I have a native C program that calls system("mount -o rw,remount /system") in order to mount the system writable. It has suid bit set and is set to chown root:root so every user can call it and /system will be mounted writable.
(I know ... this is for testing and understanding so please do not discuss security aspects)
This program works when I call it in the console no matter what user I "su" to. mount shows rw for /system.
When I let my java app call this program using p = new ProcessBuilder().command("/system/app/testmounter").start(); nothing is remounted. But there is no error returned.
Now I launched a Process with "mount" and read the result in my java app right after the call to my testmounter. Is says /system is rw. At the same time the console says it is ro.
What's happening here? Is the mount state depending on the process that calls mount? That appears strange to me.
Related
I am developing an app for taking screenshots with root access.
I am using this call to take screenshot:
"/system/bin/screencap -p " + getFilesDir() + "screen.png"
However it creates this screenshot in root context and I can't access it with my app even if I chmod 777 and chown user_id:user_id. SELinux still says that this access is denied because scontext is u:r:untrusted_app:s0 while tcontext is u:object_r:app_data_file:s0. I have tried calling su with --context u:r:untrusted_app:s0 but it didn't help.
Any idea on how to perform correct screen capture call which will save it to app internal storage and then allow access for app?
If you have accessing the file because of permissions you can remove the -p <filename> part of the command. In this case the created image will be piped to stdout which is definitely accessible by your app.
You just have to connect to the InputStream of the Process executing the su comand and save the data yourself to a file or use it in your app.
How to read Stdout if shown here: Read command output inside su process
Note that in this example the asker wants to read text, hence the accepted solution reads data to a buffer and converts to a String - of course you don't need the conversion as the PNG file is not a printable String...
i'm trying to access my database file from adb shell, but sqlite3 cant open it, i think this is because i dont have root, searching on the web i found that to get root acess you need to:
adb root ->adbd is restarted as root(dont really know what is this)
adb connect <device>
adb -s <device> shell
this commands work fine here, but i still cant get root access and still cant acess my database file
The error i'm getting is:
Error: unable to open database "ClientsInfoDB.db": unable to open database file 1
on my app code to create the database i use:
public DatabaseHelper(Context context){
super(context, "ClientsInfoDB", null, 2);
can anyone help me here?
thanks for attention
EDITED ---
Important informations that was missing(sorry for that :s): i'm using Blluestacks to run my app
To access the app directory i did(on the shell):
cd data/data/<my_package_name>/databases
ls --> wont work
sqlite3 ClientsInfoDB
.databases --> message error that i posted above
If you're using a standard version of Android (i.e. not AOSP) you won't be able to get root by default. The steps for rooting the phone vary based on manufacturer and version and sometimes you can find instructions online. That said, it's not something that is officially supported and may damage your phone.
That said, without doing that, you can't access your application's database without root because the data directory for your application is restricted to your application only. If you need to access it, try having your application store the database somewhere like the /sdcard or equivalent directory which is generally accessible. The downside to this is that any application can access it, so be careful what you put there in production.
I want to copy some files from it's own data folder(e.g. "/data/data/com.example.copy/") to "/data/local/tmp/". I can't access /data/local/tmp/ in my app. Is it possible to do it?
I don't have root access on my device.
Here's my code:
Process p=Runtime.getRuntime().exec("cat "+ this.getApplicationInfo().dataDir +"1.txt > /data/local/tmp/1.txt" );
p.waitFor();
No, you cannot do this from an application unless your device has something like a hacked su which lets you run a helper process as a more privileged user (ie, unless it is "rooted").
You should put the file somewhere else - such as the external storage. (If the adb shell is allowed to create directories under /data/local/tmp you might be able to create one there and chmod or chown it to give your app access, but that's non-portable across versions)
Or if you are merely trying to expose it, change the access permissions (someone will probably come along and point out the java constant for setting a file world readable is superficially deprecated, but actual disabling the capability would require a drastic change to the underlying operating system)
What I'm doing:
I've built GNU emacs for native use on an phone.
I run emacs in daemon mode on the phone, so I connect to it anytime with emacsclient, to continue working with regular files, run processes, etc.
When logging in from the terminal on the phone, I'm currently user 10157, everything works:
$ id
uid=10157(10157) gid=10157(10157)
groups=10157(10157),1015(1015),1023(1023),1028(1028),3003(3003)
When I connect via ssh to the phone from a PC (I use DigiSSHd on the phone), it logs me in as a regular user 10282, everything works:
$ id
uid=10282 gid=10282 groups=1015(1015),1023(1023),1028(1028),3003(3003)
Emacs runs fine etc. However, this way I can't connect via emacsclient to the emacs process running under user 10157. This is desirable, since I don't want to start two emacs processes, since I want to continue working with files that I have open in emacs under user 10157.
Therefore:
$ su - 10157
Fine, I can run emacs etc. However, I cannot access the web.
$ ping -c1 google.com
You must have internet permissions to use ping. Aborting.
$ id
uid=10157(10157) gid=10157(10157) groups=10157(10157)
Thus I'm no longer in group 3003, necessary for internet access, besides other groups also.
Why does this group info get stripped, and how can I remedy this, so I can continue accessing the web when su as this user under ssh?
When i run the command:
busybox --list
I don't see su in the list.
su --help
shows Superuser.apk in the help text. It means su is provided by Superuser app.
I followed the steps described by you and i could su as another user and still have internet permission as shown below.
I have the following apps installed.
BusyBox v1.18.5-Stericson
Superuser v3.0.7
Terminal Emulator v1.0.45
SSHDroid v1.9.6
Suggestion:
I think the issue is with su on your device. You may try this one.
https://play.google.com/store/apps/details?id=com.noshufou.android.su
If i just use adb shell without running SSHDroid still i can su as another user with internet permission.
Note: The BusyBox id command doesn't show groups information always.
According to the standard man page for su (from a linux box)
When - is used, it must be specified as the last su option. The other forms (-l and --login) do not have this restriction.
Based on that, try
$ su 10157 -
I'm probably missing something here because this seems way too obvious but why not just 'sudo -u 10157' your emacs program?
you'd still have access to the net and your emacs would be working. or did I miss something important?
Permissions are not environment variables that can be inherited via su -.
Moreover, gid are are hard coded and their associations with each APP uid cannot be changed after installation.
10157 should be the uid of the DigiSSHd application, thus you could try to rebuild it after changing the AndroidManifest.xml to require the proper permission.
You can find something useful here and here.
The same should work for BusyBox (see here).
However, you could open some security hole by enabling NETWORK access through such applications.
I have android device with root and i try to implement some small app. This app need to read files from /proc/pid/net . I made it with Runtime.getRuntime().exec(new String[] { "su", "-c", "cat /proc/"+PID+ "/net/tcp6" }); but I must accept su -permission for each pid. There are some other possibilities how i can to read system files in android from my app? Something with FileReader? How can I get the su-permissions without exec -commando?
The exec command IS how you get su permissions. You might be able to chmod 777 the files you want and then they can likely be read via java. That, or you could move the files you want to read to the sdcard, or your apps data location and read them from there. Here is something very useful for root. You won't have to manually use the exec command each time, but RootTools does still use exec.
I believe if you do something like:
Process p = Runtime.getRuntime().exec("su");
you will get the root access.
And then you can do just:
p.getRuntime().exec("command");
and then you won't have to put the su in as long as that process is still active.
Though, I haven't done what I explained above (with the process) in quite some time, so I may be wrong. You may still have to include su each time. But either way, I'd recommend using RootTools.