Related
Hi,
I got a few spare androids' and i'm considering giving them to my kids (11 and 12) to play around with it and enjoy the android experience. however I don't want them being able to put 3rd party applications. how do i go about removing the option of "unknown sources" and maybe wifi from the settings.apk.
I'm not new to java and xml but sort of new to android development, I've tried several ways to remove it from the apk only (ark, ddx, baksmali, apksign) I did it in so many ways that i can't remember them all. I've also tried to decode the apk with apktool, ddx, baksmali, and creating a new project from existing source in eclipse, and I couldn't figure out what parts I have to modify to get it working (i kept on getting errors in eclipse so i wasn't even able to compile and test it in DDMS-eclipse).
Also i would like to know if maybe it is necessary to port the whole kernel source into eclipse?
I've searched all over the internet for a information for this specific thing and I couldn't find anything.
Btw, I'm using nix lucid.
Thanks In advance.
any help would be appreciated!
how about flash the supere rom without the google apps? that way they wont be able to access the market..
lagu805 said:
how about flash the supere rom without the google apps? that way they wont be able to access the market..
Click to expand...
Click to collapse
I know, the problem is not the market, i can pull it out from the phone with adb in a second w/o superE, but they can still install stuff on it with a sd card, and I would hate to not put in a file browser on the phone.
I think it would be a good idea to make a rom that's made for kids, for playing games and stuff without me worrying about it.
I'm sure that they will try to figure out a way to get around the "no market on the phone" and I should not underestimate a kid (even a 12 year old). I've seen him getting around lots of technological obstacle's.
I think that the world could use a kid's version of android, you know, get them hooked when they're young. The last thing i would like to hear from my kids is talking about iPhone or Windows. We're all linux in our house
Interesting. I too gave Magics to my 11 & 12 yr olds, one without a data plan and the other without a SIM at all. I think the right way might be multiuser like we already do on the desktops. Sudo would be a nice touch but I'd be happy to login as admin to install or whatnot.
Multiuser is something I'd like to see anyway with most or some settings on a per user basis. Or at least just for security, normal login can't do critical tasks that might cause issues. I think we'll hear about this again once we hear about some seriously dangerous apps/scams/viri on the phones.
In the meantime your best bet is education and rules about what can and can't be done. Then once per week or so you take the phone and check things out, update as needed, etc. So far my kids have little interest in breaking the rules and are happy browsing the market for fun things.
I think the only way to achieve this is to download the AOSP, edit the sources to remove the options and then compile your own ROM.
3rdcoast said:
Interesting. I too gave Magics to my 11 & 12 yr olds, one without a data plan and the other without a SIM at all. I think the right way might be multiuser like we already do on the desktops. Sudo would be a nice touch but I'd be happy to login as admin to install or whatnot.
Multiuser is something I'd like to see anyway with most or some settings on a per user basis. Or at least just for security, normal login can't do critical tasks that might cause issues. I think we'll hear about this again once we hear about some seriously dangerous apps/scams/viri on the phones.
In the meantime your best bet is education and rules about what can and can't be done. Then once per week or so you take the phone and check things out, update as needed, etc. So far my kids have little interest in breaking the rules and are happy browsing the market for fun things.
Click to expand...
Click to collapse
well, it is just a nix and SUDO should be possible, but setting this up is a quite a project and I don't think this is a one day project.
As for educating, I think they know right from wrong and I don't think that they will willingly break the rules, the market however is full of apps that are not meant for young kids..... what do you think they're going to do when they bump in to one of those apps? .
Actually what i wanted to do is to give them a phone with a line and no data plan so they can play games or watch movies, If the kids want to use the internet, there are more than enough boxes at home they can use. This phone is strictly for voice text and games.
What I want to accomplish in general, is having a child safe phone, and have the other parents here who want their kids to have to have an android, enjoy it. My way of giving back to the community.
But to have a phone that will be suitable for the purpose (not just for my kids) the data has to be completely disabled, and wifi is going to be the issue. putting on an encryption on wifi is a joke, ever heard of aircrack? I'm sure there are lots of determined horny 15 year olds that will get around that. (am i paranoid?)
Case_ said:
I think the only way to achieve this is to download the AOSP, edit the sources to remove the options and then compile your own ROM.
Click to expand...
Click to collapse
That's exactly what i want to do. The question is how do I do it?
Again, I'm not a complete noob, I just never played around with android as an OS. so if I can have the first push here here what I'm supposed to do to start this I would really appreciate it.
As I've said in my first post, I tried a few things and i couldn't get it right. what part of this don't i get??
Thanks a lot.
well your not even going in the right direction..
do you have an IDE with compiler and the android SDK all set up? then you can check on dferrera post on how to compile android from source... its listed in this forum.. please search
if your not a programmer or have no idea what classes - functions etc are then this might now be an option for you that is something you can be instructed on
you are going to need to learn to compile android from source and modify it, this is a very big task mate - be prepared, and no one can answer all the questions for u
alan090 said:
well your not even going in the right direction..
do you have an IDE with compiler and the android SDK all set up? then you can check on dferrera post on how to compile android from source... its listed in this forum.. please search
if your not a programmer or have no idea what classes - functions etc are then this might now be an option for you that is something you can be instructed on
you are going to need to learn to compile android from source and modify it, this is a very big task mate - be prepared, and no one can answer all the questions for u
Click to expand...
