  ................
00000020: 0000 0000 0000 0000 0000 0000 0000 0000  ................
00000030: 0000 0000 0000 0000 0000 0000 0000 0000  ................
00000040: 0000 0000 0000 0000 0000 0000 0000 0000  ................
00000050: 0000 0000 0000 0000 0000 0000 0000 0000  ................
00000060: 0000 0000 0000 0000 0000 0000 0000 0000  ................
00000070: 0000 0000 0000 0000 0000 0000 0000 0000  ................
00000080: 0000 0000 0000 0000 0000 0000 0000 0000  ................
00000090: 0000 0000 0000 0000 0000 0000 0000 0000  ................
OMEN-by-HP-Laptop-15-dc0xxx:~/WorkArea/imgtool$

**Update 3** Fing the image already unpacked. So to add the required file, I have mount the image as sudo mount -o loop system.img system_mount and then tried to copy the contents to another folder with cp system_mount/* system/ so that I can add the required file and make new image out of it but I got following errors:

root@OMEN-by-HP-Laptop-15-dc0xxx:~/WorkArea# mkdir system && cp system_mount/* system/
cp: omitting directory 'system_mount/acct'
cp: cannot stat 'system_mount/bin': No such file or directory
cp: cannot stat 'system_mount/bt_firmware': No such file or directory
cp: cannot stat 'system_mount/bugreports': No such file or directory
cp: cannot stat 'system_mount/cache': No such file or directory
cp: cannot stat 'system_mount/charger': No such file or directory
cp: cannot stat 'system_mount/charger_log': No such file or directory
cp: omitting directory 'system_mount/config'
cp: omitting directory 'system_mount/d'
cp: omitting directory 'system_mount/data'
cp: omitting directory 'system_mount/dev'
cp: cannot stat 'system_mount/dsp': No such file or directory
cp: cannot stat 'system_mount/etc': No such file or directory
cp: cannot stat 'system_mount/firmware': No such file or directory
cp: omitting directory 'system_mount/lost+found'
cp: omitting directory 'system_mount/mnt'
cp: omitting directory 'system_mount/odm'
cp: omitting directory 'system_mount/oem'
cp: omitting directory 'system_mount/op1'
cp: omitting directory 'system_mount/op2'
cp: cannot stat 'system_mount/persist': No such file or directory
cp: omitting directory 'system_mount/postinstall'
cp: omitting directory 'system_mount/proc'
cp: cannot stat 'system_mount/product': No such file or directory
cp: omitting directory 'system_mount/res'
cp: omitting directory 'system_mount/sbin'
cp: cannot stat 'system_mount/sdcard': No such file or directory
cp: omitting directory 'system_mount/storage'
cp: omitting directory 'system_mount/sys'
cp: omitting directory 'system_mount/system'
cp: omitting directory 'system_mount/vendor'
root@OMEN-by-HP-Laptop-15-dc0xxx:~/WorkArea#

I have an old stock Android 5.1.1. It has custom twrp recovery and is rooted. I have the stock boot.img file and am able to edit the init.rc and repack and flash it back with fastboot flash boot boot.img. No problem there. And after flashing the boot.img, I can cat /init.rc and can see the changes that I made to run a script from /system/xbin/. However, the script does not execute at all. On the very end of init.rc, I placed this line of code on property:sys.boot_completed=1 start initAsic service initAsic /system/xbin/script.sh seclabel u:r:init:s0 user root group root oneshot disabled The script.sh is already chmod to 755 in /system/xbin/script.sh and in script.sh, there this echo "hello" > /data/local/tmp/file.test iptables -P FORWARD DROP The problem is, it doesn't work. So googling further revealed that I need to set selinux mode to permissive. And so I did with, setenforce 0 It does set SELinux to permissive, however it's only temporary, because on reboot it goes back to enforcing mode. I was wondering if there was any way for me to modify the content within boot.img that would lead SELinux to be permissive always.And also, is permissive mode the real reason why my init script isn't running, or am I doing something wrong?

I’m trying filter all DNS traffic using *dnsmasq* on Android (*LineageOS*). Here is what I did (thanks to the help of @IrfanLatif): 1. I installed it using *termux*: pkg i root-repo && pkg up && pkg i dnsmasq Then: cp /data/data/com.termux/files/usr/bin/dnsmasq /system/bin/ 2. On Linux it's possible to divert traffic to dnsmasq simply by editing /etc/resolv.conf and replacing nameserver 8.8.8.8 with nameserver 127.0.0.1. But on Android there is no such file, however I can achieve the same using an iptables command (divert all DNS queries to port 5353):

/system/bin/iptables -t nat -A OUTPUT -p tcp --dport 53 -j DNAT --to-destination 127.0.0.1:5353
    /system/bin/iptables -t nat -A OUTPUT -p udp --dport 53 -j DNAT --to-destination 127.0.0.1:5353

3. I create the file /etc/dnsmasq.conf containing:

domain-needed
    bogus-priv
    no-resolv
    no-poll
    port=5353 # <<<<<<<<<<<<<<<<<<<<<<<<<<<<<< PORT
    listen-address=127.0.0.1
    no-hosts
    expand-hosts
    cache-size=500
    log-queries

    server=8.8.8.8
    server=8.8.4.4

    # Rules:
    # Test block:
    address=/bing.com/0.0.0.0

4. Now I can already start dnsmasq using the command: /system/bin/dnsmasq --pid-file --conf-file=/etc/dnsmasq.conf <&- I can also look at the logs and see that *dnsmasq* is running: logcat | grep dnsmasq

