0

I have an Android application that call a native shared library by jni. This shared library invokes some loadable kernel modules .ko

My app run fail when jni calls the function in shared library that invokes kernel module. But when I write an executable using this shared library, it works fine when call above function.

I found that my app run with user name is "u0_axx" and my executable run by command line with root. So maybe it doesn't have permission to invokes kernel module.

My question is how does this native code run with root permission? Or some solution to solve such kind of issue?

Ps: I also tried to use Runtime.getRuntime().exec("su") and added <uses-permission android:name="android.permission.ACCESS_SUPERUSER"/> into manifest but it doesn't help and get an exception that permission denied. My device is rooted and my app is built as system app.

NVDQ
  • 23
  • 4
  • Looks like duplicate of *[ANDROID: How to gain root access in an Android application?](https://stackoverflow.com/questions/4905743/android-how-to-gain-root-access-in-an-android-application)* to me. A *method* cannot have permissions. Root permissions are granted per process. – Alex Cohn Aug 15 '18 at 11:18
  • This answer is for executing a shell command in Java with root permission. I want my native code in shared library which called by jni run with root permission, so that it can call kernel function. – NVDQ Aug 15 '18 at 14:36
  • I also asked others question relating to that issue here: https://stackoverflow.com/questions/51844210/different-between-native-c-code-run-in-jni-and-run-in-the-shell-in-android/51851949#51851949, but now I can't find how to grant root access for that. – NVDQ Aug 15 '18 at 14:38
  • I an afraid the [answer](https://stackoverflow.com/a/7102780/192373) is clear: you cannot have **root** permission in a Java app, even if that's a system app. For your specific request, you need some mediator process (running as **su**) which can receive a request from your Java or native code, and call the kernel function for you. – Alex Cohn Aug 15 '18 at 16:03
  • If you want a more authoritative answer, [here](https://groups.google.com/forum/m/#!topic/android-security-discuss/StFrddXeSxI) it is, by no other but Dianne Hackborn. – Alex Cohn Aug 15 '18 at 19:48

1 Answers1

2

You can set your app to run as System,

android:sharedUserId="android.uid.system"

This requires some extra steps, but it won't give your JNI code access to kernel module.

For that, you need some mediator process (running as root) which can receive a request from your Java or native code, and call the kernel function for you. You can use

Runtime.getRuntime().exec("su …")

But it may be easier to start this mediator process as a service from init.rc. A specialized library like https://github.com/SpazeDog/rootfw may help, too.

You can find more explanations at https://boundarydevices.com/android-security-part-1-application-signatures-permissions/.

Alex Cohn
  • 56,089
  • 9
  • 113
  • 307