Computer

Cwm no file contexts what does it mean. "Installation aborted" error with firmware: what to do, solutions and possible causes

We decided to install custom firmware on your Android smartphone or tablet, entered custom TWRP Recovery, but received error 7 during installation? Don't despair to fix this problem pretty simple.

Many beginners may be discouraged by any steps in installing custom firmware, especially if this procedure is performed for the first time. One of the major obstacles during the installation of the firmware can be error 7 in TWRP Recovery.

The seriousness of this error is that it does not allow you to install custom firmware on the device at all and all your preparation will go down the drain. But it turns out that given error 7 in recovery is quite easy to fix without resorting to lengthy actions! Today's article is about how to get rid of this problem!

Where did error 7 come from?

This error can occur in two cases:

If you try install firmware not from your device, this often occurs when under the same name of a smartphone or tablet there can be many models with slight differences for certain markets (for example, the LG G2 smartphone has models VS980, LS980, D800, D802, F320K). Make sure that the firmware is designed specifically for your device!
The firmware installation script does not include the model name of your Android smartphone or tablet.

How to fix Error 7 when flashing in Recovery?

Option 1 (action 1)

If you have already read how error 7 could have occurred, then your very first action will be to check that you really downloaded the firmware for your smartphone or tablet model (check the name and version).

If you notice that you downloaded the wrong firmware, then download for your device. Problem solved! If this is not the case and the firmware is correct, then proceed to the second step.

Option 2 (action 2)

Try searching the internet for more new version custom Recovery and then install it on your device, then try to install the firmware, which previously gave error 7.

Option 3 (action 3)

If not all users of Android systems, then many of those who install custom (non-original) firmware know that the appearance of an Installation Aborted error during firmware is a fairly common phenomenon. And this is by no means connected with the data being installed, but with the version of the operating system itself. Most users run this process without thinking about the possible consequences. And they can be very sad (even if the firmware is not installed, the system may simply “crash”, and after that you will have to restore factory setting with total loss of user data and any other related information).

Installation Aborted error with firmware: what is it in the general sense?

Let's start by clarifying the term itself. What does the situation when a mobile device writes Installation Aborted when flashing through recovery, is, in general, not difficult to understand.

Simply translate the message from in English into Russian. Receive a notification that the installation has been interrupted. But why is this crash happening? Read about this and much more in the article below. In addition, the usual cancellation of the installation is still the worst thing that can be achieved when carrying out such actions. The fact is that Android systems are sensitive enough to any changes, and can only work with selected devices, for which only certain version operating system. Relatively outdated operating systems and devices have practically no support in terms of updating the operating system. Updates only affect built-in services and custom applications, but no more than that. You can only upgrade the operating system to a certain supported level.

Installation Aborted with firmware: what to do?

It is clear that when installing official updates supported by Android operating systems, this kind of failure does not occur. The only situation when the system writes Installation Aborted when installing the firmware is only related to the fact that the user installs the Firmware on his own.

In principle, this is a kind of protective function, similar to the appearance blue screen on Windows systems. Only Android behaves much more modestly.

The main problem is not even in the installation method, but in the fact that this firmware may not corny correspond to the device on which it is installed. And for starters, when canceling the process, simply reboot the mobile device and restore the original system. After that you can start installing new firmware again.

blocking

Sometimes, when installing the firmware, Installation Aborted also signals that the original update file was placed in the wrong area, which is perceived by the device as a default reserve.

As a rule, in order to avoid an Installation Aborted failure when flashing a smartphone or tablet, the Update.zip file should initially be placed in the root directory of the internal drive (Android). Only then can additional actions be taken.

Operating system update

Another failure option, when the system writes Installation Aborted during firmware, can be interpreted as a mismatch between the current version of the operating system and the one the user is trying to switch to.

This is similar to how stationary computers try to jump from Windows XP to Windows 10. First, for the Android OS itself, you need to install an update that is supported by both the system and the device, and only after that start flashing the device.

One of the most basic conditions for the successful completion of the process, many experts also call the release of space on internal storage. Do not look at the fact that there is enough space on it. The most basic problem is that it has cache data that has not been deleted, which is perceived by the system as real garbage, although it may not signal this.

Thus, one of the options for eliminating the Installation Aborted failure during firmware will be the initial deletion of this type of data. Can be used standard settings, from where you go to the applications section with the selection of the "All" item and the subsequent clearing of the cache of each applet presented in the list.