05-27 19:17:08.039  7988  7988 D dnsmasq : forwarded google.com to 8.8.8.8
    05-27 19:17:08.039  7988  7988 D dnsmasq : forwarded google.com to 8.8.4.4

But on the phone there is no internet access. This is the **first problem** I am having. 5. The **second problem** happens when I try to start dnsmasq on startup. Thanks to the input from @IrfanLatif, I flashed Magisk , and I have access to setpriv command. However, when I try to set a UID to dnsmasq:

/data/data/com.termux/files/usr/bin/setpriv --reuid=999 --regid=999 --clear-groups /system/bin/dnsmasq --pid-file --conf-file=/etc/dnsmasq.conf <&-

I get the error: dnsmasq: failed to find list of interfaces: Permission denied This is the second problem I'm having. I'm still trying to figure out what's going on. Any help from anyone will be much appreciated.

I always used "Samba server" application on all my android devices for uploading files, it worked great with CM12, but in CM13 even with root access Samba server can't write to external SD card, neither can "SSH server" application. As i there was some changes in android 6, but is there any way to grant write access to external SD card for some applications? I tried different samba servers, they all see external SD card and can read from there, but they just can't write. I have the same problem with Cyanogenmod 13 on two different devices, i tried to format external SD card in ext3, ext4, fat32, exfat - no difference at all. There are a lot of "SD card fix" applications in play store, but they all, as I can see for android 5, and just doesn't work for android 6. So, is it a SELinux issue? Should I add somehow user an app runs from into media_rw group? How can I do this? There is id output after ssh connection: uid=10138(u0_a138) gid=10138(u0_a138) groups=10138(u0_a138),3002(net_bt),3003(inet),9997(everybody),50138(all_a138) context=u:r:untrusted_app:s0:c512,c768 It can read but can't write on external sd card, any ideas? Thanks.

I am having problems setting the kernel to permissive (SElinux). I have already tried the setenforce 0 command with terminal but it immediately goes back to enforcing as soon as I set the setenforce 0 command. So I finally got fed up and decided to monitor what was actually going on in my phone by using a logcat. After looking at the logcat, I found a line of code that could be setting the kernel to enforcing by default. Here is the code: /audit ( 6001): type=1404 msg=audit(1479393162.929:264): config_always_enforce - true; enforcing=1 old_enforcing=1 auid=4294967295 ses=4294967295 The config_always_enforce is set to true so that means I should probably set this to false. Unfortunately I don't know where this value is in my system. Does anyone have any idea? I have a Galaxy S6. Also, I removed all the Knox apps, but everytime I reboot, I get Knox folders reappearing and a file called knox emulated in the /storage folder. Have I not removed all the Knox apps? I will post my logcat that way ya'll can take a look at it. I hope you all can help me because I really want a custom ROM so I can use Xposed.

Device-info: - Phone: Sony Xperia Z1 - Model number: C6903 - Android version: 5.1.1 - Build Number: 14.6.A.1.236 - Rooted, BusyBox and Terminal Emulator installed (Play Store Version!!!) I have formatted an SD-Card to an ext4-filesystem and put another Linux on it. After mounting the filesystem and files without problems I want to execute: chroot /data/local/mnt /bin/bash with /data/local/mnt is the Linux root-folder. Execute the line above leads to the message: chroot: can't execute '/bin/bash': Permission denied I have checked the permission of /bin/bash and also of /data/local/mnt and remounted nearly every path which are related to that folder with exec and rw permission. So maybe you know some special rights-associated files or folders I forgot, but I think the problem is something else... After readed that some of the [Linux-on-Android project-users](http://forum.xda-developers.com/showthread.php?t=1585009) had some trouble with executing the init.sh because of selinux I set it to permissive: root@C6903:/ # setenforce 0 and checked it: root@C6903:/ # getenforce Permissive (Of course) chroot does not work. So I checked the message buffer of the kernel for selinux-avc-deny-messages and BINGO: root@C6903:/ # dmesg | grep denied ... [58575.652383] type=1400 audit(1470337082.042:10188): avc: denied { read } for pid=18553 comm="busybox" name="mmcblk0p23" dev="tmpfs" ino=9821 scontext=u:r:ric:s0 tcontext=u:object_r:block_device:s0 tclass=blk_file op_res=0 ppid=4602 pcomm="ric" tgid=4602 tgcomm="ric" [58575.653740] type=1400 audit(1470337082.042:10189): avc: denied { open } for pid=18553 comm="busybox" name="mmcblk0p23" dev="tmpfs" ino=9821 scontext=u:r:ric:s0 tcontext=u:object_r:block_device:s0 tclass=blk_file op_res=0 ppid=4602 pcomm="ric" tgid=4602 tgcomm="ric" [58575.655002] type=1400 audit(1470337082.042:10190): avc: denied { ioctl } for pid=18553 comm="busybox" path="/dev/block/mmcblk0p23" dev="tmpfs" ino=9821 scontext=u:r:ric:s0 tcontext=u:object_r:block_device:s0 tclass=blk_file op_res=0 ppid=4602 pcomm="ric" tgid=4602 tgcomm="ric" These are just 3. You can have some more if you want! So 1. QUESTION: **Why does selinux denies something when getenforce returns Permissive???** But I thought first that could be fixed anyway by allowing all these denied permissions with: supolicy --live "allow source_class target_class permission_class permission" FOR EXAMPLE: root@C6903:/ # supolicy --live "allow ric rootfs file execute_no_trans" which returns: Patching policy ... -allow:ric:rootfs:file:execute_no_trans=ok - Success Well (of course) it did not work AND I get a denied message for the exact same case for a bunch of cases. So 2. QUESTION: **Why does allowing policies not change policies to be allowed???** (Of course) I am not 100% sure if the denial of executing chroot is related to selinux and it would be very easy to find it out if I could just set it to permissive.... So 3. QUESTION: **How to solve this problem?** In [Graeme Hill's Dev Blog](http://graemehill.ca) article [Compiling a permissive Android kernel](http://graemehill.ca/compiling-permissive-android-kernel/) he says: >There is a command called setenforce which toggles modes, and there are some apps on the Google Play store which do the same thing, but none of them will work until we modify the kernel. 4. Question: **Is that related to every device with Android 5.X or differs from manufacturers?**

