[Q] Developing an application that requests root access - Android Software/Hacking General [Developers Only]

I'm developing my first application, and I'm curious if there are any "standard" ways for executing privileged shell commands. I've only been able to find one way to do it, by executing su, and then appending my commands to stdin of the su process.
Code:
Process p = Runtime.getRuntime().exec("su");
DataOutputStream pOut = new DataOutputStream(p.getOutputStream());
DataInputStream pIn = new DataInputStream(p.getInputStream());
String rv = "";
// su must exit before its output can be read
pOut.writeBytes(cmd + "\nexit\n");
pOut.flush();
p.waitFor();
while (pIn.available() > 0)
rv += pIn.readLine() + "\n";
I've read about wrapping privileged (superuser) calls up in JNI: is this possible? If so, how would one go about accomplishing it? Other than that, are there any other ways of calling privileged instructions from Java?
EDIT: Also, why exactly must su exit before I can capture it's output? When I read from the processes stdout before it has closed I get nothing.

Related

Execute root commands in app - permission denied

Hi!
I'm writing a small application that allows you to enable or disable RamHack. There is a problem. The logs show that the app does not have permission.
At the beginning of the code doing the command "su":
Code:
final Runtime runtime = Runtime.getRuntime();
try {
runtime.exec("su");
}
catch (IOException e) {
e.printStackTrace();
}
Then after tap a button I execute this:
Code:
final Runtime runtime = Runtime.getRuntime();
try {
runtime.exec("mkdir /sdcard/switch_rh");
runtime.exec("wget -P /sdcard/switch_rh URL_to_my_site/rhpack.zip");
runtime.exec("unzip -o /sdcard/switch_rh/rhpack.zip -d /sdcard");
runtime.exec("rwsystem");
runtime.exec("flash_image boot /sdcard/2.img");
runtime.exec("cp /sdcard/2.ko /system/lib/modules/wlan.ko");
runtime.exec("rosystem");
runtime.exec("rm -r /sdcard/2.ko");
runtime.exec("rm -r /sdcard/2.img");
runtime.exec("reboot");
}
catch (IOException e) {
e.printStackTrace();
}
The logs show like this:
Code:
03-24 19:55:30.682: WARN/System.err(12444): java.io.IOException: Error running exec(). Commands: [rwsystem] Working Directory: null Environment: null
03-24 19:55:30.692: WARN/System.err(12444): at java.lang.ProcessManager.exec(ProcessManager.java:196)
03-24 19:55:30.692: WARN/System.err(12444): at java.lang.Runtime.exec(Runtime.java:225)
03-24 19:55:30.692: WARN/System.err(12444): at java.lang.Runtime.exec(Runtime.java:313)
03-24 19:55:30.692: WARN/System.err(12444): at java.lang.Runtime.exec(Runtime.java:246)
03-24 19:55:30.692: WARN/System.err(12444): at pl.zezol.switch_rh.MainActivity$1.onClick(MainActivity.java:76)
03-24 19:55:30.692: WARN/System.err(12444): at android.view.View.performClick(View.java:2360)
03-24 19:55:30.692: WARN/System.err(12444): at android.view.View.onTouchEvent(View.java:4194)
03-24 19:55:30.692: WARN/System.err(12444): at android.widget.TextView.onTouchEvent(TextView.java:6534)
03-24 19:55:30.692: WARN/System.err(12444): at android.view.View.dispatchTouchEvent(View.java:3724)
03-24 19:55:30.692: WARN/System.err(12444): at android.view.ViewGroup.dispatchTouchEvent(ViewGroup.java:882)
03-24 19:55:30.692: WARN/System.err(12444): at android.view.ViewGroup.dispatchTouchEvent(ViewGroup.java:882)
03-24 19:55:30.692: WARN/System.err(12444): at android.view.ViewGroup.dispatchTouchEvent(ViewGroup.java:882)
03-24 19:55:30.692: WARN/System.err(12444): at android.view.ViewGroup.dispatchTouchEvent(ViewGroup.java:882)
03-24 19:55:30.722: WARN/System.err(12444): at com.android.internal.policy.impl.PhoneWindow$DecorView.superDispatchTouchEvent(PhoneWindow.java:1712)
03-24 19:55:30.722: WARN/System.err(12444): at com.android.internal.policy.impl.PhoneWindow.superDispatchTouchEvent(PhoneWindow.java:1202)
03-24 19:55:30.742: WARN/System.err(12444): at android.app.Activity.dispatchTouchEvent(Activity.java:2019)
03-24 19:55:30.742: WARN/System.err(12444): at com.android.internal.policy.impl.PhoneWindow$DecorView.dispatchTouchEvent(PhoneWindow.java:1696)
03-24 19:55:30.742: WARN/System.err(12444): at android.view.ViewRoot.handleMessage(ViewRoot.java:1660)
03-24 19:55:30.742: WARN/System.err(12444): at android.os.Handler.dispatchMessage(Handler.java:99)
03-24 19:55:30.742: WARN/System.err(12444): at android.os.Looper.loop(Looper.java:123)
03-24 19:55:30.742: WARN/System.err(12444): at android.app.ActivityThread.main(ActivityThread.java:4358)
03-24 19:55:30.742: WARN/System.err(12444): at java.lang.reflect.Method.invokeNative(Native Method)
03-24 19:55:30.742: WARN/System.err(12444): at java.lang.reflect.Method.invoke(Method.java:521)
03-24 19:55:30.742: WARN/System.err(12444): at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:791)
03-24 19:55:30.742: WARN/System.err(12444): at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:549)
03-24 19:55:30.742: WARN/System.err(12444): at dalvik.system.NativeStart.main(Native Method)
03-24 19:55:30.742: WARN/System.err(12444): Caused by: java.io.IOException: Permission denied
03-24 19:55:30.742: WARN/System.err(12444): at java.lang.ProcessManager.exec(Native Method)
03-24 19:55:30.742: WARN/System.err(12444): at java.lang.ProcessManager.exec(ProcessManager.java:194)
03-24 19:55:30.742: WARN/System.err(12444): ... 25 more
03-24 19:55:31.102: WARN/su(12516): request rejected (10085:10085->0:0 /system/bin/sh)
What can I do that the program had access to the root?
PS. Sorry for my bad English.
Cheers
zezol said:
Hi!
I'm writing a small application that allows you to enable or disable RamHack. There is a problem. The logs show that the app does not have permission.