It is much better (and it makes things easier) if the user has an optimizer app installed on their phone or tablet. Such applets, in general, behave quite correctly. True, cleaning issues sometimes raise legitimate doubts, since the user sees one thing on the application screen, but in fact nothing really happens. Don't believe? Look in any file manager to the DCIM and 100ANDRO directories, which are located directly on the internal drive where the operating system itself is installed.

CMW installation questions

Another point related to the possibility of eliminating the problem of the appearance of the Installation Aborted error during firmware refers to the installation of the CMW module, which is essential for such operations. Installing it will avoid the problems associated with the incompatibility of ROM drives. But to use it, you first need to get the so-called root rights.

In the simplest version, you can use the Kingo Root program, which is initially installed on Personal Computer or laptop. After connection mobile device the rooting driver will be loaded, and then the mobile applet will be installed on the mobile device (on the computer, confirmation will be issued directly in the program). After that, it will be enough just to launch the appropriate mobile applet to perform further actions.

They consist in installing Rom Manager, and in Recovery mode, using the Setup section, go to the menu ClockworkMod Recovery, find your mobile device model in the presented list and agree to further operations.

Restoring factory firmware

Sometimes this approach does not work, because sometimes the solutions presented can only be used on original firmware. Resetting the settings on your phone or tablet won't really do anything.

Therefore, it is advisable to immediately install the program that best suits your device (Xperia Companion, Samsung Kies etc.), and restore the factory firmware via the Internet with its help. And only after that you can start installing a new firmware, if necessary.

Instead of total

This is the solution to the Installation Aborted error during firmware. What to do, I think, is already clear. In general, by and large, it is worth saying that flashing a mobile device using unsupported Firmware versions is not recommended at all. So after all, you can, as they say, just ruin the device. You can install the firmware only if it is really taken from an official source and is fully compatible with the model of the device that is supposed to be reflashed. V otherwise don't even try to do anything like that.

Firmware Android 4.4 KitKat for Lenovo S930 - s215_140714

Firmware from the Russian region for updating from a PC!

Ability to install on any version of the firmware!

Build number: S930_ROW_s215_140714
Date: 14.07.2014
Creator: Lenovo QC release for ROW region
Compound: Full firmware image / OTA update
OS: Android 4.4.2
Description:

languages: Russian, English, Chinese, Vietnamese, Indonesian
keyboard: multilingual

Change log:

Android 4.4.2
VibeUI 1.5
Updated almost all applications from Lenovo
New system interface
Improved system interface
energy optimization

Download:

OTA update from firmware S119_140325 to firmware S215_140714 / mirror
Firmware for PC:

Instructions:

Installing an OTA update

MEMORY WILL BE REMARKED

User data will be saved.

AND MORE_ WIPE IS STRICTLY REGULATED AFTER OTA! OTHERWISE - YOUR LETTERS - DO NOT WORK, DO NOT OPEN, BUG - WILL BE JUST SPAM!

once again I repeat, THIS IS A CHANGE OF OS VERSION-! SPEND TIME - WIPE AND RESET EVERYTHING! IT'S WORTH IT!

Installed ONLY ON OF S119_140325 with regular recovery It is installed only on S119_140325 and only through regular (not extended) recovery.
RTH-rights will have to be obtained AGAIN
Installation:
0. We make sure that there is an official firmware S119_140325 , regular (not extended) recovery * and no deletion / change of system (GOOGLE) applications **. And also, that there is no memory re-partitioning. If at least one item is not fulfilled, the firmware will not get up. nothing bad will happen, just the update will not be installed and will remain previous version. We ALWAYS check (IF YOU WERE FROM PC to 119) that the REGION CODE FOR THE RUSSIAN FEDERATION was entered!) After flashing from PC to version 119, open the dialer dialer, dial ####682# and select the RU region in the list! If this is not done, then the firmware over the air will get WRONG!
1- Download the archive S930_OTA_from_S119_140325_to_S215_140714 on PC
2- Unpack and extract update.zip archive
In ANY way NOT unpacking update.zip, copy this archive either to the root of the memory card or to the root of the built-in memory
3. In ANY way, reboot into recovery
With the phone turned off, press the power button and hold for 1-2 seconds, then press the volume rocker "+" and "-" at the same time, hold the rocker and power until you enter recovery.
4. Installation starts AUTOMATICALLY.
6- Open the dialer = - Dialer. We dial the code ####7777# and confirm the reset.
7- do not reset or select a region of the code - the result is NOT guaranteed and with this firmware they will NOT be accepted in the service under warranty! Success!
9- Success!
Installing firmware from a PC
WARNING - use only the new utility SP_Flash_Tool_v5.1352.01
Brief instructions for use new utility SP_Flash_Tool_v5.1352.01

Translating... Translate Chinese (Simplified) Chinese (Traditional) English French German Italian Portuguese Russian Spanish Turkish

Unfortunately, we are unable to translate this information right now - please try again later.

