When I do a getprop in adb to get certain device properties, where are these device properties stored? Is it in some configuration file, the init file, or within the Android framework/kernel?
Asked
Active
Viewed 2,321 times
2 Answers
1
Its a simple plain text file located at:
/system/build.prop
Note: This file can be modified if the device is rooted.
Programming4life
- 350
- 2
- 9
-
Thanks. Are there any other places that certain properties reside? For example, I'm looking at a Samsung Galaxy S6, which has the following properties: ro.boot.warranty_bit and ro.warranty_bit. Neither are found in system/build.prop. – user1118764 Nov 30 '16 at 10:09
-
That I believe is a special case. I'm pretty sure for security reasons Samsung "hard coded" those values. If all you want to do is read there values via adb you can run "adb shell getprop ro.boot.warranty_bit". But for security reasons can't write/change them. I think they are hardware based(80% sure). – Programming4life Nov 30 '16 at 10:14
-
Thanks. I understand I can't change them. I'd just like to know where they are stored. – user1118764 Nov 30 '16 at 10:16
-
I know by design that the warranty bit information is stored in the ARM TrustZone hardware of the processor, and normally to get to it you have to use the KNOX SDK attestation API. This requires signing up for a KNOX developer license. I'm curious that without the SDK, I'm also able to get the warranty bit information with this pair of device properties, so I'm wondering if this information is in fact duplicated somewhere else that doesn't require KNOX APIs to retrieve. – user1118764 Nov 30 '16 at 10:22
-
Samsung is likely using there own version of "getprop" that uses the api to get the information. Likely private apis or something along those lines. You may be able to read the value by using the code found here: http://stackoverflow.com/questions/12091767/how-to-get-real-device-model-in-android – Programming4life Nov 30 '16 at 20:16
0
When I run the command
getprop | grep warranty
in terminal when booting into recovery. Output is
ro.boot.warranty_bit 1
When booting into the OS, there will be one more property that is
ro.warranty_bit 1
Here is how to fake knox status with sh file, I don't quite understand because I accidentally saw it somewhere, in a zip file with anykernel ...etc. You can consult
#!/sbin/sh
#
#. /tmp/anykernel/core.sh
# remove a knox file
rm_knox_changer() {
#cd /sbin;
delete sbin/knox_changer;
#cd ../;
}
# remove the knox lines which contain [1-9]
knox_lines_with_number() {
#file contexts
sed -i '\|^/data/\\.container|d' file_contexts;
sed -i '\|^/data/container2|d' file_contexts;
sed -i '\|^/data/knox_otp|d' file_contexts;
sed -i '\|^/data/knox/secure_fs|d' file_contexts;
sed -i '\|^/data/clipboard1|d' file_contexts;
sed -i '\|^/mnt/shell/emulated/|d' file_contexts;
sed -i '\|^/mnt/shell/knox-emulated/|d' file_contexts;
sed -i '\|^/data/knox/data/|d' file_contexts;
sed -i '\|^/data/knox/sdcard/|d' file_contexts;
sed -i '\|^/data/user/|d' file_contexts;
sed -i '\|^/storage/(emulated|d' file_contexts;
sed -i '\|^/mnt/knox/|d' file_contexts;
sed -i '\|^/mnt/shell/enc_|d' file_contexts;
sed -i '\|^#/mnt/user/|d' file_contexts;
sed -i '\|^/mnt/runtime/|d' file_contexts;
sed -i '\|^/storage/emulated/|d' file_contexts;
}
remove_knox() {
mount -o rw,remount -t auto /system;
mount -o rw,remount -t auto /data;
rm -f /system/bin/auditd;
delete_recursive /system/etc/secure_storage/com.sec.knox.store;
#rm -f drsd;
delete /system/bin/edmaudit /system/bin/epmlogd;
#/system/lib
delete /system/lib/libknoxdrawglfunction.so;
# /system/framework
delete /system/framework/fipstimakeystore.jar /system/framework/timakeystore.jar /system/framework/sec_edm.jar;
# /system
delete /system/tima_measurement_info /system/preloadedkiosk /system/preloadedsso;