At the beginning of the code doing the command "su":
Code:
final Runtime runtime = Runtime.getRuntime();
try {
runtime.exec("su");
}
catch (IOException e) {
e.printStackTrace();
}
Then after doing a command button is pressed:
Code:
final Runtime runtime = Runtime.getRuntime();
try {
runtime.exec("mkdir /sdcard/switch_rh");
runtime.exec("wget -P /sdcard/switch_rh URL/rhpack.zip");
runtime.exec("unzip -o /sdcard/switch_rh/rhpack.zip -d /sdcard");
runtime.exec("rwsystem");
runtime.exec("flash_image boot /sdcard/2.img");
runtime.exec("cp /sdcard/2.ko /system/lib/modules/wlan.ko");
runtime.exec("rosystem");
runtime.exec("rm -r /sdcard/2.ko");
runtime.exec("rm -r /sdcard/2.img");
runtime.exec("reboot");
}
catch (IOException e) {
e.printStackTrace();
}
What do I do that the program had access to the root?
PS. Sorry for my bad English.
Cheers
Click to expand...
Click to collapse
don't rely on rwsystem and rosystem scripts, they are often broken, don't have hash bangs and have dos eol
instead use
Code:
busybox mount rw,remount /system
I would also point out that you don't need to use recursion ( -r ) this is only required if you wish to delete a directory
having said that you *should* be using recursion
but here
runtime.exec("unzip -o /sdcard/switch_rh/rhpack.zip -d /sdcard");
Click to expand...
Click to collapse
you are unziping to the root of the SD card, and then only deleting the two files
you are expecting
better to unzip into a new directory, and then delete the directory after
( therefore you do not leave anything unexpected behind )
being a script , you should probably check to see tf what you expect exists
with
runtime.exec("wget -P /sdcard/switch_rh URL/rhpack.zip");
Click to expand...
Click to collapse
it looks like you are pulling from the internet, are you checking it in anyway?
the download could be corrupt, it won't unzip and you end up flashing something that is on the root of the sdcard and just happens to have the same name...
it is inviting trouble........... and one day trouble may just turn up
I also don't believe that permission sticks between calls to Runtime.exec(), which means each call is individually responsible for obtaining root permission. Additionally, if one of your calls goes wrong, there's no way to check it, alert the user, and bail out. You might be better off writing a shell script to do this, then calling on that--how important is a UI? Plus everything Firerat said.
olearyp said:
I also don't believe that permission sticks between calls to Runtime.exec(), which means each call is individually responsible for obtaining root permission. Additionally, if one of your calls goes wrong, there's no way to check it, alert the user, and bail out. You might be better off writing a shell script to do this, then calling on that--how important is a UI? Plus everything Firerat said.
Click to expand...
Click to collapse
***BINGO!!!!
That definitely will be a problem.
The call to the su command is restricted to the particular shell that it was executed within!
BTW: That program won't be getting on my su whitelist.... looks extremely dangerous!
Many thanks guys! It works, but not quite...
I leave the su command at the beginning of the code.
My commands:
Code:
runtime.exec("mkdir /sdcard/switch_rh");
runtime.exec("unzip -o /sdcard/rhpack.zip -d /sdcard/switch_rh/");
runtime.exec("su busybox mount rw,remount /system");
runtime.exec("su flash_image boot /sdcard/switch_rh/2.img");
runtime.exec("su cp /sdcard/switch_rh/2.ko /system/lib/modules/wlan.ko");
runtime.exec("su busybox mount ro,remount /system");
runtime.exec("rm -r /sdcard/switch_rh");
runtime.exec("reboot");
Now in the logs returns to me something like this:
Code:
03-26 17:23:27.774: WARN/su(743): request rejected (0:0->0:0 /system/bin/sh)
03-26 17:23:27.804: WARN/su(745): request rejected (0:0->0:0 /system/bin/sh)
03-26 17:23:27.814: WARN/su(744): request rejected (0:0->0:0 /system/bin/sh)
03-26 17:23:27.814: WARN/su(746): request rejected (0:0->0:0 /system/bin/sh)
It's strange...
zezol said:
Many thanks guys! It works, but not quite...
I leave the su command at the beginning of the code.
My commands:
Code:
runtime.exec("mkdir /sdcard/switch_rh");
runtime.exec("unzip -o /sdcard/rhpack.zip -d /sdcard/switch_rh/");
runtime.exec("su busybox mount rw,remount /system");
runtime.exec("su flash_image boot /sdcard/switch_rh/2.img");
runtime.exec("su cp /sdcard/switch_rh/2.ko /system/lib/modules/wlan.ko");
runtime.exec("su busybox mount ro,remount /system");
runtime.exec("rm -r /sdcard/switch_rh");
runtime.exec("reboot");
Now in the logs returns to me something like this:
Code:
03-26 17:23:27.774: WARN/su(743): request rejected (0:0->0:0 /system/bin/sh)
03-26 17:23:27.804: WARN/su(745): request rejected (0:0->0:0 /system/bin/sh)
03-26 17:23:27.814: WARN/su(744): request rejected (0:0->0:0 /system/bin/sh)
03-26 17:23:27.814: WARN/su(746): request rejected (0:0->0:0 /system/bin/sh)
It's strange...
Click to expand...
Click to collapse
maybe its my fault, slight omission with the mount code
if its a program your not familiar with ,
less it,
if that don't tell you anything, and you have no real reason to not trust it, run it with --help
or man cmd
all of those will tell you that I was a muppet and forgot to type -o
Code:
busybox mount -o rw,remount /system
but that doesn't have anything to do with your error
what's so special about this anyway, why wouldn't a simple shell script do?
zezol said:
Many thanks guys! It works, but not quite...
I leave the su command at the beginning of the code.
My commands:
Code:
runtime.exec("mkdir /sdcard/switch_rh");
runtime.exec("unzip -o /sdcard/rhpack.zip -d /sdcard/switch_rh/");
runtime.exec("su busybox mount rw,remount /system");
<snip>
Click to expand...
Click to collapse
Code:
$ su -c "[I]command[/I]"
Code:
runtime.exec("su -c busybox mount -o rw,remount /system");
runtime.exec("su -c flash_image boot /sdcard/switch_rh/2.img");
runtime.exec("su -c cp /sdcard/switch_rh/2.ko /system/lib/modules/wlan.ko");
runtime.exec("su -c busybox mount -o ro,remount /system");
Log:
Code:
03-26 19:00:21.004: WARN/su(711): request rejected (0:0->0:0 busybox)
03-26 19:00:21.064: WARN/su(713): request rejected (0:0->0:0 cp)
03-26 19:00:21.094: WARN/su(712): request rejected (0:0->0:0 flash_image)
03-26 19:00:21.134: WARN/su(714): request rejected (0:0->0:0 busybox)
:/
Firerat said:
what's so special about this anyway, why wouldn't a simple shell script do?