Click to collapse
Thanks for the reply, but i can't seem to get java5 working on 10.04 (the 10.04 repos have only java6 but i did add the old repos and ran in to some issues), I had it working on 9.04 though. anyone made it run on 10.04? or should I downgrade (or run it in VB) to 9.04/.10?
k50aker said:
Thanks for the reply, but i can't seem to get java5 working on 10.04 (the 10.04 repos have only java6 but i did add the old repos and ran in to some issues), I had it working on 9.04 though. anyone made it run on 10.04? or should I downgrade (or run it in VB) to 9.04/.10?
Click to expand...
Click to collapse
Add these 2 lines to the end of /etc/apt/sources.list file
Code:
deb http://pl.archive.ubuntu.com/ubuntu/ jaunty multiverse
deb http://pl.archive.ubuntu.com/ubuntu/ jaunty universe
then do:
Code:
sudo apt-get update
sudo apt-get install sun-java5-jdk
@k50aker
Hiding Wifi and other things should be quite easy task, but... how do you want to protect against system reinstallation? They could download any ROM from internet and install it in just 10 minutes. Backuping is easy too, so they could have 2 systems installed and switch between them when their dad comes home.
Android phones aren't desktops. You can't have root and don't give it to other users of a device.
Mod. edit: not dev related, moved to general
I wouldn't want to hide WiFI, the device is useless without connectivity, much cheaper toys out there for that if I wanted stand alone.
My two children each have a Magic and this is my experience, none of the worries that many parents seem to fear. They are well behaved and so far no problems and they are ready for 2.1 since 1.5 is just too confining even for them. Education goes a long way.
The best choice I made was to not put a SIM in one of the phones. WiFI is ideal since she is nearly always in a zone. This has gotten her used to IM instead of texting. Same effect but costs nothing. A SIP app works almost as well as SIM voice. Someday I'll do a data only SIM so she has total coverage, she'll understand that heavy data is to be done over WiFI and cell data is for VoIP and for times when it is really needed and can't wait.
However it would be nice if there was a limited setting requiring admin password for certain functions. But really, there hasn't been any problems but my kids might be grateful enough to not abuse the rights I give them. Best advice besides education if they are very young is to not SIM until after they get into the alternatives and not be addicted to texting. The older one has learned to watch her usage patterns and has to pay if she goes over budget.
Switch33 said:
Add these 2 lines to the end of /etc/apt/sources.list file
Code:
deb http://pl.archive.ubuntu.com/ubuntu/ jaunty multiverse
deb http://pl.archive.ubuntu.com/ubuntu/ jaunty universe
then do:
Code:
sudo apt-get update
sudo apt-get install sun-java5-jdk
Click to expand...
Click to collapse
those ropes are for jaunty not for lucid, and I have tried that before anyway and this is what i get:
Code:
desktop:~$ sudo apt-get install sun-java5-jdk
Reading package lists... Done
Building dependency tree
Reading state information... Done
sun-java5-jdk is already the newest version.
The following packages were automatically installed and are no longer required:
libwv2-4
Use 'apt-get autoremove' to remove them.
0 upgraded, 0 newly installed, 0 to remove and 11 not upgraded.
1 not fully installed or removed.
After this operation, 0B of additional disk space will be used.
Setting up sun-java5-doc (1.5.0-19-0ubuntu0.9.04) ...
This package is an installer package, it does not actually contain the
J2SDK documentation. You will need to go download one of the
archives:
jdk-1_5_0-doc.zip jdk-1_5_0-doc-ja.zip
(choose the non-update version if this is the first installation).
Please visit
http://java.sun.com/j2se/1.5.0/download.html
now and download. The file should be owned by root.root and be copied
to /tmp.
[Press RETURN to try again, 'no' + RETURN to abort] no
Abort installation of J2SDK documentation
dpkg: error processing sun-java5-doc (--configure):
subprocess installed post-installation script returned error exit status 1
Errors were encountered while processing:
sun-java5-doc
E: Sub-process /usr/bin/dpkg returned an error code (1)
Brut.all said:
@k50aker
Hiding Wifi and other things should be quite easy task, but... how do you want to protect against system reinstallation? They could download any ROM from internet and install it in just 10 minutes. Backuping is easy too, so they could have 2 systems installed and switch between them when their dad comes home.
Android phones aren't desktops. You can't have root and don't give it to other users of a device.
Click to expand...
Click to collapse
You are right, but one of the later steps I thought about would be a custom boot and custom or no recovery. But I will figure that out later in the project.
But i will probably change my direction on this (wifi etc.) based on what you guys say.
I am thinking of getting a Nexus 4 (or a Nexus 5 if such a thing appears in the not too distant future) as my first smartphone, with the eventual possibility of running Ubuntu for Android if and when it becomes available. However, for now the only capability I need the phone for is to be able to open up a Linux style command line terminal on the phone where I can ssh into a couple of other Linux based devices I have, via wifi, so I can run some "C" executables that I have written on these other devices. These other devices are running SSH servers. Is this doable? Do I need a special app or a special ROM, etc.
I assume you mean to run the C executable on the remote machine... not the phone itself?
If yes, then: YES, you can do that. And there are many ways to do it.
At the most basic, the only app that you would need is a Terminal Emulator app (several terminal apps are available for free... some are better than others). From that, you can do what you want. Any of the good ones will work just like any other Terminal on a PC.
But there are other apps that will make it easier because typing out commands, on a phone, isn't the funnest thing ever. Copy-pasting commands is an obvious way to make it easier...
But there are even easier ways than that...
ConnectBot (ssh-agent-patch) app would allow you to ssh into a remote host with a single tap (even using public-private key authentication if you want). Then you can run your ./command (or copy-paste it).