delete_recursive /system/container /system/containers /system/preloadedmdm;
# /system/app
delete_recursive /system/app/BBCAgent /system/app/BCService /system/app/ELMAgent /system/app/KnoxAppsUpdateAgent /system/app/KnoxAttestationAgent /system/app/KnoxAttestationAgent /system/app/KnoxFolderContainer /system/app/KnoxSetupWizardClient /system/app/KnoxSwitcher /system/app/mcRegistry /system/app/MDMApp /system/app/MyKNOXSetupWizard /system/app/RCPComponents /system/app/SamsungDLPService /system/app/SecurityLogAgent /system/app/SilentLog /system/app/SysScope /system/app/UniversalMDMClient;
# /system/priv-app
delete_recursive /system/priv-app/DiagMonAgent /system/priv-app/Fmm /system/priv-app/FotaAgent /system/priv-app/KLMSAgent /system/priv-app/SKMSAgent /system/priv-app/SOAgent /system/priv-app/SPDClient /system/priv-app/wssyncmlnps2;
#rm -rf /system/priv-app/StatementService;
# Removing Knox from /data partition
delete_recursive /data/clipboard/knox /data/data/com.sec.enterprise.knox.attestation /data/data/com.sec.enterprise.knox.cloudmdm.smdms /data/data/com.sec.knox.seandroid /data/data/com.sec.knox.store /data/data/com.sec.knox.containeragent /data/data/com.sec.knox.app.container /data/data/com.sec.knox.eventsmanager /data/data/com.sec.knox.bridge /data/data/com.sec.knox.knoxsetupwizardclient /data/data/com.sec.knox.setupwizardstub /data/data/com.samsung.android.walletmanager /data/data/com.samsung.klmsagent /data/data/com.samsung.knox.rcp.components;
if grep -q ro.config.low_ram "/system/build.prop"; then
echo " ";
else
sed -i '/ro.product.board/a ro.config.low_ram=true' /system/build.prop;
fi;
sed -i -e '/ro.securestorage.knox/c\ro.securestorage.knox=false' /system/build.prop;
#sed -i -e '/ro.securestorage.support/c\ro.securestorage.support=false' /system/build.prop;
sed -i -e '/ro.config.knox/c\ro.config.knox=0' /system/build.prop;
sed -i -e '/ro.config.tima/c\ro.config.tima=0' /system/build.prop;
mount -o ro,remount -t auto /system;
mount -o rw,remount -t auto /data;
}
rm_knox_changer;
# file_contexts
# remove_line file_contexts "/data/clipboard1[0-9][0-9](/.*)? u:object_r:knox_clipboard_file:s0"
# remove_line file_contexts "/data/.container_[1-9](/.*)? u:object_r:container_app_data_backend:s0"
# remove_line file_contexts "/mnt/shell/emulated/([1-9])?[0-9](/.*)? u:object_r:media_rw_data_file:s0"
# remove_line file_contexts "/mnt/shell/knox-emulated/1[0-8][0-9](/.*)? u:object_r:container_app_data_backend:s0"
# remove_line file_contexts "/mnt/shell/knox-emulated/19[0-4](/.*)? u:object_r:container_app_data_backend:s0"
# remove_line file_contexts "/data/knox/data/19[5-9](/.*)? u:object_r:bbccontainer_app_data_backend:s0"
# remove_line file_contexts "/data/knox/sdcard/19[5-9](/.*)? u:object_r:bbccontainer_app_data_backend:s0"
# remove_line file_contexts "/mnt/shell/knox-emulated/19[5-9](/.*)? u:object_r:bbccontainer_app_data_backend:s0"
remove_line file_contexts "# Device node of knox_common"
remove_line file_contexts "## Knox Sensitive data protection, DEK engine driver access"
remove_line file_contexts "/dev/dek_evt u:object_r:knox_dar_device:s0"
remove_line file_contexts "/dev/dek_kek u:object_r:knox_dar_device:s0"
remove_line file_contexts "/dev/dek_log u:object_r:knox_dar_device:s0"
remove_line file_contexts "/dev/dek_req u:object_r:knox_dar_shared_device:s0"
remove_line file_contexts "/dev/sdp_mm u:object_r:knox_dar_device:s0"
remove_line file_contexts "/dev/knox_kap u:object_r:knox_kap_device:s0"
remove_line file_contexts "/dev/sdp_dlp u:object_r:knox_dar_device:s0"
remove_line file_contexts "# System files of knox_common"
remove_line file_contexts "/system/bin/auditd u:object_r:auditd_exec:s0"
#remove_line file_contexts "/system/bin/drsd u:object_r:drsd_exec:s0"
remove_line file_contexts "/system/bin/edmaudit u:object_r:edmaudit_exec:s0"