Click to expand...
Click to collapse
Since I am a beginner and I learn programming with Java and Android. Secondly, I want to write a simple app for a friend (and my satisfaction) who does ROM for G1
zezol said:
Code:
runtime.exec("su -c busybox mount -o rw,remount /system");
runtime.exec("su -c flash_image boot /sdcard/switch_rh/2.img");
runtime.exec("su -c cp /sdcard/switch_rh/2.ko /system/lib/modules/wlan.ko");
runtime.exec("su -c busybox mount -o ro,remount /system");
Log:
Code:
03-26 19:00:21.004: WARN/su(711): request rejected (0:0->0:0 busybox)
03-26 19:00:21.064: WARN/su(713): request rejected (0:0->0:0 cp)
03-26 19:00:21.094: WARN/su(712): request rejected (0:0->0:0 flash_image)
03-26 19:00:21.134: WARN/su(714): request rejected (0:0->0:0 busybox)
:/
Since I am a beginner and I learn programming with Java and Android. Secondly, I want to write a simple app for a friend (and my satisfaction) who does ROM for G1
Click to expand...
Click to collapse
now tbh , I need to learn this java stuff myself, only done a tiny bit of tweaking so far.
Anyway,
as mentioned above it should be
su -c "command"
at least that is what it would be on a standard shell
I belive something like this would be more suitable for you
Code:
runtime.exec("su -c 'command'");
for now I would forget about mounting and just figure out who I am
Code:
runtime.exec("whoami");
just to see if it works
then
Code:
runtime.exec("IAM=`whoami`;echo $IAM")
Code:
runtime.exec("id");
runtime.exec("id -u");
runtime.exec("expr `id -u` + `id -u`");
runtime.exec("su -c 'id'");
runtime.exec("su -c 'id -u'");
runtime.exec("su -c 'expr `id -u` + `id -u`'");
hope it helps
That's actually progress. Note how the correct things are being rejected now. Make sure your SU Permissions blacklists aren't blocking your own program. And Firerat's advice to build up to what you want is also sound.
So the other problem you're going to run into once you get that figured out (sorry I didn't think of this sooner) is that the calls to Runtime.exec() are non-blocking, which means that the code you wrote will end up trying to run every line simultaneously. The quick hack to fix that is to capture the Process that is returned by the call to .exec to a variable (say, "p") then call p.waitFor() after every line.
Unfortunately, you will quickly be met by an FC/Wait dialog if you do this then try to interact with your phone, because your code (presumably) is trying to run in the UI thread.
There are a couple of solutions to this problem that I've used. The original implementation of GUSTO (previous to v0.5) used an AsyncTask to thread out the Runtime.exec() calls; the current implementation uses an IntentServer for better user experience.
Sorry for the bump, but I am a bit confused about this... I am trying the following:
Code:
Process p = null;
final Runtime runtime = Runtime.getRuntime();
try {
p = runtime.exec("su -c 'mount -o rw,remount /system'");
p.waitFor();
p = runtime.exec("su -c 'mkdir /system/bin/test'");
p.waitFor();
}
catch (Exception e) {
e.printStackTrace();
}
But nothing happens... Do I HAVE to have busybox installed? am i not allowed to use the built in commands?
I tried running it in the emulator with logcat running but it denied root permissions (no dialog was prompted) and on my rooted evo4g (was prompted for root permissions and allowed it). As a sidenote, is there anything I can use to get logging output from my production phone?
Thanks much in advance!
how did you solve your problem?
I'm trying to execute root commands from an app too but to move files to the /system but I'm getting an "su rejected" error, please help
thesk8mafia said:
I'm trying to execute root commands from an app too but to move files to the /system but I'm getting an "su rejected" error, please help
Click to expand...
Click to collapse
post source code
Truth to be told, I'll write down your name on a scrap of paper so to never ever run anything written by you. No offense, but I don't want my phone to fry 'cause you're learning how to fry phones.
Having said that, I'll give you some hints, so that maybe in the future I'll try one of your apps (not going to happen).
1. If you want to write an Android app, it has to run Java, not shell code. If you want to write a shell script, write a shell script. This isn't bashing, it's a hearted hint. Trust me here!
2. If you still want to wrap an Android app around a shell script, then at the very least use Android/Java as much as possible and restrict the shell part to the strictly least required: special commands or commands requiring root!
Code:
runtime.exec("mkdir /sdcard/switch_rh"); [B]NO ROOT REQUIRED![/B]
runtime.exec("wget -P /sdcard/switch_rh URL_to_my_site/rhpack.zip"); [B]NO ROOT REQUIRED![/B]
runtime.exec("unzip -o /sdcard/switch_rh/rhpack.zip -d /sdcard"); [B]NO ROOT REQUIRED![/B]
runtime.exec("rwsystem");
runtime.exec("flash_image boot /sdcard/2.img");
runtime.exec("cp /sdcard/2.ko /system/lib/modules/wlan.ko");
runtime.exec("rosystem");
runtime.exec("rm -r /sdcard/2.ko"); [B]NO ROOT REQUIRED![/B]
runtime.exec("rm -r /sdcard/2.img"); [B]NO ROOT REQUIRED![/B]
runtime.exec("reboot");
What should you do? You should use Java (with proper try/catch blocks) checking for errors at each step you take, taking care of the possible failures (download not available, directory not existing, ...). Taking care of errors with shell code is possible but it's a PITA and you can't debug it with the debugger. Why am I even pointing this out in the first place?!? Just do it.
1. You can create the directory with Java. Not only that, but you don't need to hardcode "/sdcard" in it! Just use the API to get the correct path: http://developer.android.com/guide/topics/data/data-storage.html#filesExternal
2. You can downlad your remote file with Java. In the worst case scenario, you can use an HttpURLConnection + FileOutputStream. In the best case scenario there's an Android API for that.
