I have an app, pushing it to in /data/local/tmp/myapp
I have root access for a while in exploit, so my goal is to setup "privileges" to /data/local/tmp/myapp, so it will be running as root even if was called from sh ( sh is running with shell privilleges )
_________________________________
BEFORE 4.3. code works fine ( executing in a context of process with root privileges ):
Code:
chown( "/data/local/tmp/myapp", 0 , 0); //owner to root
chmod("/data/local/tmp/myapp" 06777); //chmod myapp to suid
ls shows cute output after that:
-rwxrwxrwx root root myapp
Click to expand...
Click to collapse
Thats enough so myapp starts with uid == 0 even when was launched from "sh" with shell's uid.
4.3 this is NOT ENOUGH. Additional SE policies comes here ...
ls -Z shows the next output:
-rwxrwxrwx root root u: object_r:shell_data_file:s0 myapp
Click to expand...
Click to collapse
When i'm starting myapp from sh BEFORE 4.3 everything goes fine, but on 4.3 myapp launches with uid != 0.
PS: modifying context through chcon to u: object_r:system_file:s0 of myapp didnt help
_________________________________
Maybe someone have some ideas where i can continue research? :crying:
Related
Hi,
I need to get the default gateway of a device on my application. I am coding in native application in android. Here is my current code to get the default gateway.
Code:
static int get_default_gateway(char *def_gateway, int buf_size)
{
FILE* pipe;
char buffer[128];
char result[2049];
char cmd[] = "netstat -r | grep ^default | awk '{print $2}'";
pipe = popen(cmd, "r");
if (!pipe) return 1;
memset(result, 0, sizeof(result));
while(!feof(pipe)) {
memset(buffer, 0, sizeof(buffer));
if(fgets(buffer, 128, pipe) != NULL)
{
strcat(result, buffer);
}
}
pclose(pipe);
memset(def_gateway, 0, buf_size);
strncpy (def_gateway, result, buf_size );
return 0;
}
It works on my LG p500 but on some devices it doesn't return anything.
My question is this. Does popen() works on android? I read somewhere that it is not included in bionic.
And is there any other method to get the default gateway? I need it to be written in C and not java.
Thank you
I think I found the problem. Maybe grep and awk is not working on their phone. Its working on my phone since I created links to awk and grep to busybox.
Can someone confirm this if awk and grep is not working on a stock rom without creating links to busybox?
Thanks
On a stock ROM there is no busybox too. There is toolbox instead and it does not support much commands. When I first ran a shell on Android, was unpleasantly surprised when I didn't find some things like 'find' and 'grep' on a "Linux-based OS".
Here is complete list of the links to the toolbox on the Android 2.2 emulator: cat chmod chown cmp date dd df dmesg getevent getprop hd id ifconfig iftop insmod ioctl ionice kill ln log ls lsmod mkdir mount mv nandread netstat newfs_msdos notify printenv ps reboot renice rm rmdir rmmod route schedtop sendevent setconsole setprop sleep smd start stop sync top umount vmstat watchprops wipe. On my HTC Wildfire (with a stock Android 2.2.1) there is almost the same. The only difference is: reboot on HTC is a separate binary and there is additional link to toolbox here - strange chownto command.
praetorian droid said:
On a stock ROM there is no busybox too. There is toolbox instead and it does not support much commands. When I first ran a shell on Android, was unpleasantly surprised when I didn't find some things like 'find' and 'grep' on a "Linux-based OS".
Here is complete list of the links to the toolbox on the Android 2.2 emulator: cat chmod chown cmp date dd df dmesg getevent getprop hd id ifconfig iftop insmod ioctl ionice kill ln log ls lsmod mkdir mount mv nandread netstat newfs_msdos notify printenv ps reboot renice rm rmdir rmmod route schedtop sendevent setconsole setprop sleep smd start stop sync top umount vmstat watchprops wipe. On my HTC Wildfire (with a stock Android 2.2.1) there is almost the same. The only difference is: reboot on HTC is a separate binary and there is additional link to toolbox here - strange chownto command.
Click to expand...