You can even VNC into a remote host and control it graphically (assuming a VNC server is running on the host machine).
You can even go the other way too... you can run an ssh server on the phone and access it from your PC.
Like all ssh capabilities, all of this can be done over the internet too, you aren't limited to WiFi LAN.
Also, on all of my file explorers (on all of my computers AND my Phones) I've made shortcuts for easy file sharing too (all using pub/private key authentication for security). Not only does that make file transfers super easy no matter what machine I have my hands on at the moment, but it also makes my desktop PC at home my own personal cloud server to my phone. Who needs dropbox?
Basically anything you can do with ssh on a computer, it can be done on an Android phone.
ps... if you re-compiled your C executables for the Android system... you could even run them natively on the phone.
iowabeakster said:
I assume you mean to run the C executable on the remote machine... not the phone itself?
Click to expand...
Click to collapse
Yes.
Fantastic, thanks for the detailed answer. I wanted to know right away before I wasted my time, but now am googling around for all the details. I have a raspberry pi running Debian that I need to communicate with and it is headless (No monitor, keyboard, etc., just a wifi dongle) so this would be perfect. I also have desktop computers that run a bunch of OS's (Centos, Scientific Linux, Fedora, Ubuntu, etc) that I might want to connect to.
From what I understand, all of that can be done without modifying the phone (rooting, etc.), correct?
However, down the road I may want to try and root it anyway, because the bigger set of Linux commands offered by Busybox would nice. I have been putting off getting a smartphone because of the cost, but the Nexus 4 with something like straight talk is the same monthly price as my 400 minutes of just talk with Verizon, so it is time. The coverage and uptime with Verizon is really good, but the costs are just not keeping up with the times.
From what I understand, all of that can be done without modifying the phone (rooting, etc.), correct?
Click to expand...
Click to collapse
good question.
I don't know with absolute certainty what functions would require root (I always root right away... so I don't ever think about it... like you said... additional functions... and I forget about it).
Basic, ssh-client functions should not require root. Running the ssh-server on the phone, that I mentioned, certainly does require root though. I know that my Terminal Emulator and File explorer apps have root access, but root is not needed just for the ssh-client functions (I am pretty sure).
Rooting on the nexus 4 is pretty easy. Rooting does require the installation of a custom recovery (at least temporarily). That is something that sounds like it would take someone like a you only a few minutes to do (not counting the time you would likely spend reading about it before hand... and installing the android sdk on a PC). Certainly, no other mods other than rooting would be needed.
iowabeakster said:
good question.
I don't know with absolute certainty what functions would require root (I always root right away... so I don't ever think about it... like you said... additional functions... and I forget about it).
Click to expand...
Click to collapse
Great, I will probably just root the phone after using the phone for a while; I have zero experience with smartphones, plus I want to make sure that the phone works properly. The important thing is that it will do exactly what I need it for.
Last question. I see there are several guides for rooting and unlocking the bootloader.....Any recommendation of which one to use? I see that the one written by Jubakuba "Ultimate Nexus Root Guide" has pointers to urls that are broken (Therefore many critical steps are missing), and apparently it has been that way for quite a while.
I started looking for what I thought the best guide... but I gotta do some stuff... I will be back in a couple hours (hopefully with a good suggestion).
I will piece together a guide tomorrow morning from all the various "how-to" guides out there for you. So many of them are geared towards Windows users, and they start babbling about installing and removing drivers and stuff that you won't bother with in Linux. But I need sleep, right now. It'll just be some copying and pasting from a few of them out there. It shouldn't take long.
iowabeakster said:
I started looking for what I thought the best guide... but I gotta do some stuff... I will be back in a couple hours (hopefully with a good suggestion).
I will piece together a guide tomorrow morning from all the various "how-to" guides out there for you. So many of them are geared towards Windows users, and they start babbling about installing and removing drivers and stuff that you won't bother with in Linux. But I need sleep, right now. It'll just be some copying and pasting from a few of them out there. It shouldn't take long.
Click to expand...
Click to collapse
It's not necessary to go through all of that; I thought there was maybe one document that a lot of people were using. It is really up to me to start reading up on the subject.
Just bit the bullet and placed an order for the Nexus 4 before it is out of stock again.
Found some simple instructions for unlocking and rooting the Nexus 4:
http://forums.androidcentral.com/nexus-4-rooting-roms-hacks/224861-guide-nexus-4-unlock-root.html
Also found better descriptions of what the various terms floating around mean and what each piece of software does, however it is on the Galaxy S III section of this forum, so obviously I am not going to follow any of the procedures listed:
http://forum.xda-developers.com/showthread.php?t=1927113
Here's my favorite instructional...
http://forum.xda-developers.com/showthread.php?p=37823933#post37823933
iowabeakster said:
Since googling around to find a good "How to" for Android noobs, I kind of felt like I could maybe help a few other folks out there too So, I went ahead and made my own "How to".
Click to expand...
Click to collapse
Nice.
I just ran across this, and thought about you... looks like a nice new SSH client. I've never used it. But Jerry at Android Central is a pretty serious Linux nerd, so I do put some stock in his recommendations. Just thought I'd throw it out there for you to see.
http://www.androidcentral.com/apps-week-juicessh-7x7-audible-android-and-more
iowabeakster said:
I just ran across this, and thought about you... looks like a nice new SSH client. I've never used it. But Jerry at Android Central is a pretty serious Linux nerd, so I do put some stock in his recommendations. Just thought I'd throw it out there for you to see.
http://www.androidcentral.com/apps-week-juicessh-7x7-audible-android-and-more
Click to expand...