3. You can unzip your remote file with Java, checking that all the files you expect it to contain are there and it got transferred correctly. Check this out: http://developer.android.com/reference/java/util/zip/ZipFile.html
4. You can delete the files you downloaded with Java. This is so easy I want to cry. http://developer.android.com/reference/java/io/File.html#delete()
5. The few commands you need root to run, and you need them to be shell scripts (you can't run Java stuff as root as far as I've harshly found out), you write them this way:
Code:
try {
// You previously found out which is the right path for the su binary,
// being it /system/bin/su or /system/xbin/su
Process suProcess = Runtime.getRuntime().exec(suBinaryPath);
DataOutputStream dos = new DataOutputStream(suProcess.getOutputStream());
dos.writeBytes("flash_image boot " + sdcardPath + "2.img\n");
dos.flush();
dos.writeBytes("cp " +sdcardPath + "2.ko /system/lib/modules/wlan.ko\n");
dos.flush();
dos.writeBytes("exit\n");
dos.flush();
suProcess.waitFor();
} catch (Exception ex) {
// Please do something, don't let Exceptions be raised and silently trapped.
}
Pay attention and don't forget the "\n" at the end of each command.
This will make your app SuperUser.apk friendly and will get you to the result you wanted.
hrk said:
Truth to be told, I'll write down your name on a scrap of paper so to never ever run anything written by you. No offense, but I don't want my phone to fry 'cause you're learning how to fry phones.
Having said that, I'll give you some hints, so that maybe in the future I'll try one of your apps (not going to happen).
1. If you want to write an Android app, it has to run Java, not shell code. If you want to write a shell script, write a shell script. This isn't bashing, it's a hearted hint. Trust me here!
2. If you still want to wrap an Android app around a shell script, then at the very least use Android/Java as much as possible and restrict the shell part to the strictly least required: special commands or commands requiring root!
Code:
runtime.exec("mkdir /sdcard/switch_rh"); [B]NO ROOT REQUIRED![/B]
runtime.exec("wget -P /sdcard/switch_rh URL_to_my_site/rhpack.zip"); [B]NO ROOT REQUIRED![/B]
runtime.exec("unzip -o /sdcard/switch_rh/rhpack.zip -d /sdcard"); [B]NO ROOT REQUIRED![/B]
runtime.exec("rwsystem");
runtime.exec("flash_image boot /sdcard/2.img");
runtime.exec("cp /sdcard/2.ko /system/lib/modules/wlan.ko");
runtime.exec("rosystem");
runtime.exec("rm -r /sdcard/2.ko"); [B]NO ROOT REQUIRED![/B]
runtime.exec("rm -r /sdcard/2.img"); [B]NO ROOT REQUIRED![/B]
runtime.exec("reboot");
What should you do? You should use Java (with proper try/catch blocks) checking for errors at each step you take, taking care of the possible failures (download not available, directory not existing, ...). Taking care of errors with shell code is possible but it's a PITA and you can't debug it with the debugger. Why am I even pointing this out in the first place?!? Just do it.
1. You can create the directory with Java. Not only that, but you don't need to hardcode "/sdcard" in it! Just use the API to get the correct path: http://developer.android.com/guide/topics/data/data-storage.html#filesExternal
2. You can downlad your remote file with Java. In the worst case scenario, you can use an HttpURLConnection + FileOutputStream. In the best case scenario there's an Android API for that.
3. You can unzip your remote file with Java, checking that all the files you expect it to contain are there and it got transferred correctly. Check this out: http://developer.android.com/reference/java/util/zip/ZipFile.html
4. You can delete the files you downloaded with Java. This is so easy I want to cry. http://developer.android.com/reference/java/io/File.html#delete()
5. The few commands you need root to run, and you need them to be shell scripts (you can't run Java stuff as root as far as I've harshly found out), you write them this way:
Code:
try {
// You previously found out which is the right path for the su binary,
// being it /system/bin/su or /system/xbin/su
Process suProcess = Runtime.getRuntime().exec(suBinaryPath);
DataOutputStream dos = new DataOutputStream(suProcess.getOutputStream());
dos.writeBytes("flash_image boot " + sdcardPath + "2.img\n");
dos.flush();
dos.writeBytes("cp " +sdcardPath + "2.ko /system/lib/modules/wlan.ko\n");
dos.flush();
dos.writeBytes("exit\n");
dos.flush();
suProcess.waitFor();
} catch (Exception ex) {
// Please do something, don't let Exceptions be raised and silently trapped.
}
Pay attention and don't forget the "\n" at the end of each command.
This will make your app SuperUser.apk friendly and will get you to the result you wanted.
Click to expand...
Click to collapse
Just to say that DataOutputStream.writeBytes(string) only writes one byte for each char, so if you're dealing with Unicode strings, you'd better use some better class.
Also note that you can check the return code of your command through
Code:
echo $?
Meh, we already told the op what they were doing was wrong
thesk8mafia just bumped it with their lame question.
Firerat said:
Meh, we already told the op what they were doing was wrong
thesk8mafia just bumped it with their lame question.
Click to expand...
Click to collapse
You are right, I got a bit "Mr. Teacher" there seeing that the last post from the op was still in a sucky state...
I hope the informations I wrote will be more useful than the "Mr. Teacher" attitude I used.
Hello,
I'm developing an application (Widgetsoïd on market) who have widgets switcher.
I put a button to reboot phone but now I would like to put options to reboot in recovery and bootloader mode.
My problem is to execute command I use this for reboot :
Code:
String command = "su -c reboot";
Process p = Runtime.getRuntime().exec(command);
if(p.waitFor()==127 || p.waitFor()==255){
message.show();
}
I know to reboot into mode i have to add "reboot recovery" or "reboot bootloader" but command doesn't execute.
I try
Code:
String command = "su -c reboot recovery";
Process p = Runtime.getRuntime().exec(command);
if(p.waitFor()==127 || p.waitFor()==255){
message.show();
}
or
Code:
String command = "su -c 'reboot recovery'";
Process p = Runtime.getRuntime().exec(command);
if(p.waitFor()==127 || p.waitFor()==255){
message.show();
}
But the first make a simple reboot and the second make nothing.
Can you help me please?
Cheers
Jim
I found a solution
Code:
String[] str ={"su","-c","reboot recovery"};
Process p = Runtime.getRuntime().exec(str);
if(p.waitFor()==127 || p.waitFor()==255){
message.show();
}
It's work correctly.
Cheers
hrk said:
Code:
try {
// You previously found out which is the right path for the su binary,
// being it /system/bin/su or /system/xbin/su
Process suProcess = Runtime.getRuntime().exec(suBinaryPath);
DataOutputStream dos = new DataOutputStream(suProcess.getOutputStream());
dos.writeBytes("flash_image boot " + sdcardPath + "2.img\n");
dos.flush();
dos.writeBytes("cp " +sdcardPath + "2.ko /system/lib/modules/wlan.ko\n");
dos.flush();
dos.writeBytes("exit\n");
dos.flush();
suProcess.waitFor();
} catch (Exception ex) {
// Please do something, don't let Exceptions be raised and silently trapped.
