search

salvogiangri / KnoxPatch

LSPosed module to get Samsung apps/features working again in your rooted Galaxy device.
GNU General Public License v3.0
688 stars 31 forks source link

Cannot create work profile using Shelter or Island App #41

Closed macaujack closed 11 months ago

macaujack commented 11 months ago

I'm using Samsung Galaxy S22.

After installing the xposed module (v0.6.0), secure folder becomes available again (big thanks!!). However, I still cannot create the work profile using Shelter or Island. I'm pretty sure that I enabled the xposed module for all Knox related package, as well as all work profile related package. After installing the enhancer (v0.4) with kernelsu, the issue still exists.

Before rooting my device, Shelter worked fine, so I guess KnoxPatch doesn't support work profile now.

So I'm wondering:

  1. Is it the case that KnowPatch does not support work profile for now?
  2. Is the log helpful? If yes, How can I access the log?

Thanks :)

salvogiangri commented 11 months ago

You really shouldn't add any other app than the ones marked as recommended in the module settings. Do you have Shamiko installed? You can get device logs via the LSPosed Manager app, I need to check what's going on under the hood, it's very strange that Secure Folder works while Work profile doesn't.

macaujack commented 11 months ago

Thanks for quick reply!

Now I only enable KnoxPatch for the recommended Apps. Still, I can use secure folder but cannot create work profile.

You mentioned Shamiko. No, I haven't installed Shamiko. Should I install it? I rooted my device with kernelsu instead of Magisk, so I think I'm doing well enough to hide my root. After all, even secure folder (which focuses on security) is available now. And other bank Apps cannot detect my root.

I attach the modules logs and verbose logs here. Thanks again!!

ModulesLogs.zip VerboseLogs.zip

macaujack commented 11 months ago

Sorry for clicking "Close with comment" accidentally

salvogiangri commented 11 months ago

You mentioned Shamiko. No, I haven't installed Shamiko. Should I install it? I rooted my device with kernelsu instead of Magisk, so I think I'm doing well enough to hide my root.

Installing ZygiskOnKernelSU will leave some traces of the presence of Zygisk in your device even though you're using KSU, installing Shamiko will make sure to hide those as well.

Anyway, by checking your device's logs I can see why it is failing to create the work profile user:

08-08 17:54:31.592   968  8023 I epmd    : Set sdp policy for user 12
08-08 17:54:31.592   968  8023 I epmd    : Set sdp policy to /data/user/12
08-08 17:54:31.592   968  8023 E epmd    : Failed to set policy to /data/user/12: Inappropriate ioctl for device
08-08 17:54:31.592   968  8023 E epmd    : Failed to set sdp policy for user 12
08-08 17:54:31.592   968  8023 E VoldNativeService: failed: Inappropriate ioctl for device
08-08 17:54:31.597  2453  5825 E StorageManagerService: failed
08-08 17:54:31.597  2453  5825 E StorageManagerService: android.os.ServiceSpecificException: failed (code 25)
08-08 17:54:31.597  2453  5825 E StorageManagerService:     at android.os.Parcel.createExceptionOrNull(Parcel.java:3037)
08-08 17:54:31.597  2453  5825 E StorageManagerService:     at android.os.Parcel.createException(Parcel.java:3007)
08-08 17:54:31.597  2453  5825 E StorageManagerService:     at android.os.Parcel.readException(Parcel.java:2990)
08-08 17:54:31.597  2453  5825 E StorageManagerService:     at android.os.Parcel.readException(Parcel.java:2932)
08-08 17:54:31.597  2453  5825 E StorageManagerService:     at android.os.IVold$Stub$Proxy.setSdpPolicyCmd(IVold.java:3298)
08-08 17:54:31.597  2453  5825 E StorageManagerService:     at com.android.server.StorageManagerService.setSdpPolicyCmd(StorageManagerService.java:6786)
08-08 17:54:31.597  2453  5825 E StorageManagerService:     at android.os.storage.StorageManager.setSdpPolicy(StorageManager.java:3463)
08-08 17:54:31.597  2453  5825 E StorageManagerService:     at com.android.server.knox.dar.EnterprisePartitionManager.setSdpPolicy(EnterprisePartitionManager.java:271)
08-08 17:54:31.597  2453  5825 E StorageManagerService:     at com.android.server.knox.dar.sdp.SdpManagerImpl$SdpLocalService.setSdpPolicy(SdpManagerImpl.java:4668)
08-08 17:54:31.597  2453  5825 E StorageManagerService:     at com.android.server.pm.UserManagerService.lambda$setSdpPolicy$6(UserManagerService.java:7832)
08-08 17:54:31.597  2453  5825 E StorageManagerService:     at com.android.server.pm.UserManagerService.$r8$lambda$uXE6Sg8Q0O-7SCcp-tFgXzEIKN0(Unknown Source:0)
08-08 17:54:31.597  2453  5825 E StorageManagerService:     at com.android.server.pm.UserManagerService$$ExternalSyntheticLambda4.apply(Unknown Source:4)
08-08 17:54:31.597  2453  5825 E StorageManagerService:     at java.util.Optional.map(Optional.java:261)
08-08 17:54:31.597  2453  5825 E StorageManagerService:     at com.android.server.pm.UserManagerService.setSdpPolicy(UserManagerService.java:7831)
08-08 17:54:31.597  2453  5825 E StorageManagerService:     at com.android.server.pm.UserManagerService.createUserInternalUncheckedNoTracing(UserManagerService.java:4531)
08-08 17:54:31.597  2453  5825 E StorageManagerService:     at com.android.server.pm.UserManagerService.createUserInternalUnchecked(UserManagerService.java:4237)
08-08 17:54:31.597  2453  5825 E StorageManagerService:     at com.android.server.pm.UserManagerService.createProfileForUserEvenWhenDisallowedWithThrow(UserManagerService.java:4109)
08-08 17:54:31.597  2453  5825 E StorageManagerService:     at android.os.UserManager.createProfileForUserEvenWhenDisallowed(UserManager.java:3645)
08-08 17:54:31.597  2453  5825 E StorageManagerService:     at com.android.server.devicepolicy.DevicePolicyManagerService.createAndProvisionManagedProfile(DevicePolicyManagerService.java:19543)
08-08 17:54:31.597  2453  5825 E StorageManagerService:     at android.app.admin.IDevicePolicyManager$Stub.onTransact(IDevicePolicyManager.java:6383)
08-08 17:54:31.597  2453  5825 E StorageManagerService:     at android.os.Binder.execTransactInternal(Binder.java:1316)
08-08 17:54:31.597  2453  5825 E StorageManagerService:     at android.os.Binder.execTransact(Binder.java:1280)
08-08 17:54:31.598  2453  5825 E SdpManagerImpl: setSdpPolicy failed!
08-08 17:54:31.598  2453  2497 I am_wtf  : [0,2453,system_server,-1,StorageManagerService,failed]
08-08 17:54:31.598  2453  5825 E UserManagerService: Failed to set sdp policy
08-08 17:54:31.598  2453  5825 D SystemServerTiming: createUser-64 took to complete: 531ms
08-08 17:54:31.598  2453  5825 D SystemServerTiming: !@Boot_SystemServer: 531ms : createUser-64
08-08 17:54:31.599  2453  5825 I SystemServerTiming: !@Boot_EBS:   Took 531ms by 'createUser-64'

