- Forum posts: 1
Oct 18, 2017, 6:25:01 PM via Website
Oct 18, 2017 6:25:01 PM via Website
Hello,
I would like to ask for help with get root access for AOSP apk broadcast receiver.
I need receive event for change date/time and I need run my shell command for write system time to hardware RTC.
I have chosen follow principe:
- I wrote Android myBR.apk in AOSP with broadcast receiver for TIME_SET, TIMEZONE_CHANGED
- From myBR.apk I run my shell command (rtcclock -w)
- "rtcclock -w" shell command which is write system time from Android to RTC via /dev/rtc0 -> ioctl( i2c )
**My problem is:
I need run shell command rtcclock from AOSP myBR.apk as root.
My all attempts were unsuccessful.
I would like to ask for help from some experts how can I resolve this problem.**
Environment info (everything in Android shell terminal)
Android device is not rooted
Permissions for su shell command
$ ls -lZ /system/xbin/su
-rwsr-x--- root shell u:object_r:su_exec:s0 su
SELinux status
$ getenforce
Disabled
Super user information
$ su
id
uid=0(root) gid=0(root) groups=1007(log)
Android version
$ cat /system/build.prop | grep "ro.build.version.release"
ro.build.version.release=5.1.1
Kernel version
$ cat /proc/version
Linux version 3.4.39 .....
Permissions for rtcclock shell command
$ ls -l /system/bin/rtcclock
-rwxr-xr-x root shell 13672 2017-10-18 09:53 rtcclock
Example for try write system time from Android to RTC as user = shell from
$ rtcclock -w
rtcclock: can't open '/dev/misc/rtc': No such file or directory
Example for try write system time from Android to RTC as user = system
$ su system
$ rtcclock -w
rtcclock: ioctl 0x4024700a failed: Permission denied
Example for try write system time from Android to RTC as user = root
$ su
rtcclock -w
successfull
My source code:
MyBroadcastReceiver.java
package com.example.mybr;
import android.content.BroadcastReceiver;
import android.content.Context;
import android.content.Intent;
import android.util.Log;
import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.IOException;
public class MyBroadcastReceiver extends BroadcastReceiver {
private static final String TAG = "MyBroadcastReceiver";
public MyBroadcastReceiver() {
super();
Log.i( TAG, "MyBroadcastReceiver - created" );
}
@Override
public void onReceive( Context context, Intent intent )
{
final String intentAction = intent.getAction();
boolean bResult = false;
if( intentAction.equals( Intent.ACTION_TIME_CHANGED ) ||
intentAction.equals( Intent.ACTION_TIMEZONE_CHANGED ) )
{
bResult = runCmd( "sh", "id" );
Log.i( TAG, "bResult = " + bResult );
bResult = runCmd( "su", "id" );
Log.i( TAG, "bResult = " + bResult );
bResult = runCmd( "su", "rtcclock -w" );
Log.i( TAG, "bResult = " + bResult );
}
}
public static boolean runCmd( String...commands )
{
boolean bResult = false;
try
{
Process prcs = Runtime.getRuntime().exec( commands[ 0 ] );
DataOutputStream cmdStream = new DataOutputStream( prcs.getOutputStream() );
DataInputStream resStream = new DataInputStream( prcs.getInputStream() );
DataInputStream errStream = new DataInputStream( prcs.getErrorStream() );
if( cmdStream != null && resStream != null && errStream != null )
{
for( int n = 1; n < commands.length; n++ )
{
Log.d( TAG, "cmd: " + commands[ n ] );
cmdStream.writeBytes( commands[ n ] + "\n" );
cmdStream.flush();
do
{
String outputResult = resStream.readLine();
Log.d( TAG, "cmd result: " + outputResult );
} while( resStream.available() > 0 );
while( errStream.available() > 0 )
{
String outputResult = errStream.readLine();
Log.d( TAG, "cmd error: " + outputResult );
}
}
bResult = true;
cmdStream.writeBytes( "exit\n" );
cmdStream.flush();
try
{
prcs.waitFor();
} catch( InterruptedException e )
{
Log.i( TAG, "!!! EXCEPTION_1 !!!" );
e.printStackTrace();
}
}
if( cmdStream != null )
{
cmdStream.close();
}
if( resStream != null )
{
resStream.close();
}
if( errStream != null )
{
errStream.close();
}
}
catch( IOException e )
{
Log.i( TAG, "!!! EXCEPTION_2 !!!" );
e.printStackTrace();
}
return( bResult );
}
}
AndroidManifest.xml
package="com.example.mybr"
android:sharedUserId="android.uid.shell">
<application
android:allowBackup="true"
android:icon="@mipmap/ic_launcher"
android:label="@string/app_name"
android:supportsRtl="true">
<receiver
android:name=".MyBroadcastReceiver"
android:enabled="true"
android:exported="true">
<intent-filter>
<action android:name="android.intent.action.TIME_SET"/>
<action android:name="android.intent.action.TIMEZONE_CHANGED"/>
</intent-filter>
</receiver>
</application>
Android.mk
LOCAL_PATH:= $(call my-dir)
include $(CLEAR_VARS)
LOCAL_MODULE_TAGS := optional
Only compile source java files in this apk.
