EnriqueMcquade Are you guys still working on the custom recovery?

I was hoping to quickly enable adb in the recovery img but not really sure what to do with this:

C:\Users\m\Downloads\mtk>adb shell
adbd F 09-03 18:47:05   311   311 shell_service.cpp:380] Could not set SELinux context for subprocess
libc: Fatal signal 6 (SIGABRT), code -1 (SI_QUEUE) in tid 311 (adbd), pid 311 (adbd)

    darth I read through the instructions and that doesn't seem to address the problem with these partitions. This removed the "shared_blocks" feature, which we don't have:

    Gflip6_TF:/data/local/tmp # tune2fs -l /dev/block/dm-2 | grep -e vol -e feat
Filesystem volume name:   /
Filesystem features:      ext_attr dir_index filetype extent sparse_super large_file huge_file uninit_bg dir_nlink extra_isize

      • FlippyLevel 6 - Platinum Elite Member

        • Post #432

        shadowmyst Ok so a bit irrelevant but their naming scheme is terrible!!

          What would happen if you uninstalled browser and installed A new app with the same package name. Would the app be replaced with browser on a reboot?

            Biden2020prez I may have said before but after all my trials and errors I do believe the only ways to write to system are:

            • signed ota package loaded by recovery
            • custom recovery
            • flashing super from fastboot or sp tools
            • replace the code that sets the partitions as read only (mmc definitely won't let you disable it without a reboot and then you must still stop it from being enabled)

            Problems I've had with each:

            • haven't tried making an ota package. Doesn't look fun and would still need to replace the verification keys in recovery.img.

            • I can't get adbd to run from recovery. Don't really know enough to port existing custom recovery like twrp.

            • this would take a lot of work to make a particular modification and rather solve this such that you all can make your own edits easily. But if the only thing everyone wants is chromium removed this is an option.

            • I can't find out where the emmc is set read-only to remove from the boot kernel. There is code in the OT_4058W kernel source but the partition names don't match up so I don't think that's what does it. I also tried using the recovery kernel in boot.img and nothing seemed different about it.

            The MTK guys were smart in using the emmc's built in write protection! I think logically the best place to concentrate on is custom recovery. It should not be so difficult to fix this SELinux policy issue but for some reason my recovery images don't always boot even with somewhat small changes..

            May have to force myself to take a break though. My chores are piling up here. 🙂

                neutronscott we also want to remove fm Radio and maybe hotspot. Depending on the circumstances we may want to also add system apps or make other modifications. We are certainly very grateful for all you've done thus far and sorry its preventing you from getting things done. I wish i could do things myself rather than telling other people to try them, Unfortunately i can't.

                    I have been looking at many pages on xda and stack overflow and i see many pages that look similar to our issue, but can you post a link with the exact situation we have?
                    neutronscott

                      OK I got lazy (or smart?) and patched the lk partition. It has the code that enables the power-on write protection from sec1-super. I changed it to sec1-tee2 and shrunk it. Then I decided I wanted boot writable, and I put sec1-lk2 and it must not have that name in the table because it just lost the entire 2nd write protection but whatever.

                      Here is what was write protected before:

                      Write Protect Groups 36-321 (Blocks 589824-5275647), Power-on Write Protection
  22          589824          593919   2.0 MiB     0700  sec1
  23          593920          594943   512.0 KiB   0700  efuse
  24          594944          726015   64.0 MiB    0700  md1img
  25          726016          758783   16.0 MiB    0700  md1dsp
  26          758784          760831   1024.0 KiB  0700  spmfw
  27          760832          762879   1024.0 KiB  0700  mcupmfw
  28          762880          795647   16.0 MiB    0700  gz1
  29          795648          828415   16.0 MiB    0700  gz2
  30          828416          832511   2.0 MiB     0700  lk
  31          832512          836607   2.0 MiB     0700  lk2
  32          836608          885759   24.0 MiB    0700  boot
  33          885760         1016831   64.0 MiB    0700  vendor_boot
  34         1016832         1033215   8.0 MiB     0700  logo
  35         1033216         1049599   8.0 MiB     0700  dtbo
  36         1049600         1051647   1024.0 KiB  0700  vbmeta
  37         1051648         1053695   1024.0 KiB  0700  vbmeta_system
  38         1053696         1055743   1024.0 KiB  0700  vbmeta_vendor
  39         1055744         1061887   3.0 MiB     0700  tee1
  40         1061888         1081343   9.5 MiB     0700  tee2
  41         1081344         5275647   2.0 GiB     0700  super
                      Gflip6_TF:/data/local/tmp # ./mmc writeprotect user get /dev/block/mmcblk0
Write Protect Group size in blocks/bytes: 16384/8388608
Write Protect Groups 0-1 (Blocks 0-32767), Power-on Write Protection
Write Protect Groups 2-924 (Blocks 32768-15155199), No Write Protection
Write Protect Groups 925-925 (Blocks 15155200-15171583), Permanent Write Protection
Write Protect Groups 926-931 (Blocks 15171584-15269887), No Write Protection

                      EDIT: File removed. Just use /vendor/bin/write_protect 0

                      • flashboot flash lk lk-neutron.img
                      • mount -o rw,remount /
                      • rm -rf /system/app/Chromium
                      • reboot. see if it's gone.

                        Biden2020prez I already tried it and it works. My browser is gone after reboot. The system_root partition now shows 96M free to add other things.

                        WE DID IT. I'M DONE! hah

                          Woah. Neutronscott should Get another honored member badge. We never could have done this without you!
                          now we just remove what we want and pull super?

                            lgexalter1 putting it mildly lol. For a custom firmware, the user still wont have write permissions because he modified lk not super correct?

                            i guess now we make a firmware without browser, I think Apps4flip admin May have a good idea for app integration. I may be able to get a semi functional cursor going, Ill post details when i have them.

                                Biden2020prez now we just remove what we want and pull super?

                                That should suffice.

                                lgexalter1 This guy is genius!

                                Eh if that were the case I'd have got recovery to work instead of just blowing open the doors.

                                I briefly looked at Launcherv3 and it looks like it tests if the app exists on system partition. Not going to mess with that now but hopefully just putting things in system makes it show up there. I did find this setting settings put global all_app_layout_type=1 to change the Launcher to a list.

                                Biden2020prez the user still wont have write permissions because he modified lk not super correct?

                                If you don't flash lk, the user won't have write access.. until they flash it. If you want to distribute super without Magisk there may be some AVB things to disable yourself that Magisk does.

                                        neutronscott Eh if that were the case I'd have got recovery to work instead of just blowing open the doors

                                        i know your so dumb. Anyone could have done that.. 🙂

                                        that was very very sarcastic in case someone didn't realize

                                          Biden2020prez settings display menu layout

                                          Yep I am such dumb. I was trying anything in the code to see if it bypass any check but it's hard coded. Haven't actually played with many settings on the phone yet so didn't know 🤣

                                            lgexalter1 that's sad. Does button mapper also only support those keys?
                                            even if it does we can probably map a long press to toggle voice access, But it would be very disappointing if most keys cannot be mapped.
                                            how about mouse? I know it doesn't work, but does it recognize the star key?