Click to collapse
Thanks for posting the complete list of commands
Listed commands are only those that implemented by 'toolbox'. There are also some more: for example sh, gzip, ping and others. You can see them all by doing
Code:
ls /sbin /system/bin /system/xbin
Questions or Problems Should Not Be Posted in the Development Forum
Please Post in the Correct Forums
Moving to Q&A
Hi
I was looking to get root access to my sgs2 and tried the method using 'odin3' and 's2 root' explained in this thread:
http://forum.xda-developers.com/showthread.php?t=1125414
(I also did the optional 'step 11' and reflashed an original kernel)
Everything went good, but then I tried Titanium Backup, Root Explorer and SU; the first says I dont't have root, Root Explorer hangs and SU functions but does not show any apps... It also wants to update binary, but that does not function neither.
So, I did use root checker to verify and it said that I don't have proper root... ???
Then I tried the Root Checker Pro tool who logs this:
"
Superuser Application Status:
Superuser application - version 3.1.3 -is installed!
System File Properties for Root Access:
Alternative Location
Check Command: ls -l /sbin/su:
Result: /sbin/su: No such file or directory
Analysis: File /sbin/su does not exist.
Standard Location
Check Command: ls -l /system/bin/su:
Result: /system/bin/su: No such file or directory
Analysis: File /system/bin/su does not exist.
Standard Location
Check Command: ls -l /system/xbin/su:
Result: -rwsr-xr-x root shell 22228 2011-09-27 23:12 su
Analysis: Setuid attribute present and root user ownership present. Root access is correctly configured for this file! Executing this file can grant root access!
Alternative Location
Check Command: ls -l /system/xbin/sudo:
Result: /system/xbin/sudo: No such file or directory
Analysis: File /system/xbin/sudo does not exist.
Root User ID and Group ID Status:
SU binary not found or not operating properly
System Environment PATH: /sbin /vendor/bin /system/sbin /system/bin /system/xbin
ADB Shell Default User:
ADB shell setting for standard access, stored in default.prop, is configured as: shell (non root) user - ro.secure=1
Results provided on your GT-I9100 device by Root Checker Pro version 1.2.7 from joeykrim in the Android Market - http://goo.gl/NcnHn"
Is there someone who can tell me what this log exactly means?
It looks i do have root, but not properly? Now what ... ?
Open Superuser and try and update the su binary. If it doesn't work, just do what the majority do and flash a relevant CF-root kernel.
If you don't lose anything, reflash and start again.
oinkylicious said:
Open Superuser and try and update the su binary. If it doesn't work, just do what the majority do and flash a relevant CF-root kernel.
Click to expand...
Click to collapse
I tried... it failed...
So, you propose CF-Root; But I do have some questions about it 4 u:
1) after cf-root it isn't possible to use 'app2SD' (read that in a post...) ?
2) I also read that now that S3 is released, dev leave SGS2 and kernelswill not be updated anymore... ?
3) Can I still use Kies ? or how do I know a new firmware has been released for SGS2 (4.0.4 - Jelly Beans) ? I suppose checking this forum, but if Chainsfire's thread isn't updated anymore, what then ?
4) After CF-Root and in the supposition there are no more updates, do I have to unroot to reroot using another method ?
5) (linked to previous questions): what do you think, as experienced user, of this thread : http://forum.xda-developers.com/showthread.php?t=1746794
How reliable / thrustfull is it ?
And, if it is, what method do you suggest me ?
Thank you also for helping me out !
Losing things ?
TheStickMan said:
If you don't lose anything, reflash and start again.
Click to expand...
Click to collapse
What do you mean by lose anything ?
And are you telling me I should do the procedure again (all 11 steps) from Liryquidperfections method ?
Thx
Anyone ?
Oinky?
I am currently trying to write a root app.
I know that I can execute shell commands in a root shell like this.
However, I also want to execute some commands that way:
Code:
su -c[command]
But I can't get it to work if I use commands with parameters like ls -l or mkdir <path>. Executing something like su -c reboot works fine.
According to this it should work.
If I execute these commands using an adb shell or the Terminal Emulator app, they work fine.
