Apps runs with root permissions
Code:
//Requesting root
try {
Runtime.getRuntime().exec("su");
} catch (IOException e) {
}
I'm trying to save script to init.d folder
Code:
public void WriteScript(View view) {
Save("/system/etc/init.d/10zram", getString(R.string.sys_script), false);
}
Code:
public static void Save(String file, String textToSave, boolean overwrite) {
Log.w("Advanced ZRAM", "Writer start");
if (overwrite) new File(file).delete();
try {
BufferedWriter out = new BufferedWriter(new FileWriter(file));
out.write(textToSave);
out.close();
} catch (IOException error) { Log.e("Advanced ZRAM", "File saving failed", error);
}
}
And have this exception.
Code:
05-14 14:56:08.691: ERROR/Advanced ZRAM(31270): File saving failed
java.io.FileNotFoundException: /system/etc/init.d/10zram: open failed: EROFS (Read-only file system)
at libcore.io.IoBridge.open(IoBridge.java:416)
at java.io.FileOutputStream.<init>(FileOutputStream.java:88)
at java.io.FileOutputStream.<init>(FileOutputStream.java:73)
at java.io.FileWriter.<init>(FileWriter.java:80)
at test.zrammgr.Configurator.Save(Configurator.java:36)
at test.zrammgr.Configurator.WriteScript(Configurator.java:23)
at java.lang.reflect.Method.invokeNative(Native Method)
at java.lang.reflect.Method.invoke(Method.java:511)
at android.view.View$1.onClick(View.java:3594)
at android.view.View.performClick(View.java:4204)
at android.view.View$PerformClick.run(View.java:17355)
at android.os.Handler.handleCallback(Handler.java:725)
at android.os.Handler.dispatchMessage(Handler.java:92)
at android.os.Looper.loop(Looper.java:137)
at android.app.ActivityThread.main(ActivityThread.java:5226)
at java.lang.reflect.Method.invokeNative(Native Method)
at java.lang.reflect.Method.invoke(Method.java:511)
at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:795)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:562)
at de.robv.android.xposed.XposedBridge.main(XposedBridge.java:106)
at dalvik.system.NativeStart.main(Native Method)
Caused by: libcore.io.ErrnoException: open failed: EROFS (Read-only file system)
at libcore.io.Posix.open(Native Method)
at libcore.io.BlockGuardOs.open(BlockGuardOs.java:110)
at libcore.io.IoBridge.open(IoBridge.java:400)
... 20 more
Why it can't write to /system? I have remouted /system via ADB shell, but this didn't helped
Code:
adb shell
[email protected]:/ $ su
su
[email protected]:/ # mount -o rw,remount /system
mount -o rw,remount /system
[email protected]:/ # cd /system
cd /system
[email protected]:/system # touch test
touch test
[email protected]:/system #
test appeared
GR0S said:
Apps runs with root permissions
Code:
//Requesting root
try {
Runtime.getRuntime().exec("su");
} catch (IOException e) {
}
I'm trying to save script to init.d folder
Code:
public void WriteScript(View view) {
Save("/system/etc/init.d/10zram", getString(R.string.sys_script), false);
}
Code:
public static void Save(String file, String textToSave, boolean overwrite) {
Log.w("Advanced ZRAM", "Writer start");
if (overwrite) new File(file).delete();
try {
BufferedWriter out = new BufferedWriter(new FileWriter(file));
out.write(textToSave);
out.close();
} catch (IOException error) { Log.e("Advanced ZRAM", "File saving failed", error);
}
}
And have this exception.
