librootjava icon indicating copy to clipboard operation
librootjava copied to clipboard
verified publisher icon Chainfire

Running under /system/bin on Android 10 still gives restricted SELinux context on Samsung devices

Open Mygod opened this issue 5 years ago • 1 comments

Only seen in collected analytics. Probably due to KNOX additional security measures.

Mygod avatar Aug 06 '20 23:08 Mygod

A proof of concept script to hijack linker to make appProcess relocation work: (tested on Android 11 beta 3)

mkdir /apex/myfs
mount -t tmpfs -o size=1M tmpfs /apex/myfs
mkdir /apex/myfs/bin /apex/myfs/etc
echo dir.system = /apex/myfs >/apex/myfs/etc/ld.config.txt
# or /system/etc/ld.config.29.txt for API 29
cat /linkerconfig/ld.config.txt >>/apex/myfs/etc/ld.config.txt
cp /system/bin/app_process /apex/myfs/bin
/apex/myfs/bin/app_process

Mygod avatar Aug 07 '20 00:08 Mygod