After flashing Android 13 of LineageOS to Galaxy Note 10+, I'm trying to set SELinux permissive following the steps. 1. Unpack boot.img and add androidboot.selinux=permissive to boot.img-cmdline 2. use Heimdall, and flash the packed boot.img: heimdall flash --BOOT myboot.img The phone would auto-reboot after the flashing was complete. But adb getprop ro.boot.selinux still returns enforcing. And I checked cat /proc/cmdline, there is androidboot.selinux=enforce. This method works on Pixel 3XL with Android 13 LineageOS. I don't know why flash boot.img does not work on Galaxy Note 10+. I checked boot.img with hex editor(vim), and found cmdline as there. ``` 00000000: 414e 4452 4f49 4421 10e0 f602 0080 0010 ANDROID!........ 00000010: 96d5 1500 0000 0011 0000 0000 0000 0000 ................ 00000020: 0001 0010 0008 0000 0100 0000 8301 001a ................ 00000030: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 00000040: 616e 6472 6f69 6462 6f6f 742e 7365 6c69 androidboot.seli 00000050: 6e75 783d 7065 726d 6973 7369 7665 2062 nux=permissive b 00000060: 7569 6c64 7661 7269 616e 743d 7573 6572 uildvariant=user 00000070: 6465 6275 6700 0000 0000 0000 0000 0000 debug...........

Device info: I'm running Phh-Treble GSI Android 13 on a Lenovo TB-9707F device. Rooted Tablet. I'm trying to run restorecon -R on a folder to recursively restore SElinux context for the whole tree. If seems that the -R option doesn't work since the results are that it's only restoring the context fof the folder. How can I get it to recursively restore fod the entire tree. In the following code you can see that when I run restorecon -Rnv on the folder it shows it will only change the folder. Adding the * shows it will change all in files inside tha initial folder. But, again nothing further down the tree.

root:.../ext4-fs/Other# restorecon -Rvn _backup
SELinux: Loaded file_contexts
SELinux:  Relabeling /data/data/com.termux/files/home/ext4-fs/Other/_backup from u:object_r:unlabeled:s0:c232,c256,c512,c768 to u:object_r:app_data_file:s0:c156,c257,c512,c768.
root:.../ext4-fs/Other# restorecon -Rvn _backup/
SELinux: Loaded file_contexts
SELinux:  Relabeling /data/data/com.termux/files/home/ext4-fs/Other/_backup from u:object_r:unlabeled:s0:c232,c256,c512,c768 to u:object_r:app_data_file:s0:c156,c257,c512,c768.
root:.../ext4-fs/Other# restorecon -Rvn _backup/*
SELinux: Loaded file_contexts
SELinux:  Relabeling /data/data/com.termux/files/home/ext4-fs/Other/_backup/Package.list from u:object_r:unlabeled:s0:c232,c256,c512,c768 to u:object_r:app_data_file:s0:c156,c257,c512,c768.
SELinux:  Relabeling /data/data/com.termux/files/home/ext4-fs/Other/_backup/Package.list.txt from u:object_r:unlabeled:s0:c232,c256,c512,c768 to u:object_r:app_data_file:s0:c156,c257,c512,c768.
SELinux:  Relabeling /data/data/com.termux/files/home/ext4-fs/Other/_backup/Repo.keys from u:object_r:unlabeled:s0:c232,c256,c512,c768 to u:object_r:app_data_file:s0:c156,c257,c512,c768.
SELinux:  Relabeling /data/data/com.termux/files/home/ext4-fs/Other/_backup/desktop-files from u:object_r:unlabeled:s0:c232,c256,c512,c768 to u:object_r:app_data_file:s0:c156,c257,c512,c768.
SELinux:  Relabeling /data/data/com.termux/files/home/ext4-fs/Other/_backup/sources.list from u:object_r:unlabeled:s0:c232,c256,c512,c768 to u:object_r:app_data_file:s0:c156,c257,c512,c768.
SELinux:  Relabeling /data/data/com.termux/files/home/ext4-fs/Other/_backup/sources.list.d from u:object_r:unlabeled:s0:c232,c256,c512,c768 to u:object_r:app_data_file:s0:c156,c257,c512,c768.
SELinux:  Relabeling /data/data/com.termux/files/home/ext4-fs/Other/_backup/sources.list.save from u:object_r:unlabeled:s0:c232,c256,c512,c768 to u:object_r:app_data_file:s0:c156,c257,c512,c768.
root:.../ext4-fs/Other#

