search

termux / termux-api

Termux add-on app which exposes device functionality as API to command line programs.
https://f-droid.org/en/packages/com.termux.api/
2.3k stars 454 forks source link

[Android 10] termux-api hangs on sshd #301

Open comzine opened 4 years ago

comzine commented 4 years ago

Hello!

I have a Pixel 4 (Android 10 Q) with installed termux-api and apk Termux:API from Play Store. Granting all permissions and disabled battery optimization for termux:api. Running sshd in termux terminal.

Using termux-api (for example /data/data/com.termux/files/usr/libexec/termux-api BatteryStatus) works well when using termux directly on the phone, but via ssh it is hanging at:

11-10 12:50:10.015 20878 20878 W bash : type=1400 audit(0.0:11281): avc: granted { execute } for name="ps" dev="dm-4" ino=12791 scontext=u:r:untrusted_app_27:s0:c512,c768 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=file 11-10 12:50:10.015 20878 20878 W bash : type=1400 audit(0.0:11282): avc: granted { execute } for name="ps" dev="dm-4" ino=12791 scontext=u:r:untrusted_app_27:s0:c512,c768 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=file 11-10 12:50:10.015 20878 20878 W bash : type=1400 audit(0.0:11283): avc: granted { execute_no_trans } for path="/data/data/com.termux/files/usr/bin/ps" dev="dm-4" ino=12791 scontext=u:r:untrusted_app_27:s0:c512,c768 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=file 11-10 12:50:10.015 20878 20878 W ps : type=1400 audit(0.0:11284): avc: granted { execute } for path="/data/data/com.termux/files/usr/bin/ps" dev="dm-4" ino=12791 scontext=u:r:untrusted_app_27:s0:c512,c768 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=file 11-10 12:50:10.035 20878 20878 W ps : type=1400 audit(0.0:11285): avc: granted { execute } for path="/data/data/com.termux/files/usr/lib/libtermux-exec.so" dev="dm-4" ino=13421 scontext=u:r:untrusted_app_27:s0:c512,c768 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=file 11-10 12:50:10.035 20878 20878 W ps : type=1400 audit(0.0:11286): avc: granted { execute } for path="/data/data/com.termux/files/usr/lib/libprocps.so" dev="dm-4" ino=13422 scontext=u:r:untrusted_app_27:s0:c512,c768 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=file 11-10 12:50:10.039 20878 20878 W ps : type=1400 audit(0.0:11287): avc: denied { read } for name="osrelease" dev="proc" ino=195981 scontext=u:r:untrusted_app_27:s0:c512,c768 tcontext=u:object_r:proc:s0 tclass=file permissive=0 11-10 12:50:10.039 20878 20878 W ps : type=1400 audit(0.0:11288): avc: denied { read } for name="pid_max" dev="proc" ino=195983 scontext=u:r:untrusted_app_27:s0:c512,c768 tcontext=u:object_r:proc_pid_max:s0 tclass=file permissive=0 11-10 12:50:30.819 20884 20884 W bash : type=1400 audit(0.0:11292): avc: granted { execute } for name="ps" dev="dm-4" ino=12791 scontext=u:r:untrusted_app_27:s0:c512,c768 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=file 11-10 12:50:30.819 20884 20884 W bash : type=1400 audit(0.0:11293): avc: granted { execute } for name="ps" dev="dm-4" ino=12791 scontext=u:r:untrusted_app_27:s0:c512,c768 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=file 11-10 12:50:30.819 20884 20884 W bash : type=1400 audit(0.0:11294): avc: granted { execute_no_trans } for path="/data/data/com.termux/files/usr/bin/ps" dev="dm-4" ino=12791 scontext=u:r:untrusted_app_27:s0:c512,c768 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=file 11-10 12:50:30.819 20884 20884 W ps : type=1400 audit(0.0:11295): avc: granted { execute } for path="/data/data/com.termux/files/usr/bin/ps" dev="dm-4" ino=12791 scontext=u:r:untrusted_app_27:s0:c512,c768 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=file 11-10 12:50:30.822 20884 20884 W ps : type=1400 audit(0.0:11296): avc: granted { execute } for path="/data/data/com.termux/files/usr/lib/libtermux-exec.so" dev="dm-4" ino=13421 scontext=u:r:untrusted_app_27:s0:c512,c768 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=file 11-10 12:52:14.452 20912 20912 W bash : type=1400 audit(0.0:11304): avc: granted { execute } for name="termux-api" dev="dm-4" ino=61722 scontext=u:r:untrusted_app_27:s0:c512,c768 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=file 11-10 12:52:14.452 20912 20912 W bash : type=1400 audit(0.0:11305): avc: granted { execute } for name="termux-api" dev="dm-4" ino=61722 scontext=u:r:untrusted_app_27:s0:c512,c768 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=file 11-10 12:52:14.452 20912 20912 W bash : type=1400 audit(0.0:11306): avc: granted { execute_no_trans } for path="/data/data/com.termux/files/usr/libexec/termux-api" dev="dm-4" ino=61722 scontext=u:r:untrusted_app_27:s0:c512,c768 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=file 11-10 12:52:14.452 20912 20912 W termux-api: type=1400 audit(0.0:11307): avc: granted { execute } for path="/data/data/com.termux/files/usr/libexec/termux-api" dev="dm-4" ino=61722 scontext=u:r:untrusted_app_27:s0:c512,c768 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=file 11-10 12:52:14.452 20913 20913 W bash : type=1400 audit(0.0:11309): avc: granted { execute } for name="logcat" dev="dm-4" ino=12728 scontext=u:r:untrusted_app_27:s0:c512,c768 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=file 11-10 12:52:14.452 20914 20914 W bash : type=1400 audit(0.0:11308): avc: granted { execute } for name="coreutils" dev="dm-4" ino=12888 scontext=u:r:untrusted_app_27:s0:c512,c768 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=file 11-10 12:52:14.452 20913 20913 W bash : type=1400 audit(0.0:11310): avc: granted { execute } for name="logcat" dev="dm-4" ino=12728 scontext=u:r:untrusted_app_27:s0:c512,c768 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=file 11-10 12:52:14.452 20913 20913 W bash : type=1400 audit(0.0:11311): avc: granted { execute_no_trans } for path="/data/data/com.termux/files/usr/bin/logcat" dev="dm-4" ino=12728 scontext=u:r:untrusted_app_27:s0:c512,c768 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=file 11-10 12:52:14.452 20913 20913 W bash : type=1400 audit(0.0:11312): avc: granted { execute } for name="dash" dev="dm-4" ino=12795 scontext=u:r:untrusted_app_27:s0:c512,c768 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=file 11-10 12:52:14.534 20915 20915 D AndroidRuntime: >>>>>> START com.android.internal.os.RuntimeInit uid 10211 <<<<<<

