Here is an example.
Starting androidterm:
LABEL USER PID PPID NAME
u:r:untrusted_app:s0 u0_a85 7829 153 jackpal.androidterm
u:r:untrusted_app:s0 u0_a85 7843 7829 /system/bin/sh
Run su from androidterm:
LABEL USER PID PPID NAME
u:r:untrusted_app:s0 u0_a85 7904 7843 su
u:r:untrusted_app:s0 u0_a85 7905 7904 su
u:r:init:s0 root 7908 1 /system/xbin/su
u:r:init:s0 root 7909 7908 /system/xbin/su
u:r:init_shell:s0 root 7911 7909 sh
u:r:zygote:s0 root 7912 7911 app_process
avc: denied { sigchld } for pid=7911 comm="sh"
I do not use gdbserver, it is not started.
I use Kouch Superuser forked from https://github.com/koush/Superuser It is
started via init.rc script, like all other CyanogenMod devices, not with the
install-recovery.sh.
Init structure of the device:
init.rc
import /init.environ.rc
import /init.usb.rc
import /init.${ro.hardware}.rc
import /init.trace.rc
- - - -
import /init.slim.rc
on boot
- - - -
init.endeavoru.rc
import init.endeavoru.htc.rc
import init.endeavoru.common.rc
import init.endeavoru.usb.rc
import init.tegra3-common.rc
import init.endeavoru.cm.rc
init.slim.rc
import /init.superuser.rc
on init
- - - -
init.superuser.rc
# su daemon
service su_daemon /system/xbin/su --daemon
oneshot
on property:persist.sys.root_access=0
stop su_daemon
on property:persist.sys.root_access=2
stop su_daemon
on property:persist.sys.root_access=1
start su_daemon
on property:persist.sys.root_access=3
start su_daemon
Btw. I found samsung s2 and s3 devices with same denials. So it is not limited
to my htc one x.
On 14 Feb 2014 19:49, Stephen Smalley <[email protected]> wrote:
>
> So you are running the su daemon in the init domain (started via
> install-recovery.sh) and when it executes a shell, the default
> transition is to init_shell. Which isn't really the way things are
> intended to work; this is a misuse of the pre-existing
> install-recovery.sh service to launch su and the fact that we happen
> to have a transition for shell commands launched by init*.rc files in
> our policy. Given that we now explicitly label the console service
> via a seclabel entry and most of the init*.rc file shell command
> instances now also use seclabel, I wonder if we shouldn't get rid of
> init_shell altogether.
> Is anything running in zygote domain other than the zygote process
> itself? ps -Z | grep zygote
> The sigchld denial means that either a process in the zygote domain is
> trying to send SIGCHLD to a process in the init_shell domain or a
> process in the init_shell domain is calling wait() on a process in the
> zygote domain. Wouldn't normally expect zygote to be spawned from
> init_shell, so that seems wrong.
>
> On Fri, Feb 14, 2014 at 8:56 AM, Tomas <[email protected]> wrote:
> > Hi, I am getting sigchild denials below, that I cannot figure out.
> > They only appear when using su access. Eg. when root-explorer or other
> > utility list files or processes.
> > Not sure if I understand the message correct; who is actually sending the
> > sigchld and why is it denied?
> >
> > I am unable to find logs from other devices showing samme denial. Using
> > same
> > BusyBox as many other.
> >
> > Thanks
> > Tomas
> >
> > { sigchld } for
> > pid=5594 comm="sh"
> > scontext=u:r:zygote:s0
> > tcontext=u:r:init_shell:s0
> > tclass=process
> >
> > # adb shell su 0 ps -Z | grep sh
> > u:r:adbd:s0 shell 177 1 /sbin/adbd
> > u:r:shell:s0 shell 5064 177 /system/bin/sh
> > u:r:init_shell:s0 root 5262 5260 sh
> > u:r:init_shell:s0 root 5496 5262 sh
> > u:r:init_shell:s0 root 5594 5593 sh
> >
> > -rwxr-xr-x root shell u:object_r:shell_exec:s0 mksh
> > lrwxrwxrwx root root u:object_r:shell_exec:s0 sh -> mksh
> >
> > ------ BusyBox: ------
> > root@android:/ # ps -Z | grep su
> > u:r:init:s0 root 176 1 /system/xbin/su
> > u:r:su:s0 root 5254 5064 su
> > u:r:su:s0 root 5255 5254 su
> > u:r:init:s0 root 5258 1 /system/xbin/su
> > u:r:init:s0 root 5260 5258 /system/xbin/su
> > u:r:untrusted_app:s0 u0_a61 5589 1950 /system/bin/su
> > u:r:untrusted_app:s0 u0_a61 5590 5589 /system/bin/su
> > u:r:init:s0 root 5592 1 /system/xbin/su
> > u:r:init:s0 root 5593 5592 /system/xbin/su
> > u:r:su:s0 root 6598 6297 su
> > u:r:su:s0 root 6599 6598 su
> > u:r:init:s0 root 6601 1 /system/xbin/su
> > u:r:init:s0 root 6603 6601 /system/xbin/su
> >
> > # adb shell su 0 ls -Z /system/bin/ | grep su
> > lrwxrwxrwx root root u:object_r:system_file:s0 su ->
> > ../xbin/su
> > # adb shell su 0 ls -Z /system/xbin/| grep su
> > -rwsr-sr-x root root u:object_r:su_exec:s0 su
> >
> >
> > _______________________________________________
> > Seandroid-list mailing list
> > [email protected]
> > To unsubscribe, send email to [email protected].
> > To get help, send an email containing "help" to
> > [email protected].
> >
_______________________________________________
Seandroid-list mailing list
[email protected]
To unsubscribe, send email to [email protected].
To get help, send an email containing "help" to
[email protected].