Security Enhancements for Android (SEAndroid)

The Android operating system version 4.4 (Kitkat) has new features. Most important among the new features is the ability to forcefully integrate SEAndroid, i.e. put all permissions on all Android components under the control of SEAndroid.

What is SEAndroid? SEAndroid stands for Security Enhancements for Android(advanced security features for Android). This is an Android security solution that identifies and fixes important vulnerabilities. Initially, the goal of the project was to use SELinux features in the Android system to limit the damage associated with the operation of defective or malicious applications and ensure separation between applications. Then the scope of the project was expanded. Now SEAndroid is a whole platform to implement SELinux Mandatory Access Control (MAC) and Intermediate Mandatory Access Control (MMAC) on Android platform.

Some concepts related to SEAndroid should be clarified:

Security-Enhanced Linux* (SELinux) is a least-privilege implementation of Linux Security Modules (LSMs) in the Linux kernel. Is not Linux distribution, and a set of modifications that can be applied to operating systems, like UNIX*, such as Linux and BSD.
Discretionary Access Control (DAC) is a standard Linux security model. In this model, access rights depend on the identity of the user and the ownership of the objects.
Mandatory Access Control (MAC) restricts access rights for subjects (processes) and objects (files, sockets, devices, etc.).

SELinux does not change existing security features in a Linux environment; instead, SELinux extends the security model to include mandatory access control (i.e. both MACs and DACs are used in an SELinux environment).

SEAndroid expands the possibilities Android systems, adding SELinux support to the kernel and userspace to perform the following tasks:

Restricting privileged daemons to protect against misuse and limit potential damage
Application of "sandbox", isolation of applications from each other and from the system
Prevent app elevations
Managing application privileges during installation and execution using MMAS
Centralized policy with the ability to analyze

What's more, in Android 4.4, the SEAndroid platform runs in a forced mode instead of a non-functional disabled mode or a permissive mode (which only gives notifications). This means that all invalid operations will be prohibited in the Android runtime.

SEAndroid policy

The SEAndroid policy is one of the core elements of the entire SEAndroid security mechanism. In addition, the security architecture should also include a strong security policy to ensure that the access subject has only minimal necessary rights access to the object. Then the program will be able to perform its basic functions, but can't do any harm.

As mentioned above, the implementation of SEAndroid uses enforce mode instead of non-functional disabled mode or permissive mode (which only emits notifications). This simplifies testing and development.

The SEAndroid security context is generally compatible with SELinux. Its four constituent parts are described below: user, role, type and level, for example u:object_r:system_data_file:s0:

User: The security context of the first column in SEAndroid is user, denoted as u.
Role: The second column indicates the role in SEAndroid: these are respectively r and object_r.
Type: in the third column, SEAndroid defines 139 various types policies such as device, process, file system, network, IPC and so on.
Security level: The fourth column is for multi-level security (MLS extension), which is an access mechanism with added security context and privacy of the format [:category list][-privacy[:category list]], e.g. s0 - s15:c0 - c1023, where the category may not be required for the current android versions. The combination of sensitivity and category determines the current security level, numeric values are given for the lowest and higher levels security. The settings in this column are used when checking MLS restrictions: 15 is the most sensitive and 1023 is the highest category. This range of options can be set in Android.mk.

The security context is the most important part of the third column, the process type is called the domain. Type - most important parameter SEAndroid; The policy settings have been greatly expanded, so it is important that the appropriate type is specified for each file.

SEAndroid policy sources are located in the external/sepolicy folder.

The policy consists of the source files used to create the SELinux kernel policy file, as well as the file_contexts, property_contexts, seapp_contexts, and mac_permissions.xml configurations.

The file_contexts configuration is used to mark files at build time (such as the system partition) and at runtime (such as device nodes, service socket files, /data folders created by init.rc, etc.).
The property_contexts configuration specifies the Android properties security context for checking permissions.
The seapp_contexts configuration is used to mark application processes and application package directories.
The mac_permissions.xml configuration is the MMAC policy.

