After updating my phone to official 4.3 firmmware (using OTA which failed to install 3x in a row) I realized that they have restricted the access a lot.
They claimed that eFuse was used (meaning that if you "touch" your phone for the first time then it is designed to burn internally so that they can say it was physically destroyed by you). It seems that it is not true but no one showed any proof for that.
After escalating my privileges (eFuse can stay unharmed even if you do that) and installing binary to automate this in the future (for easy and controlled access) I started playing with the SELinux rules.
At first SE Rules set to "enforcing" were nice... until I realized that I am not allowed to control my phone (only shit-sung is). So the next step was to disable every auto-update I identified (so that they cannot kill me remotely).
After auto-updates were disabled... I also installed firewall (avast did great job here providing a handy interface for IPTables). And after every reboot (which happens rarely) I need to change SELinux into permissive mode, then run the firewall script, then enable SELinux back into enforcing mode.
Next step would be to modify shit-sung's rules. But there is no "semanage" binary :(
So I need to compile this on my own. After that I could install my own keys (would it be really required?) and play with the rules (best would be to use rules from SDCard so that I could pull it out in case of problems).
Oh... and I removed FMRadio.apk (and .odex) as I don't waste my time on watching radio or tv. Unanswered question is: according to the PL law I should register that I have an radio/tv receiver... but should I register it if I don't have such but I had for a moment until the crap was removed?
I wonder if I could get to the SELinux interface from app layer...
1 comment:
Well... it seems that most likely I would disable rthis sick SELinux and use good old grsecurity.
In other words I would not use overcomplicated SELinux which is coming from NSA (people who are spying us a lot) and instead I would use open source GRSecurity which I know, I've used, I can control without any pain in the ass and... which I have reviewed completely so that I know it shuld be pretty secure.
Yesterday I have compiled android... now I need to dig a bit more and determine which version should I compile. Compilation of trunk took ~1.5 days (virtual PC with 1 core though). Now it is compiling with 3 cores and 2.5GB of RAM. Next I should use SSD and my standalone PC.
I wonder if I could restrict all the mallware/bloatware so that it would all at the same time work, not spy me and remain functional...
Post a Comment