It seems that we have some different rule enforcing in normal mode and emulator mode. Assume that we don’t allow shell to run shell executable.
Here is our test executable root@android:/data/local/tmp # ls -Z -rwxrwxrwx root root u:object_r:shell_data_file:s0 myscript -r-xr-xr-x shell shell u:object_r:shell_data_file:s0 su In normal kernel, the rule works as expected shell@android:/data/local/tmp $ id uid=2000(shell) gid=2000(shell) groups=1003(graphics),1004(input),1007(log),1009(mount),1011(adb),1015(sdcard_rw),1028(sdcard_r),2001(cache),3001(net_bt_admin),3002(net_bt),3003(inet),3006(net_bw_stats) context=u:r:shell:s0 shell@android:/data/local/tmp $ ./myscript /system/bin/sh: ./myscript: can't execute: Permission denied However, in emulator mode, the rule doesn’t work root@android:/data/local/tmp # id uid=0(root) gid=0(root) context=u:r:shell:s0 root@android:/data/local/tmp # ./myscript This is a test root@android:/data/local/tmp # ./su su: applet not found // This means su is running and returns error So, why does the emulator kernel (i.e., qemu) have different behavior ? It seems to enforce other rules, but not this case. Thanks, Tai
_______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
