/bugtracker

Where to push a modified kernel image before calling release.sh #373

Closed
CaseyBakey opened this Issue Aug 18, 2016 · 2 comments

Comments

Assignees
No one assigned
Labels
Projects
None yet
Milestone
No milestone
2 participants
@CaseyBakey @thestinger
@CaseyBakey

CaseyBakey commented Aug 18, 2016
edited
Edited 1 time
  • @CaseyBakey CaseyBakey edited Aug 18, 2016

Hello there,

I would like to know where/when could I push a modified boot.img (via https://github.com/phhusson/super-bootimg) to my build tree, for it to be included in the final fastboot flashable files?

I did build the whole ROM, so I retrieved boot.img from the out/ folder and patched it with super-bootimg.

I'm just having a hard time figuring where to put it back in the build tree for it to be included during the last "./release.sh bullhead" phase.

I know that it's opening security flaws and is a possibility to fuck dm-verity by modifying /system while being root, etc., but I would be grateful if you can enlight me on this ;)

This ROM is amazing but I'm really missing root because of 2 things:

  • iptables to block some apps from accessing the network (AFWall+)
  • editing of /system/etc/hosts to block (AdAway)
    and that's why I'm looking to do some tests with root ^^

For now, I did modify the system/etc/hosts of my build tree with this: https://github.com/StevenBlack/hosts so it's quite ok for the ads/malware domains blocking even without AdAway.

But still missing the firewall part. Is something planned about these 2 things 'cause it's also security-related IMHO.

Anyway, thanks again for your amazing work!

@thestinger thestinger added the Type: question label Aug 21, 2016

@thestinger

This comment has been minimized.

Show comment Hide comment
@thestinger

thestinger Aug 21, 2016

Contributor
  • firewall UX: #274
  • domain blacklisting: #7
Contributor

thestinger commented Aug 21, 2016

  • firewall UX: #274
  • domain blacklisting: #7
@thestinger

This comment has been minimized.

Show comment Hide comment
@thestinger

thestinger Aug 21, 2016

Contributor

I don't know anything about making modifications after the build is done. I don't think it makes much sense to substantially reduce the security of the system in order to get a feature that's not very useful. The OS already has a permission for controlling internet access so it's only permitted for apps stating that they require it. There are cases where they actually won't need it, but the right approach to that would likely just be #128. Exposing control over the firewall is only needed for more complicated use cases. AFAICT, there would be no point of a simple per-app toggle via a more complex mechanism. It makes sense to add that feature, but the design isn't clear yet and it's a low priority.
Contributor

thestinger commented Aug 21, 2016
edited
Edited 1 time
  • @thestinger thestinger edited Aug 21, 2016

I don't know anything about making modifications after the build is done. I don't think it makes much sense to substantially reduce the security of the system in order to get a feature that's not very useful. The OS already has a permission for controlling internet access so it's only permitted for apps stating that they require it. There are cases where they actually won't need it, but the right approach to that would likely just be #128. Exposing control over the firewall is only needed for more complicated use cases. AFAICT, there would be no point of a simple per-app toggle via a more complex mechanism. It makes sense to add that feature, but the design isn't clear yet and it's a low priority.

@thestinger thestinger closed this Aug 21, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment