Fairphone 2

[mstaz]

I'm trying to integrate superuser in new Fairphone's boot.img. Started with the own build boot.img. I get following messages: "7254 blocks source type su_device does not exist: 0,626 source type su_daemon does not exist: 0,627 target type toolbox_exec does not exist Could not add rule target type toolbox_exec does not exist Could not add rule 1303 blocks Dumped cpio-0 Dumped cpio-1 ..." What does the errors mean? Will it work anyway?

[Lrs121]

Where are you downloading the firmware from or are you using one you pulled from your device. I have only found the firmware for the first FairPhone

[lbdroid]

You'll have to provide a lot more details than that if you expect anyone to be able to help you with it. What are you patching? How are you patching it? What are you patching it with, precisely?

[mstaz]

Thanks for that fast responses.

Firmware can be downloaded here: http://storage.googleapis.com/fairphone-updates/FP2-gms36-1.1.7-ota.zip XML in http://ota.fairphone.com/FP2/updater.zip tells about versions and URLs.

But I built the AOSP on my own (https://forum.fairphone.com/t/compiling-fairphone-open-source-rooting). As the only current way to get working root is with SuperSu, I wanted to try superuser. So I downloaded the super-bootimg script. Put my boot.img into output/fp2/ and called "sh build.sh fp2". It creates several img files. Unfortunately with stated errors. If that would work, I'd assume it will also do so with the official boot.img. This would make it easy for people to get phone rooted.

[Lrs121]

I didnt really get any issues. You can try these using the ota you linked and see if they work. sorry about the certificate error I'm still using a self signed one. https://lrsservers.ddns.net/download/devices/fairphone/fp2/ use firefox if downloading on android itself.

[mstaz]

Did you modify them in the same way I did? I feel a little bit uncomfortable flashing a boot.img downloaded somewhere from an untrusted server :)

[Lrs121]

I understand the feeling. modified using this projects scripts.

[mstaz]

Which scripts do you mean?

[Lrs121]

download.sh and build.sh

[mstaz]

Also tried with download.sh and build.sh now. Same errors. Maybe I need to add that messages are between the others: ... libsepol.policydb_index_others: security: 1 sens, 1024 cats libsepol.policydb_index_others: security: 86 classes, 7306 rules, 0 cond rules source type su does not exist: 0,618 libsepol.policydb_index_others: security: 1 users, 2 roles, 618 types, 0 bools libsepol.policydb_index_others: security: 1 sens, 1024 cats ...

I'll now try with another device, if there are same messages.

[Lrs121]

Yah I just caught that one too looking through the logs

[mstaz]

Tried with archos/ac40he. Same errors. Seems to come from my system. diff with img from https://superuser.phh.me/ showed difference. But this may also come from different timestamps etc.

[mstaz]

I compared the ramdisk files now. They are equal. So seems like the errors shouldn't matter. Will check the changes now to decide if I try to flash :-)

[lbdroid]

If you are building the boot image from source, you should be applying patches to the source from https://github.com/seSuperuser/AOSP-SU-PATCH

Depending on how much they've butchered the source though, it could require some adjustment.

[mstaz]

But for that I'd need the modified boot.img anyway. Or did I understand something wrong? So I've thought to start with that. Also that would be great for other users which are not able to build from source at the moment.

[mstaz]

Ok, phone booted at least with modified boot.img. After installing phh's Superuser it also seems that root is working. The usual screen asking for permission appears and everything. But e.g. Root Verifier states "ROOT PERMISSION NOT GRANTED ...". Installing Busybox also doesn't work.

[Lrs121]

Which one did you use? User, noverity, nocrypt, eng?

[mstaz]

I tried the user image.

[lbdroid]

mstaz: There are two ways to apply the changes needed to the sepolicy; 1) modify an existing binary sepolicy, (2) patch the SOURCE CODE used to GENERATE the sepolicy.

The problem with (1), which is what you are trying to do, is that it has to take the boot image apart, find the sepolicy, and modify that sepolicy. In order for it to do this, it makes certain assumptions about the structure of the boot image and the existing binary sepolicy. Unfortunately, some vendors mess things up. Sometimes very badly.

When you have the source code for building a boot image from source code, it is a better approach to use (2), because it makes NO assumptions about the boot image or sepolicy structure.

[Lrs121]

lbdroid thank you for confirming my suspicions that some vendor screw with the boot image.

mstaz this forum post helps to understand the differences in the versions of root. http://forum.xda-developers.com/android/software-hacking/wip-selinux-capable-superuser-t3216394

In general I've noticed eng seems to be the most similar to what people experience with SuperSU and other integrated root methods.

[mstaz]

Lrs121 I should have read everything more clearly. The eng version just works great so far. That's awesome! :-D Root verifier returns success and Busybox can be installed without problems. Don't know if I'll get to it today, but now I'll try to integrate it in AOSP. Thanks for your help.

[Lrs121]

Good luck working on that. There may issues with integrating the Superuser app that I haven't been able to put an issue up yet, haven't been able to make a reliable log remotely. Then again I think I might be forgetting to do something stupid when trying to add it to my builds of Omnirom.