Click to collapse
Well, I had the phone for a couple of weeks and I think I turned it on twice. I really didn't get addicted and start to install apps until I used the GPS feature for a long trip I took yesterday. First time using a GPS....Yeah, just a little behind the times.
So, without rooting, today I installed the following apps which gives me everything I need:
ConnectBot. Works great and allows me to ssh to my Linux boxes.
Terminal Emulator. For basic command access.
FreebVNC. Has a secure tunnel feature built in, so you don't have to go through the whole two step process of setting up a tunnel and then running VNC through the tunnel. Also, it has a zoom feature, access to special keys and mouse emulation.
Wifi Analyzer. Gives you access points, signal strength, etc. There was another app that I added to that app to easily connect to the access points.
Fing. Network Info like mac addresses, etc.
Still will root eventually and install Busybox. However, now that I can access my raspberry pi remotely, my priority is to finish writing my software programs and building electronics for a project that uses that little ARM computer.
pjc123 said:
I am thinking of getting a Nexus 4 (or a Nexus 5 if such a thing appears in the not too distant future) as my first smartphone, with the eventual possibility of running Ubuntu for Android if and when it becomes available. However, for now the only capability I need the phone for is to be able to open up a Linux style command line terminal on the phone where I can ssh into a couple of other Linux based devices I have, via wifi, so I can run some "C" executables that I have written on these other devices. These other devices are running SSH servers. Is this doable? Do I need a special app or a special ROM, etc.
Click to expand...
Click to collapse
For a ssh client, try ConnectBot. I have been using this since the G1 came out for work (Sys Admin) and home.
For a better keyboard, check out Hacker's Keyboard.
SpookyTunes said:
For a ssh client, try ConnectBot. I have been using this since the G1 came out for work (Sys Admin) and home.
For a better keyboard, check out Hacker's Keyboard.
Click to expand...
Click to collapse
As mentioned above, I already installed ConnectBot and it has nice features. However, I am interested in the keyboard (keys in the right place, Crtrl/Tab/Esc keys, etc.), so I will be installing that next.
Yep, ConnectBot is the old standard (if there is such a thing in Android world). I use it.
I've pretty much always used Jack Palevich's Terminal Emulator app. Very small and lightweight. It's always done everything I've ever needed to do. But there are many Terminal apps to choose from. I usually stop trying apps, when I find one that meets my needs, and stick with it until it doesn't... I started using that Terminal my first week with my first Android, after trying a couple of others. I've never used anything since.
Hacker's keyboard is an awesome suggestion! Thanks man! How have I survived without this!
For VNC purposes (which I rarely use) I use androidVNC. I've never tried anything else since I use it so rarely. It seems to do everything I can imagine it should. Mostly I use it to mess with my wife's head with some "ghost in the shell" pranks when she is using her laptop. She will scream from the living room, "WTF!!!! My computer just told me it's going to eat my brains tonight!"
And I'm just innocently sitting there reading emails on my phone "That is strange, honey."
iowabeakster said:
For VNC purposes I use androidVNC.
Click to expand...
Click to collapse
I actually looked at androidVNC first due to the amount of reviews and positive ones, but I liked the extra features of FreebVNC even though it violates my following policy. I have found, just like shopping at Amazon, that in general the quantity and quality of reviews quickly narrows the search dramatically from the huge database of products/apps. The only side effect of this is to weed out excellent apps that are new and could be excellent, but just like major operating system updates, with anything new I let them weed out the bugs first.
iowabeakster said:
I've never tried anything else since I use it so rarely.
Click to expand...
Click to collapse
I totally agree with you that I don't ever see myself using the VNC client on the smartphone again other than just as a novelty. What does intrigue me is putting a VNC server on the smartphone. I wonder if there would be a way to use an external computer's mouse and keyboard to control the gui portion of the smartphone while displaying it on the computer's large screen, the problem being that the smartphone is touch based; that is something that I could see using.
iowabeakster said:
I use it to mess with my wife's head with some "ghost in the shell" pranks.
Click to expand...
Click to collapse
Me and a friend used to do similar pranks at work, messing each others displays, keyboards, etc. I think the best non-computer prank that someone did to me while I was on vacation was to line one of my desk drawers with plastic and fill it full of goldfish. The best prank that some colleagues did, was to inflate a weather balloon in our departmental director's office and turn the nozzle away from the door so he couldn't get in.
WARNING: This is not a place for you to come to say how great you think Chainfire is. I'm not calling his character into question, only his methodologies and the character of the outfit he sold out to (and I don't question the act of selling out, that's business, pays the bills, and puts kids through college). The debates about what people prefer and why are as old as the first software. And of course, I will not tell you what to do, no matter how much I disagree with you. If you UNDERSTAND what I have to say, then THIS software is for you. If you don't, you are probably better off with binaries.
The root situation on Android 5.x left a lot to be desired. There was basically just one distributor of a functional substitute user command (su), and it was binary. Recently, ownership of that binary and all of its history has become the property of a previously unknown legal entity called "Coding Code Mobile Technology LLC". While it was presented as a positive thing that that entity has a great involvement with android root control, this is actually a VERY frightening development.
The people at CCMT are no strangers to the root community. They have invested in, or own, a number of popular root apps (though I am not at liberty to disclose which ones) - chances are, you are running one of them right now. I believe SuperSU has found a good home there, and trust time will not prove me wrong.
Click to expand...
Click to collapse
There are precisely two motives I can imagine for buying up all the root control software for Android;
1) monetizing it, which is contrary to the user's best interests,
2) something very frightening and dangerous involving the potential exploitation of everybody's devices.
