CODEWITHSUNDEEP
androidandroid-ndkroot
Artur Korobeynyk
Artur Korobeynyk

Reputation: 987

Getting root permissions on android app within native code

I recently jumped into an android development tutorials and doing my own app for the sake of learning. I want to get root permissions within my code in a proper way. So not by calling /system/xbin/su but by using something like seteuid(0). Unfortunately seteuid method does not work for me.

I am testing app on a real device, which I rooted, enabled debugging mode and well I clearly see that when using a call to /system/xbin/su my app requests root permissions from system, which does not happen with seteuid and seteguid (setuid and setguid do not work either but I would not expect those to do it as they are capable only in lowering the permissions).

Please, advice on where to look for a proper code implementation for requesting root permissions like it would do a top notch developer. Maybe some native api call? Or does everyone just use a call to su to get the needed access?

Upvotes: 1

Views: 4375

Answers (2)

Artur Korobeynyk
Artur Korobeynyk

Reputation: 987

Just in case posting my solution to the problem which I did in Java (no native code is needed here):

protected void hideRoot() throws IOException, InterruptedException {
    Process p = Runtime.getRuntime().exec("su");
    DataOutputStream dos = new DataOutputStream(p.getOutputStream());
    dos.writeBytes("mount -o remount,rw /system\n");
    dos.writeBytes("mv /system/xbin/su /system/xbin/suhidden\n");
    dos.writeBytes("exit\n");
    dos.flush();
    p.waitFor();
}

Upvotes: 0

Kevin Boone
Kevin Boone

Reputation: 4307

The usual way in Linux of elevating privileges -- that is, to run an application with greater privileges than the logged-in user -- is to set the SUID flag on the executable (e.g., chmod ug+s ...). This will make the process take the identity of the binary's owner (usually root), rather than the logged-in user.

This is tricky to do effectively on Android, even on a rooted device. First, you won't be able to install an app using the usual (APK) mechanisms that includes binaries with SUID permissions. Second, an Android app is not an executable in the usual sense -- a single executable handles the launching of all apps.

Still, if you want to experiment on the command line, it should be possible to set the SUID flag on binaries, in at least some filesystem locations.

If you have a rooted Android, then very likely there is some infrastructure already in place to control privilege elevation. Most likely the "su" command will work (because there will be kernel mods to make it work), and it will be provided either with credentials or with some other way to control which apps can use it. I believe that, as you suggest, calling "su" is the usual way to do privilege elevation in apps on rooted Android. It is fraught with difficulties, however. There's a document https://su.chainfire.eu/ that explains how "su" is typically implemented in rooted Android devices, and gives some guidance on how to use it properly.

Upvotes: 2

Related Questions