I'm trying to migrate application data between devices. The application was installed to the work profile using [Shelter]() The steps I did were: 1. On source phone, tar cvf appdata.tar.gz /data/user/10/com.appname 2. Copy the tarball from the source phone to the target phone 3. On the target phone, install the applications to the work profile. Note the username of the /data/user/10/com.appname on the target phone, which is of the form u10_aXXX 4. On the target phone, chown -R u10_aXXX:u10_aXXX /data/user/10/com.appname When I'm trying to use the app, it receives a lot of SELinux AVC denials and ends up crashing because it's unable to open /data/user/10/com.appname/databases/database.db:

10-18 16:23:28.485  4120  4120 W SharedPreferenc: type=1400 audit(0.0:889): avc: denied { search } for name="shared_prefs" dev="dm-0" ino=860652 scontext=u:r:untrusted_app:s0:c522,c768 tcontext=u:object_r:app_data_file:s0 tclass=dir permissive=0

What am I missing? Application works after setting SELinux to permissive.

I am on Android 10. Whether I setenforce 0 or 1- I cannot get avc ( aka SeLinux ) errors logged. I checked ramoops files also and its ditto. root@m20lte:/ # setenforce 1 root@m20lte:/ # grep -i avc /proc/kmsg [358888.761197] [3: servicemanager: 3452] avc: received setenforce notice (enforcing=1) [358890.709988] [2: init: 1] avc: received setenforce notice (enforcing=1) [358901.864803] [0:hwservicemanage: 3453] avc: received setenforce notice (enforcing=1) ^C root@m20lte:/ # logcat -d | grep -i "avc" 07-14 08:31:21.858 3452 3452 E audit : avc: received setenforce notice (enforcing=1) 07-14 08:31:23.806 1 1 E audit : avc: received setenforce notice (enforcing=1) 07-14 08:31:34.962 3453 3453 E audit : avc: received setenforce notice (enforcing=1) I'd like to understand avc denials that are supposed to be logged when setenforce 0 is on so I can understand what changes to make to sePolicy to get my exceptions incorporated . Is that going to be any easy ride or a long shot ? In the above box , besides just setenforce notice it should have logged in a bunch of messages as I ran various apps that would trigger avc exceptions

My Samsung Galaxy Note S2 (GT-N7102) running stock 4.3 JellyBean by default blocks all apps from Google (courtesy of the Chinese government). I followed a tutorial to gain access to gapps that relies on SELinux being set to permissive, but the mode changes on a reboot and I get a continuous stream of pop-up that says: > Unfortunately the process com.google.gapps has stopped What is changing the SELinux mode and how do I stop it from doing so?

