Application as root

[dmw]

hi all, 

I am building new image from android sources for my nexus 4 phone which is rooted and I was wondering is it possible to add application as system app so that it can run as root without asking for permission?

[Stuart Small]

If you want elevated privileges but not root you can use android:sharedUserId in the manifest.  I believe you can only set system, phone, log, nfc, bluetooth or shell like this.  System uid is pretty powerful and might get you what you want.

Another option depending on what you want to run as root is starting it from init.rc without setting the user option.  It defaults to root  https://github.com/android/platform_system_core/blob/master/init/readme.txt#L81

[dmw]

To be precise I want to collect kernel logs on push of a button, I can run logcat but when running dmesg I need su permission.

[Jean-Baptiste Queru]

Note that system apps don't run as root. Neither does the system server.

Zygote does, but IIRC is has already dropped all capabilities it doesn't need by the time you can talk to it, and also has SELinux configured appropriately. Even if you could manage to get Zygote to fork(), load your app code, and keep it as UID 0, the most you'd be able to do is to then change your UID to that of another app, and you'd still be limited to what apps can do.

You'll need something forked from init, which is far far away from apps.

JBQ

 

--
Jean-Baptiste M. "JBQ" Quéru
Architect, Mobile, Yahoo

On Thursday, February 26, 2015 4:07 AM, dmw <dam...@gmail.com> wrote:

hi all, 

I am building new image from android sources for my nexus 4 phone which is rooted and I was wondering is it possible to add application as system app so that it can run as root without asking for permission?

--
You received this message because you are subscribed to the Google Groups "android-platform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to android-platfo...@googlegroups.com.
To post to this group, send email to android-...@googlegroups.com.
Visit this group at http://groups.google.com/group/android-platform.
For more options, visit https://groups.google.com/d/optout.

[Endy Silveira]

Well, I don't know about Nexus images, but did you already tried to put the app inside /system/app?

Just an idea, but I believe that it makes the app to be as a system application and get the permissions automatically. 

Good luck and best regards

[dmw]

First thank u all for your answers, I solved my problem with enabling dmesg restrict mode. This /proc/sys/kernel/dmesg_restrict was initially set to 1 and when I tried to execute dmesg as shell user I got following message "klogctl: Operation not permitted", off course I didn't know what that is so I googled it and figure out that I should add following line into init script "write /proc/sys/kernel/dmesg_restrict 0" and problem was solved.

@Endy

Does adding apps to system app allows root privileges? In kitkat I added app to priv-app and I still got the same problem so I assumed app is not getting root permission.

@Jean-Baptiste

I understand your point but I don't know how implement some fork from init :) If u have some good links to read I would be very grateful to accept, as a matter of fact I am into this AOSP for about a year but still there are too many things to learn and I really don't know how u guys learned all this stuff from hardware over the kernel to the framework and apps.

BR

Damir

[Stuart Small]

For forking from init, alter your init.rc.  The link I included earlier is the documentation for the syntax of android's init language.  Look at /system/init.rc for examples.