Code:
05-14 14:56:08.691: ERROR/Advanced ZRAM(31270): File saving failed
java.io.FileNotFoundException: /system/etc/init.d/10zram: open failed: EROFS (Read-only file system)
at libcore.io.IoBridge.open(IoBridge.java:416)
at java.io.FileOutputStream.<init>(FileOutputStream.java:88)
at java.io.FileOutputStream.<init>(FileOutputStream.java:73)
at java.io.FileWriter.<init>(FileWriter.java:80)
at test.zrammgr.Configurator.Save(Configurator.java:36)
at test.zrammgr.Configurator.WriteScript(Configurator.java:23)
at java.lang.reflect.Method.invokeNative(Native Method)
at java.lang.reflect.Method.invoke(Method.java:511)
at android.view.View$1.onClick(View.java:3594)
at android.view.View.performClick(View.java:4204)
at android.view.View$PerformClick.run(View.java:17355)
at android.os.Handler.handleCallback(Handler.java:725)
at android.os.Handler.dispatchMessage(Handler.java:92)
at android.os.Looper.loop(Looper.java:137)
at android.app.ActivityThread.main(ActivityThread.java:5226)
at java.lang.reflect.Method.invokeNative(Native Method)
at java.lang.reflect.Method.invoke(Method.java:511)
at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:795)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:562)
at de.robv.android.xposed.XposedBridge.main(XposedBridge.java:106)
at dalvik.system.NativeStart.main(Native Method)
Caused by: libcore.io.ErrnoException: open failed: EROFS (Read-only file system)
at libcore.io.Posix.open(Native Method)
at libcore.io.BlockGuardOs.open(BlockGuardOs.java:110)
at libcore.io.IoBridge.open(IoBridge.java:400)
... 20 more
Why it can't write to /system? I have remouted /system via ADB shell, but this didn't helped
Code:
adb shell
[email protected]:/ $ su
su
[email protected]:/ # mount -o rw,remount /system
mount -o rw,remount /system
[email protected]:/ # cd /system
cd /system
[email protected]:/system # touch test
touch test
[email protected]:/system #
test appeared
Click to expand...
Click to collapse
afaik you have to use the runtime to move around files, you can't do it from java. At least, that is the way I do it.
Zatta said:
afaik you have to use the runtime to move around files, you can't do it from java. At least, that is the way I do it.
Click to expand...
Click to collapse
Can you share some code?
GR0S said:
Can you share some code?
Click to expand...
Click to collapse
Use the java.lang.Process you get by calling
Code:
try {
Runtime.getRuntime().exec("su");
} catch (IOException e) {
}
to invoke commands on it as described here: http://forum.xda-developers.com/showthread.php?t=2226664
For writing on /system you need to mount it rw before that. Do not forget to mount it with read-only permission afterwards! (http://forum.xda-developers.com/showthread.php?p=7257098)
Then move your files using the mv command. If you want to move files between different partitions, you will have to use "busybox mv ..." instead. (http://linux.about.com/library/cmd/blcmdl1_mv.htm)
Root features can just be used in this process the command line way. That is because Android was not designed to be rooted. Additionally every app has its own VM and cannot access to the system partition for that reason.
GR0S said:
Can you share some code?
Click to expand...
Click to collapse
For an easy implementation, use RootTools
I am using a (slightly modified) version of the ShellProvider class from the nitrality project.
Related
Hi again...
I want replace a file (depend on user choose) to system/framework and set permissions for that file...
but i don't know:
1-How to mount system as rw...
2-How to replace a file from assets to system(switch between 7 files depend on user choose)...
3-How to set permission of file to rw- r— r—?
plz just tell me the ways that work for u...
tnx
So have you decided to get everything from here without doing a little research? Simple google search gives me ample of example rom stackoverflow and documentation from developer.android.com
vijai2011 said:
So have you decided to get everything from here without doing a little research? Simple google search gives me ample of example rom stackoverflow and documentation from developer.android.com
Click to expand...
Click to collapse
I searched alot and i did alot of topics guides but they don't work fro me...
like:
http://stackoverflow.com/questions/14559068/android-how-to-set-rw-r-r-permissions-programmatically
http://stackoverflow.com/questions/11268717/write-files-to-system
http://stackoverflow.com/questions/...tem-in-rw-from-within-my-apk-rooted-of-course
and a lot of more that i cant remember....
usually i search for what i want and if i don't find any result for, i ask my question here...
Sorry to ask this, but have you learnt java basics first? Because I feel, you lack basis - Its not humiliation but this something you need on first hand to be a good developer.
1. I have already answered how to mount system as RW:
Code:
Runtime runtime = Runtime.getRuntime();
runtime.exec("su -c mount -o remount,rw /system");
2. The first link you gave has answer for setting permission in 1st answer.
3. To extract assert, refer this answer:
Hint: put up a dialog asking which file to extract and then adopt the above answer to extract it to sdcard first them copy it to system using runtime and cp command.
vijai2011 said:
Sorry to ask this, but have you learnt java basics first? Because I feel, you lack basis - Its not humiliation but this something you need on first hand to be a good developer.