remove_line file_contexts "/system/bin/epmd u:object_r:epmd_exec:s0"
remove_line file_contexts "/system/bin/epmlogd u:object_r:epmlogd_exec:s0"
remove_line file_contexts "# DATA file of knox_common"
remove_line file_contexts "/data/clipboard/knox(/.*)? u:object_r:knox_clipboard_file:s0"
remove_line file_contexts "/data/container(/.*)? u:object_r:container_app_data_backend:s0"
remove_line file_contexts "/data/knox(/.*)? u:object_r:container_app_data_backend:s0"
remove_line file_contexts "/data/security/aasa(/.*)? u:object_r:security_spota_file:s0"
remove_line file_contexts "/data/security/spota(/.*)? u:object_r:security_spota_file:s0"
remove_line file_contexts "/data/system/container(/.*)? u:object_r:container_system_file:s0"
remove_line file_contexts "# KNOX package root"
remove_line file_contexts "# /mnt/runtime/"
remove_line file_contexts "# /mnt/knox/"
remove_line file_contexts "# /storage/emulated/"
remove_line file_contexts "# AfW"
remove_line file_contexts "/data/knox_tima(/.*)? u:object_r:tima_keystore_file:s0"
remove_line file_contexts "/data/misc/tima_keystore(/.*)? u:object_r:tima_keystore_file:s0"
remove_line file_contexts "/data/misc/tz_esecomm(/.*)? u:object_r:tima_keystore_file:s0"
remove_line file_contexts "/data/KEqvTaYEYkuJr1Mn+t-SwFvbgYo_(/.*)? u:object_r:tima_keystore_file:s0"
remove_line file_contexts "/system/bin/tima_dump_log u:object_r:tima_dump_exec:s0"
knox_lines_with_number;
remove_section file_contexts "# DATA file of knox_common" "/data/system/container(/.*)? u:object_r:container_system_file:s0"
remove_line file_contexts "/data/misc/audit(/.*)? u:object_r:audit_log:s0"
remove_line file_contexts "/dev/socket/epm u:object_r:epm_socket:s0"
remove_line file_contexts "/dev/socket/ppm u:object_r:epm_socket:s0"
remove_line file_contexts "/system/bin/tima_dump_log u:object_r:tima_dump_exec:s0"
remove_line file_contexts "/data/KEqvTaYEYkuJr1Mn+t-SwFvbgYo_(/.*)? u:object_r:tima_keystore_file:s0"
remove_line file_contexts "/data/misc/tima(/.*)? u:object_r:tima_log:s0"
#== remove_line file_contexts "/dev/mobicore u:object_r:mobicore_device:s0"
#== remove_line file_contexts "/dev/mobicore-user u:object_r:mobicore-user_device:s0"
#== remove_line file_contexts "/system/bin/mcDriverDaemon u:object_r:mobicoredaemon_exec:s0"
#== remove_line file_contexts "/system/bin/mcDriverDaemonQC u:object_r:mobicoredaemon_exec:s0"
#remove_line file_contexts "/system/bin/mdm_helper u:object_r:mdm_helper_exec:s0"
#remove_line file_contexts "/system/bin/mdm_helper_proxy u:object_r:mdm_helper_exec:s0"
#remove_line file_contexts "/system/bin/ks u:object_r:mdm_helper_exec:s0"
#remove_line file_contexts "/dev/mdm u:object_r:radio_device:s0"
#remove_line file_contexts "/#####/dev/mdm u:object_r:mdm_device:s0"
#remove_line file_contexts "/dev/mdm u:object_r:radio_device:s0"
#remove_line file_contexts "/dev/mdm u:object_r:radio_device:s0"
# init.container.rc
remove_line init.container.rc " # create Container (KNOX 1.0) mountpoints for KNOX Migration"
remove_line init.container.rc " mkdir /knox_data 0775 root system"
remove_line init.container.rc " mkdir /knox_data/userdata 0775 system system"
remove_line init.container.rc " mkdir /knox_data/appdata 0775 system system"
remove_line init.container.rc " mkdir /mnt/shell 0750 shell shell"
remove_line init.container.rc " mkdir /mnt/shell/knox-emulated 0700 system system"
remove_line init.container.rc " symlink /mnt/shell/knox-emulated /storage/knox-emulated"
remove_line init.container.rc " mkdir /mnt/shell/private_default 0700 system system"
remove_line init.container.rc " mkdir /mnt/shell/private_read 0700 system system"
remove_line init.container.rc " mkdir /mnt/shell/private_write 0700 system system"
remove_line init.container.rc " # From M OS, FS for ext has been seperated"