}
Click to expand...
Click to collapse
I have tried this but it doesn't work for me (it works but app forces close because of an ANR).
I have found a solution that may help other people:
Code:
try {
// You previously found out which is the right path for the su binary,
// being it /system/bin/su or /system/xbin/su
Process suProcess = Runtime.getRuntime().exec(suBinaryPath);
DataOutputStream dos = new DataOutputStream(suProcess.getOutputStream());
dos.writeBytes("flash_image boot " + sdcardPath + "2.img\n");
dos.flush();
dos.writeBytes("cp " +sdcardPath + "2.ko /system/lib/modules/wlan.ko\n");
dos.flush();
dos.writeBytes("exit\n");
dos.flush();
[COLOR="Red"]dos.close();[/COLOR]
suProcess.waitFor();
} catch (Exception ex) {
// Please do something, don't let Exceptions be raised and silently trapped.
}

[Q] executing self-compiled c/c++ code in connectbot: Syntax error: word unexpected

Hi all,
(see at the end for setup and device info)
(remove spaces in URLs since I am not allowed to post real URLs yet)
I am trying to compile my own c/c++ code and run it on my android phone.
I got the android toolchain and the program (hello world, "test" binary) compiles:
./agcc -c -o test hello.cpp
file test
test: ELF 32-bit LSB relocatable, ARM, version 1 (SYSV), not stripped
The program executable is "test". I copy it to my android to /data (since other folders apparently do not have execution permission yielding the "permission denied" error when trying to execute) and do "chmod a+x test"
When I start connectbot on my phone, navigate to /data and do "./test" then I get the error: Syntax error: word unexpected (expecting ")")
As if connectbot would try to execute this binary as a shell script.
In principle, a step-by-step manual how to compile and run c/c++ code on android would be here:
"http: //www . hytherion.com/beattidp/comput/android/linux-on-android.html"
But I get this strange error mentioned above.
any ideas?
setup:
=====
Phone: Samsung Galaxy S2
Android: 2.3.4
Kernel: GINGERBREAD.XWKI4 (rooted, works all fine)
Crosscompile Toolchain: from: ./repo init -u https: // android.googlesource.com/platform/manifest
Using acc script from "http: // plausible.org/andy/agcc"
Exporting: export PATH=[PathToToolchain]/prebuilt/linux-x86/toolchain/arm-eabi-4.4.3/bin:$PATH
Hello World example:
// hello.cpp
#include <stdio.h>
int main()
{
int a=1;
printf("hello %d",a);
return 0;
}
compiling with: ./agcc -c -o test hello.cpp
bump bump?

[SOLVED] sm-t330 LP 5.1.1 working out supersu

This NOT a Q&A thread. Only people working out the problem are welcome.
okay , so as of flashing even supersu beta version BETA-SuperSU-v2.49 this is the issue i'm guessing for our device
for reference the firmware release api in question is Android 5.1 , API Level 22
Code:
[email protected]:/# adb logcat -d | grep F/
F/appproc ( 305): Error changing dalvik-cache ownership : Permission denied
F/libc ( 305): Fatal signal 6 (SIGABRT), code -6 in tid 305 (app_process32_o)
F/appproc ( 1026): Error changing dalvik-cache ownership : Permission denied
F/libc ( 1026): Fatal signal 6 (SIGABRT), code -6 in tid 1026 (app_process32_o)
F/appproc ( 1389): Error changing dalvik-cache ownership : Permission denied
F/libc ( 1389): Fatal signal 6 (SIGABRT), code -6 in tid 1389 (app_process32_o)
F/appproc ( 1758): Error changing dalvik-cache ownership : Permission denied
F/libc ( 1758): Fatal signal 6 (SIGABRT), code -6 in tid 1758 (app_process32_o)
F/appproc ( 2123): Error changing dalvik-cache ownership : Permission denied
F/libc ( 2123): Fatal signal 6 (SIGABRT), code -6 in tid 2123 (app_process32_o)
F/appproc ( 2482): Error changing dalvik-cache ownership : Permission denied
F/libc ( 2482): Fatal signal 6 (SIGABRT), code -6 in tid 2482 (app_process32_o)
[email protected]:/#
after looking at the script i ran and got this
Code:
[email protected]:/# adb shell ls -al /system/bin/app*
[COLOR="Red"]lrwxrwxrwx root root 2014-03-07 10:19 app_process -> /system/xbin/daemonsu
lrwxrwxrwx root root 2014-03-07 10:19 app_process32 -> /system/xbin/daemonsu
-rwxr-xr-x root shell 13588 2015-07-02 14:29 app_process32_original[/COLOR]
-rwxr-xr-x root shell 13588 2014-03-07 10:19 app_process_init
-rwxr-xr-x root shell 57688 2015-07-02 14:29 applypatch
-rwxr-xr-x root shell 213 2015-07-02 14:29 appops
-rwxr-xr-x root shell 215 2015-07-02 14:29 appwidget
undoing that with this
Code:
rm -f app_process app_process32
ln -sf /system/bin/app_process32_original /system/bin/app_process
"resolved" the "error" so if you flashed supersu thinking YAY ROOT ! and ended up with what you got you need to run what i did to
regain what you had.
SO, linking daemonsu in a different way is probably the thing but, how?
so far selinux is still alive i am trying out a patch @RunasSudo suggested here
http://forum.xda-developers.com/goo...orrect-to-compile-permissive-selinux-t3074761
also i am trying to figure out how app_process works
@thisisapoorusernamechoice
sorry for hijacking your thread. m
Okay, so with a modified adbd in /sbin i achieve a root prompt through adb
Note - at this point i do have full control over the system. yay!
but at the cost of blank display and no functions of hardware input [no touch hard buttons] awww (frowny face)
interesting note, the stock adbd has root access/privelege when executing adb reboot recovery.
does anyone have a lead on how to bind a block device to a tcp port ?
something like this, but that works, and as a service maybe?
cat /dev/whatever | nc -l 2345
okay if i'm seeing this right...,
Code:
F/appproc ( 305): Error changing dalvik-cache ownership : [COLOR="Red"]Permission denied[/COLOR]
F/libc ( 305): Fatal signal 6 (SIGABRT), code -6 in [COLOR="Red"]tid[/COLOR] 305 (app_process32_o)
my gues would be selinux denial based on wrong/incorrect type id
from file contexts
Code:
/system/bin/app_process32 u:object_r:[COLOR="Red"]zygote_exec[/COLOR]:s0
from zygote.te
Code:
# zygote
[COLOR="Red"]type[/COLOR] zygote, domain;
type [COLOR="Red"]zygote_exec[/COLOR], exec_type, file_type;
soooooo when the shuffling around of app_process* happens and /system/xbin/daemonsu is linked to /system/bin/app_process
should daemonsu instead of being [from supersu installer script]
Code:
/system/xbin/daemonsu 0755 u:object_r:system_file:s0
be
Code:
/system/xbin/daemonsu 0755 u:object_r:zygote_exec:s0
?
i don't think it sepolicy version 26, same as sm-t530nu, i'm also using the sm-t53nu's LL kernel source release for my sm-t330nu LP kernel build, so it's not the knox ****ery in the kernel source. so it's the actual policy itself ?