1. I have already answered how to mount system as RW:
Code:
Runtime runtime = Runtime.getRuntime();
runtime.exec("su -c mount -o remount,rw /system");
2. The first link you gave has answer for setting permission in 1st answer.
3. To extract assert, refer this answer:
Hint: put up a dialog asking which file to extract and then adopt the above answer to extract it to sdcard first them copy it to system using runtime and cp command.
Click to expand...
Click to collapse
tnx my friend
yeah i know java about j2se as well!!
and i did about 5 swing projects...
i will try ur answer now thanks...
vijai2011 said:
Sorry to ask this, but have you learnt java basics first? Because I feel, you lack basis - Its not humiliation but this something you need on first hand to be a good developer.
1. I have already answered how to mount system as RW:
Code:
Runtime runtime = Runtime.getRuntime();
runtime.exec("su -c mount -o remount,rw /system");
2. The first link you gave has answer for setting permission in 1st answer.
3. To extract assert, refer this answer:
Hint: put up a dialog asking which file to extract and then adopt the above answer to extract it to sdcard first them copy it to system using runtime and cp command.
Click to expand...
Click to collapse
I tried this code but my device restart...
Code:
package com.android.justtest;
import android.app.Activity;
import android.os.Bundle;
import android.view.Menu;
import java.io.DataOutputStream;
public class MainActivity extends Activity {
[user=439709]@override[/user]
protected void onCreate(Bundle savedInstanceState){
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_main);
MainActivity mainActivity = new MainActivity();
mainActivity.mainActionAmber();
mainActivity.close();
}
[user=439709]@override[/user]
public boolean onCreateOptionsMenu(Menu menu) {
// Inflate the menu; this adds items to the action bar if it is present.
getMenuInflater().inflate(R.menu.main, menu);
return true;
}
public void close()
{
try {
Process proc = Runtime.getRuntime()
.exec("su -c pkill com.android.systemui ");
Thread.sleep(1000);
proc.waitFor();
} catch (Exception ex) {
ex.printStackTrace();
}
}
public void mainActionAmber()
{
try {
Runtime runtime = Runtime.getRuntime();
Process proc = Runtime.getRuntime()
.exec("su");
DataOutputStream os = new DataOutputStream(proc.getOutputStream());
runtime.exec("su -c mount -o remount,rw -t yaffs2 /dev/block/mtdblock4 /system");
os.writeBytes("find /sdcard/we/Amber -exec mv '{}' /system/framework +\n");
os.writeBytes("chmod 644 /system/framework" + "\n");
os.writeBytes("exit\n");
os.flush();
}catch (Exception e){e.printStackTrace();}
}}
where is the problem?
poria1999 said:
I tried this code but my device restart...
where is the problem?
Click to expand...
Click to collapse
This simply means the framework file you're trying to replace is crucial to the system, and thus the device will reboot if it is deleted.
Androguide.fr said:
This simply means the framework file you're trying to replace is crucial to the system, and thus the device will reboot if it is deleted.
Click to expand...
Click to collapse
I can replace that file manually without any damage!!!
i want to replace SemcGenericUxpRes.apk....
Do you have logcat error?
I use
try {
suProcess = Runtime.getRuntime().exec("su");
DataOutputStream os = new DataOutputStream(suProcess.getOutputStream());
os.writeBytes("\n");
os.flush();
os.close();
suProcess.waitFor();
Sent from my GT-I9505G using Tapatalk 4
i am using Roottools library to list files of a path using ls -l path
Code:
public static void getFilesList(String path,boolean root)
{
String ls = runAndWait("ls -l " + path,root);
if (ls == null)
{
return;
}
if (ls.equals("\n") || ls.equals(""))
{
return;
}
else
{
List<String> files = Arrays.asList(ls.split("\n"));
for (String file : files)
{
//i want to split this string into values
System.out.println(file);
}
}
}
Output of this method is like this
Code:
I/System.out﹕ -rw-rw---- root sdcard_r 23990791 2014-08-08 20:57 net.mobilecraft.parkingmadness-1.apk
I/System.out﹕ -rw-rw---- root sdcard_r 1690424 2014-08-08 20:57 nl.ndsc.kitkatlauncher-1.apk
i tried to split the values using
Code:
String[] array=line.split(" ");
but it creates problem for following type of ouputs
Code:
I/System.out﹕ lrwxrwxrwx root root 2014-08-09 19:06 bugreports -> /data/data/com.android.shell/files/bugreports
I/System.out﹕ drwxrwx--- root sdcard_r 2014-08-10 08:47 new folder
here if the file name has a space or a symlink then it results in error.i want a method which can split these type of string and return correct values
I want to use su to launch a command and read its output.