remove_line init.container.rc " mkdir /mnt/knox 0700 root root"
remove_line init.container.rc " # SDP USER 0, SECURE FS"
remove_line init.container.rc " mkdir /mnt/shell/enc_emulated 0700 system system"
remove_line init.container.rc " mkdir /mnt/shell/enc_media 0700 system system"
remove_line init.container.rc " mkdir /mnt/runtime/default/enc_emulated 0755 system system"
remove_line init.container.rc " mkdir /mnt/runtime/read/enc_emulated 0755 system system"
remove_line init.container.rc " mkdir /mnt/runtime/write/enc_emulated 0755 system system"
#remove_line init.container.rc " chown system system /dev/dek_evt"
#remove_line init.container.rc " chmod 600 /dev/dek_evt"
#remove_line init.container.rc " chown system 8001 /dev/dek_req"
#remove_line init.container.rc " chmod 660 /dev/dek_req"
#remove_line init.container.rc " chown system 8001 /dev/dek_kek"
#remove_line init.container.rc " chmod 660 /dev/dek_kek"
#remove_line init.container.rc " chown system 8001 /dev/sdp_mm"
#remove_line init.container.rc " chmod 660 /dev/sdp_mm"
#remove_line init.container.rc " chown system 8001 /dev/sdp_dlp"
#remove_line init.container.rc " chmod 660 /dev/sdp_dlp"
remove_line init.container.rc "on post-fs-data"
remove_line init.container.rc " # create knox filesystem structure"
remove_line init.container.rc " mkdir /data/knox 0771 system system"
remove_line init.container.rc " mkdir /data/knox/data 0771 system system"
remove_line init.container.rc " mkdir /data/knox/sdcard 0771 system system"
remove_line init.container.rc " mkdir /data/knox/ext_sdcard 0771 system system"
remove_line init.container.rc " mkdir /data/knox/app 0771 system system"
remove_line init.container.rc " mkdir /data/knox/tmp 0771 system system"
remove_line init.container.rc " mkdir /data/knox/tmp_sdcard 0700 system system"
remove_line init.container.rc " mkdir /data/knox/tmp_sdcard/default 0700 root root"
remove_line init.container.rc " mkdir /data/knox/tmp_sdcard/read 0700 root root"
remove_line init.container.rc " mkdir /data/knox/tmp_sdcard/write 0700 root root"
remove_line init.container.rc " mkdir /data/knox/tmp_sdcard/default/knox-emulated 0700 root root"
remove_line init.container.rc " mkdir /data/knox/tmp_sdcard/read/knox-emulated 0700 root root"
remove_line init.container.rc " mkdir /data/knox/tmp_sdcard/write/knox-emulated 0700 root root"
remove_line init.container.rc " mkdir /data/knox/tmp_sdcard/default/emulated 0700 root root"
remove_line init.container.rc " mkdir /data/knox/tmp_sdcard/read/emulated 0700 root root"
remove_line init.container.rc " mkdir /data/knox/tmp_sdcard/write/emulated 0700 root root"
remove_line init.container.rc " export KNOX_STORAGE /data/knox/ext_sdcard"
remove_line init.container.rc " # SDP USER 0, SECURE FS"
remove_line init.container.rc " mkdir /data/enc_user 0771 system system"
remove_line init.container.rc " mkdir /data/knox/secure_fs 0771 system system"
remove_line init.container.rc " mkdir /data/knox/secure_fs/enc_user 0771 system system"
remove_line init.container.rc " mkdir /data/knox/secure_fs/enc_media 0771 system system"
remove_line init.container.rc " export ENC_EMULATED_STORAGE_TARGET /storage/enc_emulated"
remove_line init.container.rc " restorecon /data/knox"
remove_line init.container.rc "#group system log shell"
remove_line init.container.rc "service epmlogd /system/bin/epmlogd"
remove_line init.container.rc " class main"
remove_line init.container.rc " user system"
remove_line init.container.rc " group system log shell"
remove_line init.container.rc " oneshot"
remove_line init.container.rc "# virtual sdcard daemon running as system (1000)"
remove_line init.container.rc "service knox /system/bin/sdcard /data/knox/sdcard /mnt/shell/knox-emulated 1000 1000"
remove_line init.container.rc " class late_start"
remove_line init.container.rc " oneshot"
