Adb shell runs in a different sandbox than applications - with a different set of permissions. Thus testing application code in the shell sandbox often leads to inaccurate test results. However, when creating proof-of-concept native code or scripts that will eventually run in an app, it can be faster and simpler to test via adb rather than going through the hassle of wrapping the test code in an apk.
Here is how to run an executable in the application sandbox. The executable needs:
- Unix UID/GID(s) in the application range as well as supplemental GIDs for additional permissions. Note: not all of the supplemental GIDs listed are granted to non-system apps.
- The selinux untrusted_app domain.
In one terminal:
- $ adb root # run shell as the root user
- $ adb shell setenforce 0 # temporarily put selinux into permissive mode
In a second terminal (where executable will be run):
- $ adb shell # Now shelled into the device running as the root user
- $ runcon u:r:untrusted_app:s0:c512,c768 /system/bin/sh # transition shell to the untrusted_app domain
- $ su 12345,12345,3003 # run in UID 12345 with GIDs 12345 and 3003 (inet group for internet permission)
Back in original terminal flip selinux back into enforcing mode:
- $ adb shell setenforce 1
Executables launched in the second terminal will now run in the untrusted_app selinux domain with UID 12345, and GIDs 12345 and 3003. Customize and automate.
Let me know if you have any questions.
No comments:
Post a Comment