Android本机-用jni编写的本机代码如何在具有root权限的情况下运行? [英] Android native - How does native code written in jni run with root permission?
问题描述
我有一个Android应用程序,它通过jni调用本机共享库.这个共享库调用了一些可加载的内核模块.ko
当jni调用共享库中调用内核模块的函数时,我的应用程序运行失败.但是,当我使用此共享库编写可执行文件时,调用上面的函数可以正常工作.
我发现我的应用程序以用户名"u0_axx"运行,而我的可执行文件以root用户身份通过命令行运行.因此,也许它没有调用内核模块的权限.
我的问题是,该本机代码如何在具有root权限的情况下运行?还是一些解决此类问题的解决方案?
Ps:我也尝试使用Runtime.getRuntime().exec("su")并将<uses-permission android:name="android.permission.ACCESS_SUPERUSER"/>添加到清单中,但它无济于事,并获得了权限被拒绝的异常.我的设备已扎根,我的应用程序已构建为系统应用程序.
您可以将您的应用设置为以系统身份运行,
android:sharedUserId="android.uid.system"
这需要一些额外的步骤,但是它不会为您的JNI代码提供对内核模块的访问权限.
为此,您需要一些中介程序(以 root 运行),该进程可以接收来自Java或本机代码的请求,并为您调用内核函数.您可以使用
Runtime.getRuntime().exec("su …")
但是从 init.rc 作为服务启动此中介程序可能会更容易.像 https://github.com/SpazeDog/rootfw 这样的专用库也可能有帮助. >
您可以在 https://boundarydevices中找到更多说明. com/android-security-part-1-application-signatures-permissions/.
I have an Android application that call a native shared library by jni. This shared library invokes some loadable kernel modules .ko
My app run fail when jni calls the function in shared library that invokes kernel module. But when I write an executable using this shared library, it works fine when call above function.
I found that my app run with user name is "u0_axx" and my executable run by command line with root. So maybe it doesn't have permission to invokes kernel module.
My question is how does this native code run with root permission? Or some solution to solve such kind of issue?
Ps: I also tried to use Runtime.getRuntime().exec("su") and added <uses-permission android:name="android.permission.ACCESS_SUPERUSER"/> into manifest but it doesn't help and get an exception that permission denied. My device is rooted and my app is built as system app.
You can set your app to run as System,
android:sharedUserId="android.uid.system"
This requires some extra steps, but it won't give your JNI code access to kernel module.
For that, you need some mediator process (running as root) which can receive a request from your Java or native code, and call the kernel function for you. You can use
Runtime.getRuntime().exec("su …")
But it may be easier to start this mediator process as a service from init.rc. A specialized library like https://github.com/SpazeDog/rootfw may help, too.
You can find more explanations at https://boundarydevices.com/android-security-part-1-application-signatures-permissions/.
这篇关于Android本机-用jni编写的本机代码如何在具有root权限的情况下运行?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