remove_line init.container.rc " # virtual sdcard daemon running as system (1000)"
remove_line init.container.rc " #service secure_fs /system/bin/sdcard -r /data/knox/secure_fs/enc_media /mnt/shell/enc_media 1000 1000"
remove_line init.container.rc " # class late_start"
remove_line init.container.rc " # oneshot"
remove_line init.container.rc " start knox"
# init.environ.rc
replace_line init.environ.rc " export BOOTCLASSPATH /system/framework/core-libart.jar:/system/framework/conscrypt.jar:/system/framework/okhttp.jar:/system/framework/core-junit.jar:/system/framework/bouncycastle.jar:/system/framework/ext.jar:/system/framework/framework.jar:/system/framework/telephony-common.jar:/system/framework/voip-common.jar:/system/framework/ims-common.jar:/system/framework/apache-xml.jar:/system/framework/org.apache.http.legacy.boot.jar:/system/framework/sec_edm.jar:/system/framework/sagearpolicymanager.jar:/system/framework/timakeystore.jar:/system/framework/commonimsinterface.jar:/system/framework/imsmanager.jar:/system/framework/sprengine.jar:/system/framework/smartbondingservice.jar:/system/framework/secEmailBC.jar:/system/framework/com.broadcom.bt.jar:/system/framework/secocsp.jar:/system/framework/knoxvpnuidtag.jar:/system/framework/simageis.jar:/system/framework/sec_sdp_sdk.jar:/system/framework/sec_sdp_hidden_sdk.jar:/system/framework/seccamera.jar:/system/framework/qcom.fmradio.jar:/system/framework/tcmiface.jar:/system/framework/qcmediaplayer.jar:/system/framework/com.qti.dpmframework.jar:/system/framework/dpmapi.jar" " export BOOTCLASSPATH /system/framework/core-libart.jar:/system/framework/conscrypt.jar:/system/framework/okhttp.jar:/system/framework/core-junit.jar:/system/framework/bouncycastle.jar:/system/framework/ext.jar:/system/framework/framework.jar:/system/framework/telephony-common.jar:/system/framework/voip-common.jar:/system/framework/ims-common.jar:/system/framework/apache-xml.jar:/system/framework/org.apache.http.legacy.boot.jar:/system/framework/sagearpolicymanager.jar:/system/framework/commonimsinterface.jar:/system/framework/imsmanager.jar:/system/framework/sprengine.jar:/system/framework/smartbondingservice.jar:/system/framework/secEmailBC.jar:/system/framework/com.broadcom.bt.jar:/system/framework/secocsp.jar:/system/framework/knoxvpnuidtag.jar:/system/framework/simageis.jar:/system/framework/sec_sdp_sdk.jar:/system/framework/sec_sdp_hidden_sdk.jar:/system/framework/seccamera.jar:/system/framework/qcom.fmradio.jar:/system/framework/tcmiface.jar:/system/framework/qcmediaplayer.jar:/system/framework/com.qti.dpmframework.jar:/system/framework/dpmapi.jar"
# init.rc
remove_line init.rc "# KNOX KAP"
remove_line init.rc " chown system system /dev/knox_kap"
remove_line init.rc " chmod 0660 /dev/knox_kap"
remove_line init.rc "# AFW mode"
remove_line init.rc "service afw_enable /sbin/knox_changer -f"
remove_line init.rc " class main"
remove_line init.rc " seclabel u:r:kapd:s0"
remove_line init.rc " disabled"
remove_line init.rc " oneshot"
remove_line init.rc "service afw_disable /sbin/knox_changer -s"
remove_line init.rc " class main"
remove_line init.rc " seclabel u:r:kapd:s0"
remove_line init.rc " disabled"
remove_line init.rc " oneshot"
remove_line init.rc "on property:security.knox_afw_mode=true"
remove_line init.rc " start afw_enable"
remove_line init.rc "on property:security.knox_afw_mode=false"
remove_line init.rc " start afw_disable"
#== remove_line init.rc "# Mobicore"
#== remove_line init.rc " mkdir /data/app/mcRegistry 0775 system system"
#== remove_line init.rc " mkdir /data/app/mcRegistry/TbStorage 0700 system system"
remove_line init.rc "service kap_enable /sbin/knox_changer -e"
remove_line init.rc " class main"
remove_line init.rc " disabled"
remove_line init.rc " oneshot"
remove_line init.rc "service kap_disable /sbin/knox_changer -d"