You don't know the owners, and they are distributing a binary, so who the heck knows WHAT is going on.
Now a few important considerations with respect to your security and privacy;
1) Obfuscated binary cannot be sanely audited.
2) Function of this binary depends on the ability to manipulate selinux policies on the fly, including RELOADING the policy altogether and replacing it with something possibly completely different. Frankly, I've never heard a single reason why this should be necessary.
3) While a root control application may give you nice audits over other software that is using its service, it can *EASILY* lie about what it is doing itself. It can delete logs, it can share root with other applications that they have made deals with, it can directly sell you out to spammers, etc.
That is WAY too dangerous, and not worth the risk.
Frankly, you are safer if you disable selinux AND nosuid, and just run the old style of root where you set a copy of sh as 6755. And that is FRIGHTENINGLY dangerous.
So not satisfied with this state of root, and especially now with a new unknown entity trying to control the world, we bring you the rebirth of the ORIGINAL Superuser:
https://github.com/phhusson/Superuser
https://github.com/lbdroid/AOSP-SU-PATCH (this one is mine)
From the history of THAT Superuser:
http://www.koushikdutta.com/2008/11/fixing-su-security-hole-on-modified.html
Yes, look at the Superuser repo above and see whose space it was forked from.
Note: This is a work in progress, but working VERY well.
Use my patch against AOSP to generate a new boot.img, which includes the su binary.
Features:
1) selinux ENFORCING,
2) sepolicy can NOT be reloaded.
3) It is NOT necessary (or recommended) to modify your system partition. You can run this with dm-verity!
The source code is all open for you to audit. We have a lot of plans for this, and welcome suggestions, bug reports, and patches.
UPDATE NOVEMBER 19: We have a new github organization to... "organize" contributions to all of the related projects. It is available at https://github.com/seSuperuser
UPDATE2 NOVEMBER 19: We have relicensed the code. All future contributions will now be protected under GPLv3.
*** Regarding the license change; according to both the FSF and the Apache Foundation, GPLv3 (but not GPLv2) is forward compatible with the Apache License 2.0, which is the license we are coming from. http://www.apache.org/licenses/GPL-compatibility.html . What this means, is that it is *ILLEGAL* for anyone to take any portion of the code that is contributed from this point onward, and use it in a closed source project. We do this in order to guarantee that this VITAL piece of software will remain available for EVERYONE in perpetuity.
Added binaries to my the repo at https://github.com/lbdroid/AOSP-SU-PATCH/tree/master/bin https://github.com/seSuperuser/AOSP-SU-PATCH/tree/master/bin
These are *TEST* binaries ONLY. Its pretty solid. If you're going to root, this is definitely the best way to do so.
The boot.img has dm-verity and forced crypto OFF.
The idea is NOT to use as daily driver, while I can make no warranties at all regarding the integrity of the software, I use it myself, as do others, and its pretty good.
What I would like, is to have a few lots of people try it out and report on whether things WORK, or NOT.
IF NOT, as many details as possible about what happened, in particular, the kernel audit "adb shell dmesg | grep audit". On non-*nix host platforms that lack the grep command, you'll probably have to have to add quotes like this in order to use android's grep: "adb shell 'dmesg | grep audit'".
How to try:
0) Starting with a CLEAN system.img, get rid of supersu and all of its tentacles if you have it installed, if it was there, it will invalidate the tests.
1) Install the Superuser.apk. Its just a regular untrusted android application. Yes, there is a security hole here, since we aren't (yet) authenticating the communications between the android application and the binaries, or validating the application by signature, or anything else that would prevent someone from writing a bad Superuser.apk. This is on the list of things to do.
2) fastboot flash boot shamu-6.0-boot.img
3) test everything you can think of to see if it works as expected.
Note: there are some significant visual glitches in the android application, but nothing that makes it unusable.[/quote] @craigacgomez has been working on fixing up the UI. Its really paying off!!!
How you can reproduce this YOURSELF, which we RECOMMEND if you feel like daily driving it (in addition, make sure that you UNDERSTAND everything it does before you decide to do that, you are responsible for yourself;
You can build it any way you like, but I do my android userspace work in eclipse, so that is what I'm going to reference. Import the project from phhusson's git, including SUBMODULES. Right click the Superuser project --> Android Tools --> add native support. The library name you choose is irrelevant, since it won't actually build that library. Right click project again --> Build configurations --> Build all. This will produce two binaries under "libs", placeholder (which we won't be using), and su. You need the su binary. Then right click project again --> run as --> android application. This will build Superuser.apk, install it, and launch it.
Next:
repo init -u https://android.googlesource.com/platform/manifest -b android-6.0.0_r1
repo sync
Then apply su.patch from my git repo.
UNFORTUNATELY, the repo command isn't smart enough to apply a patch that it created itself. That means that you are going to have to split up the patch into the individual projects and apply them separately to the different repositories. This isn't that hard of a step though, since there are only FOUR repositories I've modified... build/ (this just makes it possible to build with a recent linux distro that doesn't have an old enough version of openjdk by using oraclejdk1.7. The boot.img doesn't actually need the jdk to install anyway -- its just part of the checking stage, so its up to you.), device/moto/shamu/, external/sepolicy/, system/core/.
After applying the patches, copy the su binary you generated with eclipse into device/moto/shamu/
Then ". build/envsetup.sh; lunch aosp_shamu-userdebug; make bootimage". That should take a minute or two to complete and you will have a boot.img built from source in out/target/product/shamu/
NEW UPDATE!!!!