This is my code:
Code:
package de.nikwen.sutest;
import java.io.IOException;
import android.os.Bundle;
import android.app.Activity;
public class MainActivity extends Activity {
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);
Runtime runtime = Runtime.getRuntime();
try {
runtime.exec("su");
runtime.exec("su -c 'mkdir /data/data/abcdef'");
runtime.exec("su -c \"print asdf\"");
//However, this works:
// runtime.exec("su -c 'reboot'");
} catch (IOException e) {
e.printStackTrace();
}
}
}
I get this logcat:
Code:
04-02 21:03:14.509: D/su(3620): su invoked.
04-02 21:03:14.519: E/su(3624): Unknown id: /data/data/abcdef'
04-02 21:03:14.519: E/su(3624):
04-02 21:03:14.529: D/su(3623): su invoked.
04-02 21:03:14.539: D/su(3625): su invoked.
04-02 21:03:14.559: E/su(3626): Unknown id: asdf"
04-02 21:03:14.559: E/su(3626):
04-02 21:03:14.639: D/su(3629): 10079 de.nikwen.sutest executing 0 /system/bin/sh using shell /system/bin/sh : sh
Does anybody have an idea to solve my problems?
Could anybody please test this code on his device? I would really appreciate this as it could be ROM related. (http://forum.xda-developers.com/showthread.php?t=2180669)
Well, as far I know if you already used su you don't need to use it in the other commands, like this:
Code:
runtime.exec("su");
runtime.exec("mkdir /data/data/abcdef");
Anyway, to run commands as root easily, I recommend you RootTools
RoberGalarga said:
Well, as far I know if you already used su you don't need to use it in the other commands, like this:
Code:
runtime.exec("su");
runtime.exec("mkdir /data/data/abcdef");
Anyway, to run commands as root easily, I recommend you RootTools
Click to expand...
Click to collapse
First of all: Big thanks for your answer. :good:
Well, it doesn't work if I do not use
Code:
runtime.exec("su");
And not using the su command again works, but only if you write the commands into the OutputStream of the process which is returned.
You have to call it at least once after installation to make the SU app ask the user for permission. Then the other lines should work on its own.
The advantage of using su -c [command] is that the user isn't shown all these annoying Toasts like "App x has been granted Su permissions", just the first time when it requests su rights after each launch of the app. My app has to call these functions very often and all these Toasts are VERY annoying. If you look at apps like file managers, there is also just one Toast at launch time and then they execute all commands without any Toast.
According to this you should execute everything like this:
Usage: su -c 'command'
su -c 'command1; command2; .... ; commandN'
Click to expand...
Click to collapse
My question is just if this works on other devices or ROMs. I will really appreciate if you try it.
And if it doesn't, then my question will be why it doesn't.
EDIT: And I don't want to use any libraries, even though it would be much easier.
The strange thing is that the last quotation mark is seen as a part of the argument.
EDIT: Inserting a space before the quotation mark doesn't work:
Code:
04-03 00:02:59.129: E/su(13793): Unknown id: /data/data/abcdef
04-03 00:02:59.129: E/su(13793):
04-03 00:02:59.139: D/su(13790): su invoked.
04-03 00:02:59.139: D/su(13792): su invoked.
04-03 00:02:59.159: D/su(13794): su invoked.
04-03 00:02:59.169: E/su(13795): Unknown id: asdf
04-03 00:02:59.169: E/su(13795):
04-03 00:02:59.189: D/su(13796): db allowed
04-03 00:02:59.219: D/su(13798): 10079 de.nikwen.sutest executing 0 /system/bin/sh using shell /system/bin/sh : sh
EDIT2: Deleting the last quotation mark also didn't help:
Code:
04-03 00:05:18.409: D/su(14117): su invoked.
04-03 00:05:18.439: D/su(14120): 10079 de.nikwen.sutest executing 0 /system/bin/sh using shell /system/bin/sh : sh
04-03 00:05:18.439: D/su(14118): db allowed
04-03 00:05:18.459: E/su(14123): Unknown id: /data/data/abcdef
04-03 00:05:18.459: E/su(14123):
04-03 00:05:18.469: D/su(14122): su invoked.
04-03 00:05:18.489: D/su(14124): su invoked.
