setuid fails with PermissionDenied on Galaxy s4

Question

I'm trying to create a setuid program on c for android. I tested it on android 2.3-4.2 and it works well on all devices except Samsung Galaxy s4 (i9500).

I used CF-Auto-Root to install su on device and it works fine. But my app is not doing well.

I have installed mysu into system dir and set all rights:

shell@android:/ $ ls -Z /system/bin/mysu
-rwsr-sr-x root     root              u:object_r:system_file:s0 mysu

And that's about Chainfire's su:

shell@android:/ $ ls -Z /system/xbin/su
-rwsr-sr-x root     root              u:object_r:system_file:s0 su

Selinux is in permissive mode:

shell@android:/ $ getsebool -a
android_cts --> on
app_bluetooth --> off
app_external_sdcard_rw --> on
app_internal_sdcard_rw --> on
app_ndk --> off
app_network --> on
app_read_logs --> off
app_vpn --> off
debugfs --> on
in_qemu --> off
manage_mac --> on
manage_selinux --> on
support_runas --> on
system_app_manage --> off

shell@android:/ $ getenforce
Permissive

In mysu i use setuid and setgid before calling shell, and they fail on Galaxy S4:

shell@android:/ $ mysu
euid, egid: 0, 0
uid, gid: 2000, 2000
setgid(0): Permission denied
setuid (0): Permission denied
execv("/system/bin/sh", exec_args): Permission denied

What am i doing wrong? What does Chainfire's su except setuid and setgid?

Would you please post the source code of mysu? – heroxbd Dec 15 '14 at 02:02 — heroxbd, Dec 15 '14 at 02:02

score 3 · Accepted Answer · answered Aug 14 '13 at 09:27

3

Solution: do fork() before calling setuid(0).

answered Aug 14 '13 at 09:27

Tishka17

305
2
12

If you post your own answers, it would be great if you could also explain why a fork() is needed? – not2qubit Jun 24 '14 at 17:17
@user1147688 i'm not sure, but it is required to reset some process attributes. – Tishka17 Jun 25 '14 at 19:29
2

Perhaps you could add the relevant code snippets to your question or answer. That would be more helpful. – not2qubit Jun 29 '14 at 12:12

score 0 · Answer 2 · answered Aug 14 '13 at 08:22

0

It is likely that G4 has a customized kernel which might forbid third party program to set uid to 0.

One more thing, SELinux is introduced since 4.3, even you su to be a root user on adb shell, you still cannot do anything else.

answered Aug 14 '13 at 08:22

Robin

10,052
6
31
52

Yes, probably S4 has some changes in kernel, but how does chainfire's su working? It is not standart program, as it is installed through cf-auto-root. Neither changing it's name, nor adding garbage to its end (to change md5) does make difference - it is working. – Tishka17 Aug 14 '13 at 08:28
Are you talking the 4.3? The root on 4.3 is much more complex than it is on the versions before. For example I am using GalaxyNexus. Before update to 4.3, I can simply fastboot the device and load my own ramdisk which has a root adbd running. Then I copy a setuid su program into /system/xbin and it works well (rooted without modify any system files - not to break the original rom). However, after upgrade to 4.3 this wont work since the shell is running in some special context which will restrict your root permission. I did not know how supersu works, but I think they might change the system. – Robin Aug 14 '13 at 08:54
No. I'm Talking about 4.2 on S4. S4 introduced KNOX and has SELinux inside. Solution found, see below – Tishka17 Aug 14 '13 at 09:26

score 0 · Answer 3 · answered Apr 24 '14 at 09:04

0

From android 4.3, setgid and setuid are not allow to use anymore.

answered Apr 24 '14 at 09:04

Danh Nguyen

11
1

Thank you. The question was asked when there was no 4.3 on Galaxy S4 – Tishka17 Apr 24 '14 at 12:54
But it will likely be read by people with a similar issue going forward and so is a valuable addition IMO. – indivisible May 27 '14 at 19:04

setuid fails with PermissionDenied on Galaxy s4

3 Answers3