While I haven't yet gotten around to running a complete cleanup (very important family stuff takes priority), I *HAVE* managed to find a half hour to get on with the Android-N program. If anybody takes a peek at the AOSP-SU-PATCH repository on the AOSP-N branch, you should find some interesting things there.
One warning first though... I updated the patches to apply against the N source code, and then updated some more to actually compile, and compiled it all. BUT HAVE NOT HAD THE OPPORTUNITY TO TEST IT YET.
Nice thing you came up. Sounds awesome.
We should have an alternate to all LLC thing, no matter how much respect (I owe you Chainfire thing) we got for the man who created CF Root (since Galaxy S days) and SupeeSU.
wow, tyvm for this! Will definitely test for ya and let you know.
I already applied your patch, built my own binaries and the boot.img but won't have a chance to test anything until tomorrow. Would love to get this %100 working fine and yeah, will use this from here on out instead of supersu.
Thanks again and yeah, will post when I have something ^^
I will be following progress closely, as should others. Without something like this, many in the community may naively let a corporate entity control root access on their devices. This is extremely frightening, it may not happen right away but if you believe the an entity will not monetize or exploit the current situation I believe you are sadly mistaken.
I could be wrong, however, it's not a risk I will take lightly and no one else should either.
Thanks for this.
Nice work!! Will be following this thread closely.
Time for me to learn eclipse. And do a heck of a lot more reading.
Larzzzz82 said:
Time for me to learn eclipse. And do a heck of a lot more reading.
Click to expand...
Click to collapse
Just note that I use eclipse because I'm used to it. Its become the "old" way for android dev.
i just paid for superSU is this the same people?
TheLoverMan said:
i just paid for superSU is this the same people?
Click to expand...
Click to collapse
I'm not sure what you are asking... are you asking if I am in any way affiliated with supersu, then you probably failed to read the first post in this thread altogether.
Charging money for a binary blob to use root on your device is borderline criminal, and unquestionably immoral. I'm sorry to hear that they got something out of you.
This is pretty great. I'll be watching this as well.
Perhaps this is not the place to take the tangent but why does root behave as it does and not more similar to a standard linux distro? It seems like it would be much more secure to have a sudo function as opposed to an all encompassing root. I'll admit I'm not that familiar with the inner working of the android OS but off hand I can't think of any program that absolutely needs to be automatically granted root every time it wants to run (I'm sure there are but even in this case the power user could chown it to standard root).
Wouldn't it be much more secure if you had to go in to developer options (which are already hidden by default) and turn on the option for sudo. This would then require a sudo-user password (perhaps even different than the standard lock screen password). Need to run a adblock update? Enter the password. Need to run Titanium backup? Enter the password... etc. Much more secure than a push of "accept".
Sorry for off topic but it's always made me wonder and seems like it would be root done right (see how I tied that back to the topic ) If elevating programs/tasks to a superuser was more secure perhaps it would not need to be such an issue...
^ Some root functionality is just too common for a Linux like sudo password to be usable at all. I'll give 2 examples:
1. Since Lollipop Google disabled access to mobile network settings for third party apps. Now it's only possible with root. I have an app that together with Tasker automates my network changing. That network app needs root access EVERY time there is any changes to the connected network and when it wants to change the settings.
Phone connects to a different cell tower? Root needed to detect this and determine the mobile network status.
You can figure how many times this is required per day.
2. I use Greenify to force some misbehaving apps to sleep after the screen goes off. It needs to request root every time it wants to sleep one of those apps. In other words every time I use them, after my screen goes off and I turn it back on I'd be facing both my secure lockscreen and the sudo password.
There's are plenty of other apps that need to request root access on a regular basis. These were just a few examples. If you only need root for TiBu then a sudo password type of security measure would work. In my case all I'd be doing with my phone would be typing that password again and again.
Beyond what is said above, to my understanding... What "root" is is just a way to install the "su" binary to your phone, with a nice GUI to make it more friendly for phone/tablet use.
Being rooted, if memory serves, is being able to access and change any file in your root directory, at least that's a simplified way to see it. The SU app is a GUI that is mostly used to control the ability of apps to access and change the root directory.
Sent from my Nexus 6 using Tapatalk
Interesting thread. Thanks for your work....subscribed
doitright said:
There are precisely two motives I can imagine for buying up all the root control software for Android;
1) monetizing it, which is contrary to the user's best interests,
2) something very frightening and dangerous involving the potential exploitation of everybody's devices.
Click to expand...
Click to collapse
I would suggest that there is a third potential motive here - that having control over the "only" way of rooting Android devices might be attractive to Google.
I've read a few articles suggesting that they would prefer to prevent people from rooting their phones (partially so that they can monetise Android Pay - which requires a Trusted Computer Base, which means unrooted - as well as controlling Ad Blockers, which affect a revenue stream). I also suspect that only a tiny minority of Android users - and most of them are probably on here - actually root their devices.
Regardless of the motives, having a technological monoculture is never a good thing, especially when it is delivered as a binary owned by an unknown organisation.
(No disrespect to Chainfire - I have had many years of root access to my devices thanks to his efforts.)
scryan said:
Beyond what is said above, to my understanding... What "root" is is just a way to install the "su" binary to your phone, with a nice GUI to make it more friendly for phone/tablet use.
Click to expand...
Click to collapse
Not quite.
"root" is the *name* of a privileged user, with user id of 0.
The "su" command (short for substitute user), is used to substitute your current user for another user, but most particularly root.
Every application and many subsystems in Android are granted each their own user, which are very restrictive, hence the need to escalate to root to obtain necessary privileges.
