I've noticed that it is possible on Android to change the permissions on a file with chmod, which means we can easily execute anything from an application:
var runtime = Runtime.GetRuntime();
runtime.Exec("chmod 0755 /my/file").WaitFor();
// Then ProcessBuilder to execute it.
Would Google Play Store accept an application that takes advantage of this flaw? I can't find any documentation about it, but I confirm that it works.
Actually, I want to include ffmpeg for tasks that are too slow to be executed using MediaCodec.
(I've also noticed that the Android framework sometimes directly access to a native version of ffmpeg, so maybe I could access it directly from the phone?)
I don't know for sure if it is ok for Google Play.
However i don't think it is security issue. You will exec process with the autorisation of your app.
I hope the following example will help you.
You can try the following command line with your device connect.
adb shell
To have a shell on your devices
Then you can try to look what is inside the files for an app (replace com.your.package by the name of a debbugable apk)
ls /data/data/com.your.package
This command will failde because you have not the good permission.
Now run the following command.
run-as com.your.package
You will now exec your command line with the same permission as your app.
You can now retry the previous ls command. It will work. However it will not work for another package.
So, i think the command you will exec with your code, will be exec with the privilege of your app. So i don't think you can elevate the privilege of you app on a file with this method.
Related
I am just trying to build a basic app that can write to any file on the phone.
The Galaxy I am using is rooted.
I gave full super user rights with Super-utilisateur app. I am trying using Runtime.getRuntime().exec(su -c touch /data/user/0/com.XXXX/test
But it's not working.
When I do the exact same command in adb shell with the superuser right it does work.
How can I make my very simple app write to any directories on my android phone?
Just to be clear I do not intend to upload that app in the play store, it's just for testing purposes.
The end goal is to write a execute as su a small sh script written in /sdcard/ that moves files around for testing.
Thank you
I was expecting my bash script to run as root with su -c sh /sdcard/test.sh
Could someone tell how to run cloned (dual) application via adb shell. The smartphone has MIUI 11 and the app is TelegramX, for example. Application clone emulator is by default.
I get the original application when I try to run the app via:
adb shell
monkey -p org.thunderdog.challegram 1
The package list tells only this point:
package:org.thunderdog.challegram
And no hint to the cloned one.
Meanwhile, directory to the clone application is:
/data/user/999/org.thunderdog.challegram
instead of
/data/data/org.thunderdog.challegram that original has. Prpbably, it can be helpfull somehow.
I can't find anywhere documentation about how Dual apps are implemented and how to run such apps through adb.
Thanks in advance!
adb shell
Once you’re in an ADB shell, enter the following command:
settings get secure clone_app_list
If you are already using the App Twin feature, then you should see either one or two package names returned with this command. If you aren’t using this feature, this string will be empty. Now, we will either append to the existing list or create a new list of apps to clone.
settings put secure clone_app_list "PACKAGE#1;PACKAGE#2;PACKAGE#3"
Source: [1]: https://www.xda-developers.com/how-to-clone-any-application-with-emuis-app-twin-feature-no-root/
I've compiled Valgrind for ARM using this with minor alterations.
After installing on a phone with the method specified, I get the following error:
# /data/local/Inst/bin/valgrind
valgrind: failed to start tool 'memcheck' for platform 'arm-linux': Permission denied
On closer investigation, it is possible to find what it's trying to do:
# /data/local/Inst/bin/valgrind -d -v
--25068:1:debuglog DebugLog system started by Stage 1, level 1 logging requested
--25068:1:launcher no tool requested, defaulting to 'memcheck'
--25068:1:launcher no client specified, defaulting platform to 'arm-linux'
--25068:1:launcher launching /data/local/Inst/lib/valgrind/memcheck-arm-linux
valgrind: failed to start tool 'memcheck' for platform 'arm-linux': Permission denied
However, the executable is there and has the right permissions:
# ls -l /data/local/Inst/lib/valgrind/memcheck-arm-linux
-rwxrwxrwx root root 9261240 2013-10-28 17:00 memcheck-arm-linux
Furthermore, trying to execute it yields no problem, which eliminates dynamic linking problems as well:
/data/local/Inst/lib/valgrind/memcheck-arm-linux
valgrind: You cannot run '/data/local/Inst/lib/valgrind/memcheck-arm-linux' directly.
valgrind: You should use $prefix/bin/valgrind.
