Porting LineageOS to FP2

So should the recent testbuild from 07.08.2017 contain the binary blobs 17.07.6? (As they can be downloaded here )
If so, why is the build.prop of the actual testbuild referring to fp2-gms-17.04.8 in its fingerprint?
Am I getting something wrong? Is the version number in the fingerprint not related to the binary blobs delivered with the image?

The buildserver uses this repo for the blobs:
which contains the blobs

So I think the version number does not match the actual blobs used.


SIM slot 1: Main Sim w/ PIN
SIM slot 2: prepaid Sim with default 0000 PIN

Turn on phone, upon entering the correct SIM1 PIN: “SIM PIN Operation failed”

SIM slot 1: prepaid Sim with default 0000 PIN
SIM slot 2: Main Sim w/ PIN

Turn on phone, SIM1 PIN request skipped(*), upon entering the correct SIM2 PIN: both SIMs are activated correctly, all network services can be used

(*) There is a setting activated on the Sim card (as I just learned) that it is not locked


Is this FP2 specific or general LOS?

08-08 20:12:30.647 14273 14273 W sh : type=1400 audit(0.0:304): avc: denied { read } for name="/" dev=“rootfs” ino=1 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:rootfs:s0 tclass=dir permissive=0

I see this also when working with a terminal emulator. Not being root gives a a permission denied (termux) or “empty directory” (file manager)

“of course” :slight_smile:

I’d call this wanted behavior because why should a non-root user be allowed to see that folder?

I recently built and installed LineageOS on my FP2, works decent so far. Thanks to all contributors.

I just realized a feature I loved on the Fairphone OS that seems missing in Lineage: Mounting the SD card as USB Mass Storage to a computer.

I’m not an Android dev, but some digging around makes it look like 1) nobody believes this is possible, while 2) it’s perfectly possible and low-level implementation just waits for a userspace button.

Well, why not? This is root, the start of everything, and what secret do you expect there? Besides, on every SELinux enabled system, / is readable by everyone. I can’t think of any reason not to be able to read /. Except you would propose security by obscurity. But even then, the contents of root are no secret on Android. You may argue for /system, and the likes, but /? Also /data is only readable as root, as seen by the permissions. So, if /data is rwxrwx–x, which reflects this, / is rwxr-xr-x, as on every Unix system, and forbidden by policy? I wouldn’t call this consistent…

1 Like

It’s more about signed builds and release keys


1 Like

After a few days of testing, I notice that LineageOS has significant trouble on my phone with Mobile data. I have the modem version as is mentioned in the post I reply to, so I think the modem files are up to date. My Lineage version is of 3 august, so that’s up to date as well.

Messaging and mails in general work, but anything more bandwith heavy (even simple web browsing) just refuses to load (not slow but time-outs and ‘no network’ errors). Also my VPN (TCP connection) is unable to connect under mobile data, while it works fine with Wifi. Under FPOOS my vpn never had any issue connecting to mobile networks.
Btw, the icon in the status bar sometimes has a small X, but other times just shows a healthy graph with LTE above it while the symptoms appear (No X or other additions). So this doesn’t seem to reliably indicate that there is an issue. I also tried turning airplane mode on and off. Sometimes it works a bit, but does not solve the issue completely.

Anybody knows something I can try to debug this? Is anyone else having this much trouble with mobile data?

1 Like

Untrusted apps are not getting any additional SELinux privileges. That’s what SELinux is about.



the fingerprint should from time to time being updated to the latest FP version that Fairphone has officially released including android CTS tests passing. As far as I know, some apps on playstore test this.



You should rather discuss this with the lineage community. There wont be any fairphone specific enhancements.


1 Like

Well, i wouldn’t restrict it to untrusted apps. SELinux is about controlling all accesses. But i guess this is no point of argument. I just question the access denial to /, which on one hand isn’t reflected by file system permissions, and for good reason, because that’s what / is all about in Unix in the first place, and denying read access does not offer any security pluses.
Besides, but this may just be my problem, i don’t know what’s all put into the untrusted apps domain. It looks like all apps installed by the user land there… Most of the time you don’t see this, but with a file manager and a terminal it’s obvious. Re file manager: it’s quite annoying not being able to walk the tree just because you aren’t allowed to start at /. Breaks expected behavior. In every (SELinux enabled system everybody may read /, because that’s the way the unit file system works)

Thanks. This was one of my questions

I noticed two random reboots in the last days (14.1-20170807-UNOFFICIAL-FP2). I had this already with the Fairphone Open version. Had anyone here? Whether that is possibly related to the properitäre firmware (blobs)?

Can you get the /proc/last_kmsg file after a random reboot and post it here?


1 Like

I’ll make it the next time.

FP2:/ # cat /proc/last_kmsg
5NwanD: Unknown sxmbol aDdress c01028c0
unw)nd: Index not fkund c01028c0
COde: 00000000 00000000 00000000 00000000 (00000000)
—[ end trace da227214a82495a8 ]—
Kernel panic - not syncing: Fatal exception in hnterrupt
CU2: stoppijg
[] (unwifd_backtrace+0x0/0x!38) froi [,c010dab> (handhe_IPI+0x044/0X248)
[] (handle[IPI+0x144/0x248) from [<c0102914<] (gic_handle_irq+0xec/0824)
unwinD: Unknmwn symbOd a`dress c010914
unwild: INd%x foT found c01 2914
SMP: failed to st/p secondary CPUs
wcj3s cra3h shutdown 0
Rebkotin’ in 4 seconds…
SMP: failed to stop sebondary CPQr
Going douf for restart no7
Calling CCM to disable SPMI PC arbiter
2729 Corrected bytes, 420 unrecoverable blocks
FP2:/ $

Looks like kernel panic. If you need a full kmsg, let me know.

Yes, please upload always full one.


Here it is: FP2 · GitHub