I would like to know how can we get root permission from android app? Are there any app out there in android market?
I tried out the below line of code to list out files but nothing happened
Process process = Runtime.getRuntime().exec(new String[] { "su", "-", "root"});
I tried to give TEST_FACTORY permission in my manifest file but I got an error "permitted to system app"
How can I make my app system app?
I want help to get started with these stuff (make app if possible to get root permission) any help on this is very much appreciated. Thanks in advance :)
Theres a good answer here - ANDROID: How to gain root access in an Android application?
"As far as I know, you can only run command-line commands using root privileges. You can use this generic class I made that wraps the root access in your code: http://muzikant-android.blogspot.com/2011/02/how-to-get-root-access-and-execute.html"
First: note that you can only execute shell commands using su (= you can only use shell commands as root, not java code).
Second: Not sure if this applies to all su apps out there, but this is the help message of su on my phone:
Usage: su [options] [--] [-] [LOGIN] [--] [args...]
Options:
--daemon start the su daemon agent
-c, --command COMMAND pass COMMAND to the invoked shell
-h, --help display this help message and exit
-, -l, --login pretend the shell to be a login shell
-m, -p,
--preserve-environment do not change environment variables
-s, --shell SHELL use SHELL instead of the default /system/bin/sh
-u display the multiuser mode and exit
-v, --version display version number and exit
-V display version code and exit,
this is used almost exclusively by Superuser.apk
This means: you have to run su -c something (or su -c something - root, but rootis the default anyway). essentially this is equal to su on most Linux systems, except the daemon-thing, as there is no daemon ahndling su calls on regular linux systems.
If other su commands behave differently (which is possible), it's more secure to open a stream to a shell, execute su, evaluate it's return code, then proceed to execute other commands, finally execute exit.
Related
How to know which Emulator image will contain su?
I can see that often it only contains su or google play
Run adb root and you get a root shell ... otherwise su needs to be manually installed.
However, when already having a root shell available, installing it isn't much of a problem.
All images are rooted, but SDK apps requesting escalation of privileges do rely upon su.
This question here generally duplicates: How to get root access on Android emulator?
adb shell scripting must:
start the emulator
run adb root
run adb shell
remount system partition
adb push the su binary
chmod to set permissions
exit
Or to answer the question:
start the emulator
and check if the file exists, eg. with adb shell stat /usr/bin/su
Where stat gives this response, when it's not installed:
stat: '/usr/bin/su': No such file or directory
One could even loop all Android images installed in $ANDROID_SDK_HOME...
there's no "one click" solution, but adb can be fully automated with Bash or Batch. And one wouldn't even have to run the emulator, but can mount QCOW2 as a nbd network block device.
Is there a way to write a script that will copy files from an ADB shell using run-as?
The only way I know of to copy in the adb shell is using cat source > dest (edit: modern android versions have the cp command, which makes this question unnecessary), but I am only able to quote the greater-than sign one level deep - so my script can pass it to adb shell, but not to adb shell run-as.
For example, this works:
adb shell "cat source > dest"
But this does not:
adb shell run-as "cat source > dest"
Nor this:
adb shell "run-as cat source \> dest"
I even tried created a small script and uploading it to the device, but I can't seem to run the script from the adb shell - it tells me "permission denied". I can't chmod the script, either.
The reason I want to do this is to copy a file into an app's private storage area - specifically, I am using a script to modify shared preferences and put the modified preferences back. Only the app itself or root can write to the file I want, however.
The use case in this scenario is coping a file to a protected location on the device, not retrieving it; for retrieving, there are already good answers in this question.