I've installed an unofficial lineage OS 14.1 ROM on my phone and i want to have dnscrypt used on boot by default. There is what i have done: 1. Download arm binaries from: https://github.com/jedisct1/dnscrypt-proxy/releases 2. Push dnscrypt-proxy in /system/xbin 3. Push dnscrypt-proxy.toml in /etc/dnscrypt-proxy/ 4. Created the following script: /etc/init.d/99dnscrypt #!/system/bin/sh log -p i -t dnscrypt "Starting dnscrypt-proxy..." dnscrypt-proxy -config /system/etc/dnscrypt-proxy/dnscrypt-proxy.toml & log -p i -t dnscrypt "Changing dns with iptables..." iptables -t nat -A OUTPUT -p udp --dport 53 -j DNAT --to-destination 127.0.0.1:53 5. Reboot Now if i launch 99dnscrypt as root from adb it works like a charm But on boot it does not. On logcat i see this errors: 02-07 01:00:22.369 267 267 I sysinit : Running /system/etc/init.d/99dnscrypt 02-07 01:00:22.540 275 275 I dnscrypt: Starting dnscrypt-proxy... 02-07 01:00:22.878 278 278 I dnscrypt: Changing dns with iptables... 02-07 01:00:23.236 277 277 W dnscrypt-proxy: type=1400 audit(0.0:28): avc: denied { create } for scontext=u:r:sysinit:s0 tcontext=u:r:sysinit:s0 tclass=udp_socket permissive=0 02-07 01:00:23.236 277 277 W dnscrypt-proxy: type=1300 audit(0.0:28): arch=40000028 syscall=281 per=800008 success=no exit=-13 a0=2 a1=80802 a2=0 a3=b674a934 items=0 ppid=274 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 exe="/system/bin/dnscrypt-proxy" subj=u:r:sysinit:s0 key=(null) 02-07 01:00:24.238 277 277 W dnscrypt-proxy: type=1400 audit(0.0:45): avc: denied { create } for scontext=u:r:sysinit:s0 tcontext=u:r:sysinit:s0 tclass=udp_socket permissive=0 02-07 01:00:24.238 277 277 W dnscrypt-proxy: type=1300 audit(0.0:45): arch=40000028 syscall=281 per=800008 success=no exit=-13 a0=2 a1=80802 a2=0 a3=b674a934 items=0 ppid=1 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 exe="/system/bin/dnscrypt-proxy" subj=u:r:sysinit:s0 key=(null) 02-07 01:00:28.242 277 277 W dnscrypt-proxy: type=1400 audit(0.0:82): avc: denied { create } for scontext=u:r:sysinit:s0 tcontext=u:r:sysinit:s0 tclass=udp_socket permissive=0 02-07 01:00:28.242 277 277 W dnscrypt-proxy: type=1300 audit(0.0:82): arch=40000028 syscall=281 per=800008 success=no exit=-13 a0=2 a1=80802 a2=0 a3=b674a934 items=0 ppid=1 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 exe="/system/bin/dnscrypt-proxy" subj=u:r:sysinit:s0 key=(null) 02-07 01:00:29.233 277 277 W dnscrypt-proxy: type=1400 audit(0.0:94): avc: denied { create } for scontext=u:r:sysinit:s0 tcontext=u:r:sysinit:s0 tclass=udp_socket permissive=0 02-07 01:00:29.233 277 277 W dnscrypt-proxy: type=1300 audit(0.0:94): arch=40000028 syscall=281 per=800008 success=no exit=-13 a0=2 a1=80802 a2=0 a3=b674a934 items=0 ppid=1 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 exe="/system/bin/dnscrypt-proxy" subj=u:r:sysinit:s0 key=(null) 02-07 01:00:30.234 277 277 W dnscrypt-proxy: type=1400 audit(0.0:105): avc: denied { create } for scontext=u:r:sysinit:s0 tcontext=u:r:sysinit:s0 tclass=udp_socket permissive=0 02-07 01:00:30.234 277 277 W dnscrypt-proxy: type=1300 audit(0.0:105): arch=40000028 syscall=281 per=800008 success=no exit=-13 a0=2 a1=80802 a2=0 a3=b674a934 items=0 ppid=1 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 exe="/system/bin/dnscrypt-proxy" subj=u:r:sysinit:s0 key=(null) 02-07 01:00:31.235 277 277 W dnscrypt-proxy: type=1400 audit(0.0:121): avc: denied { create } for scontext=u:r:sysinit:s0 tcontext=u:r:sysinit:s0 tclass=udp_socket permissive=0 02-07 01:00:31.235 277 277 W dnscrypt-proxy: type=1300 audit(0.0:121): arch=40000028 syscall=281 per=800008 success=no exit=-13 a0=2 a1=80802 a2=0 a3=b674a934 items=0 ppid=1 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 exe="/system/bin/dnscrypt-proxy" subj=u:r:sysinit:s0 key=(null) 02-07 01:00:32.236 277 277 W dnscrypt-proxy: type=1400 audit(0.0:145): avc: denied { create } for scontext=u:r:sysinit:s0 tcontext=u:r:sysinit:s0 tclass=udp_socket permissive=0 02-07 01:00:32.236 277 277 W dnscrypt-proxy: type=1300 audit(0.0:145): arch=40000028 syscall=281 per=800008 success=no exit=-13 a0=2 a1=80802 a2=0 a3=b674a934 items=0 ppid=1 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 exe="/system/bin/dnscrypt-proxy" subj=u:r:sysinit:s0 key=(null) 02-07 01:00:33.247 458 458 W dnscrypt-proxy: type=1400 audit(0.0:146): avc: denied { create } for scontext=u:r:sysinit:s0 tcontext=u:r:sysinit:s0 tclass=udp_socket permissive=0 02-07 01:00:33.247 458 458 W dnscrypt-proxy: type=1300 audit(0.0:146): arch=40000028 syscall=281 per=800008 success=no exit=-13 a0=2 a1=80802 a2=0 a3=b674a934 items=0 ppid=1 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 exe="/system/bin/dnscrypt-proxy" subj=u:r:sysinit:s0 key=(null) 02-07 01:00:34.248 458 458 W dnscrypt-proxy: type=1400 audit(0.0:147): avc: denied { create } for scontext=u:r:sysinit:s0 tcontext=u:r:sysinit:s0 tclass=udp_socket permissive=0 02-07 01:00:34.248 458 458 W dnscrypt-proxy: type=1300 audit(0.0:147): arch=40000028 syscall=281 per=800008 success=no exit=-13 a0=2 a1=80802 a2=0 a3=b674a934 items=0 ppid=1 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 exe="/system/bin/dnscrypt-proxy" subj=u:r:sysinit:s0 key=(null) 02-07 01:00:35.249 458 458 W dnscrypt-proxy: type=1400 audit(0.0:148): avc: denied { create } for scontext=u:r:sysinit:s0 tcontext=u:r:sysinit:s0 tclass=udp_socket permissive=0 02-07 01:00:35.249 458 458 W dnscrypt-proxy: type=1300 audit(0.0:148): arch=40000028 syscall=281 per=800008 success=no exit=-13 a0=2 a1=80802 a2=0 a3=b674a934 items=0 ppid=1 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 exe="/system/bin/dnscrypt-proxy" subj=u:r:sysinit:s0 key=(null) 02-07 01:00:36.250 458 458 W dnscrypt-proxy: type=1400 audit(0.0:149): avc: denied { create } for scontext=u:r:sysinit:s0 tcontext=u:r:sysinit:s0 tclass=udp_socket permissive=0 02-07 01:00:36.250 458 458 W dnscrypt-proxy: type=1300 audit(0.0:149): arch=40000028 syscall=281 per=800008 success=no exit=-13 a0=2 a1=80802 a2=0 