LOCAL_SRC_FILES := $(call all-java-files-under, src)
LOCAL_PACKAGE_NAME := myBR
LOCAL_CERTIFICATE := platform
LOCAL_PRIVILEGED_MODULE := true
LOCAL_MODULE_PATH := $(TARGET_OUT)/priv-app
include $(BUILD_PACKAGE)
Use the following include to make our test apk.
include $(call all-makefiles-under,$(LOCAL_PATH))
Listing from logcat (as you can see su always failed)
10-28 14:08:28.821 455-455/system_process I/PackageManager: /system/priv-app/myBR changed; collecting certs
10-28 14:08:28.855 455-455/system_process I/art: DexFile_isDexOptNeeded file /system/priv-app/myBR/arm/myBR.odex needs to be relocated for /system/priv-app/myBR/myBR.apk
10-28 14:08:42.875 455-455/system_process I/art: DexFile_isDexOptNeeded file /system/priv-app/myBR/arm/myBR.odex needs to be relocated for /system/priv-app/myBR/myBR.apk
10-28 14:08:42.876 455-455/system_process I/PackageManager: Running patchoat on: com.example.mybr
10-28 14:08:42.878 631-631/? E/installd: Running /system/bin/patchoat isa=arm in-fd=5 (/system/priv-app/myBR/arm/myBR.odex) out-fd=6 (/data/dalvik-cache/arm/system@priv-app@myBR@myBR.apk@classes.dex)
10-03 14:11:47.001 455-501/system_process I/ActivityManager: Start proc 1795:com.example.mybr/2000 for broadcast com.example.mybr/.MyBroadcastReceiver
10-03 14:11:47.115 455-499/system_process W/InputMethodManagerService: Window already focused, ignoring focus gain of: com.android.internal.view.IInputMethodClient$Stub$Proxy@c92a0d7 attribute=null, token = android.os.BinderProxy@3515a383
10-03 14:11:47.181 1795-1795/com.example.mybr I/MyBroadcastReceiver: MyBroadcastReceiver - created
10-03 14:11:47.214 1795-1795/com.example.mybr D/MyBroadcastReceiver: cmd: id (added my note: runCmd( "sh", "id" )
10-03 14:11:47.268 1795-1795/com.example.mybr D/MyBroadcastReceiver: cmd result: uid=2000(shell) gid=2000(shell) groups=1015(sdcard_rw),1023(media_rw),1028(sdcard_r),3002(net_bt),3008(net_bt_stack),9997(everybody),42000(u0_a32000)
10-03 14:11:47.275 1795-1795/com.example.mybr I/MyBroadcastReceiver: bResult = true
10-03 14:11:47.297 1795-1795/com.example.mybr D/MyBroadcastReceiver: cmd: id (added my note: runCmd( "su", "id" )
10-03 14:11:47.306 1795-1795/com.example.mybr D/MyBroadcastReceiver: cmd result: null
10-03 14:11:47.309 1795-1795/com.example.mybr D/MyBroadcastReceiver: cmd error: su: permission denied (added mine detection: call function setgidI() return -1 from su.c)
10-03 14:11:47.310 1795-1795/com.example.mybr I/MyBroadcastReceiver: !!! EXCEPTION_2 !!!
