I have ADBFS-rootless working on my ununtu VM as I can peruse the filesystems on my Android phone. The thing I have noticed is that I cannot access files with root only perms _rw______. Is this normal behaviour or should I be able to access such files a password.key.
Regards
Robert
Android, like any other unix-like system, will only allow file access if your user or group has permissions to the file, so the question comes down to if your access will occur as root, or not.
On a secured device such as a typical consumer phone, the ADB daemon on the device - and thus all access run through ADB - runs as the "shell" account. This account has somewhat greater privileges than a typical application's user account (for example it can install packages, take screenshots, etc) however it is still not the superuser or root account, and cannot generally access private files of applications or on recent builds (regrettably) even read large parts of the system installation.
On an emulator or engineering device (including some aftermarket ROMs), ADBD runs as root, or can be made to do so using the "adb root" command. When ADBD runs as root, your ADBFS system can presumably access anything root can.
In an aftermarket ROM or "rooted" device where ADB does not run as root, there may be a hacked "su" executable available which can start a root shell. If ADBFS is able to use that, it might be a solution. Otherwise, you may be able to use the root shell to somehow get ADBD restarted as root, but that may be a bit tricky.
Related
I'm trying to remove some system apps from my android smartphone to debloat it. I use the following adb command: adb shell pm uninstall package.to.remove. But what if I will want to restore some of these apps? I can make a backup of the apk using adb pull my.package path/i/want. Then I can restore them using adb shell pm install package.to.install. I assume that the apps will be install as user app. So the questions are:
Will the system apps work even if they are installed as an user app?
Do I need to move the apks into the system partition?
If I remove some system apps and then I update my smartphone, will it break?
If you're using pm uninstall rather than pm uninstall -k --user 0 com.package.name, I'm asuming that you have root access. If that's the case, then its better/safer to use pm disable because you could enable them anytime with pm enable. If you're talking about some "non-necessary" apps, but not a system component, then yes you can uninstall them. But be careful doing that. Do your research on the app before uninstalling them, because it could lead you into boot loop. Make sure to keep backups of your apps if possible, if something goes wrong, you could copy them back again to their directories.
If you have root privilege, then yes, copying the apps back to their original place will retain their functionality. But if you try installing them without root, just as a user or using adb install, the apps will no longer be a system app, and most probably will be useless since they are already in the system, just disabled/uninstalled for the current user. A factory reset will reset all the apps like before. Hope this helps (:
I need to run a security test on one of our Android mobile applications.
It must not run if the device is rooted.
It should run as expected on non-rooted devices.
I have tested part 1 without issue and found it to work as expected.
However, I cannot seem to create an emulator using the AVD Manager that will not start with root access.
-Is there a command line method to reduce the emulator instance to non-rooted at startup?
-Failing that, is there a method to send an adb shell command (or other command line call) to reduce the permissions to the installed application?
Thanks!
Edit for #Fred.
I have opened the shell and changed it to the user id (uid) of the application under test. Note that in the image you can see the command, "adb shell su u0_a53" and then the next prompt includes the user, "u0_a53#generic_x86_64" as the returned shell and has the "$" indicating non-root access. However, when opening the application under test on the emulator, the application detects the device is rooted. What am I missing?
See attached image - click here
Yes, there is a way using SU to change super user to non root, see answer in this so question for directions:
https://android.stackexchange.com/questions/60599/how-to-get-non-root-access-on-emulators
As it turns out, my question was fundamentally flawed. The environment i'm trying to achieve could not be created with an emulator as part of the security test checks to see if the phone is in 'release' mode, in addition to looking for the presence of 'su'. After conferring with several other teams, I have decided to obtain a physical phone for testing this security restriction.
Is there any way to run Android system app without root permission? I can execute system app via adb such as:
adb shell /system/bin/screencap -p /sdcard/screen.png
In my own application, I wanna run a shell command like that without "su" command. Is there any way? How does android prevent user apps to execute system app?