a3=b674a934 items=0 ppid=1 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 exe="/system/bin/dnscrypt-proxy" subj=u:r:sysinit:s0 key=(null) 02-07 01:00:37.251 458 458 W dnscrypt-proxy: type=1400 audit(0.0:150): avc: denied { create } for scontext=u:r:sysinit:s0 tcontext=u:r:sysinit:s0 tclass=udp_socket permissive=0 02-07 01:00:37.251 458 458 W dnscrypt-proxy: type=1300 audit(0.0:150): arch=40000028 syscall=281 per=800008 success=no exit=-13 a0=2 a1=80802 a2=0 a3=b674a934 items=0 ppid=1 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 exe="/system/bin/dnscrypt-proxy" subj=u:r:sysinit:s0 key=(null) 02-07 01:00:38.242 458 458 W dnscrypt-proxy: type=1400 audit(0.0:151): avc: denied { create } for scontext=u:r:sysinit:s0 tcontext=u:r:sysinit:s0 tclass=udp_socket permissive=0 02-07 01:00:38.242 458 458 W dnscrypt-proxy: type=1300 audit(0.0:151): arch=40000028 syscall=281 per=800008 success=no exit=-13 a0=2 a1=80802 a2=0 a3=b674a934 items=0 ppid=1 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 exe="/system/bin/dnscrypt-proxy" subj=u:r:sysinit:s0 key=(null) 02-07 01:00:39.244 458 458 W dnscrypt-proxy: type=1400 audit(0.0:152): avc: denied { create } for scontext=u:r:sysinit:s0 tcontext=u:r:sysinit:s0 tclass=udp_socket permissive=0 02-07 01:00:39.244 458 458 W dnscrypt-proxy: type=1300 audit(0.0:152): arch=40000028 syscall=281 per=800008 success=no exit=-13 a0=2 a1=80802 a2=0 a3=b674a934 items=0 ppid=1 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 exe="/system/bin/dnscrypt-proxy" subj=u:r:sysinit:s0 key=(null) 02-07 01:00:40.245 458 458 W dnscrypt-proxy: type=1400 audit(0.0:153): avc: denied { create } for scontext=u:r:sysinit:s0 tcontext=u:r:sysinit:s0 tclass=udp_socket permissive=0 02-07 01:00:40.245 458 458 W dnscrypt-proxy: type=1300 audit(0.0:153): arch=40000028 syscall=281 per=800008 success=no exit=-13 a0=2 a1=80802 a2=0 a3=b674a934 items=0 ppid=1 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 exe="/system/bin/dnscrypt-proxy" subj=u:r:sysinit:s0 key=(null) 02-07 01:00:41.246 458 458 W dnscrypt-proxy: type=1400 audit(0.0:154): avc: denied { create } for scontext=u:r:sysinit:s0 tcontext=u:r:sysinit:s0 tclass=udp_socket permissive=0 02-07 01:00:41.246 458 458 W dnscrypt-proxy: type=1300 audit(0.0:154): arch=40000028 syscall=281 per=800008 success=no exit=-13 a0=2 a1=80802 a2=0 a3=b674a934 items=0 ppid=1 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 exe="/system/bin/dnscrypt-proxy" subj=u:r:sysinit:s0 key=(null) 02-07 01:00:42.247 458 458 W dnscrypt-proxy: type=1400 audit(0.0:155): avc: denied { create } for scontext=u:r:sysinit:s0 tcontext=u:r:sysinit:s0 tclass=udp_socket permissive=0 02-07 01:00:42.247 458 458 W dnscrypt-proxy: type=1300 audit(0.0:155): arch=40000028 syscall=281 per=800008 success=no exit=-13 a0=2 a1=80802 a2=0 a3=b674a934 items=0 ppid=1 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 exe="/system/bin/dnscrypt-proxy" subj=u:r:sysinit:s0 key=(null) 02-07 01:00:43.248 458 458 W dnscrypt-proxy: type=1400 audit(0.0:156): avc: denied { create } for scontext=u:r:sysinit:s0 tcontext=u:r:sysinit:s0 tclass=udp_socket permissive=0 02-07 01:00:43.248 458 458 W dnscrypt-proxy: type=1300 audit(0.0:156): arch=40000028 syscall=281 per=800008 success=no exit=-13 a0=2 a1=80802 a2=0 a3=b674a934 items=0 ppid=1 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 exe="/system/bin/dnscrypt-proxy" subj=u:r:sysinit:s0 key=(null) 02-07 01:00:44.249 458 458 W dnscrypt-proxy: type=1400 audit(0.0:157): avc: denied { create } for scontext=u:r:sysinit:s0 tcontext=u:r:sysinit:s0 tclass=udp_socket permissive=0 02-07 01:00:44.249 458 458 W dnscrypt-proxy: type=1300 audit(0.0:157): arch=40000028 syscall=281 per=800008 success=no exit=-13 a0=2 a1=80802 a2=0 a3=b674a934 items=0 ppid=1 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 exe="/system/bin/dnscrypt-proxy" subj=u:r:sysinit:s0 key=(null) 02-07 01:00:46.251 458 458 W dnscrypt-proxy: type=1400 audit(0.0:185): avc: denied { create } for scontext=u:r:sysinit:s0 tcontext=u:r:sysinit:s0 tclass=udp_socket permissive=0 02-07 01:00:46.251 458 458 W dnscrypt-proxy: type=1300 audit(0.0:185): arch=40000028 syscall=281 per=800008 success=no exit=-13 a0=2 a1=80802 a2=0 a3=b674a934 items=0 ppid=1 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 exe="/system/bin/dnscrypt-proxy" subj=u:r:sysinit:s0 key=(null) 02-07 01:00:47.252 458 458 W dnscrypt-proxy: type=1400 audit(0.0:186): avc: denied { create } for scontext=u:r:sysinit:s0 tcontext=u:r:sysinit:s0 tclass=udp_socket permissive=0 02-07 01:00:47.252 458 458 W dnscrypt-proxy: type=1300 audit(0.0:186): arch=40000028 syscall=281 per=800008 success=no exit=-13 a0=2 a1=80802 a2=0 a3=b674a934 items=0 ppid=1 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 exe="/system/bin/dnscrypt-proxy" subj=u:r:sysinit:s0 key=(null) 02-07 01:00:48.243 458 458 W dnscrypt-proxy: type=1400 audit(0.0:187): avc: denied { create } for scontext=u:r:sysinit:s0 tcontext=u:r:sysinit:s0 tclass=udp_socket permissive=0 02-07 01:00:48.243 458 458 W dnscrypt-proxy: type=1300 audit(0.0:187): arch=40000028 syscall=281 per=800008 success=no exit=-13 a0=2 a1=80802 a2=0 a3=b674a934 items=0 ppid=1 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 exe="/system/bin/dnscrypt-proxy" subj=u:r:sysinit:s0 key=(null) 02-07 01:00:49.254 458 458 W dnscrypt-proxy: type=1400 audit(0.0:188): avc: denied { create } for scontext=u:r:sysinit:s0 tcontext=u:r:sysinit:s0 tclass=udp_socket permissive=0 02-07 01:00:49.254 458 458 W dnscrypt-proxy: type=1300 audit(0.0:188): arch=40000028 syscall=281 per=800008 success=no exit=-13 a0=2 a1=80802 a2=0 a3=b674a934 items=0 ppid=1 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 exe="/system/bin/dnscrypt-proxy" subj=u:r:sysinit:s0 key=(null) 02-07 01:00:50.255 458 458 W dnscrypt-proxy: type=1400 audit(0.0:189): avc: denied { create } for scontext=u:r:sysinit:s0 tcontext=u:r:sysinit:s0 tclass=udp_socket permissive=0 02-07 01:00:50.255 458 458 W dnscrypt-proxy: