Is there any way to run Android system app without root permission? I can execute system app via adb such as:
adb shell /system/bin/screencap -p /sdcard/screen.png
In my own application, I wanna run a shell command like that without "su" command. Is there any way? How does android prevent user apps to execute system app?
You should be able to run this command in java code:
Runtime.getRuntime().exec("screencap -p /sdcard/screen.png");
There are some shell commands you can execute without having root. So you don't need to run "su". I'm not sure if you can execute screencap. Certainly you need permission to write to the SD_CARD in your app.
android.permission.WRITE_EXTERNAL_STORAGE
But why you don't use the Android API to make your screenshot? For more information read this post on stackoverflow: How to programmatically take a screenshot in Android?
Androids security model bases on user ids, like Linux does. Each app gets his own user id. So your app has a userid like 1001. If your user is allowed to run the command you can, otherwise you will receive an error.
EDIT:
You need root to take screenshots or be a system application. There is a permission READ_FRAME_BUFFER but you only can obtain it when you are a system application. Its a security problem when an app could take screenshots of your device.
I've found this API http://code.google.com/p/android-screenshot-library/ which promises to take screenshots without root. I didn't test it. The library starts a native service which then takes the screenshots for you.
But you have to run the service each time your phone boots. So it gets the system privileges. That's not really comfortable...
Conclusion: There is no nice way to take screenshots without root from code...
Is there any way to run android system app without root permission?
It have to be NO, but some times, some functions which are not for public use still can be used. I've seen examples using java reflection.
I can execute system app via adb such as: ...
In my own application, I wanna run a shell command like that without
"su" command. Is there any way? How does android prevent user apps to
execute system app?
I think, no.
The thing is adb shell and user app have different security levels based on User and Group IDs (UID and GID).
More info: http://android-dls.com/wiki/index.php?title=Android_UIDs_and_GIDs
Besides, there are limitations via app permissions and hiden & internal classes, procedures, etc which made for internal use.
P.S.: About screenshots. On android market (google play) there are few apps which provide screenshots without ROOT access. So, it's possible.
Although, since Android 4.0 screenshots are available "from box".
Related
In my application, I need to start a native binary that opens and read from some /sys/kernel files. If I launch the native binary by connecting using adb shell (launching manually from /data/local/tmp), then everything works fine.
I would like the App to programmatically do two things,
Copy the binary to /data/local/tmp/. Again this wont work as the normal android app doesnt have enough privileges.
Start the binary as a shell user so I can have the necessary privileges. I have tried using android:sharedUserId="android.uid.shell , but that doesnt seem to work.
Please note that I don't need root to open the /sys files.All I need is to be shell user. Any thoughts will be greatly appreciated.
Thanks
The shell UID is reserved for development and testing. Running an app with shell privileges is circumventing Google's security model. So you will not be able do it on a secured commercial device without rooting it.
A possible temporary (non-persistent between reboots) workaround would be:
Use adb shell to start a background service process, running as shell UID
In your application, using IPC to ask the service to perform special task for you
I need to run a security test on one of our Android mobile applications.
It must not run if the device is rooted.
It should run as expected on non-rooted devices.
I have tested part 1 without issue and found it to work as expected.
However, I cannot seem to create an emulator using the AVD Manager that will not start with root access.
-Is there a command line method to reduce the emulator instance to non-rooted at startup?
-Failing that, is there a method to send an adb shell command (or other command line call) to reduce the permissions to the installed application?
Thanks!
Edit for #Fred.
I have opened the shell and changed it to the user id (uid) of the application under test. Note that in the image you can see the command, "adb shell su u0_a53" and then the next prompt includes the user, "u0_a53#generic_x86_64" as the returned shell and has the "$" indicating non-root access. However, when opening the application under test on the emulator, the application detects the device is rooted. What am I missing?
See attached image - click here
Yes, there is a way using SU to change super user to non root, see answer in this so question for directions:
https://android.stackexchange.com/questions/60599/how-to-get-non-root-access-on-emulators
As it turns out, my question was fundamentally flawed. The environment i'm trying to achieve could not be created with an emulator as part of the security test checks to see if the phone is in 'release' mode, in addition to looking for the presence of 'su'. After conferring with several other teams, I have decided to obtain a physical phone for testing this security restriction.
I have ADBFS-rootless working on my ununtu VM as I can peruse the filesystems on my Android phone. The thing I have noticed is that I cannot access files with root only perms _rw______. Is this normal behaviour or should I be able to access such files a password.key.
Regards
Robert
Android, like any other unix-like system, will only allow file access if your user or group has permissions to the file, so the question comes down to if your access will occur as root, or not.
On a secured device such as a typical consumer phone, the ADB daemon on the device - and thus all access run through ADB - runs as the "shell" account. This account has somewhat greater privileges than a typical application's user account (for example it can install packages, take screenshots, etc) however it is still not the superuser or root account, and cannot generally access private files of applications or on recent builds (regrettably) even read large parts of the system installation.
On an emulator or engineering device (including some aftermarket ROMs), ADBD runs as root, or can be made to do so using the "adb root" command. When ADBD runs as root, your ADBFS system can presumably access anything root can.
In an aftermarket ROM or "rooted" device where ADB does not run as root, there may be a hacked "su" executable available which can start a root shell. If ADBFS is able to use that, it might be a solution. Otherwise, you may be able to use the root shell to somehow get ADBD restarted as root, but that may be a bit tricky.
In my application, I need to start a native binary that opens and read from some /sys/kernel files. If I launch the native binary by connecting using adb shell (launching manually from /data/local/tmp), then everything works fine.
I would like the App to programmatically do two things,
Copy the binary to /data/local/tmp/. Again this wont work as the normal android app doesnt have enough privileges.
Start the binary as a shell user so I can have the necessary privileges. I have tried using android:sharedUserId="android.uid.shell , but that doesnt seem to work.
Please note that I don't need root to open the /sys files.All I need is to be shell user. Any thoughts will be greatly appreciated.
Thanks
The shell UID is reserved for development and testing. Running an app with shell privileges is circumventing Google's security model. So you will not be able do it on a secured commercial device without rooting it.
A possible temporary (non-persistent between reboots) workaround would be:
Use adb shell to start a background service process, running as shell UID
In your application, using IPC to ask the service to perform special task for you
first of all, I'm not involved in any kind of Android development. I'm only curious.
The question is: does an app obtaining root privileges still need to declare its required permissions in the manifest?
I mean, if my app doesn't declare that it needs to acquire camera input, can it invoke some APIs or executable and acquire camera after becoming root?
I know this could sound stupid but I repeat, I'm just curious about Android features.
On your typical rooted Android device, (which would use the Superuser application and its corresponding su binary) applications which request root access can only run commands as root via the su binary.
So yes, in that the application itself still runs as a underprivileged user process, so anything it needs to do using the "normal" APIs still need the correct permissions. So if you want to (as in your example) access the camera using the normal Java API, you can't do that unless you have declared that permission.
But no, in that if your application requests and receives root privileges via the su binary, you can do anything you want within that command. So if you wrote a special binary or script that can access the camera outside of the normal API methods, that might work. (I suspect this would be more trouble than it's worth.)