Skip to content

[OLD] Notes about 4.4 Kit Kat ROMs and SELinux

Jump to bottom Edit New page
seyoon20087 edited this page Jan 2, 2021 · 2 revisions

There's absolutely no SELinux support in ICS trees or older. libselinux is not included in these trees and some dependencies for libselinux don't exist elsewhere in these older trees so there's no way to get SELinux support unless you move to a newer tree. I recommend using a 4.3 based tree or higher.

SELinux support is included in all builds of TWRP so long as you build in a tree that has libselinux present. However, for SELinux support to work, your kernel must support EXT4 security labels as well. If you're using an older kernel, your TWRP won't support SELinux and you will get errors when installing 4.4 Kit Kat ROMs due to set_metadata not being able to set SELinux contexts. You'll see an error in the recovery log stating something along the lines of "Operation not supported on transport endpoint." This means you need to add proper support to the kernel you are using in recovery. (Yes, at least in most cases, recovery has its own kernel.)

In the kernel source I was testing, the needed flag was CONFIG_EXT4_FS_SECURITY=y and the option was called Ext4 Security Labels under the file systems menu. If you want full SELinux in your kernel you will need to add auditing support (usually found under general setup) then enable SELinux under security options. There's multiple flags and some dependencies involved so your setup may vary slightly.

The android-4.4 branch of TWRP from Omni now includes a check during boot. You will see text in the log and in the console indicating the SELinux status. This should help you identify what issue(s) you may have with SELinux support.

Deprecated build flags:

For TWRP < 2.5:

The below is how you can add custom / special partitions to the list of partitions available for backup. The SP1_NAME must match the name of a partition defined in recovery.fstab. The SP1_DISPLAY_NAME is the name displayed on the backup page if it needs to be different than SP1_NAME. SP1_BACKUP_METHOD defines how the partition should be backed up (files or image). And SP1_MOUNTABLE determines if the partition can be mounted.

SP1_NAME := "pds"
SP1_BACKUP_METHOD := files
SP1_MOUNTABLE := 1
SP2_NAME := "osh"
SP2_DISPLAY_NAME := "Webtop"
SP2_BACKUP_METHOD := files
SP2_MOUNTABLE := 1
SP3_NAME := "preinstall"
SP3_BACKUP_METHOD := image
SP3_MOUNTABLE := 0
Add a custom footer

[DEV] How to compile TWRP touch recovery

Before you compile

RECOERY.fstab

Old guide

Before you compile

RECOVERY.fstab

Notes about 4.4 KitKat ROMs and SELinux

Clone this wiki locally