The OP tried to combine the following 3 commands (that he had no problem executing one after another in the interactive shell session) into a single non-interactive command:
adb shell
run-as com.example.app
cat /sdcard/temp_prefs.xml > shared_prefs/com.example.app_preferences.xml
For simplicity let's start from within an interactive adb shell session. If we just try to combine the last two commands into a single line:
run-as com.example.app cat /sdcard/temp_prefs.xml > shared_prefs/com.example.app_preferences.xml
This would not work because of how shell redirection works - only the cat /sdcard/temp_prefs.xml part of the command would be run with com.example.app UID
Many people "know" to put the part of the command around redirection into quotes:
run-as com.example.app "cat /sdcard/temp_prefs.xml > shared_prefs/com.example.app_preferences.xml"
This does not work because the run-as command is not smart enough to parse the whole command. It expects an executable as the next parameter. The proper way to do it would be to use sh instead:
run-as com.example.app sh -c "cat /sdcard/temp_prefs.xml > shared_prefs/com.example.app_preferences.xml"
So can we just prepend adb shell to the command and be done with it? Not necessarily. By running the command from your PC you also add another local shell and its parser. Specific escape requirements would depend on your OS. In Linux or OSX (if your command does not already contain any ') it is easy to single-quote the whole command like so:
adb shell 'run-as com.example.app sh -c "cat /sdcard/temp_prefs.xml > shared_prefs/com.example.app_preferences.xml"'
But sometimes it is just easier to use an alternative solutions with (-out or less) quotes:
adb shell run-as com.example.app cp /sdcard/temp_prefs.xml shared_prefs/com.example.app_preferences.xml
Or if your device does not have the cp command:
adb shell run-as com.example.app dd if=/sdcard/temp_prefs.xml of=shared_prefs/com.example.app_preferences.xml
Also notice how I used shared_prefs/com.example.app_preferences.xml instead of full /data/data/com.example.app/shared_prefs/com.example.app_preferences.xml - normally inside of run-as command your current directory is the HOME dir of your package.
Following Chris Stratton's advice, the way I eventually got this to work was as follows (for copying shared preferences back to the device):
adb push shared_prefs.xml /sdcard/temp_prefs.xml
cat <<EOF | adb shell
run-as com.example.app
cat /sdcard/temp_prefs.xml > /data/data/com.example.app/shared_prefs/com.example.app_preferences.xml
exit
exit
EOF
Piping directly to adb shell run-as did not work, and I do not know why, but piping to adb shell does. The trick is to then call run-as from the interactive shell, and it continues to accept input from the pipe.
The HERE doc lets me easily embed the newlines to separate commands and in general just makes it readable; I did not have much luck with semicolons, but that might have been because of the way I was doing things. I believe it might work with other methods of piping multiple commands/newlines; I stopped the experiment once I finally got it to work.
The two exits are necessary to prevent a hanging shell (killable with CTRL-C); one for run-as, and the other for adb shell itself. Adb's shell doesn't respond to end-of-file very nicely, it seems.
you could just change the permission of the directory and then pull all the files out. but for me i was looking for just one shared preference file and i was able to get the data like this:
PACKAGE='com.mypackage.cool'
SHAREDPREF_FILE="${PACKAGE}_preferences.xml"
adb shell "run-as $PACKAGE cat /data/data/$PACKAGE/shared_prefs/$SHAREDPREF_FILE">$SHAREDPREF_FILE
now we have the data of the sharedpreference file stored in a file of the same name.
Using the latest adb (ADB v1.0.41 / Version 33.0.3) and a Play Store emulator image I experienced adb root not being granted. I also could not copy from /data/local/ or /storage/emulated/0/ due to not having permissions when run-as com.myapp.app
new_prefs_path="my_machine.xml"
config="$(cat $new_prefs_path)"
my_app_uri="com.myapp.app"
adb shell "run-as $my_app_uri sh -c 'echo \"$config\" > shared_prefs/on_android.xml'"
This fixes it for me as a bash script. It's made slightly more complicated by needing to be configurable for different apps and complex payloads.
We take a file (could be generated earlier in this script) and read it to a variable.
We then start shell, do run-as my app and run echo expanding the read file to a file in shared_prefs.
I have an Android phone that has only su binary installed and it works, meaning I can adb shell into the phone and run an 'su' command and I will be root.