I try this code:
Code:
String line;
Process cat=Runtime.getRuntime().exec("su -c \"cat /etc/media_codecs.xml\"");
BufferedReader catStream= new BufferedReader(new InputStreamReader(cat.getInputStream()));
BufferedReader catSerr= new BufferedReader(new InputStreamReader(cat.getErrorStream()));
cat.waitFor();
while((line=catSerr.readLine())!=null)
{
System.out.println(line);
}
while((line=catStream.readLine())!=null)
{
System.out.println(line);
}
If I manually insert this command in the adb shell it works but with this code the phone ask me for root permission and If I accept I can read only this string to the stderr:
tmp-mksh: cat /etc/media_codecs.xml: not found
And there is not stdout code.
Why?
Thanks,
regards
A993
Hi still new to android, tried the following tutorial in the youtube link here https://www.youtube.com/watch?v=4LCnoVqQ6N4 but I couldn't get the app to work as I am unable to execute the camera on my physical phone where it kept giving me this popup "Something went Wrong while taking photos" when I press the camera imageview. And when I am at the gallery choosing a photo it will cause the app to suddenly stop.
Thus, I downloaded the author's source code here https://drive.google.com/file/d/0B2rvGRbu0A83cjBBZElhdGp5OHM/view but i also encounter the same issues stated above.
Tried adding the permission for camera,read,write external storage in the androidmanifest without any luck of solving it.
Error Log after i click on a image in the gallery:
Code:
08-17 12:21:08.181 17286-17286/com.example.user.cameratoserver E/AndroidRuntime: FATAL EXCEPTION: main
Process: com.example.user.cameratoserver, PID: 17286
java.lang.RuntimeException: Failure delivering result ResultInfo{who=null, request=400, result=-1, data=Intent { dat=content://com.android.providers.media.documents/document/image:104460 flg=0x1 }} to activity {com.example.user.cameratoserver/com.example.user.cameratoserver.MainActivity}: java.lang.SecurityException: Permission Denial: reading com.android.providers.media.MediaProvider uri content://media/external/images/media from pid=17286, uid=10038 requires android.permission.READ_EXTERNAL_STORAGE, or grantUriPermission()
at android.app.ActivityThread.deliverResults(ActivityThread.java:3798)
at android.app.ActivityThread.handleSendResult(ActivityThread.java:3841)
at android.app.ActivityThread.access$1400(ActivityThread.java:154)
at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1440)
at android.os.Handler.dispatchMessage(Handler.java:102)
at android.os.Looper.loop(Looper.java:234)
at android.app.ActivityThread.main(ActivityThread.java:5526)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:726)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:616)
Caused by: java.lang.SecurityException: Permission Denial: reading com.android.providers.media.MediaProvider uri content://media/external/images/media from pid=17286, uid=10038 requires android.permission.READ_EXTERNAL_STORAGE, or grantUriPermission()
at android.os.Parcel.readException(Parcel.java:1627)
at android.database.DatabaseUtils.readExceptionFromParcel(DatabaseUtils.java:183)
at android.database.DatabaseUtils.readExceptionFromParcel(DatabaseUtils.java:135)
at android.content.ContentProviderProxy.query(ContentProviderNative.java:427)
at android.content.ContentResolver.query(ContentResolver.java:497)
at android.content.ContentResolver.query(ContentResolver.java:439)
at com.kosalgeek.android.photoutil.RealPathUtil.getDataColumn(RealPathUtil.java:131)
at com.kosalgeek.android.photoutil.RealPathUtil.getRealPathFromURI_API19(RealPathUtil.java:62)
at com.kosalgeek.android.photoutil.GalleryPhoto.getPath(GalleryPhoto.java:49)
at com.example.user.cameratoserver.MainActivity.onActivityResult(MainActivity.java:100)
at android.app.Activity.dispatchActivityResult(Activity.java:6490)
at android.app.ActivityThread.deliverResults(ActivityThread.java:3794)
at android.app.ActivityThread.handleSendResult(ActivityThread.java:3841)
at android.app.ActivityThread.access$1400(ActivityThread.java:154)
at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1440)
at android.os.Handler.dispatchMessage(Handler.java:102)
at android.os.Looper.loop(Looper.java:234)
at android.app.ActivityThread.main(ActivityThread.java:5526)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:726)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:616)
if you are testing on a device running android marshmallow and above you should also write code to request the android.permission.READ_EXTERNAL_STORAGE permission at runtime.