type=1300 audit(0.0:189): arch=40000028 syscall=281 per=800008 success=no exit=-13 a0=2 a1=80802 a2=0 a3=b674a934 items=0 ppid=1 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 exe="/system/bin/dnscrypt-proxy" subj=u:r:sysinit:s0 key=(null) 02-07 01:00:51.256 458 458 W dnscrypt-proxy: type=1400 audit(0.0:190): avc: denied { create } for scontext=u:r:sysinit:s0 tcontext=u:r:sysinit:s0 tclass=udp_socket permissive=0 02-07 01:00:51.256 458 458 W dnscrypt-proxy: type=1300 audit(0.0:190): arch=40000028 syscall=281 per=800008 success=no exit=-13 a0=2 a1=80802 a2=0 a3=b674a934 items=0 ppid=1 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 exe="/system/bin/dnscrypt-proxy" subj=u:r:sysinit:s0 key=(null) 02-07 01:00:52.257 458 458 W dnscrypt-proxy: type=1400 audit(0.0:191): avc: denied { create } for scontext=u:r:sysinit:s0 tcontext=u:r:sysinit:s0 tclass=udp_socket permissive=0 02-07 01:00:52.257 458 458 W dnscrypt-proxy: type=1300 audit(0.0:191): arch=40000028 syscall=281 per=800008 success=no exit=-13 a0=2 a1=80802 a2=0 a3=b674a934 items=0 ppid=1 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 exe="/system/bin/dnscrypt-proxy" subj=u:r:sysinit:s0 key=(null) 02-07 01:00:53.259 458 458 W dnscrypt-proxy: type=1400 audit(0.0:192): avc: denied { create } for scontext=u:r:sysinit:s0 tcontext=u:r:sysinit:s0 tclass=udp_socket permissive=0 02-07 01:00:53.259 458 458 W dnscrypt-proxy: type=1300 audit(0.0:192): arch=40000028 syscall=281 per=800008 success=no exit=-13 a0=2 a1=80802 a2=0 a3=b674a934 items=0 ppid=1 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 exe="/system/bin/dnscrypt-proxy" subj=u:r:sysinit:s0 key=(null) 02-07 01:00:54.260 458 458 W dnscrypt-proxy: type=1400 audit(0.0:193): avc: denied { create } for scontext=u:r:sysinit:s0 tcontext=u:r:sysinit:s0 tclass=udp_socket permissive=0 02-07 01:00:54.260 458 458 W dnscrypt-proxy: type=1300 audit(0.0:193): arch=40000028 syscall=281 per=800008 success=no exit=-13 a0=2 a1=80802 a2=0 a3=b674a934 items=0 ppid=1 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 exe="/system/bin/dnscrypt-proxy" subj=u:r:sysinit:s0 key=(null) 02-07 01:00:55.261 458 458 W dnscrypt-proxy: type=1400 audit(0.0:194): avc: denied { create } for scontext=u:r:sysinit:s0 tcontext=u:r:sysinit:s0 tclass=udp_socket permissive=0 02-07 01:00:55.261 458 458 W dnscrypt-proxy: type=1300 audit(0.0:194): arch=40000028 syscall=281 per=800008 success=no exit=-13 a0=2 a1=80802 a2=0 a3=b674a934 items=0 ppid=1 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 exe="/system/bin/dnscrypt-proxy" subj=u:r:sysinit:s0 key=(null) 02-07 01:00:56.262 458 458 W dnscrypt-proxy: type=1400 audit(0.0:195): avc: denied { create } for scontext=u:r:sysinit:s0 tcontext=u:r:sysinit:s0 tclass=udp_socket permissive=0 02-07 01:00:56.262 458 458 W dnscrypt-proxy: type=1300 audit(0.0:195): arch=40000028 syscall=281 per=800008 success=no exit=-13 a0=2 a1=80802 a2=0 a3=b674a934 items=0 ppid=1 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 exe="/system/bin/dnscrypt-proxy" subj=u:r:sysinit:s0 key=(null) 02-07 01:00:57.253 458 458 W dnscrypt-proxy: type=1400 audit(0.0:196): avc: denied { create } for scontext=u:r:sysinit:s0 tcontext=u:r:sysinit:s0 tclass=udp_socket permissive=0 02-07 01:00:57.253 458 458 W dnscrypt-proxy: type=1300 audit(0.0:196): arch=40000028 syscall=281 per=800008 success=no exit=-13 a0=2 a1=80802 a2=0 a3=b674a934 items=0 ppid=1 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 exe="/system/bin/dnscrypt-proxy" subj=u:r:sysinit:s0 key=(null) 02-07 01:00:58.254 458 458 W dnscrypt-proxy: type=1400 audit(0.0:197): avc: denied { create } for scontext=u:r:sysinit:s0 tcontext=u:r:sysinit:s0 tclass=udp_socket permissive=0 02-07 01:00:58.254 458 458 W dnscrypt-proxy: type=1300 audit(0.0:197): arch=40000028 syscall=281 per=800008 success=no exit=-13 a0=2 a1=80802 a2=0 a3=b674a934 items=0 ppid=1 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 exe="/system/bin/dnscrypt-proxy" subj=u:r:sysinit:s0 key=(null) 02-07 01:00:59.255 458 458 W dnscrypt-proxy: type=1400 audit(0.0:198): avc: denied { create } for scontext=u:r:sysinit:s0 tcontext=u:r:sysinit:s0 tclass=udp_socket permissive=0 02-07 01:00:59.255 458 458 W dnscrypt-proxy: type=1300 audit(0.0:198): arch=40000028 syscall=281 per=800008 success=no exit=-13 a0=2 a1=80802 a2=0 a3=b674a934 items=0 ppid=1 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 exe="/system/bin/dnscrypt-proxy" subj=u:r:sysinit:s0 key=(null) 02-07 01:01:00.256 458 458 W dnscrypt-proxy: type=1400 audit(0.0:203): avc: denied { create } for scontext=u:r:sysinit:s0 tcontext=u:r:sysinit:s0 tclass=udp_socket permissive=0 02-07 01:01:00.256 458 458 W dnscrypt-proxy: type=1300 audit(0.0:203): arch=40000028 syscall=281 per=800008 success=no exit=-13 a0=2 a1=80802 a2=0 a3=b674a934 items=0 ppid=1 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 exe="/system/bin/dnscrypt-proxy" subj=u:r:sysinit:s0 key=(null) 02-07 01:01:01.257 458 458 W dnscrypt-proxy: type=1400 audit(0.0:204): avc: denied { create } for scontext=u:r:sysinit:s0 tcontext=u:r:sysinit:s0 tclass=udp_socket permissive=0 02-07 01:01:01.257 458 458 W dnscrypt-proxy: type=1300 audit(0.0:204): arch=40000028 syscall=281 per=800008 success=no exit=-13 a0=2 a1=80802 a2=0 a3=b674a934 items=0 ppid=1 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 exe="/system/bin/dnscrypt-proxy" subj=u:r:sysinit:s0 key=(null) 02-07 01:01:02.258 458 458 W dnscrypt-proxy: type=1400 audit(0.0:207): avc: denied { create } for scontext=u:r:sysinit:s0 tcontext=u:r:sysinit:s0 tclass=udp_socket permissive=0 02-07 01:01:02.258 458 458 W dnscrypt-proxy: type=1300 audit(0.0:207): arch=40000028 syscall=281 per=800008 success=no exit=-13 a0=2 a1=80802 a2=0 a3=b674a934 items=0 ppid=1 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 exe="/system/bin/dnscrypt-proxy" subj=u:r:sysinit:s0 key=(null) What is the difference between executing this as root after boot and launch it from init.d? Any idea how i can solve this?

