How to obtain the root permission of the rootexplorer?

 

On the Android system, the famous rootexplorer is very powerful and can operate files in any directory, including those that require root permissions such as/data. How is it done?

An open-source project is provided here. The address is:
Http://code.google.com/p/superuser/
You can use SVN to download the source code to your local computer and compile it with the system source code. After compilation, two files will be generated, one is the binary executable file su, and the other is superuser.apk. Copy Su to the/system/bindirectory of the system, and then copy superuser.apk to the/system/APP directory of the system.
In this case, when the following code is used to execute a sucommand, the activity in superuser.apk will be started to pop up the dialog box titled "The following program requires the highest permission to be granted...". After the user agrees, the APK will have the root permission.

Next let's take a look at the code in the APK.

Processbuilder Pb = new processbuilder ("/system/bin/sh"); Pb. Directory (new file ("/"); // you can specify the current shell directory. Try {process proc = Pb. Start (); // obtain the input stream, which can be used to obtain shell output. Bufferedreader in = new bufferedreader (New inputstreamreader (Proc. getinputstream (); bufferedreader err = new bufferedreader (New inputstreamreader (Proc. geterrorstream (); // gets the output stream, which can be used to send commands to shell. Printwriter out = new printwriter (New bufferedwriter (New outputstreamwriter (Proc. getoutputstream (), true); out. println ("PWD"); out. println ("su root"); // when this sentence is executed, a dialog box is displayed (the following program requires the highest permission to be granted ...), ask the user to confirm. Out. println ("CD/data/Data"); // This directory must have the root permission in the system for access. Out. println ("ls-L"); // if this command can list the data file storage directory of the currently installed APK, it means that we have the root permission. Out. println ("exit"); // Proc. waitfor (); string line; while (line = in. Readline ())! = NULL) {system. Out. println (line) ;}while (line = err. Readline ())! = NULL) {system. out. println (line);} In. close (); out. close (); Proc. destroy ();} catch (exception e) {system. out. println ("exception:" + E );}

With the root permission, all directories in the system can be operated by combining commands such as LS, CP, and MV.

Some questions have not been answered yet:
If I use ADB to execute su root from Ubuntu and the user chooses to agree in the pop-up dialog box, the command will return quickly, and the prompt below will be changed.
However, when I use the code to test in the APK, it only succeeds occasionally and finds that most of the time it gets stuck in the out. println ("su root"); statement. That is, after you select "agree" in the dialog box, the program does not respond, and the output is invisible to ddms. Wait a moment, and the dialog box that the program needs to be forced to close is displayed. This project is still incomplete, but the idea is really good.

How does suprogram and superuser.apk work together to grant root permissions to APK running.

1. Run the su command in APK.
2. Su Retrieval Database (/data/COM. koushikdutta. superuser/databases/superuser. SQLite). If the record is found, it indicates that the current process has been allowed by the user to obtain the root permission, proceed to step 1.
3. If no result is found, Su will use the am startcommand to open the superuserrequestactivity in superuser.apk:

sprintf(sysCmd, "am start -a android.intent.action.MAIN -n com.koushikdutta.superuser/com.koushikdutta.superuser.SuperuserRequestActivity --ei uid %d --ei pid %d > /dev/null", g_puid, ppid);if (system(sysCmd))    return executionFailure("am.");

Then enter the loop wait, and check whether the database is updated every second. The wait time is 10 seconds:

for (i = 0; i < 10; i++){sleep(1);// 0 means waiting for user input// > 0 means yes/always// < 0 means noint checkResult = checkWhitelist();... ...}

Superuserrequestactivity will display the interface asking the user to select whether to allow the process to obtain the root permission. With your consent, the user adds the current process ID to the database and exits the activity. Otherwise, go to step 1.
4. If Su finds the process ID in the database, it indicates that the current process has been permitted by the user to obtain the root permission, and the user ID and group ID of the current process are changed:

if(setgid(gid) || setuid(uid)) return permissionDenied();

5. The command execution is complete and the process is complete.

In addition, the ID of the process used for each running APK installed in the system is fixed.

Http://www.surfaceflinger.com/forum.php? MoD = viewthread & tid = 6 & page = 1