I am on a bootloader locked Sprint Samsung Galaxy S7,
boot.img flashed to phone with SELinux
permissive, which gives root
adb shell from where I can change system partitions, debloat, install Xposed etc. But the kernel is very bad and has RAM leak, and eventually, the phone slows to a crawl. So I unrooted by installing the stock kernel and disabling
DM verity to allow a modified system to boot up.
Now, SELinux is enforcing, but I want it to be permissive which will never happen with the stock kernel. I realize that
secontext is defined at kernel build times and allows certain things to run.
Another option is to have a higher context to do things like
supolicy --live to patch SELinux policy and get full root access with stock kernel. I'm trying to execute a script in the
data directory created by my app, but unless
seenforcing=false, it doesn't get executed.
I know by using root you can
chcon a file/directory. So what is the (source) context that will allow to:
- Set mode to permissive, or
- Modify the SELinux policy, or
- Execute a script on boot without avc denials
Or what is the (target) context that will allow any other (source) context to execute the script?