04-03 00:05:18.489: E/su(14125): Unknown id: asdf
04-03 00:05:18.489: E/su(14125):
Ok, in Terminal Emulator this works fine (2.3.7, CM-bassed):
su -c "ls /sys"
So it's kinda weird =/
RoberGalarga said:
Ok, in Terminal Emulator this works fine (2.3.7, CM-bassed):
su -c "ls /sys"
So it's kinda weird =/
Click to expand...
Click to collapse
Yes, it is.
Did you try the source code?
If you want, I can compile it for you.
Flashed this and it doesn't work, too.
Here is the compiled apk.
Could somebody please test this?
Tested, don't seems to work (it should create the folder /data/data/abcdef right?)
RoberGalarga said:
Tested, don't seems to work (it should create the folder /data/data/abcdef right?)
Click to expand...
Click to collapse
Yes, it should.
Thank you very much for your answer as you have been the only one giving me answers. :good:
EDIT: The link in your signature is broken.
However, I don't understand why this works here:
Code:
Runtime.getRuntime().exec("/system/bin/su -c 'setprop ctl.stop zygote'");
Something else I found:
Usage:
su --> becomes root (starts /bin/sh as root)
su -c '' --> run a command or many commands separated by ; as root.
Click to expand...
Click to collapse
(http://de.appszoom.com/android_applications/tools/superuser-su_feoig.html)
I have solved the problem now:
Code:
package de.nikwen.sutest;
import java.io.IOException;
import android.os.Bundle;
import android.app.Activity;
public class MainActivity extends Activity {
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);
Runtime runtime = Runtime.getRuntime();
try {
runtime.exec("su");
runtime.exec(new String[] {"su", "-c", "mkdir /data/data/abcdef"});
runtime.exec(new String[] {"su", "-c", "print asdf"});
//do this to execute two ore more commands at once
runtime.exec(new String[] {"su", "-c", "mkdir /data/data/aaab; mkdir /data/data/aaac"});
} catch (IOException e) {
e.printStackTrace();
}
}
}
I know that I shouldn't run this on the main thread but in a service or at least in a different thread. This is for testing purposes only.
I missunderstood this blog entry.
But now everything works fine.
However, I still don't know why my first code example doesn't work. If anybody has an idea, please still answer my question as it hasn't been answered completely yet.
Again: Big thanks to RoberGalarga! :good:
Hello everyone,
An error related to SuperSU's su binary file occured when i try to run "mount" linux command through background sh process.
Everything is ok in the process of running su and a root permission is properly got by SuperSU, code is here:
Code:
Process process = (new ProcessBuilder("/system/bin/sh")).redirectErrorStream(true).start();
BufferedReader reader = new BufferedReader(new InputStreamReader(process.getInputStream()));
PrintWriter writer = new PringWriter(process.getOutputStream());
writer.println("echo start");
writer.println("su");
writer.println("echo end");
String res = null;
while ((res = reader.readLine()) != null) {
if (res.equals("end")) break;
}
Of cause i run it in a sub thread and won't block the UI thread.
And in the click listener of a button i trigger the mount command in the similar process.
writer.println("toolbox mount -o rw,remount /system");
But when i successfully mount that path and return to SuperSU, the error occurs with no doult.
An error dialog will be poped up like this: There is no SU binary installed, and SuperSU cannot install it. This is a problem!
Any one have an idea that why running a single linux mount command can cause that problem? And how couldi do?
More information: I have tried several other command like pwd, ls and other basic command, but all of them work well, except
mount, who would like to explain this problem?
I tried run ssserver on Nexus4 with Android 4.2.2 but can't. The result is "Permission denied". File permissions appear to be normal:
[email protected]:/data/local/tmp $ ls -al ssserver
-rwxrwxrwx shell shell 810284 2019-04-17 09:33 ssserver
I tried the following but it didn't work:
- reboot device
- disable selinux
= create test.sh in same directory and set execute permission run but get same prompt "Permission denied"
The problem seems to be only under Android 5.0 will happen. I tried create Android 4.2.2 emulator and execute ssserver it's ok!
Why can't I run ssserver on Android device?