The KSU img you flashed is built from Samsung's kernel sources or did you download it from their releases?

salvogiangri commented 11 months ago

I also see there are some issues with one of the hooks in the module:

[ 2023-08-08T17:51:30.235     5009:  6922:  6922 I/LSPosed-Bridge  ] Loading module io.mesalabs.knoxpatch from /data/app/~~e1v-C_fAb1UgahjH7pTYZA==/io.mesalabs.knoxpatch-efqa1actOBecmQcdMsREMg==/base.apk
[ 2023-08-08T17:51:30.266     5009:  6922:  6922 I/LSPosed-Bridge  ]   Loading class io.mesalabs.knoxpatch.MainHook_YukiHookXposedInit
[ 2023-08-08T17:51:30.745     5009:  6922:  6922 I/LSPosed-Bridge  ] [KnoxPatch][D][com.samsung.android.scloud]--> SamsungKeystoreHooks: onHook: loaded.
[ 2023-08-08T17:51:30.990     5009:  6922:  7090 I/LSPosed-Bridge  ] [KnoxPatch][E][com.samsung.android.scloud]--> HookClass [com.samsung.android.security.keystore.AttestParameterSpec] not found
[ 2023-08-08T17:51:30.991     5009:  6922:  7090 E/LSPosed-Bridge  ] java.lang.NoClassDefFoundError: Can't find this Class in [dalvik.system.PathClassLoader[DexPathList[[zip file "/system/priv-app/SamsungCloudClient/SamsungCloudClient.apk"],nativeLibraryDirectories=[/system/priv-app/SamsungCloudClient/lib/arm64, /system/priv-app/SamsungCloudClient/SamsungCloudClient.apk!/lib/arm64-v8a, /system/lib64, /system_ext/lib64, /system/lib64, /system_ext/lib64]]]]:
                                -> name:[com.samsung.android.security.keystore.AttestParameterSpec]
Generated by YukiHookAPI#ReflectionTool

Would you mind telling me which version of the Samsung Cloud app have you installed? This isn't really important but I'd like to know what's causing this issue to happen. I also really suggest you updating to the latest canary build of LSPosed available if possible:

https://github.com/LSPosed/LSPosed/suites/14840453246/artifacts/845055367

macaujack commented 11 months ago

I downloaded from their releases. The one I downloaded was prefixed with "AnyKernel" and it's a zip file.

For convenience, I first rooted my device with Magisk and installed an app that can flash kernel (namely "EX Kernel Manager" on Google Play store). Then I flash the AnyKernel*.zip using that App. And then I remove Magisk completely.

My samsung cloud version is 5.2.06.18

salvogiangri commented 11 months ago

I downloaded from their releases. The one I downloaded was prefixed with "AnyKernel" and it's a zip file.

Looks like a kernel issue to me, nothing directly related to KnoxPatch. Unfortunately you really can't use the KSU prebuilt img's in their releases on Samsung devices, since Samsung shipped kernels have a lot of proprietary drivers/code which is missing in Google's kernel tree (the one where KSU prebuilt img's are based off), in your case I assume the missing SDP drivers in kernel are causing this issue. The only solution is to go back using Magisk or build a KSU enabled custom kernel from Samsung's kernel sources, I personally built KSU kernels for A52s (Snapdragon 778G) and A54 (Exynos 1380), you can check my kernel sources here:

My samsung cloud version is 5.2.06.18

Thank you for reporting, looks like Samsung added SAK code since 5.4.xx.xx and above, will adjust the code in the module to avoid throwing that error when the hook won't work.

macaujack commented 11 months ago

Thanks a lot! I'll try building a custom kernel, though I think it's beyond my ability. Anyway, really thanks for helping! 😃