Describe the bug
After installing the module via KernelSU and rebooting, opening the MSD app results in a white screen for about 2 seconds, followed by an immediate crash (force close).
To Reproduce
Steps to reproduce the behavior:
Install the MSD module via KernelSU on a device running Android 16, (Kernel Strings Android14) (SM8650).
Reboot the device.
Open the MSD app.
App shows a white screen and crashes.
Expected behavior
The app should launch normally and connect to the underlying daemon.
Environment:
Android Version: Android 14 (Kernel: 6.1.118-android14-11, Platform: Snapdragon 8 Gen 3 / SM8650)
Root Solution: KernelSU
MSD Version: v1.21
Log Analysis & Root Cause
I have checked the logs in /data/local/tmp/msd/. It appears the crash is caused by an underlying daemon initialization failure due to SELinux policy parsing errors.
In post-fs-data.log, sepatch throws the following error during the "Patching SELinux policy" stage :
1972-04-11T22:33:18.068189Z ERROR msd_tool: Failed to parse sepolicy
Caused by:
Failed to parse policydb
Because the custom SELinux context is never created, service.sh fails to start the daemon, as seen in service.log :
runcon: Could not set context to u:r:msd_daemon:s0: Invalid argument
2026-04-11T06:45:18.984588Z ERROR msd_tool: Failed to connect to domain socket
Caused by:
Connection refused (os error 111)
The frontend app then crashes because it cannot connect to the dead daemon.
Reflection & Root Cause Analysis:
The core issue does not stem from KernelSU permissions, frontend application logic, or incorrect user configuration. Instead, it is a low-level binary incompatibility occurring during the SELinux policy injection phase.
Specifically, during the execution of post-fs-data.sh, msd_tool relies on the sepatch Rust library to parse and modify the system's compiled SELinux policy (sepolicy) to inject the required u:r:msd_daemon:s0 domain context. However, on newer Android 14 kernels (specifically observed on SM8650), the policydb structure or version appears to have been updated. The current implementation of sepatch fails to parse this newer policydb format, throwing a fatal error: Failed to parse sepolicy.
This parsing failure triggers a chain reaction:
The custom security context (u:r:msd_daemon:s0) is never successfully registered in the system policy.
When service.sh later attempts to start the background daemon using runcon, the system enforces SELinux rules and rejects it with an Invalid argument error because the target context does not exist.
The daemon fails to start, meaning the Unix domain socket is never created or bound, leading to a Connection refused (os error 111) error.
Finally, the frontend app crashes after a 2-second timeout because it attempts to communicate with a dead daemon.
To resolve this issue, the underlying sepatch crate needs to be updated to correctly parse and handle the policydb
format used in Android 14.
Missing App Crash Logs
Please note that I cannot provide the frontend crash log from /sdcard/Android/com.chiller3.msd/files/crash.log. The app crashes so early during initialization that the /sdcard/Android/com.chiller3.msd folder is never created on my device.
Attachments
I have attached a msd.zip containing all the logs generated in /data/local/tmp/msd/* (including post-fs-data.log, service.log, dmesg.log, etc.) for your reference.
Describe the bug
After installing the module via KernelSU and rebooting, opening the MSD app results in a white screen for about 2 seconds, followed by an immediate crash (force close).
To Reproduce
Steps to reproduce the behavior:
Install the MSD module via KernelSU on a device running Android 16, (Kernel Strings Android14) (SM8650).
Reboot the device.
Open the MSD app.
App shows a white screen and crashes.
Expected behavior
The app should launch normally and connect to the underlying daemon.
Environment:
Android Version: Android 14 (Kernel: 6.1.118-android14-11, Platform: Snapdragon 8 Gen 3 / SM8650)
Root Solution: KernelSU
MSD Version: v1.21
Log Analysis & Root Cause
I have checked the logs in /data/local/tmp/msd/. It appears the crash is caused by an underlying daemon initialization failure due to SELinux policy parsing errors.
In post-fs-data.log, sepatch throws the following error during the "Patching SELinux policy" stage :
Because the custom SELinux context is never created, service.sh fails to start the daemon, as seen in service.log :
The frontend app then crashes because it cannot connect to the dead daemon.
Reflection & Root Cause Analysis:
The core issue does not stem from KernelSU permissions, frontend application logic, or incorrect user configuration. Instead, it is a low-level binary incompatibility occurring during the SELinux policy injection phase.
Specifically, during the execution of
post-fs-data.sh,msd_toolrelies on the sepatch Rust library to parse and modify the system's compiled SELinux policy (sepolicy) to inject the requiredu:r:msd_daemon:s0domain context. However, on newer Android 14 kernels (specifically observed on SM8650), thepolicydbstructure or version appears to have been updated. The current implementation ofsepatchfails to parse this newerpolicydbformat, throwing a fatal error:Failed to parse sepolicy.This parsing failure triggers a chain reaction:
The custom security context
(u:r:msd_daemon:s0)is never successfully registered in the system policy.When
service.shlater attempts to start the background daemon using runcon, the system enforces SELinux rules and rejects it with an Invalid argument error because the target context does not exist.The daemon fails to start, meaning the Unix domain socket is never created or bound, leading to a
Connection refused (os error 111) error.Finally, the frontend app crashes after a 2-second timeout because it attempts to communicate with a dead daemon.
To resolve this issue, the underlying
sepatchcrate needs to be updated to correctly parse and handle thepolicydbformat used in Android 14.
Missing App Crash Logs
Please note that I cannot provide the frontend crash log from
/sdcard/Android/com.chiller3.msd/files/crash.log.The app crashes so early during initialization that the/sdcard/Android/com.chiller3.msdfolder is never created on my device.Attachments
I have attached a msd.zip containing all the logs generated in
/data/local/tmp/msd/*(includingpost-fs-data.log,service.log,dmesg.log, etc.) for your reference.