The policies that apply to the device are located in the device/ folder.<поставщик>/<устройство>.

This policy can be set by specifying the BOARD_SEPOLICY_DIRS, BOARD_SEPOLICY_UNION and BOARD_SEPOLICY_REPLACE variables in the BoardConfig.mk file located in the device/ folder<поставщик>/<устройство>or vendor/<поставщик>/<устройство>. For example, the configuration file for the FFRD8 tablet based on the Intel® Atom processor (Bay Trail) is located in the /device/intel/baytrail/BoardConfig.mk folder.
See device/intel/baytrail/BoardConfig.mk for an example, where these variables are set according to device policy files in device/intel/baytrail/sepolicy.
For device policy documentation, see external/sepolicy/README.

Changing the SEAndroid Policy

The SEAndroid policy files are located in the /external/sepolicy folder. You can modify these files and see what happens when you apply the modified policy. Use caution when modifying policy files, as a misconfiguration can cause the entire system to hang on boot. Below is an example:

Step 1: Check Before Changes

First you need to check the file /device/intel/baytrail/BoardConfig.mk. The following sepolicy configuration is used:

BOARD_SEPOLICY_DIRS:= device/intel/baytrail/sepolicy BOARD_SEPOLICY_UNION:= file_contexts seapp_contexts file.te genfs_contexts fs_use device.te healthd.te app.te untrusted_app.te surfaceflinger.te vold.te ecryptfs.te zygote.te netd.te

BOARD_SEPOLICY_DIRS specifies the directory where the policy files for a particular device are located. BOARD_SEPOLICY_UNION - The final policy configuration that combines general policy files and device-specific policy files. When building Android, the compiler will check for conflicts between different policies. If BOARD_SEPOLICY_ REPLACE is applied, this means that the device policies will replace the general policies.

Secondly, you need to open the file /external/sepolicy/untrusted_app.te and make sure it contains the following lines:

Allow untrusted_app shell_data_file:file rw_file_perms Allow untrusted_app shell_data_file:dir r_dir_perms

The two policy elements listed above grant untrusted applications (regular, not system applications) the ability to read and write files, and read directories of type shell_data_file at runtime. The shell_data_file option points to any file in /data/local/tmp/ in the runtime, set in /external/sepolicy/file_contexts in the development environment as follows:

The permissions listed above have certain limitations. If files and folders exist in /data/local/tmp/, then untrusted applications can read and write these files and enter these folders. But untrusted applications cannot create their own files and folders in /data/local/tmp/. Only system applications or services may create files and folders for untrusted applications. If you need to grant more permissions to untrusted apps, you can apply the changes in step 2.

Step 2: Add new policy elements

Now you need to edit the /device/intel/baytrail/sepolicy/untrusted_app.te file by adding the following two lines at the end of the file:

Allow untrusted_app shell_data_file:file create_file_perms Allow untrusted_app shell_data_file:dir create_dir_perms

These two elements grant permissions for untrusted applications to create files and folders in /data/local/tmp/ at runtime. They are set in /external/sepolicy/file_contexts in the following development environment:

/data/local/tmp(/.*)? u:object_r:shell_data_file:s0

Basic permissions for files and folders are defined in /external/sepolicy/global_macros:

Define(`x_file_perms", `( getattr execute execute_no_trans )") define(`r_file_perms", `( getattr open read ioctl lock )") define(`w_file_perms", `( open append write )") define(`rx_file_perms", `( r_file_perms x_file_perms )") define(`ra_file_perms", `( r_file_perms append )") define(`rw_file_perms", `( r_file_perms w_file_perms )") define(`rwx_file_perms", `( rw_file_perms x_file_perms )") define(`link_file_perms ", `( getattr link unlink rename )") define(`create_file_perms", `( create setattr rw_file_perms link_file_perms )") define(`r_dir_perms, `( open getattr read search ioctl )") define(`w_dir_perms", `( open search write add_name remove_name )") define(`ra_dir_perms", `( r_dir_perms add_name write )") define(`rw_dir_perms", `( r_dir_perms w_dir_perms )") define(`create_dir_perms", `( create reparent rmdir setattr rw_dir_perms link_file_perms ) ")

We can see that the permissions of, for example, a file operation ( getattr open read ioctl lock ) are the same as the file operation functions in a real file system.

And finally, you need to rebuild the tree source code Android and push the new image to a FFRD8 device with a Bay Trail processor.

