16

I'm working on AOSP. I've successfully added my apk to build. Now I want to give root access to my app. I don't want to provide root access to other apps or to install the Superuser app in my build. I just want to add my app to get root access. How can I achieve that?

I went through the su.c file in path system/extras/su but I'm unable to understand the whole code.

When I went through the code, I think my objective can be achieved if I could modify su.c to provide root access to my app,compile it and add the binary to the build. Am I right?

Rahul Iyer
  • 19,924
  • 21
  • 96
  • 190
Neji
  • 6,591
  • 5
  • 43
  • 66
  • 1
    Wouldn't it be a huge security barngate if *any* app could just get root? – Jonas Schäfer Dec 10 '12 at 14:40
  • If you do not know how to do this, it is highly unlikely that you know how to audit code for safety before letting it run as root. – Chris Stratton Dec 10 '12 at 14:59
  • from the code i found tht it gives root access to shell, in the same way i want to parse the xml file in data/system/packages.xml and find the UID of my app and allow it to have root access to the system – Neji Dec 11 '12 at 06:33
  • Why you need root access? I'm asking because in android it is not used, there are other mechanisms. – auselen Dec 11 '12 at 07:06
  • i've a app that deals with IPtables and network monitoring. For accessing IPtables i need to have root access – Neji Dec 11 '12 at 07:11
  • @Neji I don't have any executable binary. I want to set root permission, to a prebuilt/preinstalled Apk. What should I do? – Dr.jacky May 15 '16 at 06:41
  • The answer to your question is in above question :) You will have to update su.c file to grant access to your application – Neji May 19 '16 at 07:12
  • You simply cannot "set root permission" to an APK because no `exec()` family call is ever made on the code of an APK. "root" is limited to *helper* executables which do things perhaps at the *carefully vetted* request of apps. – Chris Stratton Jan 20 '18 at 21:52

2 Answers2

7

You're moving in the right direction. You need to check the sources for su.c The only problem that you can face is how to run your program as root. To do this you need to set SUID sticky bit for the executable of your application. To do this you need to modify system/core/include/private/android_filesystem_config.h file (structure android_files[]), for instance for su program you can see how this bit is set:

{ 06755, AID_ROOT,      AID_ROOT,      "system/xbin/su" },
Yury
  • 20,618
  • 7
  • 58
  • 86
  • 1
    This approach will not work, as Android applications do not have unique executables. Instead, they are ultimately libraries to a common executable. Zygote forks to create an application process, but that never exec()'s, it just changes UID and loads a library with the application code. – Chris Stratton Dec 15 '12 at 18:15
  • I do not understand. This is the way how su works. I managed to use this approach several times in my projects. – Yury Dec 15 '12 at 20:01
  • Yury, can you tell me what part you updated in both the files to give root access to your app?? – Neji Dec 15 '12 at 22:59
  • You need to create your application similarly to su. In your program you should call setuid(0) function to obtain root priviledges. In android_filesystem_config.h you need to add a line with the name of your program in the structure I've specified in the answer. The only change you need to do is change the path to executable of your application. – Yury Dec 16 '12 at 08:59
  • Yury is mistaken as he is talking about setting mode bits on a file which does not exist for an android app. Apps simply do not have individual executables to do this to. To use this method you would have to create an executable, something that cannot run as an app. Also setuid() will not work. – Chris Stratton Dec 16 '12 at 15:52
  • Ok. I see here was a misunderstanding between us. Actually, @Chris Stratton is right. For Android App as he said you cannot do this. But so as you're modifing AOSP you can add your own executable that will do your work. – Yury Dec 16 '12 at 21:13
  • can you tell me the steps to do so? – Neji Dec 18 '12 at 06:12
  • 1
    At first you need to create a native application that will perform your functionality (I usually put sources for these into /system/core directory). Then you need to add this application to the build (check appropriate .mk files - for instance, core.mk). Then you need to modify android_filesystem_config.h file as I explained in the post. After that you should build the system. Now you can create Java applications and inside these apps run a new Process with your native application. – Yury Dec 18 '12 at 09:28
  • Does this approach make application to do everything? for example an application doesn't have read logs permission (android.permission.READ_LOGS); after doing this solution, does it able to do such that thing? – Dr.jacky Nov 03 '16 at 06:14
  • is this still the way to achieve this nowadays? – phoebus May 21 '18 at 15:44
3

ChainFire has written a a guide on su and how to use it for normal apps. If you're intending on working with anything other than your own phone I suggest this is the approach you follow.

stsquad
  • 5,712
  • 3
  • 36
  • 54
  • 1
    I don't have any executable binary. I want to set root permission, to a prebuilt/preinstalled Apk. What should I do? – Dr.jacky May 15 '16 at 06:42