0

My app is trying to get system VPN profiles list with hidden APIs. However, the hidden APIs need to run in system process. After google, I find this, which can create a new process with root permission.

  Process suProcess = Runtime.getRuntime().exec("su");

But it can only run shell commands in the new process. How can I run my custom function in the new process?

Community
  • 1
  • 1
wizardlee
  • 53
  • 6

1 Answers1

1

To run your App with the permissions of the underlying system. You need to sign your App with the firmware certificate of your operating system. This will only be an option for you, if you are targeting a certain device.

Then you can share the uid of the system in your AndroidManifest.xml file.

android:sharedUserId="android.uid.system"

Since you have the platform key, how are you signing your APK? Here is a .bat file I use to sign my APKs. You can see in the command the files that are necessary (signapk.jar, platform.x509.pem, platform.pk8):

@echo off

echo Signing APK "%1" with platform certificate.
java -Xms256m -Xmx512m -jar %~dp0\sign\signapk.jar -w %~dp0\sign\platform.x509.pem  %~dp0\sign\platform.pk8 %1 test.apk
move test.apk %1 >NUL
echo APK is signed.

timeout 2
Knossos
  • 15,802
  • 10
  • 54
  • 91
  • I have tried with this solution with the platform key at target/product/security, but adb install gives error INSTALL_FAILED_SHARED_USER_INCOMPATIBLE. If I understand correctly, it requires different sign key for different manufactory or different device, which seems not possible for me, an application developer. There are many existing apps working with root permission. I wander how is it implemented, but cannot find related source code. – wizardlee Apr 24 '15 at 08:06
  • I added some more to my answer. How do you sign your APK, with what files? – Knossos Apr 24 '15 at 08:13
  • Make sure that your APK package was not already installed. Start fresh. – Knossos Apr 24 '15 at 08:14
  • I am using the command files from here https://android.googlesource.com/platform/build/+/android-5.1.1_r1/target/product/security/, the two platform.* files, and the signapk.jar from here http://www.learn2crack.com/2014/02/sign-android-apk-zip.html. Then sign my apk with this command under MacOS: "java -jar signapk.jar platform.x509.pem platform.pk8 app-release-unsigned.apk MySigned.apk". To make sure start from fresh, I rename the package to a new one, but still INSTALL_FAILED_SHARED_USER_INCOMPATIBLE. Is the platform.* files correct for my rooted Samsung Note3? – wizardlee Apr 24 '15 at 08:40
  • The filenames look correct, the command looks correct. I cannot see why it would fail. Although it seems crazy, have you tried this? http://stackoverflow.com/a/22803061/503508 . It is the last suggestion I have. – Knossos Apr 24 '15 at 08:50