Switch to UID 2000 (shell) in an Android app programmatically? [duplicate] - android

In my application, I need to start a native binary that opens and read from some /sys/kernel files. If I launch the native binary by connecting using adb shell (launching manually from /data/local/tmp), then everything works fine.
I would like the App to programmatically do two things,
Copy the binary to /data/local/tmp/. Again this wont work as the normal android app doesnt have enough privileges.
Start the binary as a shell user so I can have the necessary privileges. I have tried using android:sharedUserId="android.uid.shell , but that doesnt seem to work.
Please note that I don't need root to open the /sys files.All I need is to be shell user. Any thoughts will be greatly appreciated.
Thanks

The shell UID is reserved for development and testing. Running an app with shell privileges is circumventing Google's security model. So you will not be able do it on a secured commercial device without rooting it.
A possible temporary (non-persistent between reboots) workaround would be:
Use adb shell to start a background service process, running as shell UID
In your application, using IPC to ask the service to perform special task for you

Related

How can I provide a command line interface to my Android app?

I would like to be able to type commands on my development machine (macOS/zsh) and have them do things on my Android app. This will require custom code in my Android app. What I'm trying to do is something similar to automating certain settings, so that I don't have to navigate to the settings screen of my Android app manually. This is to help me save time while I'm developing my app.
How can I get started? I'd love to see some examples of this being done but have been having trouble finding them.
Are there any libraries that can help me with this?
Also, for bonus points, I'd love to be able to have some sort of autocomplete on my Mac command line. How might I build that?
There's a few ways to do this:
1)Just write a Linux app, move it to your device, set the executable bit, and run it from adb shell (adb shell opens up a shell on an attached device with debugging enabled).
2)If you really need to access the app while its running, you can send intents to your app via the shell via adb shell am <options> This allows you to send an intent to the system. Then just write a custom Activity, Service, or BroadcastReceiver to receive that Intent and act upon it.

Launch/Create Android Emulator that does not have (without) root access

I need to run a security test on one of our Android mobile applications.
It must not run if the device is rooted.
It should run as expected on non-rooted devices.
I have tested part 1 without issue and found it to work as expected.
However, I cannot seem to create an emulator using the AVD Manager that will not start with root access.
-Is there a command line method to reduce the emulator instance to non-rooted at startup?
-Failing that, is there a method to send an adb shell command (or other command line call) to reduce the permissions to the installed application?
Thanks!
Edit for #Fred.
I have opened the shell and changed it to the user id (uid) of the application under test. Note that in the image you can see the command, "adb shell su u0_a53" and then the next prompt includes the user, "u0_a53#generic_x86_64" as the returned shell and has the "$" indicating non-root access. However, when opening the application under test on the emulator, the application detects the device is rooted. What am I missing?
See attached image - click here
Yes, there is a way using SU to change super user to non root, see answer in this so question for directions:
https://android.stackexchange.com/questions/60599/how-to-get-non-root-access-on-emulators
As it turns out, my question was fundamentally flawed. The environment i'm trying to achieve could not be created with an emulator as part of the security test checks to see if the phone is in 'release' mode, in addition to looking for the presence of 'su'. After conferring with several other teams, I have decided to obtain a physical phone for testing this security restriction.

Run Android application as Shell User

In my application, I need to start a native binary that opens and read from some /sys/kernel files. If I launch the native binary by connecting using adb shell (launching manually from /data/local/tmp), then everything works fine.
I would like the App to programmatically do two things,
Copy the binary to /data/local/tmp/. Again this wont work as the normal android app doesnt have enough privileges.
Start the binary as a shell user so I can have the necessary privileges. I have tried using android:sharedUserId="android.uid.shell , but that doesnt seem to work.
Please note that I don't need root to open the /sys files.All I need is to be shell user. Any thoughts will be greatly appreciated.
Thanks
The shell UID is reserved for development and testing. Running an app with shell privileges is circumventing Google's security model. So you will not be able do it on a secured commercial device without rooting it.
A possible temporary (non-persistent between reboots) workaround would be:
Use adb shell to start a background service process, running as shell UID
In your application, using IPC to ask the service to perform special task for you

How to run Android system app without root permission?

Is there any way to run Android system app without root permission? I can execute system app via adb such as:
adb shell /system/bin/screencap -p /sdcard/screen.png
In my own application, I wanna run a shell command like that without "su" command. Is there any way? How does android prevent user apps to execute system app?
You should be able to run this command in java code:
Runtime.getRuntime().exec("screencap -p /sdcard/screen.png");
There are some shell commands you can execute without having root. So you don't need to run "su". I'm not sure if you can execute screencap. Certainly you need permission to write to the SD_CARD in your app.
android.permission.WRITE_EXTERNAL_STORAGE
But why you don't use the Android API to make your screenshot? For more information read this post on stackoverflow: How to programmatically take a screenshot in Android?
Androids security model bases on user ids, like Linux does. Each app gets his own user id. So your app has a userid like 1001. If your user is allowed to run the command you can, otherwise you will receive an error.
EDIT:
You need root to take screenshots or be a system application. There is a permission READ_FRAME_BUFFER but you only can obtain it when you are a system application. Its a security problem when an app could take screenshots of your device.
I've found this API http://code.google.com/p/android-screenshot-library/ which promises to take screenshots without root. I didn't test it. The library starts a native service which then takes the screenshots for you.
But you have to run the service each time your phone boots. So it gets the system privileges. That's not really comfortable...
Conclusion: There is no nice way to take screenshots without root from code...
Is there any way to run android system app without root permission?
It have to be NO, but some times, some functions which are not for public use still can be used. I've seen examples using java reflection.
I can execute system app via adb such as: ...
In my own application, I wanna run a shell command like that without
"su" command. Is there any way? How does android prevent user apps to
execute system app?
I think, no.
The thing is adb shell and user app have different security levels based on User and Group IDs (UID and GID).
More info: http://android-dls.com/wiki/index.php?title=Android_UIDs_and_GIDs
Besides, there are limitations via app permissions and hiden & internal classes, procedures, etc which made for internal use.
P.S.: About screenshots. On android market (google play) there are few apps which provide screenshots without ROOT access. So, it's possible.
Although, since Android 4.0 screenshots are available "from box".

How can I send messages back and forth between ADB shell and an Android app?

I've been looking for an answer or the past 3 days, and haven't yet found one that works. I'm trying to write an Android app that can be controlled from ADB with custom commands. Is there anyway I can send strings back an forth between an app and an ADB shell?
Thanks in advance, and sorry for my noob qustion.
Sure, there are several ways to do this.
You could use a unix domain socket, and open it from both the android app and from a command line executable you would build by abusing the ndk, push to a version-dependent location on the device (/data/local, /sqlite_stmt_journals, etc) and run. Edit: in more recent android versions there may not be such writable/executable directories. You may have to have the app itself write the executable out to its private directory and set global read and execute permissions on it. Further Edit: adb can forward unix sockets, too.
Same thing with an internet socket, only now you have the option of setting up an adb port forward (provided the android app is the 'server' end) so as to communicate from a process running on your development machine directly with the android app, without passing data through the adb shell. Unless declaring internet permission is objectionable (it should be less of a concern than letting your PC-side app "drive" adb) this is probably the method that would stick closest to "official" capabilities and have the least android version dependence. It also can be trivially adapted to communicating over wifi.
You could use a pair of fifos and write and read them with shell commands (for portability, create them in the app's private storage but make them world readable/writeable)
you may be able to play some games with a pty
you could I suppose use files as mailboxes
you can use the 'am' command to send Intents (useful at least to start up the android app, if a bit inefficient for the communication)

Categories

Resources