How to create a symbolic link with short fullpath?

Question

I am editing paths on some binaries short of recompiling them.

I want to replace /lib/ld-linux-armhf.so.3, which I cannot create, by a path of same length, that I can create without rooting the phone. It should be something of the same length because I am editing binaries. I have chosen the path /data/data/com.clk/.so.3, after the different possibilities listed below. What I'm trying to do is create /data/data/com.clk/.so.3, which should be a symbolic link to /data/data/com.spartacusrex.spartacuside/gentoo_armv6l/lib/ld-linux-armhf.so.3

I initially used /proc/5781/cwd/rmhf.so.3, but this is not readable by other applications (which are other linux accounts).

I then tried /data/.tmp, but it is specific to my phone, and not documented according to @ChrisStratton. Same about /data/logcat_log.

/sdcard is excluded because fuse options rw,nosuid,nodev,relatime,user_id=1015,group_id=1015,default_permissions,allow_other restrict links and exectuables and /lib/ld-linux-armhf.so.3 is to be executed.

Does anyone know how else I can accomplish this?

No, they are not. What you find along these lines varies _widely_ by Android version. Consider starting your binaries with a library path override environment variable instead. — Chris Stratton, Dec 08 '13 at 22:51
Ok, I updated my question: /data/.tmp/ is not available, so I ask for someone to produce my short fullpath, with a bounty. — user2987828, Dec 13 '13 at 10:09
Do you think that the easiest solution would be to produce an APK ? — user2987828, Dec 16 '13 at 22:12
@user2987828 Don't you need to be logged in as root to create a synbolic link to something that is protected? — Menelaos, Dec 18 '13 at 02:39
@meewoK: no. You may try `ln -s /data/data/jackpal.androidterm/lib/libjackpal-androidterm4.so 3` in Terminal IDE, it will create a symbolic link even if /data/data/jackpal.androidterm does not exist. And if you install Terminal Emulator, that path will exists and the symbolc link will work. This works because all involved directory have at least the last `x` in tenth column of output of `ls -l` (try `ls -ld / /data /data/data /data/data/data/jackpal.androidterm/` after installing Terminal Emulator) — user2987828, Dec 18 '13 at 13:30
At least from the current version of your question, it's *really* hard to tell what, if anything, you're actually asking for. If you still have something here that you want help with, you should try to rewrite your question to better explain what it is. Alternatively, if you've managed to solve your problem yourself, consider posting a brief explanation of what you did as an answer and marking it as accepted. — Ilmari Karonen, Jan 04 '14 at 02:51
@IlmariKaronen : apparently, a possible solution would be to create an apk like explained by http://stackoverflow.com/revisions/20459834/3 but I do not have the knowhow about creation of APK. And that revision was flagged and deleted. — user2987828, Jan 06 '14 at 13:55
@Ilmari Karone : if you want more information about the flagging, see http://chat.meta.stackoverflow.com/transcript/89?m=1676192#1676192 and all its answers. — user2987828, Jan 06 '14 at 14:05
If creating an APK is the issue, have you looked at [this question](http://stackoverflow.com/questions/4600891/how-to-build-apk-file-in-eclipse)? — Ilmari Karonen, Jan 06 '14 at 18:15
You could use /var/tmp.. Sticky bit dir that doesn't typically get wiped by an OS upon reload even if the bits are set to wipe /tmp.. — Wedge Martin, Jan 08 '14 at 13:05
Symbolic links cannot overcome security restrictions. If the target path of a symbolic link is not accessible to you, then the link is not usable by you. You can use hard links to make files that are in directories not accessible to you into directories that are accessible to you. (Someone with access to both places has to create the hard link.) — Kaz, Jan 16 '14 at 02:30
@Kaz: Try this if you have a linux: As root, do: `mkdir /tmp/a ; chmod 711 /tmp/a ; date > /tmp/a/b ; chmod 644 /tmp/a/b` Then as the user, do: `ln -s /tmp/a/b /tmp/b`: cat /tmp/b will then work. Did you miss http://stackoverflow.com/questions/20459834/how-to-create-a-symbolic-link-with-short-fullpath/21170673?noredirect=1#comment30929789_20459834 ? — user2987828, Jan 17 '14 at 16:36
@user2987828 711 means that group and others have search permission. The regular user can also just do `cat /tmp/a/b` without the symlink; you just have to somehow know that `/tmp/a/b/` exists. Search permission means that if you know an exact name in a directory, you can use it, even if you have no read permission to actually scan the directory contents. Look, I've been using this Unix cruft since 1980-something. — Kaz, Jan 17 '14 at 17:36
@Kaz, My interest is creating a symlink so that a file with a long fullpath will be accessible by a shorter fullpath. Because, when editing binaries to replace `/lib/ld-linux-armhf.so.3` with the actual location of that binary, I can only use as many characters, no more. The permission issue was raised by http://stackoverflow.com/questions/20459834?noredirect=1#comment30911671_20459834 and there is no permission issue here to access the fullpath `/data/data/com.spartacusrex.spartacuside/gentoo_armv6l/lib/ld-linux-armhf.so.3`, I have only a problem with its length. — user2987828, Jan 24 '14 at 09:49
I think a solution is to patch `https://play.google.com/store/apps/details?id=com.clk` to add my symlink inside. — user2987828, Jan 24 '14 at 09:52
In that case, the wording "I want to replace X by a path I have access to" could use improvement. — Kaz, Jan 24 '14 at 18:02

