Skip to content

v3.0.0

Latest
Latest

Choose a tag to compare

View all tags
@flipphoneguy flipphoneguy released this 31 May 01:35
· 2 commits to main since this release
v3.0.0
dceac4c

What's New

Fully defeats DirtySepolicy v2.2, which rewrote its detection to bypass libselinux entirely and query the kernel's SELinux filesystem directly.

New interception layer

  • /sys/fs/selinux/access — intercepts write+read to mask framework allow rules from kernel access vector decisions, and rewrites seqno to 1 to defeat the new avdSeqNo policy-reload detection
  • /sys/fs/selinux/status — patches sequence and policyload fields to clean-boot values (kernel-version-aware: < 6.10 vs >= 6.10)
  • read + pread64 hooks — new hooks to intercept and modify kernel responses in-flight
  • Numeric resolution via sysfs — resolves class/perm IDs by reading /sys/fs/selinux/class/ directly, no longer depends on libselinux symbols

Robustness

  • Handles fd reuse when close() bypasses PLT hooks (common on some Android versions)
  • Covers additional selinuxfs query files (create, member, relabel, user, validatetrans) that could be used for future context-existence probing
  • Matches /proc/*/attr/* broadly (covers thread-self, explicit PIDs, all attr files)
  • Supports both /sys/fs/selinux/ and legacy /selinux/ mount points
  • Libselinux API hooks retained as defense-in-depth for older detectors

Install

Flash dirtysepbypass.zip via Magisk app or:

su -c "magisk --install-module /sdcard/dirtysepbypass.zip"
su -c reboot
Assets 3
Loading