I'm building a custom Android 10 firmware.
I want to prevent the user of the device from being able to copy the firmware code from the device via ADB.
It's a USER build variant.
The user must have ADB access and can't limit it to specific commands.
Currently to get the code he could just do, for example:
adb pull /system/framework/services.jar
How can I modify AOSP to limit this access? Preferably l would like to prevent access to any other way to get the code from a running device.
Note:
I know obfuscation is an option, rather have a stronger prevention.
The user is prevented from going into bootloader mode.
You can restrict shell process to which all partitions it can get access to. This can be achieved by making the changes in SELinux policy.
Reference:
https://source.android.com/security/selinux/customize
Related
I have read all over the internet and get the single info whose summary is Runtime.getRuntime().exec(). But it didn't work.
How does the applications like King Root etc works? Are these apps written in C/C++ with NDK or no java is also used to create such apps. Any resuorce of information would be appreciated. Thanks!!!
Typically to root an Android device, the user needs to flash a custom recovery such a TWRP ((https://twrp.me/about/). Once that recovery is installed and booted into, the user can flash modifications such as root. This also requires an unlocked bootloader to flash that recovery.
Can you create an app that roots a device? Not unless there is a security flaw for that specific device and OS version.
I would like to implement a fanotify (supported by kernel > 2.6.37 - shipped in Android 5+) interface for the Android x86 - at first for goldfish emulator. I like to use the tool fsmon to start the filesystem monitor (a C program with basic structure to use the fanotify syscalls fanotify_init(2) and fanotify_mark(2)). I extended the fsmon code by own access-permissions. This permissions should be able to edited later by an system app in Android. (For example: I can choose later, which file types are denied)
The problem is following:
"The other big drawback of fanotify is that it currently is root-only (CAP_SYS_ADMIN-only to be more specific). This means that only the root user can request to use the monitoring capabilities provided by fanotify [...]"
[source]
A rooted phone is a must have? But is there not another way to run on/after kernel boot the fsmon binary without rooting the device?
My first thought was to execute a file/service after every boot by init.d. But to use it, you need a rooted phone. Then I found this: init.d scripts support:
"If your device is rooted the scripts can be executed using superuser permissions, but normal users can do also."
But I cant't understand how this can work (I didn't test it yet) Could this be a possible solution? For running it on other devices (without installing this app), I need to understand how the app bypass the problem. And init.d gets executed in the user-space, is it even possible to run the monitor there as root?
Next thought was to run a crontab, but same story - rooted phone.
Now I go one level deeper - linking/execute the binary (or the c code) in the kernel boot sequence.. I have to be honest - I'm not a professional kernel developer. I know, that I need the execve systemcall to run a file in kernel. But is my approach right? If this could be the right way, how can I communicate later with the system app? Do I need to create a small "database" from where both sides can access? Which way is the best to access the provided data from the system app? (kernel-userspace-communication: Procfs, Sysfs, Configfs, ...) Where is the right place to start the monitor? (sure - after setting up the filesystem)
Or is it absolutely not possible to use fanotify without rooting the phone?
I would be very happy if someone can give me some tips...
You are trying to use a feature that requires a permission (CAP_SYS_ADMIN or root) that is withheld from user and application processes by design. You either need a phone that provides this capability to designated applications or you need to root the phone. I do not know of any phones phones providing this capability, because it would enable an app to subvert the security of the system.
Objective
I'm developing a custom app for internal use on a rooted android mini-pc.
The goal (between others... so...many...others...) is to be able to turn on and off a tv using the serial port embeeded on the tv.
I'm using an FTDI UART RS232 serial usb cable for it.
Status
The application is working right now, using an android library (serial-driver) i can communicate with the tv, but the problem is that the device asks for permissions every install (and sometimes, weirdly, again on the same device), so it needs to be improved.
Issue
Since the device doesn't have mouse or keyboard by default, when this happens someone has to click the buttons, and since the device is normally hidden behind the screen, it can be really annoying.
My two bits
This problem, i feel, can be solved by two methods, but i still haven't been able to make them work.
Since the device is rooted, i might be able to modify an unknown (to me) parameter that allows me to bypass the permission request. For this i have tried to make an intent filter for the usb device, and to rewrite the interface that controlls this behaviour, both without success. Is there a way to make this android version more lenient about permissions?
I use for other reasons SuperSU inside the app, so i can use the full width of the might shell power. Using this i've been trying to send commands manually to the device (/dev/bus/usb/00X/00Y), but this haven't worked. My theory is that it's beacuse of the permissions of the device path, but even doing an unhealthy chmod 777 i cannot have them working.
So, that's my problem right now. I hope someone here can help me.
Additional data
Running: Custom Android 4.4.2 (Cannot be changed)
Needs to be doable solely from within the apk (but it can use shell commands)
We don't have the manufacturer signature to install it as a system app
We can use only one app, so i cannot have another one to move this one to /sys/apps, and i don't know if an app can do that to itself.
using Busybox stty -F /dev/.../ returns "Operation not permitted"
I've been playing around with adb and adb shell input <some input> for the last few hours (building funny little batch scripts that can basically controll my phone.
Since I cannot execute these commands on the device itself without a PC with ADB and I don't want to root my phone I have been looking for an alternative on how to automate user input on the device.
I found a great Tutorial here, however it states that I need a system level permission in order to inject input events into other apps.
Again, I don't want to root my phone and I want the app to be compatible with different devices, so I can't sign it with the platform-key.
Beginning to think it was impossible, I remembered an app that could do such a thing. The anti virus app CM Security is capable of starting the chrome browser and clearing the browser data.
I assume this is done with input injection, but I am not sure about it.
I've had a look at other questions but can't seem to find an answer. I'm trying to pull all the files (especially /data) from my android phone but can't seem to due to permission issues.
I am only able to get into download mode and system recovery mode on the phone (a Samsung Galaxy s3) and nothing else (installed a wrong custom rom :( hense the very limited use ). I need to backup all the data before applying a factory reset.
I've tried:
adb root
adb cannot run as root in production builds
adb pull /data ~/Desktop/backupfolder
pull: building file list...
0 files pulled. 0 files skipped.
Also adb shell doesn't allow me to pull (it says device not found even though outside the shell the device is detected). So running su from adb shell is useless if the data can't be pulled. Moving the data doesnt help.
Please help! Apart from download mode and system recovery mode, the phone is dead so solutions requiring apps don't apply.
The most probable cause might be that your phone is not rooted, so you will not be able to remount the partition for read/write access.
There is a particular stack overflow page for remounting a rooted device into RW mode.
link
Remounting is basically reloading your file system so you may read or write into the file system like any other file systems.
You may need to root your phone (please note that rooting will void your warranty).
Rooting lets all user-installed applications run privileged commands typically unavailable to the devices in the stock configuration. Rooting is required for more advanced and potentially dangerous operations including modifying or deleting system files, etc.
In normal production builds root is disabled by default, so you need to install a third party rooting software to get access to this privileged mode.
The entire process of rooting is beyond explanation in this post, but you can check this post from XDA
You need to be very careful while rooting coz it may brickyour phone.
Similar XDA posts are available on google if you search with your exact device name.
I managed to fix the problem!
Downloaded and installed Kies, which also installs the appropriate Samsung drivers. Then ran a firmware installation from there (Tools > Firmware Upgrade and Initialization).
Make sure you have the model number and S/N handy (written on inside of phone).