ghost commented 4 years ago

Can be related to https://source.android.com/setup/start/android-10-release#background_apps_launching.

ai212983 commented 4 years ago

Same problem here. Android 10, Pixel 4. Works fine on device, freezing via sshd.

matthewgrossman commented 4 years ago

My workaround for this has been to start a tmux session on the device, detach, and tmux a after SSHing in via my computer.

Android 10, Pixel 1 FWIW

oelmekki commented 4 years ago

Thanks for the workaround, @matthewgrossman

For the record, if someone is scripting ssh commands, it may be possible with tmux send (although, it quickly becomes an escaping nightmare).

I had this command to send the X selection of my laptop to my phone:

xsel -o | ssh pixel termux-clipboard-set

Which stopped working with the same symptoms described in this issue.

With tmux, it can be done like this :

#!/usr/bin/env bash
#xsel -o | ssh pixel termux-clipboard-set

sel=$(xsel -o)
ssh pixel tmux send "'termux-clipboard-set $sel' Enter"

The Enter keyword is used to send \n and actually execute the command. pixel is my host, so it's to be replaced with yours, obviously.

I also used to have the reverse (ssh pixel termux-clipboard-get | xsel -i) to copy mobile selection to my laptop, but I haven't figured yet how to retrieve data from tmux. I guess I'll have to use tmp files.

LalaDK commented 4 years ago

I'm also experiencing this issue on Samsung S10 Plus Android 10.

heart5 commented 4 years ago

My workaround for this has been to start a tmux session on the device, detach, and tmux a after SSHing in via my computer.

Android 10, Pixel 1 FWIW

I run tmux on phone firstly, then login through ssh, but it cannot work for any termux-api command.

YggdrasiI commented 4 years ago

Minimal example code for workaround with GNU screen.

  1. Start screen session directly on the phone. 
    screen -S termux
  2. Create wrapper script in ~/bin/ for desired command, e.g. termux-media-scan 
    #!/data/data/com.termux/files/usr/bin/bash
screen -S termux -p 0 -X stuff "termux-media-scan '$1'^M"

Note that the output will printed in the screen session, but not returned over ssh.

ondrej-stanek-ozobot commented 4 years ago

I reproduced the same issue on Samsung Galaxy S9 earlier. The command termux-contact-list didn't work over ssh, while it was working well when invoked from termux.

The good news is, that the issue was resolved recently on my device, probably by an automatic update. I am now running termux Version 0.95 and there is no issue anymore.

This is just a heads-up; you might want to try the latest termux. It might solve the problem for you as well.

eladts commented 4 years ago

The issue was resolved on my Pixel 3a on Android 10, but once I upgraded to Android 11 it came back.

lypanov commented 3 years ago

termux-open has even weirder behavior. Failed the first 10+ times I tried it.. and then magically started working. termux-clipboard-get/set still broken alas and a core part of my use case for Termux.

Correction: -set works fine. I'll assume this is something about Android 10+ security model preventing random clipboard copies. Maybe termux api needs new more extensive permissions?