7

The Question:

I need to run some commands that require higher privileges from an app on a rooted device . Let's say for example, chmod 777 or accessing a a file who's permissions are --w------- (would work if permissions were --w-----w- meaning app is running as other group).

Some extra details:

  • Running Android API 18 (No SELinux)

Things I have already tried:

1) Using su from java:

From this post, I have tried using su in java like so:

Process su = null;
try {
    su = Runtime.getRuntime().exec("su");
    su.getOutputStream().write("chmod 777 file\n".getBytes());
    su.getOutputStream().write("exit\n".getBytes());
    su.waitFor();
} catch (Exception e) {
    e.printStackTrace();
} finally {
    if (su != null) {
        su.destroy();
    }
}

No error is thrown, but this does nothing.

2) Using setWritable() from java:

boolean ret = file.setWritable(true, false);

Here, ret = false indicating it had failed.

3) Using RootTools library:

Command cmd = new Command(0, "chmod 202 /sys/class/gpio/export");
try {
    RootShell.getShell(true).add(cmd);
} catch (Exception e) {
    Log.d(TAG,e.getMessage());
}

Running this gives me: Error! Permission denied

4) Using this answer

Using the class ExecuteAsRootBase I get: Can't get root access or denied by user.

5) Placing the app in /system/app

Still runs as u0_a38 under here for some reason! In order to get this to work I had to manually place the library .so under /system/libs. I also had to chmod 644 my .apk in order to allow it to run. I don't really understand why I am not running under root as when I use ls -l on my apk in /system/app it gives me:

-rw-r--r-- root     root      1270817 2000-01-01 01:42 com.my.app.apk

6) Signing the app as a system app (not in /system/app)

This was the last thing I tried.

Following these instructions, I was able to sign and install the app. I called ps from adb shell to check if it was running as root only to find out it was running under u0_a38.

Note: When installing as a system app even after signing, I could not install the app with android:sharedUserId="android.uid.shared" as it gave me: Failure [INSTALL_FAILED_SHARED_USER_INCOMPATIBLE]. Therefore, the app signed as a system app had this line omitted from the manifest.

7) Placing signed system app in /system/app

Exactly the same this as in 5.

When I input ls -l in /system/app I get:

-rw------- root root 1303459 2000-01-01 01:02 com.my.app.apk

Yet running "id" from within the app, I know that it is actually running as:

uid=10038(u0_a38) gid=10038(u0_a38) groups=1015(sdcard_rw),1028(sdcard_r),50038(all_a38)

8) Setting android:sharedUserId="android.uid.system" regardless of error

So even though I couldn't make this install using adb install because of the error :Failure [INSTALL_FAILED_SHARED_USER_INCOMPATIBLE] I went ahead and pulled the trigger anyway. I used adb push to get the .apk into /system/app and then manually added the native library to /system/libs, rebooting the device to let the system uninstall it. I then got this error on boot:

W/PackageManager( 2652): Signature mismatch for shared user : SharedUserSetting{411d82d8 android.uid.system/1000}
D/PackageManager( 2652): No files in app dir /vendor/app
E/PackageManager( 2652): Package com.my.app has no signatures that match those in shared user android.uid.system; ignoring!

So I'm assuming there is a chance that the keys provided by the manufacturer might not be the right ones. I found them here, which is a link from the manufacturer website.

OR

This dates back a while, not sure if it is still relevant. I'm hesitant to just delete that portion of the file but I will most likely end up trying it very soon. I don't see how removing the android.uid.***** from packages.xml won't impact the apps already installed on the system.

Conclusion:

Is there anything else that can be done aside from rebuilding with new keys? Or is this pretty much everything?

EricSchaefer
  • 25,272
  • 21
  • 67
  • 103
Stephan GM
  • 245
  • 3
  • 15

2 Answers2

0

I can't comment yet but I want to know what device/OS you're trying to perform this on. Some post 4.4 versions of Android have SELinux in Enforcing mode, which would prevent some of the operations you seem to want to do. But if your device is rooted, which it sounds like it is, you can run su setenforce 0 in the command line, which will put SeLinux in permissive mode and hopefully solve your issue.

Draken
  • 3,134
  • 13
  • 34
  • 54
gabe3vino
  • 313
  • 1
  • 3
  • 10
  • Have you tried running the chmod commands from the command line, as super user, instead of from within the app? It's a stretch but you might be able to modify the files permissions externally before your app ever tries to touch them. – gabe3vino Jun 28 '16 at 16:52
  • Yeah I have, and it works. The problem is I need to do it from within the app when it runs on boot or when I run the app manually. I can't permanently modify them. If I change `init.rc` in order to add these commands on boot the boot img will overwrite it. Also, it will not search for other scripts to run on boot outside of `init.rc`. – Stephan GM Jun 28 '16 at 16:53
  • Ah gotcha, gross. Well if the su commands in the java aren't working, the best I can do is refer you to this other stackoverflow page: http://stackoverflow.com/questions/29750137/android-performing-su-commands-programatically-does-not-work Which has helped me in the past when I ran into a similar issue, and is only a slight modification to test from what you had before. – gabe3vino Jun 28 '16 at 17:01
  • If that doesn't work, you can try to find a method to permanently modify your file permissions via adb, which is tricky and I'm not actually sure how to do, but I think this link may be helpful? http://stackoverflow.com/questions/13089694/adb-remount-permission-denied-but-able-to-access-super-user-in-shell-android But basically by remounting the drive it you can overwrite the default permissions. I'm not sure if it will persist for sure though, or if it's out of scope for your task. – gabe3vino Jun 28 '16 at 17:02
  • Thanks, I will check `id` with `su`. As for mounting and remounting, I've had to use that as a step to move my apk into `/system/app`. Modifying file permission from `adb root shell` does not require a remount, and is not persistent. – Stephan GM Jun 28 '16 at 17:14
  • Calling `"id"` from withing the program gives me `uid=10038(u0_a38) gid=10038(u0_a38) groups=1015(sdcard_rw),1028(sdcard_r),50038(all_a38)`. While calling `su "id"` returns nothing – Stephan GM Jun 28 '16 at 18:03
  • At the time I did not have the site privileges required to post a comment below OP's post, but I wanted to try and help them resolve this problem. I assumed that would be ok at the time, since this site is all about discussion and helping to solve problems. I think deleting this 'answer' post would only be acceptable if we could move this comment chain to below OP's post, since some good discourse towards solving the problem was had. – gabe3vino Jul 07 '16 at 21:17
0

On my rooted device running Android 7.1.1, running su root setenforce 0 on the shell allow my app to perform elevated privileged operation, such as reboot.

Peter Hua
  • 1
  • 1