3

I'm trying to run some secure (internal) api calls, and I'm obviously getting security exceptions:

java.lang.SecurityException: Permission Denial: not allowed to send broadcast android.provider.Telephony.SPN_STRINGS_UPDATED from pid=24864, uid=10107

I'm trying to run the same call from root, but I'm not sure if it's possible in the first place. I can of course get the root permissions like this:

Process p = Runtime.getRuntime().exec("su");

But it doesn't seem to do the trick. I'm getting the same security exception. One of the samples I've seen tries to wait for the su call to finish first, as follows:

Process p = Runtime.getRuntime().exec("su");
p.waitFor();

but that didn't help me either. What am I doing wrong then? Is it possible to do at all?

If it's important, I'm trying to get an instance of the com.android.internal.telephony.Phone class, using the PhoneFactory (getting them with reflection). Getting reflection out of the way, it would look something like this:

// Initialize the telephony framework
PhoneFactory.makeDefaultPhones(this);
// Get the default phone
Phone phone = PhoneFactory.getDefaultPhone();
Artiom Chilaru
  • 11,811
  • 4
  • 41
  • 52
  • Trying to do the very similar thing you do. My goal was to achieve CLIR change programatically. And of course I am stuck at the same place. I would be really surprised that Native PhoneApp is not hardly protected. – Zelimir Mar 08 '12 at 17:40

1 Answers1

5

Your application or service needs to be signed with the same key as the core system apps, and request a shared user id with them. If you have a usable su command you are probably running a customized firmware; check with whoever provided it on how to add a new system application.

The su command does not change the identity/permission of the process calling it - what it does is let you launch a child process with elevated permissions. But its not very clear how you could launch an android application that way (possibly by using app_process - but really installing as a system app is the proper way to do it).

Note also that making your app a system app still does not make it run as root.

Chris Stratton
  • 39,853
  • 6
  • 84
  • 117
  • Thanks for the detailed answer! I'll try checking if there's a way to get the key for the firmware I use.. Otherwise, I might have to "cook" my own android build, just to be able to do what I want :) – Artiom Chilaru May 16 '11 at 23:25
  • Theoretically you should be able to just strip out the old signatures from everything that's signed with the platform key, and resign those plus your app with the same key - you don't technically have to recompile anything from source, but you'd probably have to do it manually/write your own scripts. Incidentally, you probably don't want to run as 'root' but instead as 'system' – Chris Stratton May 17 '11 at 02:43