ENABLE SELinuxMODE CHANGING ON YOUR ANDROID DEVICE


The Android security model is based in part on the concept of application sandboxes. Each application runs in its own sandbox. Prior to Android 4.3, these sandboxes were defined by the creation of a unique Linux UID for each application at time of installation. Starting with Android 4.3, Security-Enhanced Linux (SELinux) is used to further define the boundaries of the Android application sandbox. As part of the Android security model, Android uses SELinux to enforce mandatory access control (MAC) over all processes, even processes running with root/superuser privileges (a.k.a. Linux capabilities). SELinux enhances Android security by confining privileged processes and automating security policy creation.
Contributions to it have been made by a number of companies and organizations; all Android code and contributors are publicly available for review on android.googlesource.com. With SELinux, Android can better protect and confine system services, control access to application data and system logs, reduce the effects of malicious software, and protect users from potential flaws in code on mobile devices.
Android includes SELinux in enforcing mode and a corresponding security policy that works by default across the Android Open Source Project. In enforcing mode, illegitimate actions are prevented and all attempted violations are logged by the kernel to dmesg and logcat. Android device manufacturers should gather information about errors so they may refine their software and SELinux policies before enforcing them.

SELinux operates on the ethos of default denial. Anything that is not explicitly allowed is denied.
SELinux can operate in one of two global modes: permissive mode, in which permission denials are logged but not enforced,
and enforcing mode, in which denials are both logged and enforced.

Though the mode is set on Enforce others like to change it to permissive and to do so you the others such as me can use this app
Download SElinuxmodchanger
Install terminal emulator and type

Test
su
/system/bin/getenforce
this will show your current mode and you can change accordingly with SElinux mod changer.

Related Posts
Previous
« Prev Post