search

miracle2k / android-autostarts

Tool to manage autostarts (broadcast receivers) on an Android device.
http://elsdoerfer.name/=android-autostarts
GNU General Public License v3.0
207 stars 88 forks source link

1.9.0 - Doesn't work at Android 5.0 (LRX21O) #13

Closed mag01 closed 9 years ago

mag01 commented 9 years ago

Google Nexus 5 Android 5.0 (LRX21O) Rooted using current CF-Auto-Root (SuperSU 2.20) for Nexus 5/Android 5.0

Root can be obtained (other apps work fine and gain root as well), however getting SELinux denials for Autostarts, example for disabling Skype (check out the "avc: denied" line):

11-13 17:25:55.926  6959  6959 D Autostarts: Added com.skype.raider/com.skype.android.push.DeviceBootReceiver to service queue, now size: 1
11-13 17:25:55.926  6959  6959 D Autostarts: Processing com.skype.raider/com.skype.android.push.DeviceBootReceiver, remaining items in queue: 0
11-13 17:25:55.928  6959  7273 I Autostarts: Asking package manger to change component state to disabled
11-13 17:25:55.928  6959  7273 I Autostarts: Changing state by employing root access
11-13 17:25:55.928  6959  7273 W Settings: Setting adb_enabled has moved from android.provider.Settings.Secure to android.provider.Settings.Global.
11-13 17:25:55.929  6959  7273 D Autostarts: Running 'LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/system/lib" pm disable 'com.skype.raider/com.skype.android.push.DeviceBootReceiver'' as root, timeout=25000
11-13 17:25:55.929  6959  7273 D Autostarts: su found at: /system/xbin/su
11-13 17:25:55.982  7280  7280 W sh      : type=1400 audit(0.0:20): avc: denied { execute_no_trans } for path="/system/bin/app_process32" dev="mmcblk0p25" ino=326 scontext=u:r:init_shell:s0 tcontext=u:object_r:zygote_exec:s0 tclass=file
11-13 17:25:56.023   786  1378 W InputMethodManagerService: Window already focused, ignoring focus gain of: com.android.internal.view.IInputMethodClient$Stub$Proxy@378485a0 attribute=null, token = android.os.BinderProxy@aaf6962
11-13 17:25:56.153  7281  7281 D AndroidRuntime:
11-13 17:25:56.153  7281  7281 D AndroidRuntime: >>>>>> AndroidRuntime START com.android.internal.os.RuntimeInit <<<<<<
11-13 17:25:56.152  7281  7281 W app_process: type=1400 audit(0.0:21): avc: denied { write } for name="system@framework@boot.art" dev="mmcblk0p28" ino=491524 scontext=u:r:shell:s0 tcontext=u:object_r:dalvikcache_data_file:s0 tclass=file
11-13 17:25:56.250  7281  7281 D AndroidRuntime: Calling main entry com.android.commands.am.Am
11-13 17:25:56.257  6959  7273 D Autostarts: Process returned with 0
11-13 17:25:56.257  6959  7273 D Autostarts: Process stdout was: rc: 1
11-13 17:25:56.257  6959  7273 D Autostarts: ; stderr: /system/bin/pm[6]: app_process: Permission denied
11-13 17:25:56.258  6959  7273 I Autostarts: State change failed
11-13 17:25:56.274  7281  7281 D AndroidRuntime: Shutting down VM
11-13 17:25:56.283  6959  6959 D Autostarts: Processing com.skype.raider/com.skype.android.push.DeviceBootReceiver done
11-13 17:25:56.283  6959  6959 D Autostarts: ToggleService mQueue empty, shutting down
miracle2k commented 9 years ago

Thanks for pointing this out. Sounds like a pain. Here are some relevant links:

http://ausdroid.net/2014/10/22/lollipop-state-root/ http://www.androidpolice.com/2014/10/20/chainfire-explains-his-root-method-for-the-latest-lollipop-developer-preview-modified-kernels-may-become-a-requirement/

mag01 commented 9 years ago

I think that what you need to do is to extend the su launching code in your com.elsdoerfer.android.autostarts.Utils class to launch it in the specific SELinux context, most likely "u:r:system_app:s0" (but maybe "u:r:platform_app:s0" will be enough, I don't know, better to try), via su --context ...

And wrap some SELinux policy (and perhaps also SDK version) detection around it so that it's only applied for Enforcing policy (/sys/fs/selinux/enforce exists and returns 1 - like it's done for example here https://android.googlesource.com/platform/cts/+/master/tests/tests/security/src/android/security/cts/KernelSettingsTest.java) and perhaps also SDK version 18 and higher (JELLY_BEAN_MR2 - first with SELInux). And from performance standpoint it's better to detect this on startup (or when needed for the 1st time) and then cache the result so that it doesn't have to be checked over and over again..

See http://su.chainfire.eu

EDIT: It seems that context "u:r:untrusted_app:s0" may be enough here as the following command succeeds when executed from shell: su --context u:r:untrusted_app:s0 -c LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/system/lib" pm disable 'com.skype.raider/com.skype.android.push.DeviceBootReceiver'

If it won't work from the application, you may try one of the more privileged ones such as "u:r:platform_app:s0" or even "u:r:system_app:s0". But it's better to start with the least privileged one and see if that's enough.

miracle2k commented 9 years ago

Thanks a lot for your hints. I'm currently working on getting my hands on a 5.0 device so I can test.