Running a command as a shell user from an Android app - android

I am trying to execute an fopen() function on a file that is given permissions only to "shell" from a native (C++) application that is triggered from a service on my Android application. When I run the native code as a PIE from the shell, I am able to open the file for reading, but if I try from the Android application, it fails to open the file as the Android application is run in a different user space and so I am not able to open the file. My question is, is it possible to run the command as a "shell" user or a child of "shell" from the Android application. I want to be able to do this without rooting the device so su is out of question.

You can't change the user ID of your app without a rooted device. If you could, the security model wouldn't be very useful. If your app needs access to the file, you will need to grant appropriate permissions.
The other common workaround is to have a service, running as the "shell" user, whose job is to open the file and hand back a file descriptor. The tricky part is that you need a way to launch that service as the "shell" user, which brings us back to needing "su".
FWIW, the situation is the same whether you're coding in Java or C++.

Related

FileObserver on system files

For a survey I want to monitor user-compelled changes in the Android M application permission settings.
I decided to create a FileObserver watching /data/system/users/0/runtime-permissions.xml. This file holds all information but only has read/write access for the system -rw-------. chmod won't work because access privileges are restored on every change. So my monitoring app needs system permissions.
I followed this method to deploy my app directly to priv-app directory. Works like a charm, app is considered a system app, but still does not have permission to read the above-mentioned file. File.canRead() fails just as File.exists().
Is there maybe something I have to add in the AndroidManifest.xml to make it work, or is making use of the priv-app folder a complete wrong guess? Do I have to sign the application? For final deployment I wanted to add the application to a custom rom using some kind of kitchen.

Android: How to get the process id of the foreground app

First of all, please note that this question is not same as all the "android foreground app" questions I found on SO, please read on :-)
I'm trying to write an android app for my own use, using golang, without using android-sdk or ndk (this is the KEY point). It is pretty simple, just use golang to write a http service, compile it for arm CPU and voila my app is running and can be access by simply visit http://localhost.
For the purpose of my app, I need to know the currently running foreground application, to define it precisely:
Foreground application is the application that occupies the screen, or has an "activity" what-so-ever (forgive me I'm not an android developer).
Anything that that is depended by the foreground application (e.g. services) is NOT what I am interested in.
If the phone is LOCKED/screen turned off, I want the solution to tell me there is NO foreground app.
And since I do not use anything android, just treat the phone as a LINUX machine, I want the solution to use native LINUX ways, e.g. by inspect /proc, or by calling any installed android command line tool (including sending messages via these command line tools), but NOT using any SDK/NDK way so that I have to use java or incorporate these thing into my app.
Starting from Android SDK 26 (if I remember well) Apps are executed on -one-User-per-App, so (i.e.) WhatsApp is running on UID=30 and Telegram on UID=76, so executing a ROOT command of "ps -A -o PID,USER,NAME" you can parse output and then Kill all Processes that you don't want to be executed.
36119 u30_a149 <WhatsApp_packagename>
36203 u76_a211 <Telegram_packagename>
37399 root [kworker/1:2H]
37423 u0_a329 su
38069 root sh
Without Root Permissions nothing of what you're trying to achieve is possible simply because is not possibile to denied an application to be executed or to kill it without Superuser privilege.

Changing how android opens files so that it triggers a system service function

Where in AOSP code would I look to add code that triggers a custom system service whenever the user attempts to open a specifically named file?
For example, if a user opens a file on Microsoft Excel on Android, I'm assuming the application is creating a fileinputstream to read in the spreadsheet.
I followed the instructions on http://processors.wiki.ti.com/index.php/Android-Adding_SystemService
All files open by any process are reflected in /proc. I would either modify the procfs to get immediate and full track of such events, or if the requirements allow, retreat to a less penetrating approach, monitoring /proc once in a short while.
See also How do I monitor opened files of a process in realtime?.

Launch application from adb without knowing intent, package, and activity

As a part of a research project, I'm doing method profiling work on a bunch of android applications identified as having malicious code in them. To automate the process, I've made a batch file and a java executable to decode, add the android:debuggable flag, rebuild, sign, and install the application to a test device. The next step would be launching the application.
Is there a way to do this from adb without knowing the intent, package, or activity of the application in question? I'm aware of the adb shell's 'am start' command, but this requires the package and the activity to start at the least, if I recall correctly.
Is there a way to start the application without this information? Or failing that, another method to get the package and activity and then use that in my batch file?
It would be much easier to run those on a device where adb runs as root (or the emulator), then you can attach without having to modify. If you are parsing the APKs, you might as well parse the manifest and build a list of packages, intents, etc. And of course, there is not 'launching the application' in Android -- you may start an activity or service, not necessarily the main/root activity. Especially for (suspected) malware, which may well be trying to hide its main activity behind an benign entry one.

Android: Sharing a common folder between linux application and Android application

Hi I'm a newbie for Android... Please throw some light on the following issue..
I have a file created by a linux application (written in C) with S_IRWXU|S_IRWXG permission and the file belongs to root user and root group.
Now I'd like to read/write to this file as an Android application as a different user (say app_41). It is not possible for the android application because it has no permission for the file.
What is the best way to implement this (without allowing "others" permission to the file/folder)?
The reason is that I have a daemon written in C that creates and manages named pipes for other process use. I'm trying to write to the named pipe from Android application (using native code) and I don't have the right permission to do it.
I won't be surprised, if someone says... "Hey it is very simple.. do this..."
Thanks for your help!!
I figured out a solution and it works... Please let me know if anyone has any better solution..
For an android application to share a file owened by a root process, we need to do the following
Make the Android application to belong to "system" user using
android:sharedUserId="android.uid.system"
Let the other platform process (owning the file) remain as root, but add it to the group "system".
Now the question is how do I add a process to the group "system".. One quick thing that comes to our mind is to add the process to init.rc and use the "group" keyword and start it. But Android doesn't allow it to happen.
To add the process to group "system" the process has to request the groupid from inside the process. That is, use the setgid(1000) system call from inside the process to add it to the group "system"..
And it works great!

Categories

Resources