In enforcing SELinux state, Android /system files become unavailable to read in explorer. How to make /system dir files readable using sepolicy-inject tool? Also, need sepolicy-inject command for setting read-write permission to a single file in the /system dir.

I've been able to fix offline charging animation on my device but it only works in permissive domain and whilst in enforcing it shows me random lines and i can't figure out a way to address the denials for it Is there a specific way to log denials for charger service?

I am using TWRP recovery on my Redmi Note 10 Pro device for a long time, but recently while using TWRP recovery, I mistakenly clicked on 'fix contexts' option and now my phone is stuck in a bootloop. I showed it to the nearest Xiaomi service center but they don't know how to fix the bootloop caused by the change in contexts. I don't have another phone and my phone is in bootloop for almost 8 days. I tried everything like installing stock Xiaomi ROM but nothing is working in this case. Please tell me how I can get out of this problem.

Trying to get access to "data/tombstones" directory from my rooted phone. I am implementing a crash collector application (system application) which would help to record the system's ANRs and tombstones crashes. I am able to access the "data/anr" but not "data/tombstones" I have written required SELinux rules to access both "data/anr" and "data/tombstones" but still it does not work for tombstones. I am trying to read them through below Lines of code: File[] anrs = new File("/data/anr/").listFiles(); File[] tombstones = new File("/data/tombstones").listFiles(); This way I can read the ANRs but not tombstones. Any help to solve this will be appreciated.