In Android OS, how can I restrict the "adb pull" command so that users of my customized Android kitkat version cannot pull anything like files, apks, etc? Please note that the requirement is that a user cannot even pull files on a rooted device. I am open to an SeAndroid policy solution provided it is not just for /sdcard but for /data and /system folders also.
Related
I have this development board Open-Q 820
It is running an Android 7.0 based on some sources from CodeAurora (that seem based on AOSP sources). Seems it uses proprietary bootloader that can not be changed. I need to access GPIO (/system/class/gpio) from my android app to control an external device. Problem is I can not do this from android app - seems only root can access this files.
I can call "adb root" command from PC and then call from "adb shell" something like
echo 0 > /sys/class/gpio/export
echo out > /sys/class/gpio/gpio0/direction
echo 1 > /sys/class/gpio/gpio0/value
and it is working. But I need to do the same from my android app. I know how to access terminal and su from android app. I just dont know how to root custom device. I tried to install SuperSU.apk app and its corresponding su native app manually. It starts and says it need to update su binaries. After installing binaries and reboot the system then it becomes broken - infinite android logo. If I not install binaries update then SuperSU can grant permissions to my app but actully app still can not use su (I dont know why - I use this library inside my app: https://github.com/Chrisplus/RootManager). And after reboot SuperSU not working longer.
So may be you know some SuperSU alternatives (Knigroot not working too) or steps how to correctly install some superuser management app. Or may be I can use su directly (I tried but my app has not rights to access /system/xbin/su). Or may be I can make /sys/class/gpio accessible by android apps somehow (I tried chmod 777 on it - not works). May be some SElinux rights, but I have no experience with this.
Thank you
Magisk helped me. Since it is have option to patch custom boot image. I used this option and now root access works.
I'm unable to access system folder in android without rooted the device. Also wanted to know is it possible to access while booting the android phone?
I think ur asking without doing rooting
so Without rooting you have 2 options:
If the application is debuggable you can use the run-as command in adb shell
adb shell
run-as com.your.packagename
cp /data/data/com.your.pacakagename/
You can use Android's backup function.
adb backup -noapk com.your.packagename
You will now be prompted to 'unlock your device and confirm the backup operation'. It's best NOT to provide a password, otherwise it becomes more difficult to read the data. Just click on 'backup my data'. The resulting 'backup.ab' file on your computer contains all application data in android backup format. Basically it's a compressed tar file. This page explains how you can use OpenSSL's zlib command to uncompress it.
You can use the adb restore backup.db command to restore the backup.
regards maven
Every app can access and read the /system folder on an Android device. It does not have to be rooted for that.
No, you can't.
The user that launchs the application must be root in order to access some folders. If doesn't have permissions to access a directory you cannot access to it. It's a UNIX security measurement, you can't bypass it.
I need help figuring out how to install a Google Apps .zip (or gapps package) on an Android device without using recovery. I have not seen this process documented anywhere, and before I go manually copying files from the zip onto a device, I'd like to see if anyone can give me some guidance. The device in question is rooted, but installing a custom recovery (such as Clockwork) is not an option. It seems straightforward enough (as the zip's internal file structure is recognizably an android fsh), but before I go and happily copy a bunch of files to a critical test device I'd like some input as to whether or not there is a preferred method.
It's a little late but i have done this yesterday because i have the same probleme.
The option i use is open a root shell with adb.
Then use the linux mount command
I don't remember the exact command but it's look like this:
"mount -o remount,rw ext4 /system"
And then i copy the file of the system folder of the gapps zip to /system then i reboot my phone and all gapps were installed
Hope it help you or someone who found this like me in the futur.
I am developing app which will come pre-installed with certain devices, however im testing the app on my own device and will need to demo it on my own device. At the moment its fine as im testing it as a user app, but now i need to use permissions which only the system apps get to use. Is their a way in the project settings to say its a system app so I can test and demo it?
short answer - i would root your phone. However, unlocking the bootloader is possible without root. So, IMO, you could install CWM as your recovery, then boot to CWM, then use the CWM option to MOUNT system, then use adb to copy your .apk to /cache, then use linux util 'cat' to get the apk from /cache to /system/app, then unmount /system using CWM, then reboot.
long answer - if you are developing system apps, learn the security environment of android. Learn the issues around permissions in the /system folder, and learn the recovery type tools that allow a developer to have access to the /system folder where adb activities like install , uninstall are restricted.
This is an older discussion 'froyo' on how-to install system app, illustrating some of the permissions issues in the /system folder. I would not simply follow these instructions without reading up on how its done in honeycomb and in ICS.
I have my Nexus One connected with the USB.
When I visit the File Explorer of the DDMS, if I click on the "data" folder the little plus near the name "data" disappear for 2-6 seconds and then reappear but the contenct of the folder "data" is not showed!
Here some other information:
the folder data has permissions drwxrwx--x
the OS of my PC is Windows XP
Eclipse v. 3.5.2
Android SDK 1.6
If the adbd daemon is running as root, you can browse /data using adb-based tools such as the DDMS file explorer or the adb shell.
If it's not, you can access a few files under /data and its children directly by their full path names, but you cannot browse (or 'cd' to) most of the folders, including /data itself.
"rooting" as an unofficial process means varying things and produces varying results - ie, adbd may or may not run as root.
If ro.secure is set to 0 in the startup scripts such as /init.rc, adbd will run as root, but that may not be a good idea on a user device. It is set to 0 on the emulator, and that's why you can browse /data there.
Finally, note that /init.rc is usually contained in a ramdisk image packed onto the kernel - you can't really edit it on the phone but would have to modify the image offline, re-attach it to the kernel, and re-flash them. Though if you have some sort of working 'su' hack you may be able to change the property temporarily and restart adbd.
In this link (http://denniskubes.com/2012/09/25/read-android-data-folder-without-rooting/) Dennis Kubes shows a method for accessing your application's data folder without root access.
Turns out there is a simple solution, the run-as command.
run-as com.your.package ls -l /data/data/com.your.package
run-as com.your.package rm /data/data/com.your.package/databases/mydatabase.db
That will allow you to run commands as your app. You can also use run-as in interactive mode.
run-as com.your.package
shell#android:/data/data/com.your.package $ ls
cache
databases
lib
shared_prefs
rm databases/mydatabase.db
Interactive mode will drop you into the data folder for your app. You can navigate from there.
I don't think anyone really understands this question. Giorgio can use the DDMS File Explorer to browse the ./data folder on his phone. Pentium10 talks about needing root access on the phone.
Well I a retail Nexus One and a developer Nexus. I have always been able to use DDMS File Explorer to browse the ./data folder on my developer phone but not my retail phone. So I rooting my retail phone would help. I didn't.
So the bottom line is there is something different about the retail and developer phones. Until more research is done you won't be able to browse the data folder on your phone.
Hope this helps.