I read a lot about SELinux, and I would have liked to try and get my hands on a case study for the university.
I have installed various virtual devices on GenyMotion, from Android 6 to Android 9, but nobody owns SElinux: when I do "sestatus" it answers "disabled".
I do not think it's enough to enable it, it seems that the modules must be installed in the kernel, can someone tell me how to do it? I tried but I did not find anything, I'm having a lot of difficulties, it's the first time I do these things.
Thanks to everyone in advance.
Finally I managed to make everything work: I was able to access Selinux information via a terminal in the GenyMotion virtual device. Selinux is already active on devices after version 4.3, there is no need to install it as it said #Martin Zeitler. I explain the solution to the problem (on Linux it works).
The first thing to do is to install a terminal in the virtual device: I have installed Termux. To do this, just download the apk from a site and drag it to the virtual device, the installation will start. Subsequently, it is necessary to provide the SuperUser permissions to the Termux terminal: banally, by opening the terminal, provide the SU command, and the device will ask you if you want to provide SuperUser permissions to the Termux application. When you enter the SU command, it will allow you to browse the folders on your device. With the "ls" command, providing the "-Z" option, you can see the SElinux context of the files. From the terminal, using the "getenforce" command, you can see how Selinux is running. Here you will see other useful commands: https://www.all-things-android.com/content/se-android-commands
Now, you will need to download the tool that allows us to interact with Selinux: setools. https://github.com/pasis/setools-android These tools are written in C, the native language of Android, so you need to download the NDK library to compile them: https://developer.android.com/ndk/downloads/
The first thing to do to compile, is to specify the project path:
export NDK_PROJECT_PATH=/my/project/path . The second step is to specify the makefile:
ndk-build NDK_APPLICATION_MK=/my/project/Makefile.am (for a complete guide: https://software.intel.com/en-us/articles/building-an-android-command-line-application-using-the-ndk-build-tools)
When you have finished compiling, you can send the Setools folder to the virtual device, using the adb program. ./adb push /setool/local/folder /remote/device/folder
(example: ./adb /setool /tmp) Now that you have Setool on your device, you can run the tools in the "/setool/obj/local/x86" folder. Thanks to "sepolicy-inject" you can also add rules to the policies.
Finally, thanks to this guide I realized that Selinux policies are stored in binary format, so it is not possible to interact with them without tools.
https://ge0n0sis.github.io/posts/2015/12/exploring-androids-selinux-kernel-policy/
one cannot "install SE Linux" on Android; because it's already installed and enabled by default since API level 21. you'd need to become user root, in order to access these management commands. this would only be possible on a rooted hardware device - or a rooted emulator image.
... just install CentOS or whatever else security enabled Linux distribution, for a test.
Related
I have this development board Open-Q 820
It is running an Android 7.0 based on some sources from CodeAurora (that seem based on AOSP sources). Seems it uses proprietary bootloader that can not be changed. I need to access GPIO (/system/class/gpio) from my android app to control an external device. Problem is I can not do this from android app - seems only root can access this files.
I can call "adb root" command from PC and then call from "adb shell" something like
echo 0 > /sys/class/gpio/export
echo out > /sys/class/gpio/gpio0/direction
echo 1 > /sys/class/gpio/gpio0/value
and it is working. But I need to do the same from my android app. I know how to access terminal and su from android app. I just dont know how to root custom device. I tried to install SuperSU.apk app and its corresponding su native app manually. It starts and says it need to update su binaries. After installing binaries and reboot the system then it becomes broken - infinite android logo. If I not install binaries update then SuperSU can grant permissions to my app but actully app still can not use su (I dont know why - I use this library inside my app: https://github.com/Chrisplus/RootManager). And after reboot SuperSU not working longer.
So may be you know some SuperSU alternatives (Knigroot not working too) or steps how to correctly install some superuser management app. Or may be I can use su directly (I tried but my app has not rights to access /system/xbin/su). Or may be I can make /sys/class/gpio accessible by android apps somehow (I tried chmod 777 on it - not works). May be some SElinux rights, but I have no experience with this.
Thank you
Magisk helped me. Since it is have option to patch custom boot image. I used this option and now root access works.
I have downloaded Genymotion Android Emulator for personal use. I searched over internet to root this device, forums says that via adb shell its already rooted -"agreed".
Sumits-MacBook-Pro:sdk eSumit$ adb -s 192.168.57.102:5555 shell
root#vbox86p:/ #
root#vbox86p:/ # whoami
root
Found Genymotion configure apk, it will help to root access, if checkbox get clicked - "always allow su access", I did that as well, and then it get stuck like here. (see below)
If I restart by myself, it shows that no root access ?
May I know what I am missing here ?
Here are the pictures sequence :
I have also followed various tutorials e.g. Youtube - how to root genymotion emulator Android 7.0 but no solution yet
Apparently, there is some problem with the su binary. You can re-install it by downloading SuperSU zip archive and dropping it onto the device window. Restart will be needed.