10-03 14:11:47.310 1795-1795/com.example.mybr W/System.err: java.io.IOException: write failed: EPIPE (Broken pipe)
10-03 14:11:47.310 1795-1795/com.example.mybr W/System.err: at libcore.io.IoBridge.write(IoBridge.java:502)
10-03 14:11:47.310 1795-1795/com.example.mybr W/System.err: at java.io.FileOutputStream.write(FileOutputStream.java:186)
10-03 14:11:47.310 1795-1795/com.example.mybr W/System.err: at java.io.OutputStream.write(OutputStream.java:82)
10-03 14:11:47.310 1795-1795/com.example.mybr W/System.err: at java.io.DataOutputStream.writeBytes(DataOutputStream.java:156)
10-03 14:11:47.310 1795-1795/com.example.mybr W/System.err: at com.example.mybr.MyBroadcastReceiver.runCmd(MyBroadcastReceiver.java:77)
10-03 14:11:47.310 1795-1795/com.example.mybr W/System.err: at com.example.mybr.MyBroadcastReceiver.onReceive(MyBroadcastReceiver.java:33)
10-03 14:11:47.310 1795-1795/com.example.mybr W/System.err: at android.app.ActivityThread.handleReceiver(ActivityThread.java:2609)
10-03 14:11:47.310 1795-1795/com.example.mybr W/System.err: at android.app.ActivityThread.access$1700(ActivityThread.java:151)
10-03 14:11:47.310 1795-1795/com.example.mybr W/System.err: at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1380)
10-03 14:11:47.311 1795-1795/com.example.mybr W/System.err: at android.os.Handler.dispatchMessage(Handler.java:102)
10-03 14:11:47.311 1795-1795/com.example.mybr W/System.err: at android.os.Looper.loop(Looper.java:135)
10-03 14:11:47.311 1795-1795/com.example.mybr W/System.err: at android.app.ActivityThread.main(ActivityThread.java:5254)
10-03 14:11:47.311 1795-1795/com.example.mybr W/System.err: at java.lang.reflect.Method.invoke(Native Method)
10-03 14:11:47.311 1795-1795/com.example.mybr W/System.err: at java.lang.reflect.Method.invoke(Method.java:372)
10-03 14:11:47.311 1795-1795/com.example.mybr W/System.err: at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:903)
10-03 14:11:47.311 1795-1795/com.example.mybr W/System.err: at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:698)
10-03 14:11:47.311 1795-1795/com.example.mybr W/System.err: Caused by: android.system.ErrnoException: write failed: EPIPE (Broken pipe)
10-03 14:11:47.311 1795-1795/com.example.mybr W/System.err: at libcore.io.Posix.writeBytes(Native Method)
10-03 14:11:47.311 1795-1795/com.example.mybr W/System.err: at libcore.io.Posix.write(Posix.java:258)
10-03 14:11:47.311 1795-1795/com.example.mybr W/System.err: at libcore.io.BlockGuardOs.write(BlockGuardOs.java:313)
10-03 14:11:47.311 1795-1795/com.example.mybr W/System.err: at libcore.io.IoBridge.write(IoBridge.java:497)
10-03 14:11:47.312 1795-1795/com.example.mybr W/System.err: ... 15 more
10-03 14:11:47.312 1795-1795/com.example.mybr I/MyBroadcastReceiver: bResult = true
10-03 14:11:47.337 1795-1795/com.example.mybr D/MyBroadcastReceiver: cmd: rtcclock -w (added my note: runCmd( "su", "rtcclock -w" )
10-03 14:11:47.340 1795-1795/com.example.mybr D/MyBroadcastReceiver: cmd result: null
10-03 14:11:47.342 1795-1795/com.example.mybr D/MyBroadcastReceiver: cmd error: su: permission denied (added mine detection: call function setgidI() return -1 from su.c)
10-03 14:11:47.342 1795-1795/com.example.mybr I/MyBroadcastReceiver: !!! EXCEPTION_2 !!!