Checking the SEAndroid Policy

After downloading FFRD8, you can download the FileManager app from the store android apps, and then open a command shell from the FileManager menu. This allows you to simulate the file operations of untrusted applications.

We can create new file and new folder: you need to go into the /data/local/tmp/ folder and create a new folder and a new file inside it. (On a standard FFRD8 device, the creation of a new file and a new directory is prohibited.) The result of applying the modified policy is shown in the figure below. The left shows the impact of the original policies, and the right shows the modified ones:

Picture 1. Comparison of file permissions between normal and modified policies.

Conclusion

This article describes how the SEAndroid policy works and provides an example of adding new policy to the set SEAndroid policy on the platform with Intel processor Atom (Bay Trail). This article will help device developers interested in creating custom versions of SEAndroid to better understand the SEAndroid policy mechanism.

about the author

Liang Z. Zhang is an Application Development Engineer in the Developer Relations Division at Intel China. Lian Zhan is responsible for supporting security technologies based on Intel platforms.

Notes

THE INFORMATION IN THIS DOCUMENT IS FOR INTEL PRODUCTS ONLY. THIS DOCUMENT DOES NOT GRANT ANY EXPRESS OR IMPLIED LICENSE, VOICE OF OBJECTION OR OTHER INTELLECTUAL PROPERTY RIGHTS. In addition to the cases specified in the terms and regulations for the sale of such products, Intel does not bear any responsibility and refuses explicit or implied guarantees regarding the sale and / or use of its products, including responsibility or guarantees regarding their suitability for a specific purpose, ensuring profit or violation of what -EITHER PATENTS, COPYRIGHTS OR OTHER INTELLECTUAL PROPERTY RIGHTS.

EXCEPT AS AGREED IN WRITING BY INTEL, INTEL PRODUCTS ARE NOT INTENDED FOR USE WHERE THEIR FAULTY MAY RESULT IN INJURY OR DEATH.

Intel reserves the right to make changes to specifications and descriptions of their products without prior notice. Designers should not rely on missing characteristics or characteristics marked "reserved" or "not defined". These features are reserved by Intel for future use and cannot be guaranteed to be free of compatibility conflicts. Information in this document subject to change without prior notice. Do not use this information in the final design.

The products described in this document may contain errors and inaccuracies, which may cause the actual characteristics of the products to differ from those shown here. Bugs already identified can be provided upon request.

Before placing an order, get latest versions specifications at your local Intel sales office or local distributor.

Copies of serial numbered documents referenced in this document or other Intel documentation may be obtained by calling 1-800-548-4725, or at: http://www.intel.com/design/literature.htm

The software and workloads used in the performance tests may have been optimized for high performance on Intel microprocessors. Benchmark tests such as SYSmark* and MobileMark* are run on specific computer systems, components, programs, operations, and functions. Any changes to any of these elements may change the results. Other information and performance tests should be consulted when selecting products to purchase, including performance tests of a specific product in combination with other products.

This document and the information contained therein software are provided under license and may be used and distributed only in accordance with the terms of the license.

Error 7 when flashing through recovery (TWRP, CWM Recovery) . Decided to install custom firmware on your Android smartphone or tablet, entered custom TWRP Recovery, but received error 7 during installation? Do not despair, fixing this problem is quite simple.

Many beginners can be discouraged by any steps in installing custom firmware, especially if this procedure is performed for the first time. One of the major obstacles during the installation of the firmware can be error 7 in TWRP Recovery. The seriousness of this error is that it does not allow you to install custom firmware on the device at all and all your preparation will go down the drain. But it turns out that this error 7 in recovery is quite easy to fix without resorting to lengthy actions! Today's article is about how to get rid of this problem!

Where did error 7 come from?

This error can occur in two cases:

If you try to install firmware not from your device, this often happens when under the same name of a smartphone or tablet there can be many models with slight differences for certain markets (for example, the LG G2 smartphone has models VS980, LS980, D800, D802, F320K). Make sure that the firmware is designed specifically for your device!
The firmware installation script does not include the model name of your Android smartphone or tablet.

How to fix Error 7 when flashing in Recovery?

Option 1 (action 1)

If you notice that you downloaded the wrong firmware, then download for your device. Problem solved! If this is not the case and the firmware is correct, then proceed to the second step.

Option 2 (action 2)

1. Install Notepad++
2. Open the firmware and follow the pathMETA-INF\com\google\android\
3. Extract the file updater-script