Hello. So, I am using Cryptonite and I want to make TC work on the device (Android 5). I can mount the container just fine but only the root can have full access to it (read and write access) since it is the user that mounts the container (obviously). I am trying to make the container writable by any user. That is the issue I cannot seem to resolve. I have tried setting the TC binary SID and mounting as non-root user. That allowed me to bypass the original TC restriction. Then, I hit the fuse permission denied which I cannot seem to bypass.
Cryptonite also offers EncFS encryption. Though, the encfs binary gives me the user_allow_other option which allows me to mount and have full permissions to any user. I have been trying to find that option in relation with the truecrypt binary without luck. Is there any way to achieve what I want without having to change the truecrypt source code?
Thank you for reading.
Does anyone have any information on this?
Related
Cache cleaners need root access to do their thing. Any way to slip something in the stock (settings, I think) apk when it makes the call for /system access? I follow the "progress" threads, but it's like reading a foreign language to me for the most part. I appreciate the work the devs do, just throwing out a layman's idea trying to help the cause.
ducky1131 said:
Cache cleaners need root access to do their thing. Any way to slip something in the stock (settings, I think) apk when it makes the call for /system access? I follow the "progress" threads, but it's like reading a foreign language to me for the most part. I appreciate the work the devs do, just throwing out a layman's idea trying to help the cause.
Click to expand...
Click to collapse
essentially the way htc has locked down this phone is two fold. one, no root access. two, no write access to the internal /system partition.
the fr3vo root exploit allows us root access, but does not allow us write access to the internal memory.
currently, the issue of obtaining root access has been resolved by fr3vo, but the issue of gaining write access to the internal memory has not been resolved as is a bit more complex.
on a side note, to follow some of the logic behind your suggestion:
in order to modify any apk on /system, we would need write access to /system. in some android phones, like many samsung models, there is no write protection lock on the device. once you're able to obtain root access, you can remount /system as read-write and write away as you please. unfortunately, this htc device has been locked down through a write protection mechanism over the internal memory which prevents even root users from writing to /system. running an .apk with system permissions, would essentially be a similar form to having root access through the shell as fr3vo currently grants us.
hope that makes more sense than the foreign language the progress threads appear as!
*Mods, please move if in wrong thread*
I am developing a ROM for a major company, but I have a few questions, probably for very advanced developers...
1. Is it possible to develop an app, and incorporate it directly into a rom, almost as if it were a setting? So, instead of the user clicking on the app, can I make it as a built in function of the ROM?
2. Since I'm developing for a company, is there any way to disable installing any other app, even from the market?
3. Also, is there any way possible, to have a centralized "server" for the rom, to see where all of the devices are (gps), and be able to update the rom from the server?? Kind of my own OTA updates..
How would I go about this? Where to begin?
Any help would be appreciated, Thank you in advance
Yes, it's all possible, but with the caveat that a user who knows what he's doing will be able to reverse you changes. If you can get a root shell via adb, you can remove the package installer and install your own applications by remounting the system filesystem read/write with
Code:
mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
at that point it's just a matter of moving the APK to /system/app/ . Reboot immediately afterwards to avoid any trouble.
#3 is a bit harder since remounting isn't something you want to do while the user is handling the device (it can cause all kinds of weird behavior).... but it's possible. At the very least you should only remount when an update is actually applied and restart immediately afterwards.
Of course, if your users know how to handle ADB, it will all fall to pieces as they will be able to do exactly what you're doing. Setting a password for root might work... but it's as likely to trash the device since Android assumes that it's run by root and if the underlying Linux system should suddenly ask for a root password during boot there won't be any UI to actually enter the password.
Hi,
I'm new to Archos Hardware and their SDE, but I'm a long time Android user
and Custom ROM installer .
I have a hard time understanding how the SDE and multi boot works on the
Archos devices. I think only one kernel is used and the second filesystem
(2nd ROM) is mounted as a loop device.
Recently I tried to install DropBear SSH server II from the Play Store, but
the actual install failed throwing an error message about /system
being R(ead)O(nly).
As far as I know /system is not mounted in the custom ROM (freezenook). It seems to
be a regular folder in the loop file system. That's why I don't get the message
about it being read-only.
Furthermore I have a hard time executing ARM binaries on the Archos. I
copied over some binaries to tinker with DVB-T hardware, but I always
get 'permission denied' messages when I try to run them as root in the shell.
I tried to chmod +x them and to put them in places that were not mounted with
the noexec flag. But I didn't succeed.
To cut a long story short:
1. How do I make certain areas of the file system read/write-able in order to
install things such as DropBear SSH server?
2. Do I need to do something special to execute cross compiled binaries?
(I have a gut feeling that it's also connected to the loop file system and mount
set up for the SDE.)
Many thanks in advance,
Kleo2
Hallo,
I want to create an encrypted container that i can mount on demand. I've found references of ecryptfs in CM10.2 and it has an built-in encryption function (whole device only, OS managed). How can i manually use that encryption feature on shell level to create an encrypted container? Projects like guardianproject (cryptsetup, LUKS) seem dead. I guess because it's now built into android os natively. But I'm not sure...
Any ideas?
DualJoe said:
Hallo,
I want to create an encrypted container that i can mount on demand. I've found references of ecryptfs in CM10.2 and it has an built-in encryption function (whole device only, OS managed). How can i manually use that encryption feature on shell level to create an encrypted container? Projects like guardianproject (cryptsetup, LUKS) seem dead. I guess because it's now built into android os natively. But I'm not sure...
Any ideas?
Click to expand...
Click to collapse
Questions in these xda forums related to enabling encryption on android are ignored, removed, or have zero replies against them. Read into that what you will. After weeks of trying to figure out an answer, I'm left looking for my tin foil hat.
Starting with Android 4.4 SELinux's MAC is enforced. Does this mean that if an app somehow can get installed and exploit the kernel to get root privileges, that MAC will still prevent that app with root privileges from accessing private app data?
Android Documentation says: "SELinux can be used to label these devices so the process assigned the root privilege can write to only those specified in the associated policy. In this way, the process cannot overwrite data and system settings outside of the specific raw block device." source - http://source.android.com/devices/tech/security/se-linux.html#use-cases
As a reference I am implementing a Mobile Device Management system and in the process I have to determine how secure Android OS is itself. That is why I need to know how secure corporate data stored on a device is to root-kits, spyware, and other malware.
p.s. This has been posted on the "Unix and Linux" StackExchange site with no one being able to answer yet. I'm hoping XDA's hands on experience with the Kernel will be able to help get this answered, Thank You .
milleraj66 said:
Starting with Android 4.4 SELinux's MAC is enforced. Does this mean that if an app somehow can get installed and exploit the kernel to get root privileges, that MAC will still prevent that app with root privileges from accessing private app data?
Click to expand...
Click to collapse
The answer is: "It depends."
Mandatory access controls systems like SELinux are very good at constraining application behavior to what is allowed by the security policy. In many cases, it can eliminate huge chunks of security vulnerabilities by sandboxing privileged applications so that exploitation of those applications is ineffective.
You may want to take a look at http://selinuxproject.org/~jmorris/lss2011_slides/caseforseandroid.pdf, specifically slides 7-9. This will give you an idea for what SELinux can and can't defend against.