Please note that the current version (2.79) does not seem to work due to missing /etc/fstab file on Genymotion systems. It works fine with 2.46.
Source: https://www.youtube.com/watch?v=YC9Bz5xVHCU
Make sure you have already installed Genymotion ARM Translation.If already,
Drag UPDATE-SuperSU-v2.46.zip to Genymotion Emulator(not sure other versions of SuperSU zips), and drop on it.It will confirm to flash zip file to emulator, click OK .After waiting for a while, you will get successfully message.Then, restart your emulator and check it with any Root Check App.Here is Tools file if you haven't it.I tested it on Google Nexus 5,Android 6.0 Emulator.I hope this will help for you.
Maybe it uses Iso file mounting system like Bluestacks that's why I guess it can't be rooted and also if it says its rooted then you can use UltraISO to modify root files only if it uses ISO file system.
I'm trying to flash google apps into a genymotion emulator. I can do this using the drag and drop feature, but it's required for my project that the google apps .zip is already loaded into the genymotion machine and it's flashed internally. (To avoid having to interact with the desktop)
I've checked questions like this where the flashing is achieved but using the clockworkmod recovery (Which I couldn't install on genymotion). Since there's no docs on the genymotion recovery mode I can't find the commands to flash the zip, but I'm pretty sure they exist.
Which commands can be used for flashing a .zip from the terminal?
The commands can also be run in the machine that's holding the genymotion.
Genymotion VMs contain some special scripts that interface with their launcher and skin controls. The one that you need is /system/bin/flash-archive.sh which is what gets run when you drag & drop a .zip archive.
You can run flash-archive.sh directly using ADB or from a process within the VM. So if you have the zip in /sdcard/Download/gapps.zip, you can run the following command from the host machine:
adb shell flash-archive.sh /sdcard/Download/gapps.zip
adb reboot
Don't forget to install the ARM translation package first, if applicable. It can be done using the same sequence.
Paul's answer is good.
Also, we will soon release features related to continuous integration and automation. A command line tool will be included on these features. It allows you to do all what you can do with your mouse, but through the command line. It will be available to paid licenses.
You can find a demo we did at Droidcon Paris here.
I try to understand how this works:
When I create an android app and run it from Eclipse, Eclipse takes care of generating the apk file and uses adb to install it on the phone correct?
When I have an .apk file that I try to push on the phone and use ADB directly in a command line by calling adb install myApp.apk I can't because my phone isn't rooted?
How does Eclipse manages to install apps then?
Is there a way to install from an .apk file on a device without having it rooted ? Obviously Eclipse is able to.
Thanks for any information that may help clarifying this.
David
So the really short answer to your question; You don't need to be rooted to use ADB, all android phones can use ADB without being rooted.
Also, the only reason you would need root is to mess with things on the system level, when installing a regular app you are just installing it like a regular application (to the data partition). Eclipse installs the app using ADB actually, so pushing an app using ADB is the same as installing it through eclipse.
You don't need to be rooted to use ADB, all android phones can use ADB without being rooted. You must be rooted to push applications to /system/apps/ to make them system applications. Also if you download a file explorer like ES File Explorer to your phone, you can transfer an apk file to your phones storage and using a file explorer (I really do recommend ES File Explorer) you can install that app.
Also just a tip, to use ADB command line you must enable ADB on your phone in developer settings.
Go to the settings menu, and scroll down to "About phone." Tap it.
Scroll down to the bottom again, where you see "Build number."
Tap it seven (7) times. After the third tap, you'll see a dialog that says you're four taps away from being a developer. Keep on tapping and the developer settings will show up in the settings app. There you can turn on ADB.
Hope this helps.
Further Reading: http://developer.android.com/tools/help/adb.html
http://www.androidcentral.com/how-enable-developer-settings-android-42
I am developing app which will come pre-installed with certain devices, however im testing the app on my own device and will need to demo it on my own device. At the moment its fine as im testing it as a user app, but now i need to use permissions which only the system apps get to use. Is their a way in the project settings to say its a system app so I can test and demo it?
short answer - i would root your phone. However, unlocking the bootloader is possible without root. So, IMO, you could install CWM as your recovery, then boot to CWM, then use the CWM option to MOUNT system, then use adb to copy your .apk to /cache, then use linux util 'cat' to get the apk from /cache to /system/app, then unmount /system using CWM, then reboot.
long answer - if you are developing system apps, learn the security environment of android. Learn the issues around permissions in the /system folder, and learn the recovery type tools that allow a developer to have access to the /system folder where adb activities like install , uninstall are restricted.
This is an older discussion 'froyo' on how-to install system app, illustrating some of the permissions issues in the /system folder. I would not simply follow these instructions without reading up on how its done in honeycomb and in ICS.