Philip said:
I would suggest that there is a third potential motive here - that having control over the "only" way of rooting Android devices might be attractive to Google.
Click to expand...
Click to collapse
What does that have to do with the third party? I doubt very much that Google would appreciate the security of their users being compromised by a 3rd party.
urrgevo said:
Being rooted, if memory serves, is being able to access and change any file in your root directory, at least that's a simplified way to see it. The SU app is a GUI that is mostly used to control the ability of apps to access and change the root directory.
Click to expand...
Click to collapse
Nope. The root directory can be setup to be accessible by specific users just by applying the appropriate permissions to the files.
The root directory and root user are not specifically related.
doitright said:
What does that have to do with the third party? I doubt very much that Google would appreciate the security of their users being compromised by a 3rd party.
Click to expand...
Click to collapse
Because the "third party" might actually be Google (or an organisation funded by them).
---------- Post added at 15:05 ---------- Previous post was at 15:02 ----------
doitright said:
Every application and many subsystems in Android are granted each their own user, which are very restrictive, hence the need to escalate to root to obtain necessary privileges.
Click to expand...
Click to collapse
Shouldn't need to su to root to do this - that's what setuid and setgid are for.
Has anyone figured out how to get ps vue to work with firetv that is rooted? I've gone the route of renaming su.apk in shell to xsu.apk. When I do this I can access root in shell but can not give permission to installed rooted apps on screen. I've tried root cloak. It's a no go. Plus why is there no gui for su for fire tv. Any help would be greatly appreciated. Thanks.
1. What did you think would happen if you rename your su and Superuser.apk? It all would magically work regardless?
2. Other people report that Root Cloak worked for them as recently as 24 days ago. Might not work on the FireTV - but still...
3. You can get the information on why the su GUI does not work on the FireTV from here:
http://forum.xda-developers.com/showpost.php?p=68273660&postcount=67
Thanks for replying. By changing su name I still have root abilities through adbfire. I can access and change root files. The issue is once I originally grant root access on fire tv I can never get it to appear again. Is there any way to clear su.apk access without gui? In app section all su options are grayed out. It's strictly read only su. The link below is the post for renaming su files. It does work. System is still rooted. I just can't get popup to grant access to apps. I've been trying off and on for a few months. Any help would be greatly appreciated. Thanks.
http://forum.xda-developers.com/fire-tv/help/playstation-vue-fire-tv-fire-tv-stick-t3247813/page2
Not through adbfire - through adb and the shell.
Adbfire is a "eazy to use" frontend that prevents users from learning to navigate using adb commands and the shell by makeing them click buttons with preset commands backed in, that sometimes are just silly. Then it pops up fake progress counter animations to put their minds to ease.
Every time someone says that "adbfire doesn't work" I die a little bit more, deep in my heart.
But you have made it to the actual shell, so congratulations, you are using the real deal.
-
Here is what happens as far as I understand it - could be wrong - but it is a pretty educated guess.
Once you rename su and Superuser.apk - all apps loose access to it.
The prompt is not poping up, because the apps already think they have SU access - but because they cant access su.
Here is why.
Apps that require su, have to address su, and they certainly don't expect su to be named xsu.
Its great that you can call su functions by typing in xsu into the shell instead - but that won't help your apps.
If an app cant get su access - it usually just prompts su and the Superuser.apk again. There is no need to "clear Superuser.apk access" in fact - just uninstalling an app that requires root and reinstalling it again is enough for the rootmanager to forget it ever existed. So you can in fact test your theory that way. My best guess is, that you are wrong and it won't work regardless, because none of the apps calls a binary named xsu. xsu could in fact be named "makeamericagreatagain" and it would make no discernible difference.
The thing why I preface this with "I could be wrong" is, that I havent looked into how systemless root works, and how those guys get root access to their apps, without having a binary named su in /system. Maybe the apps call Superuser.apk (which is now called xSuperuser.apk so they cant find it) and xSuperuser.apk of course cant find su, because you renamed it xsu. But in any case - they are not using the usual Superuser.apks
Thanks for the quick reply. You are right about the renaming of su. I tried same thing on old tablet and got the same results. Even with having gui access. I could not get it to grant root abilities. Next step is to find a way to edit apk's and find a way change where it looks for root files. I only need to edit 3 apps. (adaway, xposed, and hdxposed) If can figure out how to do it once the others should be easier. This should be interesting.
Now here is something that could work. I'm a bit hesitant to recommend you doing it, because you are constantly modifying system files - but if you were willing to risk it before... It might work.
Read up on a program named "Remote adb Shell" in here
http://forum.xda-developers.com/showpost.php?p=69050521&postcount=3
Then maybe try two commands like these:
su -c 'mount -o remount,rw /system /system && sleep 1 && mv /system/app/Superuser.apk /system/app/XSuperuser.apk && mv /system/xbin/su /system/xbin/xsu' && exit
and
xsu -c 'mount -o remount,rw /system /system && sleep 1 && mv /system/app/XSuperuser.apk /system/app/Superuser.apk && mv /system/xbin/xsu /system/xbin/su' && exit
Now - understand, that I havent tested this myself - also - I havent looked if you need to chmod modify the su file first (add another
&& chmod 761 /system/xbin/su
- at the appropriate spot(s)), which you do according to this thread https://www.reddit.com/r/fireTV/comments/41e8z3/ps_vue_aftv_1_with_root/?st=iuk3lgx4&sh=36edc941 (which I think you took the method from) --
but if it works - it would allow you to switch between "rooted" and "non rooted" states with a few presses on your android smartphones (or tablets) screen.