remove_line init.rc " class main"
remove_line init.rc " disabled"
remove_line init.rc " oneshot"
remove_line init.rc "on property:security.knox_kap_mode=true"
remove_line init.rc " start kap_enable"
remove_line init.rc "on property:security.knox_kap_mode=false"
remove_line init.rc " start kap_disable"
remove_line init.rc "## Knox"
remove_line init.rc " socket epm stream 0660 system system"
remove_line init.rc " socket ppm stream 0660 system system"
remove_line init.rc "## audit"
remove_line init.rc " # for audit message"
remove_line init.rc " chown system system /proc/avc_msg"
remove_line init.rc " chmod 0660 /proc/avc_msg"
remove_line init.rc " mkdir /data/misc/audit 02775 audit system"
remove_line init.rc "## EDM AuditLog"
remove_line init.rc "service edmaudit /system/bin/edmaudit"
remove_line init.rc " class main"
remove_line init.rc " user root"
remove_line init.rc "service auditd /system/bin/auditd -k"
remove_line init.rc " class main"
remove_line init.rc " seclabel u:r:auditd:s0"
remove_line init.rc " disabled"
remove_line init.rc " oneshot"
remove_line init.rc "on property:init.svc.bootanim=stopped"
remove_line init.rc " start auditd"
remove_line init.rc "#start SEC_PRODUCT_FEATURE_COMMON_SUPPORT_SE_FOR_ANDROID"
remove_line init.rc "# Reload SE Android Policy for MDM"
remove_line init.rc "on property:persist.security.mdm.policy=1"
remove_line init.rc " setprop selinux.reload_policy 1"
remove_line init.rc "#end SEC_PRODUCT_FEATURE_COMMON_SUPPORT_SE_FOR_ANDROID"
# set ZEN scheduler default
line_old='write /sys/block/mmcblk0/queue/scheduler cfq'
line_new='write /sys/block/mmcblk0/queue/scheduler zen'
#sed -i "s%$line_old%$line_new%g" init.rc
# init.target.rc
remove_line init.target.rc "on property:ro.securestorage.knox=true"
remove_line init.target.rc " mkdir /dev/.secure_storage"
remove_line init.target.rc " chmod 0711 /dev/.secure_storage"
remove_line init.target.rc " chown system system /dev/.secure_storage"
remove_line init.target.rc " restorecon -R /dev/.secure_storage"
remove_line init.target.rc " start secure_storage"
# property_contexts
remove_line property_contexts "audit.ondenial u:object_r:denial_prop:s0"
remove_line property_contexts "persist.security.ams. u:object_r:container_mgmt_prop:s0"
remove_line property_contexts "persist.security.good. u:object_r:good_mgmt_prop:s0"
remove_line property_contexts "persist.security.tlc. u:object_r:tlc_mgmt_prop:s0"
remove_line property_contexts "persist.security.mdm. u:object_r:policy_mgmt_prop:s0"
remove_line property_contexts "persist.sys.drs.date u:object_r:drs_date_prop:s0"
remove_line property_contexts "security.knox_kap_mode u:object_r:knox_kap_prop:s0"
remove_line property_contexts "persist.sys.kap.status u:object_r:knox_kap_prop:s0"
remove_line property_contexts "persist.sys.kap.date u:object_r:knox_kap_prop:s0"
#== remove_line property_contexts "sys.mobicoredaemon.enable u:object_r:mobicore_prop:s0"
# seapp_contexts
remove_line seapp_contexts "user=system seinfo=platform name=com.sec.knox.containeragent domain=knox_system_app type=system_app_data_file"
remove_line seapp_contexts "user=_app seinfo=platform name=com.sec.knox.store domain=store_app type=store_app_data_file"
remove_line seapp_contexts "user=_app seinfo=knox_untrusted name=com.centrify.mdm.samsung domain=knox_untrusted_app type=app_data_file"
remove_line seapp_contexts "user=_app seinfo=knox_untrusted name=com.samsung.knoxemm.mdm domain=knox_untrusted_app type=app_data_file"
# service_contexts
remove_line service_contexts "kioskmode u:object_r:system_service:s0"
remove_line service_contexts "knoxcustom u:object_r:system_service:s0"
remove_line service_contexts "knox_ccm_policy u:object_r:system_service:s0"
remove_line service_contexts "knox_ucm_policy u:object_r:system_service:s0"