Take a look at the following link for android developers https://developer.android.com/training/permissions/requesting.html
nemoc 23 said:
if you are testing on a device running android marshmallow and above you should also write code to request the android.permission.READ_EXTERNAL_STORAGE permission at runtime.
Take a look at the following link for android developers https://developer.android.com/training/permissions/requesting.html
Click to expand...
Click to collapse
Oh i see but I've read the documentation but still at a lost as to how to implement the codes from the documentation into the source code in the link above, as this is my first android development experience was feeling rather lost.
imso said:
Oh i see but I've read the documentation but still at a lost as to how to implement the codes from the documentation into the source code in the link above, as this is my first android development experience was feeling rather lost.
Click to expand...
Click to collapse
If you are below MM you just need to add the permission to the manifest.
Code:
<manifest>
<uses-permission android:name="android.permission.READ_EXTERNAL_STORAGE" />
</manifest>
If you are on MM or higher you need to add the permission the manifest and then ask for it at runtime.
Code:
if (ContextCompat.checkSelfPermission(activity, Manifest.permission.READ_CONTACTS) != PackageManager.READ_EXTERNAL_STORAGE) {
ActivityCompat.requestPermissions(thisActivity, new String[]{Manifest.permission.READ_EXTERNAL_STORAGE}, CALLBACK_ID);
}
You will also need to handle the result of that on your activity:
Code:
@Override public void onRequestPermissionsResult(int requestCode, String permissions[], int[] grantResults) {
if (requestCode == CALLBACK_ID) {
if (grantResults.length > 0 && grantResults[0] == PackageManager.PERMISSION_GRANTED) {
// Granted
} else {
// Not granted
}
}
}
I am using LineageOS 14 on my Galaxy S5 and while I do have the directory /system/etc/init.d , its scripts are not executed on startup as one would expect.
Searching different forums didn't lead to much beyond installing some random person's script with root permission or doing hacks.
I've invested sometime to get init.d work on my phone and wanted to share the how to with you:
Prerequisite:
Root access (shell) [ I am using addonsu-14.1-arm if that make a difference ]
LineageOS 14 (not tested on other versions but should work)
Steps:
1. mount your system partition as read/write
Code:
mount -oremount,rw /system
2. go to init directory
Code:
cd /system/etc/init/
3. create file init_d.rc with following content
Code:
service init_d /system/bin/sh /system/bin/sysinit
user root
group root
disabled
oneshot
seclabel u:r:sudaemon:s0
on property:sys.boot_completed=1 && property:sys.logbootcomplete=1
start init_d
That's it.
Explanation:
/system/etc/init/ is android's version of linux's init.d but it have very different syntax and restricted set of commands.
the file init_d define a service called init_d which basically execute sysinit script (the script responsible for running /etc/init.d/ scripts).
the service is set to be disabled so it won't run by default. Finally I say that when the system finish booting start the service. the oneshot keyword is important because without the system will keep executing sysinit each time it exit.
the seclabel define SELinux label for this service, this one should give it full access
I tried this on a lineage 15.1 build and followed all steps , it did not work.
Worked like a charm!
I needed it to run swapon once (to free some unused RAM) without modifying any system files, only adding new ones, so system updates wouldn't overwrite the configuration.
Thank you very much!
Running LineageOS 15.1, 2018-11-30 nightly build on griffin (XT1650-3).
ramast_ said:
I am using LineageOS 14 on my Galaxy S5 and while I do have the directory /system/etc/init.d , its scripts are not executed on startup as one would expect.
Searching different forums didn't lead to much beyond installing some random person's script with root permission or doing hacks.
I've invested sometime to get init.d work on my phone and wanted to share the how to with you:
Prerequisite:
Root access (shell) [ I am using addonsu-14.1-arm if that make a difference ]
LineageOS 14 (not tested on other versions but should work)
Steps:
1. mount your system partition as read/write
Code:
mount -oremount,rw /system
2. go to init directory
Code:
cd /system/etc/init/
3. create file init_d.rc with following content
Code:
service init_d /system/bin/sh /system/bin/sysinit
user root
group root
disabled
oneshot
seclabel u:r:sudaemon:s0
on property:sys.boot_completed=1 && property:sys.logbootcomplete=1
start init_d
That's it.