I'm going to do an experiment by flashing/writing the system.img.ext4 from the sm-t530nu LP release with a modified boot.img
to the sm-t330nu [post LP release flash]
If it works it would effectively be a downgrade to 5.0.X
This has worked with @sub77 's LP builds for sm-t530nu to "port" them to sm-t330nu soooo
more to come ?
okay, sooooo
now that my sm-t330nu has the official LP release installed, i CAN flash the system.img from the official sm-t530nu to it and boot successfully,
so i was right about the tied to firmware thing.
Now after a few different tests i am unable to "downgrade" my boot.img to match the sm-t530nu release version wise, policy and all
and remain at android 5.1.1 NNNYYYAAAAAHHHHHHHHH ! [WHEW okay , glad to get that out.. ]
SO, i flashed supersu to see what would happen and got the same result as before BUT, totally sepolicy contexts
Without restoring system or doing the meatball surgery from the previous post, i instead manually changed the policy context
of /system/xbin/daemonsu through adb in recovery
[note- you must enbale dev-options--->debugging
Code:
adb reboot recovery
adb shell mount /system
adb shell
chcon u:object_r:zygote_exec:s0 /system/xbin/daemonsu
chattr +i /system/xbin/daemonsu
reboot
SHINY ! no root. but boots
Code:
[email protected]:/system/bin/.ext $ ls -Z /system/xbin/daemonsu
-rwxr-xr-x root root u:object_r:zygote_exec:s0 daemonsu
Okay so now we need to know proper context for
/system/xbin/su
/system/bin/.ext/.su
hmmmm... i am going outside to play.
Nature sucks, the resolution is terrible ! xD
okay android 5.1.1 samsung policy context for system libraries is
Code:
u:object_r:system_library_file:s0
okay so far nutz..,
i found this for setool utility [setools-android-sepolicy-inject] project by @Mikos
http://forum.xda-developers.com/android/software/setools-android-sepolicy-inject-t2977563
i've forked his sources https://github.com/xmikos/setools-android
adjusted for api, and will try this method.
Android NDK
wget https://dl.google.com/android/ndk/android-ndk-r10e-linux-x86.bin
m
okay,
got Miko's toolkit compiled, this is the output of seinfo
Code:
\[email protected]:/ $ seinfo
Statistics for policy file: /sepolicy
Policy Version & Type: v.26 (binary, mls)
Classes: 86 Permissions: 271
Common classes: 5
Sensitivities: 1 Categories: 1024
Types: 1169 Attributes: 162
Users: 1 Roles: 2
Booleans: 0 Cond. Expr.: 0
Allow: 14802 Neverallow: 0
Auditallow: 0 Dontaudit: 401
Type_trans: 458 Type_change: 0
Type_member: 0 Role allow: 0
Role_trans: 0 Range_trans: 0
Constraints: 59 Validatetrans: 0
Initial SIDs: 27 Fs_use: 19
Genfscon: 43 Portcon: 0
Netifcon: 0 Nodecon: 0
Permissives: 0 Polcap: 2
[email protected]:/ $
i'm looking for someone who can run me through how sepolicy injection works specifically.
I don't know enough to interpret a generic example.
what i can understand right now is daemonsu disguised as app_process cannot access/change what it needs to in dalvik-cache due to incorrect/wrong -tid if that's the right way to say it.
this again
Code:
F/appproc ( 305): Error changing dalvik-cache ownership : Permission denied
F/libc ( 305): Fatal signal 6 (SIGABRT), code -6 in tid 305 (app_process32_o)
Mikos said the following as to command line syntax
Mikos said:
Hello, the syntax is simple, if you want comparison with supolicy, here is one example (taken from my SnooperStopper app):
Code:
supolicy --live 'allow vdc init fifo_file {read write getattr}'
is equivalent to:
Code:
sepolicy-inject -s vdc -t init -c fifo_file -p read,write,getattr -l
Click to expand...
Click to collapse
m
so how much progress you have done so far? need any help?
jazzespresso said:
so how much progress you have done so far? need any help?
Click to expand...
Click to collapse
Jazz,
have you ever done any work with sepolicy, setools ?
is there a way or do you know the right way to do the policy injection part of what Mikos described for
su and daemonsu ?
when i run strings on the sepolicy binary i do find su_exec.
so i'm still at daemonsu being the culprit. @Chainfire does make it clear the there is a hijack of app_process going on
and i do believe it works for other devices running a "state sanctioned" 5.1.1 so this is/has to be a dicky samsung move.
also how to determine the correct tid if that is indeed what i'm looking for. [see OP]
m
Will look into that, not sure how much differences between android 5.0.X and 5.1.1..
jazzespresso said:
Will look into that, not sure how much differences between android 5.0.X and 5.1.1..
Click to expand...
Click to collapse
It seems to be all sepolicy, i had to adblock and put in my usual apps minus root apps via adb push.
Swapping policy from the 5.0 boot.img reseults in no visuals or input but at adb/terminal i have access,
It just occured to me that i have not yet tried the policy swap and then applied root, hmm.
After i unscrew my system, i upgraded but forgot to change from sid so now wifi is totally boned, xD
I'll try that out, i figure it's something with ueventd.?
On disabling the policy it's complete no go so far.
In spite of modding init.rc
To disab;e sepolicy reload, to write to sys/fs/selinux/enable/0 and trying kernel cmdline edits for enforce=0 androidboot.selinux=0 etc, results
In bogus disable or no boot and dead adbd. Fun fun fun !
this is a copy/paste from my earlier sepolicy trip from galaxy tab 3 forum, putting here for reference
On-Device Policy Files
/sepolicy: Kernel binary policy
/file_contexts: File security contexts
/property_contexts: Property security contexts
/seapp_contexts: App security contexts
/system/etc/security/mac_permissions.xml: App certificate to seinfo mapping
On mac_permissions.xml
●At build time, mac_permissions.xml signature tag names (e.g. @platform) are rewritten to the actual
certificate value extracted from .pem file specified by external/sepolicy/keys.conf
.●build/tools/releasetools/sign_target_files_apks rewrites mac_permissions.xml with updated certificate values for new keys.