remove_line service_contexts "knox_secm_policy u:object_r:system_service:s0"
remove_line service_contexts "knox_pinpad_service u:object_r:system_service:s0"
remove_line service_contexts "knox_scep_policy u:object_r:system_service:s0"
remove_line service_contexts "knox_vpn_policy u:object_r:system_service:s0"
remove_line service_contexts "mdm.remotedesktop u:object_r:system_service:s0"
remove_line service_contexts "auditlog u:object_r:system_service:s0"
remove_line service_contexts "edmnativehelper u:object_r:system_service:s0"
remove_line service_contexts "edm_proxy u:object_r:system_service:s0"
remove_line service_contexts "enterprise_container_policy u:object_r:system_service:s0"
remove_line service_contexts "enterprise_billing_policy u:object_r:system_service:s0"
remove_line service_contexts "enterprise_isl_policy u:object_r:system_service:s0"
remove_line service_contexts "enterprise_license_policy u:object_r:system_service:s0"
remove_line service_contexts "enterprise_policy u:object_r:system_service:s0"
remove_line service_contexts "enterprise_premium_vpn_policy u:object_r:system_service:s0"
remove_line service_contexts "enterprise_shared_device_policy u:object_r:system_service:s0"
remove_line service_contexts "enterprise_sso_policy u:object_r:system_service:s0"
remove_line service_contexts "enterprise_user_space_sso_policy u:object_r:system_service:s0"
remove_line service_contexts "enterprise_vpn_policy u:object_r:system_service:s0"
remove_line service_contexts "ESEMDMService u:object_r:ese_service:s0"
remove_line service_contexts "knox_timakeystore_policy u:object_r:system_service:s0"
remove_line service_contexts "tima u:object_r:system_service:s0"
## Remove Knox apks
remove_knox;
# ============================================================
#
# EDIT DEFAULT.PROP
#
# ============================================================
replace_line $ramdisk/default.prop "persist.security.ams.enforcing=3" "persist.security.ams.enforcing=0"
replace_line $ramdisk/default.prop "ro.secure=1" "ro.secure=0"
replace_line $ramdisk/default.prop "ro.debuggable=0" "ro.debuggable=1"
replace_line $ramdisk/default.prop "ro.adb.secure=1" "ro.adb.secure=0"
replace_line $ramdisk/default.prop "persist.sys.usb.config=mtp" "persist.sys.usb.config=mtp,adb"
insert_line $ramdisk/default.prop "# SELinux & Knox related" after "persist.sys.usb.config=mtp,adb" "###";
insert_line $ramdisk/default.prop "# SELinux & Knox related" after "###" "# SELinux & Knox related";
insert_line $ramdisk/default.prop "androidboot.selinux=0" after "# SELinux & Knox related" "androidboot.selinux=0";
insert_line $ramdisk/default.prop "ro.securestorage.knox=false" after "androidboot.selinux=0" "ro.securestorage.knox=false";
insert_line $ramdisk/default.prop "ro.securestorage.support=false" after "ro.securestorage.knox=false" "ro.securestorage.support=false";
insert_line $ramdisk/default.prop "ro.security.mdpp.ux=Disabled" after "ro.securestorage.support=false" "ro.security.mdpp.ux=Disabled";
insert_line $ramdisk/default.prop "ro.config.tima=0" after "ro.security.mdpp.ux=Disabled" "ro.config.tima=0";
insert_line $ramdisk/default.prop "ro.config.timaversion=0" after "ro.config.tima=0" "ro.config.timaversion=0";
insert_line $ramdisk/default.prop "ro.config.dmverity=false" after "ro.config.timaversion=0" "ro.config.dmverity=false";
insert_line $ramdisk/default.prop "ro.config.rkp=false" after "ro.config.dmverity=false" "ro.config.rkp=false";
insert_line $ramdisk/default.prop "ro.config.kap_default_on=false" after "ro.config.rkp=false" "ro.config.kap_default_on=false";
insert_line $ramdisk/default.prop "ro.config.kap=false" after "ro.config.kap_default_on=false" "ro.config.kap=false";
insert_line $ramdisk/default.prop "ro.config.knox=0" after "ro.config.kap=false" "ro.config.knox=0";
Mai Ngọc Vinh
- 1
- 1