Explanation:
/system/etc/init/ is android's version of linux's init.d but it have very different syntax and restricted set of commands.
the file init_d define a service called init_d which basically execute sysinit script (the script responsible for running /etc/init.d/ scripts).
the service is set to be disabled so it won't run by default. Finally I say that when the system finish booting start the service. the oneshot keyword is important because without the system will keep executing sysinit each time it exit.
the seclabel define SELinux label for this service, this one should give it full access
Click to expand...
Click to collapse
Thank you so much !
ramast_ said:
I am using LineageOS 14 on my Galaxy S5 and while I do have the directory /system/etc/init.d , its scripts are not executed on startup as one would expect.
Searching different forums didn't lead to much beyond installing some random person's script with root permission or doing hacks.
I've invested sometime to get init.d work on my phone and wanted to share the how to with you:
Prerequisite:
Root access (shell) [ I am using addonsu-14.1-arm if that make a difference ]
LineageOS 14 (not tested on other versions but should work)
Steps:
1. mount your system partition as read/write
Code:
mount -oremount,rw /system
2. go to init directory
Code:
cd /system/etc/init/
3. create file init_d.rc with following content
Code:
service init_d /system/bin/sh /system/bin/sysinit
user root
group root
disabled
oneshot
seclabel u:r:sudaemon:s0
on property:sys.boot_completed=1 && property:sys.logbootcomplete=1
start init_d
That's it.
Explanation:
/system/etc/init/ is android's version of linux's init.d but it have very different syntax and restricted set of commands.
the file init_d define a service called init_d which basically execute sysinit script (the script responsible for running /etc/init.d/ scripts).
the service is set to be disabled so it won't run by default. Finally I say that when the system finish booting start the service. the oneshot keyword is important because without the system will keep executing sysinit each time it exit.
the seclabel define SELinux label for this service, this one should give it full access
Click to expand...
Click to collapse
You are great bro !
I try it on lineage os 14.1 on moto G and it works !
I tried many ways to do this but all of them are not effective, thanks
Lordlight said:
You are great bro !
I try it on lineage os 14.1 on moto G and it works !
I tried many ways to do this but all of them are not effective, thanks
Click to expand...
Click to collapse
I am glad you found it useful.
ramast_ said:
I am glad you found it useful.
Click to expand...
Click to collapse
Hi, i have a prblem with this:
The script run BEFORE the bootanimation finished, i need run AFTER the fully animation is finished. What need i do ?
There is a process responsible for showing bootanimation, I don't remember exact process name but should contain word "animation" in it.
Once you figured out its name, you can make your script check every second - in a while loop - if that process is running or not. Once the process stopped, you can assume that bootanimation has stopped.
There might be a better way but I honestly don't know.
the seclabel define SELinux label for this service, this one should give it full access
Click to expand...
Click to collapse
Hey,
I tried your solution on the following LineageOS version:
Code:
Android 7.1.2
14.1-20190207-NIGHTLY-falcon
Linux version 3.4.113-g22bc4ed ([email protected]) (gcc version 4.9 20150123 (prerelease) (GCC) ) #1 SMP PREEMPT Thu Feb 7 14:09:49 UTC 2019
Scripts in /etc/init.d are being executed, fine, but all them are running with insufficient privileges - under the selinux context of u:r:sysinit:s0
As a result I couldn't start sshd using that script:
Code:
12-27 12:10:58.848 2559 2559 I sysinit : Running /system/etc/init.d/99ssh