You should be able to run this command in java code:
Runtime.getRuntime().exec("screencap -p /sdcard/screen.png");
There are some shell commands you can execute without having root. So you don't need to run "su". I'm not sure if you can execute screencap. Certainly you need permission to write to the SD_CARD in your app.
android.permission.WRITE_EXTERNAL_STORAGE
But why you don't use the Android API to make your screenshot? For more information read this post on stackoverflow: How to programmatically take a screenshot in Android?
Androids security model bases on user ids, like Linux does. Each app gets his own user id. So your app has a userid like 1001. If your user is allowed to run the command you can, otherwise you will receive an error.
EDIT:
You need root to take screenshots or be a system application. There is a permission READ_FRAME_BUFFER but you only can obtain it when you are a system application. Its a security problem when an app could take screenshots of your device.
I've found this API http://code.google.com/p/android-screenshot-library/ which promises to take screenshots without root. I didn't test it. The library starts a native service which then takes the screenshots for you.
But you have to run the service each time your phone boots. So it gets the system privileges. That's not really comfortable...
Conclusion: There is no nice way to take screenshots without root from code...
Is there any way to run android system app without root permission?
It have to be NO, but some times, some functions which are not for public use still can be used. I've seen examples using java reflection.
I can execute system app via adb such as: ...
In my own application, I wanna run a shell command like that without
"su" command. Is there any way? How does android prevent user apps to
execute system app?
I think, no.
The thing is adb shell and user app have different security levels based on User and Group IDs (UID and GID).
More info: http://android-dls.com/wiki/index.php?title=Android_UIDs_and_GIDs
Besides, there are limitations via app permissions and hiden & internal classes, procedures, etc which made for internal use.
P.S.: About screenshots. On android market (google play) there are few apps which provide screenshots without ROOT access. So, it's possible.
Although, since Android 4.0 screenshots are available "from box".
I want to test my app and I have a device with root access to test on.
Can I be confident the the behavoir of the app is not affected by the root access?
If it is affected are the specific areas of behavoir in which root access may cause different/unexpected behavior?
Is there a way to retrieve files (logs, test results) from a device without root access?
Thanks
AFIAK there really aren't any APIs that require root permissions. Apps that require root permissions execute system commands using the Runtime.getRuntime().exec(commandStringHere);
If you try to execute commands that you don't have permissions to run then the execution will fail. To get around the permissions problem you can execute the commands as root using su.
So if you aren't doing any of this you app should run exactly the same on rooted and non-rooted phones.
As long as you App doesn't require root access it does not have any sideaffects
You can see the log via adb logcat or the Logcat-View in Eclipse (with Installed ADT).Also you can use JUnit Tests on Android.
If your application asks and uses root permissions, then the application won't work in unrooted devices. Assuming that you don't need any root access, there is no difference between an application running in rooted or unrooted device. You can also test in emulator to see the differences if they exist.
It seems almost every android device comes without root permission, so some people provide a new ROM to root it. How do they achieve it? (Do they change anything in init process, or do they change some apps' access attributes on the storage, such as launcher or toolkit, or some process's uid/gid?)
I have a non-root mobile and another rooted one. I can't find the difference between them. The launcher are both with a uid/gid exceeding 10000.
In Linux desktop, this is controlled through the login process. But I still don't know the key reason.
It's confusing.
On a rooted Android, you can install apps that require special access (like the hardware)
Because the hardware manufacturers and the developers at Google did not want to let users tweak the hardware, the root user is blocked.
For example you can run softwares like Titanium backup (for making backups of application data), SetCPU (for overclocking your Android) and LES (Linux enhancement suite) if you have a rooted phone. Note that the rooted phone will allow apps to run through root only when asked for. Otherwise all the apps will work as the normal user.
In Linux, you can use the su command to get ALL the root permissions or sudo to get minimal root permissions (controlled su)
You can get the superuser permissions by rooting the phone, installing a terminal (Better Terminal Emulator) and typing "su" into the console. (Click "yes" if Superuser asks for permission)