【发布时间】:2021-06-07 10:28:40
【问题描述】:
aosp 版本 android-8.1.0_r18 电话nexus5x 英制 我的应用是系统签名 image
shell没有问题
# adb shell
# getenforce selinux status is disabled
Permissive
# su system
$ su
没有任何错误
su的权限说明
-rwsrwsrwx 1 root shell 11080 2021-06-07 17:14 /system/xbin/su
我修改了 su.cpp
if (current_uid != AID_ROOT && current_uid != AID_SHELL && current_uid != AID_SYSTEM) error(1, 0, "not allowed");
应用代码
process = Runtime.getRuntime().exec("su");
BufferedReader resultReader = new BufferedReader(new InputStreamReader(process.getInputStream()));
BufferedReader errorReader = new BufferedReader(new InputStreamReader(process.getErrorStream()));
result = new StringBuffer();
error = new StringBuffer();
DataOutputStream os = new DataOutputStream(process.getOutputStream());
process.waitFor();
String line;
while ((line = resultReader.readLine()) != null) {
line += "\n";
result.append(line);
Log.d("AC", line);
}
resultReader.close();
while ((line = errorReader.readLine()) != null) {
line += "\n";
error.append(line);
Log.e("AC", "exec err:" + line);
}
我得到 su: setgid failed: Operation not allowed err
【问题讨论】:
-
可能被sepolicy屏蔽了。尝试在内核日志中查找 avc:denied: adb shell su root dmesg | grep 'avc:'。 source.android.com/security/selinux/validate#reading_denials
-
@Yong selinux disable #getenforce Permissive
-
好像漏掉了CAP_SETGID,而shell进程有这个能力。 man7.org/linux/man-pages/man7/capabilities.7.html
-
@user10357064 你能找到什么吗?我也被困在这个问题上。