12-27 12:10:58.950 2562 2562 W start-ssh: type=1400 audit(0.0:9): avc: denied { getattr } for uid=0 path="/data/ssh/ssh_host_dsa_key" dev="mmcblk0p36" ino=198109 scontext=u:r:sysinit:s0 tcontext=u:object_r:system_data_file:s0 tclass=file permissive=0
12-27 12:11:01.100 2564 2564 W ssh-keygen: type=1400 audit(0.0:10): avc: denied { getattr } for uid=0 path="/data/ssh/ssh_host_dsa_key" dev="mmcblk0p36" ino=198109 scontext=u:r:sysinit:s0 tcontext=u:object_r:system_data_file:s0 tclass=file permissive=0
12-27 12:11:01.103 2564 2564 W ssh-keygen: type=1400 audit(0.0:11): avc: denied { write } for uid=0 name="ssh_host_dsa_key" dev="mmcblk0p36" ino=198109 scontext=u:r:sysinit:s0 tcontext=u:object_r:system_data_file:s0 tclass=file permissive=0
12-27 12:11:01.143 2743 2743 W chmod : type=1400 audit(0.0:12): avc: denied { getattr } for uid=0 path="/data/ssh/ssh_host_dsa_key" dev="mmcblk0p36" ino=198109 scontext=u:r:sysinit:s0 tcontext=u:object_r:system_data_file:s0 tclass=file permissive=0
12-27 12:11:01.186 2746 2746 W chmod : type=1400 audit(0.0:13): avc: denied { getattr } for uid=0 path="/data/ssh/ssh_host_dsa_key.pub" dev="mmcblk0p36" ino=197164 scontext=u:r:sysinit:s0 tcontext=u:object_r:system_data_file:s0 tclass=file permissive=0
12-27 12:11:01.190 2562 2562 W start-ssh: type=1400 audit(0.0:14): avc: denied { getattr } for uid=0 path="/data/ssh/ssh_host_rsa_key" dev="mmcblk0p36" ino=203831 scontext=u:r:sysinit:s0 tcontext=u:object_r:system_data_file:s0 tclass=file permissive=0
12-27 12:11:10.896 2749 2749 W ssh-keygen: type=1400 audit(0.0:15): avc: denied { getattr } for uid=0 path="/data/ssh/ssh_host_rsa_key" dev="mmcblk0p36" ino=203831 scontext=u:r:sysinit:s0 tcontext=u:object_r:system_data_file:s0 tclass=file permissive=0
12-27 12:11:10.896 2749 2749 W ssh-keygen: type=1400 audit(0.0:16): avc: denied { write } for uid=0 name="ssh_host_rsa_key" dev="mmcblk0p36" ino=203831 scontext=u:r:sysinit:s0 tcontext=u:object_r:system_data_file:s0 tclass=file permissive=0
12-27 12:11:10.950 2969 2969 W chmod : type=1400 audit(0.0:17): avc: denied { getattr } for uid=0 path="/data/ssh/ssh_host_rsa_key" dev="mmcblk0p36" ino=203831 scontext=u:r:sysinit:s0 tcontext=u:object_r:system_data_file:s0 tclass=file permissive=0
12-27 12:11:11.003 2972 2972 W chmod : type=1400 audit(0.0:18): avc: denied { getattr } for uid=0 path="/data/ssh/ssh_host_rsa_key.pub" dev="mmcblk0p36" ino=203640 scontext=u:r:sysinit:s0 tcontext=u:object_r:system_data_file:s0 tclass=file permissive=0
12-27 12:11:11.103 2979 2979 W sshd : type=1400 audit(0.0:19): avc: denied { setgid } for uid=0 capability=6 scontext=u:r:sysinit:s0 tcontext=u:r:sysinit:s0 tclass=capability permissive=0
12-27 12:11:11.116 2979 2979 W sshd : type=1400 audit(0.0:20): avc: denied { create } for uid=0 scontext=u:r:sysinit:s0 tcontext=u:r:sysinit:s0 tclass=udp_socket permissive=0
12-27 12:11:11.116 2979 2979 W sshd : type=1400 audit(0.0:21): avc: denied { create } for uid=0 scontext=u:r:sysinit:s0 tcontext=u:r:sysinit:s0 tclass=udp_socket permissive=0
12-27 12:11:11.120 2977 2977 I sshd : bad addr or host: <NULL> (No address associated with hostname)
12-27 12:11:11.121 2977 2977 I sshd : sshd terminated by exit(255)
Anyone has an idea, how to force init.d scripts to run as u:r:su:s0 ?
Thanks
Answering my own question, in case someone else would encounter this
It turned out, my LineageOS 14.1 already had init.d scripts working. However, it still was executed under a restricted selinux context u:r:sysinit:s0. To overcome that I had to recompile LineageOS from sources, where I could explicitly modify vendor/cm/prebuilt/common/etc/init.local.rc file and put there only one additional line seclabel u:r:sudaemon:s0 so it finaly looks like this:
Code:
..
.
# sysinit (/system/etc/init.d)
service sysinit /system/bin/sysinit
user root
group root
disabled
oneshot
seclabel u:r:sudaemon:s0
..
.
Now I can run commands in userinit.sh with the highest privileges
Thanks!