System Apps by Certificate
●mac_permissions.xml:
<signer signature= @platform" >
<seinfo value="platform" />
</signer>
●
seapp_contexts:
user=_app seinfo=platform domain=platform_app
type= app_data_file
---------------------------------------------------
Okay so what is this _u _r _t suffix stuff?
• _u – SELinux user
eg: system_u – used for running system services
• _r – SELinux role
eg: system_r – for daemons and background processes
• _t – SELinux type / domain
eg:httpd_t
you can change a single domain to permissive mode
-------------------------------------
the original thread is here, i forgot all about mac_permissions.xml when swapping policy
http://forum.xda-developers.com/galaxy-tab-3/general/se-linux-policy-information-thread-t2865457
moonbutt74 said:
It seems to be all sepolicy, i had to adblock and put in my usual apps minus root apps via adb push.
Swapping policy from the 5.0 boot.img reseults in no visuals or input but at adb/terminal i have access,
It just occured to me that i have not yet tried the policy swap and then applied root, hmm.
After i unscrew my system, i upgraded but forgot to change from sid so now wifi is totally boned, xD
I'll try that out, i figure it's something with ueventd.?
On disabling the policy it's complete no go so far.
In spite of modding init.rc
To disab;e sepolicy reload, to write to sys/fs/selinux/enable/0 and trying kernel cmdline edits for enforce=0 androidboot.selinux=0 etc, results
In bogus disable or no boot and dead adbd. Fun fun fun !
Click to expand...
Click to collapse
I was thinking about getting policy from the 5.0 boot.img and try and see...not sure if it would work - you may try and let me know your results
1) 5.0 sepolicy file.
2) initrd.img current one
3) initrd.img current one
It has been long time man I worked on it or dig this stuff......hmmm....hmmm....Galaxy S6 developers got root on 5.1.1, so this should be not so hard.....
okay so the sesearch string looks something like this , yielding the following output
Code:
[email protected]:/storage/AIK-Linux/ramdisk# sesearch -A -s shell -t system [COLOR="Red"]-c file[/COLOR] sepolicy
Found 3 semantic av rules:
allow shell newAttr33 : file { ioctl read write getattr lock open } ;
allow newAttr7 newAttr33 : file { ioctl read write getattr lock open } ;
allow appdomain newAttr33 : file { ioctl read write getattr lock open } ;
but if i leave out the -c [class=name] option it works sort of like a wild-card and i get this
Code:
[email protected]:/storage/AIK-Linux/ramdisk# sesearch -A -s shell -t system sepolicy
Found 20 semantic av rules:
allow shell system_server : process { transition siginh rlimitinh } ;
allow shell newAttr33 : process getattr ;
allow shell newAttr33 : file { ioctl read write getattr lock open } ;
allow shell newAttr33 : dir { ioctl read getattr search open } ;
[COLOR="Red"]allow shell newAttr33 : lnk_file { ioctl read getattr lock open } ;[/COLOR]
allow appdomain domain : process getattr ;
allow domain system_server : fd use ;
allow newAttr7 newAttr33 : file { ioctl read write getattr lock open } ;
allow newAttr7 newAttr33 : dir { ioctl read getattr search open } ;
[COLOR="Red"] allow newAttr7 newAttr33 : lnk_file { ioctl read getattr lock open } ; [/COLOR]
allow newAttr1 binderservicedomain : fd use ;
allow newAttr1 binderservicedomain : binder { call transfer } ;
allow appdomain system_server : fd use ;
allow appdomain system_server : fifo_file { ioctl read write getattr lock append open } ;
allow appdomain system_server : tcp_socket { read write getattr getopt shutdown } ;
allow appdomain system_server : unix_stream_socket { read write getattr getopt setopt shutdown } ;
allow appdomain newAttr33 : file { ioctl read write getattr lock open } ;
allow appdomain newAttr33 : dir { read getattr search open } ;
allow appdomain newAttr33 : lnk_file { read write getattr open } ;
allow appdomain system_server : binder { call transfer } ;
the lnk_file ones seem interesing, i'm not sure if write is the correct perm or if it's readwrite
using sepolicy inject i've been adding to that list like so
Code:
sepolicy-inject -s appdomain -t newAttr33 -c lnk_file -p write -P sepolicy -o sepolicy-UNdead
but nothing yet, as i go further i will learn more, i think it's finding out what need to be made permissive, getting a read on audit and allow rules don't seem to work, i'm using debian's sepolicy dev tools, as well as Miko's set, and the originating source for sepolicy-inject as well.
finding the permissions/av denial connected to daemonsu being prevented from changing dalvik-cache ownership is what i think i'm looking for
but i'm not 100% on that, though when i
Code:
chcon u:object_r:su_exec:s0 su
, i do get a denial in terminal when i reboot and run su, so i'm still uncertain if su is the culprit.
what makes you think su is the culprit, it is because 5.1.1?
jazzespresso said:
what makes you think su is the culprit, it is because 5.1.1?
Click to expand...
Click to collapse
well, su runs the daemon right the daemon and supolicy need root privelege to run and load
for the portion of the logcat, changing ownership in dalvik-cache fails because damonsu hijacks the app_process/32
changing ownership is the function of chown which needs root priveleges, that particular function happens after the init process,
the init process work with root privelege for the beginning stages of the boot process then lock down and throws over to the system,
without the system's su functioning that process of changing dalvik cache ownership fails and sigabrt , the system hangs.
the reason i'm not 100% sure it's su is because when i chcon app_process/32 -> /xbin/daemonsu to ubject_r:zygote_exec
then the process goes through so...
moonbutt74 said:
well, su runs the daemon right the daemon and supolicy need root privelege to run and load
for the portion of the logcat, changing ownership in dalvik-cache fails because damonsu hijacks the app_process/32
changing ownership is the function of chown which needs root priveleges, that particular function happens after the init process,
the init process work with root privelege for the beginning stages of the boot process then lock down and throws over to the system,
without the system's su functioning that process of changing dalvik cache ownership fails and sigabrt , the system hangs.
the reason i'm not 100% sure it's su is because when i chcon app_process/32 -> /xbin/daemonsu to ubject_r:zygote_exec
then the process goes through so...