10-03 14:11:47.342 1795-1795/com.example.mybr W/System.err: java.io.IOException: write failed: EPIPE (Broken pipe)
10-03 14:11:47.343 1795-1795/com.example.mybr W/System.err: at libcore.io.IoBridge.write(IoBridge.java:502)
10-03 14:11:47.343 1795-1795/com.example.mybr W/System.err: at java.io.FileOutputStream.write(FileOutputStream.java:186)
10-03 14:11:47.343 1795-1795/com.example.mybr W/System.err: at java.io.OutputStream.write(OutputStream.java:82)
10-03 14:11:47.343 1795-1795/com.example.mybr W/System.err: at java.io.DataOutputStream.writeBytes(DataOutputStream.java:156)
10-03 14:11:47.343 1795-1795/com.example.mybr W/System.err: at com.example.mybr.MyBroadcastReceiver.runCmd(MyBroadcastReceiver.java:77)
10-03 14:11:47.343 1795-1795/com.example.mybr W/System.err: at com.example.mybr.MyBroadcastReceiver.onReceive(MyBroadcastReceiver.java:36)
10-03 14:11:47.343 1795-1795/com.example.mybr W/System.err: at android.app.ActivityThread.handleReceiver(ActivityThread.java:2609)
10-03 14:11:47.343 1795-1795/com.example.mybr W/System.err: at android.app.ActivityThread.access$1700(ActivityThread.java:151)
10-03 14:11:47.343 1795-1795/com.example.mybr W/System.err: at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1380)
10-03 14:11:47.343 1795-1795/com.example.mybr W/System.err: at android.os.Handler.dispatchMessage(Handler.java:102)
10-03 14:11:47.343 1795-1795/com.example.mybr W/System.err: at android.os.Looper.loop(Looper.java:135)
10-03 14:11:47.343 1795-1795/com.example.mybr W/System.err: at android.app.ActivityThread.main(ActivityThread.java:5254)
10-03 14:11:47.343 1795-1795/com.example.mybr W/System.err: at java.lang.reflect.Method.invoke(Native Method)
10-03 14:11:47.343 1795-1795/com.example.mybr W/System.err: at java.lang.reflect.Method.invoke(Method.java:372)
10-03 14:11:47.343 1795-1795/com.example.mybr W/System.err: at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:903)
10-03 14:11:47.343 1795-1795/com.example.mybr W/System.err: at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:698)
10-03 14:11:47.343 1795-1795/com.example.mybr W/System.err: Caused by: android.system.ErrnoException: write failed: EPIPE (Broken pipe)
10-03 14:11:47.344 1795-1795/com.example.mybr W/System.err: at libcore.io.Posix.writeBytes(Native Method)
10-03 14:11:47.344 1795-1795/com.example.mybr W/System.err: at libcore.io.Posix.write(Posix.java:258)
10-03 14:11:47.344 1795-1795/com.example.mybr W/System.err: at libcore.io.BlockGuardOs.write(BlockGuardOs.java:313)
10-03 14:11:47.344 1795-1795/com.example.mybr W/System.err: at libcore.io.IoBridge.write(IoBridge.java:497)
10-03 14:11:47.344 1795-1795/com.example.mybr W/System.err: ... 15 more
10-03 14:11:47.344 1795-1795/com.example.mybr I/MyBroadcastReceiver: bResult = true
10-03 14:11:47.354 1388-1388/com.android.deskclock V/AlarmClock: AlarmInitReceiver android.intent.action.TIME_SET
10-03 14:11:47.384 1388-1647/com.android.deskclock V/AlarmClock: AlarmInitReceiver finished
10-03 14:11:47.395 455-498/system_process I/ActivityManager: Killing 1368:com.android.music/u0a33 (adj 15): empty #17
10-03 14:11:47.408 455-455/system_process W/MediaSessionRecord: Removing dead callback in pushEvent.
android.os.DeadObjectException
at android.os.BinderProxy.transactNative(Native Method)
at android.os.BinderProxy.transact(Binder.java:496)
at android.media.session.ISessionControllerCallback$Stub$Proxy.onSessionDestroyed(ISessionControllerCallback.java:189)
at com.android.server.media.MediaSessionRecord.pushSessionDestroyed(MediaSessionRecord.java:667)
at com.android.server.media.MediaSessionRecord.access$3800(MediaSessionRecord.java:67)
at com.android.server.media.MediaSessionRecord$MessageHandler.handleMessage(MediaSessionRecord.java:1286)
at android.os.Handler.dispatchMessage(Handler.java:102)
at android.os.Looper.loop(Looper.java:135)
at com.android.server.SystemServer.run(SystemServer.java:269)
at com.android.server.SystemServer.main(SystemServer.java:170)
at java.lang.reflect.Method.invoke(Native Method)
at java.lang.reflect.Method.invoke(Method.java:372)
at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:903)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:698)
Thank you very much for help.
Recommended editorial content
With your consent, external content is loaded here.
By clicking on the button above, you agree that external content may be displayed to you. Personal data may be transmitted to third-party providers in the process. You can find more information about this in our Privacy Policy.