nix-on-droid icon indicating copy to clipboard operation
nix-on-droid copied to clipboard

Published 20 hours ago verified publisher icon nix-community

Obtaining superuser privileges from within the Nix environment

Open t184256 opened this issue 5 years ago • 5 comments

Currently the only way to run something as root known to me is running su in the failsafe shell and executing /data/data/com.termux.nix/files/usr/bin/login <command>. There should be a way to do that from within the Nix environment.

t184256 avatar Mar 12 '19 15:03 t184256

I'm just doing some sanity checks here; is there any theoretical reason you couldn't have a sudo in android? Googling android sudo seems to yield results, and I don't see why it would necessarily need to be part of the nix distribution, as long as you can run executables with it?

With SELinux, does root still get to do everything, or are there restrictions?

The ability to do this at all depends on being on a "rooted" device, right? but from there...?

Some additional googling yields https://gitlab.com/st42/termux-sudo which seems to be the thing references everywhere (I haven't seen any references to binaries yet), though that's just a wrapper around su. (heh https://gist.github.com/GabrielMMelo/0e146f32d73978bf0d0a06786bcbc96c)

or is this a nix problem?

deliciouslytyped avatar Aug 30 '19 16:08 deliciouslytyped

I tried getting Magisk to work in nix-on-droid today and I could sucessfully execute the magisk binary after I passed through /system/bin/linker64 but it's unable to conntect to the magiskd.

read (4 != -1) failed with 104: Connection reset by peer

Strace:

socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0) = 3
connect(3, {sa_family=AF_UNIX, sun_path=@"CGx7Fvq1Eis1ayv0ScTyWRB3N7MwMYU3"}, 35) = 0
write(3, "\2\0\0\0", 4)                 = -1 EPIPE (Broken pipe)

I feel like this is a proot issue.

Atemu avatar Apr 27 '20 13:04 Atemu

/system/bin/linker64

TIL. Thanks!

connect(3, {sa_family=AF_UNIX, sun_path=@"CGx7Fvq1Eis1ayv0ScTyWRB3N7MwMYU3"}, 35) = 0 write(3, "\2\0\0\0", 4) = -1 EPIPE (Broken pipe)

I feel like this is a proot issue.

Could be. I don't know whether it supports abstract sockets.

t184256 avatar Apr 27 '20 13:04 t184256

I found a way to use nix-on-droid with chroot instead of proot https://gist.github.com/xwjqv/35179d08df60648dd4f2dbceac40444b

It is basically an alternative to /data/data/com.termux.nix/files/usr/bin/login

I did not do much testing, but nix-shell and magisk/su does work

xwjqv avatar Aug 26 '24 17:08 xwjqv

Neat to have a PoC for a proot-less implementation. Now if only I had the resources for maintaining rootful and rootless versions in parallel...

t184256 avatar Aug 26 '24 17:08 t184256