score 1 · Answer 1 · answered Apr 01 '14 at 02:38

1

Have you considered using PatchELF rather than rolling your own binary editing? It claims to be smart enough to insert an extra page into the ELF header as needed to make room for longer interpreter or RPATH fields. That would allow you to use the real interpreter value rather than needing a symbolic link.

answered Apr 01 '14 at 02:38

bks

1,360
6
7

Thank you, I didn't knew PatchELF. Will be handy when I cannot recompile (which is not often the case). – user2987828 Apr 07 '14 at 14:11

user2987828 · Accepted Answer · 2018-02-15T12:48:20.733

I finally stumbled on a apk, AIDE, that can create simple apk, which does not need any x86 computer and works on the phone itself. Without paying anything, in twenty minutes, I created my first apk, and was able to install it after temporarily authorizating unknown sources. That was my first java program. I chose a short albeit informative name for the apk, com.symli (com. seemed necessary).

Then I modified the tab MainActivity.java of the editor to get:

package com.symli;

import android.app.*;
import android.os.*;

public class MainActivity extends Activity 
{
  @Override
  protected void onCreate(Bundle savedInstanceState)
  {
    try
    {
      Runtime.getRuntime().exec("ln -s /data/data/com.termux/com.symli /data/data/com.symli/n");
      Runtime.getRuntime().exec("chmod 1777 /data/data/com.symli");
    } catch (java.io.IOException e) {
    }
    super.onCreate(savedInstanceState);
    setContentView(R.layout.main);
  }
}

Then I simply clicked on the "run" button, and BOOM the symlink is now here for good, and /data/data/com.symli is itself a world writable directory (with sticky bit set):

lrwxrwxrwx 1 10150 10150 50 Nov  3 13:17 /data/data/com.symli/n -> /data/data/com.termux/com.symli
drwxrwxrwt 4 10150 10150 4096 Nov  3  2015 /data/data/com.symli

I have uploaded the resulting .apk to http://sf.net/projects/gentooandroid/files/symlinksForStackoverflowQuestion20459834v2.apk/download (permissions: NONE ! SHA256sum: 01fd17a8700f2cb5b5bb943b38b623b1400679fa03c35ccb204619d1d5d486ff MD5sum: 879af0633504ab25462a1f9b2303587e)

I found this apk maker, com.aide.ui, while looking for shell app with short package names. I will now be able to make simple APPS without authorizing anyone to look at my private life ! — user2987828, Nov 03 '15 at 12:52
The part ` ; env > /data/data/com.symli/getRuntimeExecEnv` was not working, so the reader can suppress it. The reader using my .apk (instead of using com.aide.ui) cannot suppress that from the .apk. — user2987828, Nov 03 '15 at 13:49

How to create a symbolic link with short fullpath?

2 Answers2