Click to expand...
Click to collapse
re-moved
Jazz,
what i am actually going to say is;
pingpong root is a fail, i tried it a few days ago.
dumping general links into this thread is not help.
Linking DIRECTLY to kernel patches/mods etc., is better.
I am looking at the s6 source from the thread you linked to.
I don't think kernel version will make too much of a difference.
The interest, MY interest is in how to mod the default sepolicy to unbreak root.
I do NOT want permissive, i want enforcing with root functioning correctly.
I am getting a better hang of the sepolicy tools but have yet to find what needs changing adjusting
I did manage to disable [set permissive] the policy AND achieve root BUT with display,touch,input broken as before. [grumble]
In the furture please remove quoted text when you reply to post. Thanks.
m
moonbutt74 said:
Jazz,
what i am actually going to say is;
pingpong root is a fail, i tried it a few days ago.
dumping general links into this thread is not help.
Linking DIRECTLY to kernel patches/mods etc., is better.
I am looking at the s6 source from the thread you linked to.
I don't think kernel version will make too much of a difference.
The interest, MY interest is in how to mod the default sepolicy to unbreak root.
I do NOT want permissive, i want enforcing with root functioning correctly.
I am getting a better hang of the sepolicy tools but have yet to find what needs changing adjusting
I did manage to disable [set permissive] the policy AND achieve root BUT with display,touch,input broken as before. [grumble]
In the furture please remove quoted text when you reply to post. Thanks.
m
Click to expand...
Click to collapse
sorry....removed the links and references on my previous post....
jazzespresso said:
sorry....removed the links and references on my previous post....
Click to expand...
Click to collapse
Jazz,
security: SELinux: Avoid enabling enforcing by conventional flag
as to this https://github.com/djvoleur/V_925R4_BOF7/commit/3e33f1fb5538fb2f0f055e9035fe8885a3471322
i'll give it a try and see what happens, but i still want sepolicy enforcing.
@jazzespresso
EDIT - okay i tried it out straight and no-go, but looking at the diff between our selinuxfs.c
and the one you linked to i see that we have a compile/build flag
#ifdef CONFIG_ALWAYS_ENFORCE
//If build is user build and enforce option is set, selinux is always enforcing
new_value = 1;
[blah blah blah]
selinux_enforcing = new_value;
there's some more but i think you get the idea of where i'm going with this.
the new_value change has been used before to success so it will work with our kernel source,
it's just a matter of getting it right. =]

[Completed] Runtime exec not behaving like adb exec

I've built a native Android app with NDK toolcahain.
I've first tested the app using the adb tool and got the following output:
Code:
generic:/ $ run-as cardservice.hr.cardservice
generic:/data/data/cardservice.hr.cardservice $ cd card/
generic:/data/data/cardservice.hr.cardservice/card/ $ ./cardService
2016-11-30 20:36:06,245 INFO [default] Starting CardService
App continues to run
But problem starts when I try to do the same thing from a Android application.
The following code:
Code:
private void exec_command() throws IOException, InterruptedException {
String command = "./data/data/cardservice.hr.cardservice/card/cardService"
Process check_card_service = Runtime.getRuntime().exec(command);
BufferedReader in = new BufferedReader(new InputStreamReader(check_card_service.getInputStream()));
String line;
String content = "";
while ((line = in.readLine()) != null) {
System.out.println(line);
content = content + line;
}
check_card_service.waitFor();
};
It starts the application but the application fails, and stops working.
Code:
2016-11-30 19:25:11,417 INFO [default] Starting CardService
2016-11-30 19:25:11,447 INFO [default] Underlying Transport Error, Code: websocketpp.transport.asio:3
So my question is what is different in my approaches, what changes if i run it from my app or from the adb shell?
The application does not need root access.
Do you need any extra information?
Muha12 said:
I've built a native Android app with NDK toolcahain.
I've first tested the app using the adb tool and got the following output:
Code:
generic:/ $ run-as cardservice.hr.cardservice
generic:/data/data/cardservice.hr.cardservice $ cd card/
generic:/data/data/cardservice.hr.cardservice/card/ $ ./cardService
2016-11-30 20:36:06,245 INFO [default] Starting CardService
App continues to run
But problem starts when I try to do the same thing from a Android application.
The following code:
Code:
private void exec_command() throws IOException, InterruptedException {
String command = "./data/data/cardservice.hr.cardservice/card/cardService"
Process check_card_service = Runtime.getRuntime().exec(command);
BufferedReader in = new BufferedReader(new InputStreamReader(check_card_service.getInputStream()));
String line;
String content = "";
while ((line = in.readLine()) != null) {
System.out.println(line);
content = content + line;
}
check_card_service.waitFor();
};
It starts the application but the application fails, and stops working.
Code:
2016-11-30 19:25:11,417 INFO [default] Starting CardService
2016-11-30 19:25:11,447 INFO [default] Underlying Transport Error, Code: websocketpp.transport.asio:3
So my question is what is different in my approaches, what changes if i run it from my app or from the adb shell?
The application does not need root access.
Do you need any extra information?
Click to expand...
Click to collapse
Hello,
Please post your query here App Development Forum with all relevant details, the experts there maybe able to assist you.
Regards
Vatsal,
Forum Moderator.
Thank you very much.

BlueStacks ADB HELP, please & TY

Code:
local $results, $h, $PID, $BlueStacks_Path
$BlueStacks_Path = @ProgramFilesDir & "\BlueStacks\"
$BlueStacks_Path = StringReplace($BlueStacks_Path, "\\", "\")
$h = Run($BlueStacks_Path & "hd-Adb connect localhost","","",$STDIO_INHERIT_PARENT)
sleep(1000)
$PID = run($BlueStacks_Path & "HD-Frontend.exe Testing")
WinGetProcess($PID)
sleep(1000)
Do
$result = run($BlueStacks_Path & "HD-Adb shell getprop sys.boot_completed", "", "", BitOR($STDIN_CHILD, $STDERR_MERGED))
ConsoleWrite("$result: " & $result & @CRLF)
sleep(1000)
until $result = 1
Hi ALL, I am really knew at this and I am trying to figure out why I get an infinite loop when I am checking to see if BlueStacks is open.
If I do everything command line based, everything WORKS as above, but when I put it in AutoIT it just LOOPS & LOOPS & LOOPS. When I do the consolewrite, it's like it is giving me a PID# rather than return 1.
What am I doing wrong?

Categories

Resources