To add more info: The failure is due to setmask can’t create a file in directory it doesn’t have unix permission. So, it seems like it doesn’t have dac_override permission in case 2.
From: Tai Nguyen <[email protected]<mailto:[email protected]>> Date: Friday, April 24, 2015 at 12:53 PM To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: Permission error We can’t figure out what’s wrong in the below case. Hopefully, the community can shed some light into it. We have a suid process, setmask. This process is launched by a service shell, debugsh. A user can get a debugsh via ssh or launch debugsh directly from adb shell. Setmask has its own domain and it is transitioned from debugsh domain. When debugsh is launched from adb shell, it also changes to debugsh. So, Regardless of how debugsh is launch via ssh or adb shell, it runs in debugsh domain. The issue is that setmask runs successfully via ssh and debugsh interface, and setmask fails via adb shell. 1. ssh —> debugsh —> setmask : Success 2. Adb —> debugsh —> setmask: Failure Since setmask is a suid program so it runs as root and it has dac_override privilege, it works as expected in case 1. Since both debugsh and setmask run in the same SELinux domain in both cases, we can’t figure out why it fails in case 2. I recall a discussion about restricting privilege escalation in app_domain. Since adb shell is app_domain, I wonder if that it the reason setmask fails in case 2.
_______________________________________________ Seandroid-list mailing list [email protected] To unsubscribe, send email to [email protected]. To get help, send an email containing "help" to [email protected].