Now - I don't know if you would need to reboot the AFTV for root or VUE to work again -- (make another entry with just
reboot
- in it) . The reboot might kill the concept - because switching between the states might take too long.
Also - you do this at your own risk. If you loose root (or worse.. ) as a result of this - its not my fault.
install xposed, install rootcloak and block the vue apk by package name. I use that method on my shield tv. Just reset my ftv so I'm still trying to set everything up before I get to this.
There you go.
Should have looked into the "doesn't know how to use rootcloak" angle a bit more.
Definitely the better solution. Go with that.
Just like you should go to "I'm a **** and my comments don't provide any help others than to prove I'm an asshole section."
This is a forum for questions and help. Thanks Noggind614 he gave me the correct command for the fire tv and root cloak. Don't use the phone or tablet com entry. For fire tv its. "com.snei.vue.firetv"
Thats not a command, thats literally the process name of the app others have suggested <ou to block with root cloak before.
Oh, and here is why I hate dumb people.
- They rather complain about solutions not working than to learn how they work. If you don't constantly have the filter on, that everything they say might in fact be just a made up "fact" trying to mask that they werent able to use an app - you are out of luck entirely, and situations like these happen.
- When they then resort to renaming system apps - because reddit told them to, not knowing what they are doing, and you have to explain to them, that stuff breaks, because they broke it - the< might act interested and willing to learn for a moment -
- but as soon as someone points out, that they don't know jack, their "facts" are all kinds of wrong, and the better solution was suggested by every entry in google, this forum, and even by myself (hinting at that it would be strange, that people report cloak works as recent as a month ago..) - they become tonguetied, and when you weigh in to make it clear for others that the solution the excluded from the beginning as "not working" is in fact the best one --
they take it ultra personal - and switch from thanking you for explaining to them how stuff works, to calling you a dickface -- because it becomes so very obvious whats wrong here.
So they are the assholes. They think the internet is here to serve them without even calling a dog a dog, they cause the majority of confusion in stating wrong information to begin with, they switch from thanking you for explaining to them what they are doing to calling you a dickface - because you just made it clear, that the solution someone else brought up is in fact the better one, so others wouldn't bother to go through the same pitfalls they went through - oh, and all information you have provided them so far all of a sudden becomes null and void - because it was just that, information - and not the entire step by step solution they wanted people to provide in the first place.
Now - not even "block the app with root cloak (exposed)" is enough information for someone like you in the end. No - you need a PN conversation to clarify that you should block the process everyone told you to block in the beginning. Because you didn't bother to find out how its named.
Instead of typing ps into the Fire TVs shell (or ps | grep vue), you used this forums PN function to ask someone else to do it for you. And you didn't have to know the ps command either, you probably could have looked up the apps (process) name elsewhere on the net.
Here i the mea culpa on my part. I am not a PS VUE user, because the service is not even available in my country. I might react threads though, where people rename android system files, and then complain about them "not working". I don't if blocking within root cloak using the process name of an app is something out of the ordenary, if it is, some of my criticism doesnt apply, although I highly doubt it at this point.
Tldr.
Dont ever take agreeing with someone else on what would be the best solution, as mocking you personally. I know that reddit QA culture demands, that every thread is a personalized support session for people with no clue but high aspirations - threads on forums usually are not. Clearing up "what the best solution seems to be" for the next person that reads along is something I don't do out of malice, I do out of responsibility.
Well, at least until someone calls me a **** for not providing an easier solution for them faster. Then all bets are off.
Everytime someone explains somethng on an open internet forum, there is the notion, that others are reading it, and that the information they are providing gets used further - that just the immediate support session they are driving at a time. This is the sole cause - why people might not wan't to protect you or others in the "looking fly" department - while you are actually -
- promoting, that people should modify system files - and then expect stuff to work regardlessly
- making it sound like a fact, that stuff doesn't work, when its actually working
This is not "acting like an asshole", this is actually responsible behavior.
n00bs usually don't become educated users, by calling the people explaining stuff to them dicks, or accusing them of "saying unimportant stuff, because - you just needed a step by step instruction, which you finally solicited from someone via PN - good job" - or by putting down people, that explain stuf to them, because it makes them look like n00bs.
This goes for me as well - in other areas.
Yet I never got the demand, that others should fix your issues for free, and on the spot, in detailed step by step instructions, while making it extra sure, that you can save face, and look like a hero at the end of the day - also what dicks, are they for actually daring to try to explain stuff to you instead of just fixing your problem.
Have I mentioned, that I sometimes hate what has become of the web in the recent years? Signs of getting old...
Also, yes, I do think that this response was needed.
I'm reading packets in native code from the TUN interface created with the VpnService API. I would like to correlate packets to installed applications, i.e., to know which application sent a certain packet, without root access. With root access it would be a simple case of either using netstat/lsof or going through some of the /proc files. However, I couldn't find a way to get a list of connection <--> PID (or UID) mappings, neither in the native Linux context, nor within the higher level Android APIs.
I don't mind a more convoluted solution that needs work and is somewhat hackish, as long as it works without root access.
Looking forward to even ideas and starting points that I can further explore myself, if you don't have a full solution. And if you know 100% this is not possible, no matter the workarounds that I may try, let me know.
To answer my own question, in case someone finds this post with a search engine, yes it is possible, at least up to Android P, by reading the /proc/net/tcp, /proc/net/tcp6, /proc/net/udp, and /proc/net/udp6 files. However, in Android P the ability to read files under /proc/net is starting to be restricted (see this thread) and is going away in Android Q.