At this point, I'm mostly out of ideas, any help would be greatly appreciated.
I'm aware of this similar post, but I'm sure (based on the output with "-d") the prefix is right.
Potential clue: this worked a few "ROM"-s before, but unfortunately, this current one is the exact same on which it worked previously, with the exact same Valgrind build.
The minor alterations: since the build was done on a 64 bit system, _64 was appended to toolchain paths where appropriate. I can post the full script, but it should be irrelevant. Famous last words, potentially.
I recently ran into the exact same problem.
On my device /data/local/Inst and all of its content is owned by a user named "shell".
Strange enough, when I try to execute valgrind with the root user, I get the above-mentioned error, but as soon as I log in with the unprivileged user, I can run valgrind without any issues.
From the information you posted, I take, that you installed valgrind as the root user, and I assume you also executed it as root.
So here are the steps that got it working for me:
/data/local/Inst is owned by an unprivileged user
Install valgrind with the same unprivileged user
Again, execute valgrind with the same user
Hope this helps.
Normally, this indicates some files (either lib or config files) lack the permission to you. Most likelihood is when you install the Valgrind with root, the umask may exclude the rx for others.
It is easy to solve this by adding the rx permission for others:
find /usr/local -name "*valgrind*" -exec chmod o+rxt {} \;
If you use Valgrind on Android, at least there are three way to solve the problem. (You must root your Android phone first.)
On your PC
cmd
adb shell
$su
#cp /data/local/Inst/bin/valgrind /system/bin/
Note: Remember to chmod. For example chmod 777 valgrind.
On your Android phone
Install an app "Root Explorer". Copy valgrind to /system/bin/ with the app.
Write a shell script
This is a example: Can't run a Java Android program with Valgrind
Chinese Comments:
我本人曾不止一次英语考试不及格。写英文回贴真的很不舒服。不过自我学Android开始,就从http://stackoverflow.com 这里得到过很多帮助。 知恩回报是中华民族的传统美德,所以
就硬首头皮写了这个E文回贴。
I want to write a small tool to move apps to SDcard.
I found the movePackage()-method in Android Open Source and reflect the method. I failed because this method need com.android.PERMISSION.MOVE_PACKAGE which I cannot get. So I want to using shell script to do this for rooted devices.
But I don't actually know what happened in the movePackage()-method. So I can't write the correct script.
Could you please tell what happened inside the Android when a app is moved to SDcard? Can I do this with program?
I'm not sure If I understand you, but on rooted device you can use adb.
For example:
adb push /home/username/Desktop/app.apk /sdcard/app.apk
Also you can do this (for removing):
adb shell rm /sdcard/app.apk
If you want to install:
adb install /home/username/Desktop/app.apk
I would execute a command on my rooted Android 2.1 device
String path = "/data/data/com.android.providers.settings/databases/settings.db";
Runtime.getRuntime().exec("/system/bin/chmod -f 777 " + path);
But this command does nothing on the targeted file. Any idea?
The RootTools library offers simple methods to check for root and issue root commands:
RootTools.isRootAvailable()
List<String> output = RootTools.sendShell(command);
http://code.google.com/p/roottools/
You need to get the runtime as the root user first. There is a nice ShellInterface class that you can use from the MarketEnabler source available on Google Code. Though keep in mind this source code is released under the GPL.
Essentially what you need to do is determine where your su command is and create a kind of shell using an input stream and output stream for STDIN and STDOUT. With these you can then push your commands to your "terminal". When you are done all your commands, flush your buffer and then wait for the Runtime to complete. Once it is completed, you can then close your runtime interface.
Then take a look at the file you have tried creating/modifying/etc to see if everything worked properly.
Bao Le I believe you are trying to drop shell commands in an Android App, here (Running Android Native Code in your Android app)are few of many ways to run a command from an app.