When I try to run a command via code, it doesn't seem to work no matter which way I try to run it. I've tried many different variants of the following command.
Runtime.getRuntime().exec("su -c ps");
When I run this command on another rooted phone with a Superuser.apk or SuperSU.apk app installed, I get a dialog asking if I want to allow it to run with root permissions. When the apks are not there, it never asks and the command never works.
I've tried installing the apks on the first phone but they don't seem to do anything. So, as the original question asks --> Is there any way to run the elevated command from within the app without the SU apps installed?
It might be because you need to pass the commands to su as parameters like this:
su -c 'ls -l'
Or you might need to specify the full path to su, but I don't see why it wouldn't work the way you have it:
Runtime.exec("/system/bin/su -c ps")Or maybeRuntime.exec("/system/bin/su -c \'ps\'")
Try checking the output of this command too: System.getenv("PATH")
Another variant could be Runtime.exec("su -c \'ls -s \'")
Make sure you don't forget to escape the single quotes as they are part of the actual String.
Thats the way that I've found works most consistently, and it has also worked on devices that don't have Superuser or SuperSU installed, as those apps only listen for the Broadcast that is sent out when an application tries to run a command as root. #Boardy SuperSU and Superuser intercept the broadcast and so act as a middle man between the app and root privileges, but its not necessary for a rooted device. It IS necessary if you want to have more control over the applications that are running commands as root, but even then it still only limits you to deciding which applications, not which commands, are given root privileges.
Also, you might wanna take a look at RootTools and more specifically, the RootTools.isAccessGiven() command, which requests root privileges for your app.
Source: Launch a script as root through ADB
Not all versions of an 'su' for Android will accept a command to execute from the command line parameters.
Where they do not, you will need to let 'su' launch a privileged shell, obtain its input file descriptor, and pipe command(s) into that. This has been covered numerous times here on Stackoverflow.
I believe you would need to have the SU apps installed as they are what provide the user the question as to whether the app should be allowed to run as root or not.
You should be able to do this.
try :
adb root shell ls -l
I am searching for the equivalent Linux command of following Android adb shell command:
%ANDROID%\platform-tools\adb.exe shell ^
/system/bin/chmod 0777 /data/local/asl-native
This will be used to give the read and write permissions for a particular directory or file.
I have tried with the following Linux commands:
/system/bin/chmod u+rw /data/local/filename
However, it appears the file is not given permissions.
Most Android systems do not let you run as super user (i.e. root) and without that privilege, you cannot make this work.
You can read more bout how file storage works on Android here.
I basically want to start a process which resides in /system/bin/... from the Application java command.
I tried all types of Runtime.process.exec() options
Tried the su and ouputStream combination as well, but nothing is able to start the application.
I am using the code in device and emulators, no luck in both.
I am able to run the same commands from ADB Shell successfully (as it has root permissions).
The device is rooted, I am able to see the # when I use adb to debug my device and it also can go into su via adb.
based on my searching I found that (after doing ps from adb shell)
I am able to run any command with lrwz--x--x permission such as (ls->toolbox, ps->toolbox) from the application layer but I am not able to execute any other commands which are not linked to the toolbox.
This doesn't execute ls:
Process p = Runtime.getRuntime().exec("su");
DataOutputStream os=new DataOutputStream(p.getOutputStream());
os.writeBytes("ls \n");
os.flush();
But this does execute ls:
Process p = Runtime.getRuntime().exec("ls");
I would really appreciate if I can get any help on this here! I am posting this after doing lots of research.
Rather than sending ls \n to the su command's standard input, try running:
su -c ls
The -c option to su(1) asks it to run a command with elevated privileges rather than starting an interactive shell.
Try creating a shell script file(eg: init.sh) and write following commands in it:
su
reboot
Now try executing this shell script by
Runtime.getRuntime().exec("sh init.sh");
If this restarted your droid then you can write your required code in init.sh file & run it.