So.
As i was slowly preparing DSC v2.0 i met a hard decision: what root tool to include
Both Superuser and SuperSU are nice, but quite heavy
I decided to take my own way - rewrite su executable itself to suit my vision:
I've aknowledged that i have not modified my root access list for half a year. I don't need and don't want a separate Java process to control root access. I want a simple way to allow root access for application (via whitelist), but block unwanted (i.e. all not in list). Still, it should allow end-user to install either SuperSU or Superuser.
In short - ideal su solution for myself that should also work good for depersonalized custom ROM (with predefined access list), leaving it to end-user to decide which app he will install for superuser access.
And i didn't find a ready solution, so decided to write my own.
Here it is (attached):
SimpleSU
Simplest and lightest superuser solution (with access control)
How it's done:
Same as usual SU for Linux with control access list read from /system/etc/dsc.su_list
dsc.su_list structure is very simple:
One line per android app (case sensitive), windows and unix line breaks should be supported fine.
Current proposed list for DSC 2.0 (and an example):
dsc.SimpleSU.acl
dsc.settings
dsc.uv
dsc.levels
dsc.mugen
jackpal.androidterm
ru.org.amip.ClockSync
eu.chainfire.supersu
eu.chainfire.supersu.pro
com.ryosoftware.adbw
com.googlecode.droidwall.free
com.noshufou.android.su
de.schaeuffelhut.android.openvpn
de.schaeuffelhut.android.openvpn.installer
com.elsdoerfer.android.autostarts
com.speedsoftware.rootexplorer
com.geeksoft.screenshot
com.rerware.android.MyBackupPro
com.ghostsq.commander
ws.plattner.cifsmanager
mobi.pruss.superdim
com.force.timezonefixer
com.bigtincan.android.adfree
Caller process tree is walked till init, if match is found, access is granted.
How to install?
Via adb shell:
Code:
adb push su /system/xbin/
adb shell chmod 6755 /system/xbin/su
adb push dsc.su_list /system/etc
adb shell chown root.root /system/etc/dsc.su_list
adb shell chmod 644 /system/etc/dsc.su_list
Note that you have to manually add entries to white list (/system/etc/dsc.su_list) to grant root access in form of app full Java class name. For example, it's com.keramidas.TitaniumBackup for Titanium Backup.
As pointed by dr911, works in multiuser environment (being a linux binary).
Currenly SimpleSU supports two command formats:
Usual: su -c 'make me a sandwich'. Note that only "-c" works now. Seems to be enough though. Command simply passed to the shell.
Legacy (as seen in Google/Android su source): su username make me a sandwich. Shell is not executed in this case, so no environment variables right now in this format.
Have fun,
Sergei.
Changelog:
02.04.2013: v0.7. ":service" suffix granted root access for already granted app, more logging on reject. (0.6 had only more logging)
27.11.2012: GUI updated - forgot about remounting /system in rw mode. Attached to this post.
21.11.2012: GUI done. http://forum.xda-developers.com/showpost.php?p=34439975&postcount=41
14.11.2012: v0.5. LD_LIBRARY_PATH fixup (taken from ChainsDD), pointed by Rupert Rawnsley. Also some legacy format command-line handling changed. Also, insecure version added (no checks made, asked=granted).
11.11.2012: v0.4. Code cleanup, no longer beta, revised and fixed code with potential string overflows.
09.11.2012: v0.3b. Code changed to allow legacy format command execution.
09.11.2012: v0.2b. Fixed call with multiply parameters. OpenVPN installer works. Dynamic linking, so very small binary. Logging to system log.
07.11.2012: Fixed segmentation fault on reject, added version and build date, removed debug info.
A request:
If somebody owns Pro/Elite/other commercial Superuser or SuperSU - would you provide it's full Java class name?
For example, it's
eu.chainfire.supersu
com.noshufou.android.su
for free versions.
eu.chainfire.supersu.pro
Sent from my Amazon Kindle Fire using Tapatalk 2
Can I avoid these little delays (the appearing popup of SuperSU or Superuser) with this alternative?
And if I have Superuser preinstalled can I delete it and are there other files which belongs to it and can be deleted?
Thank you for sharing your work
com.noshufou.android.su.elite for Superuser Elite
Hi
Have you noticed any improvement in terms of speed etc? Is superuser really that heavy? How much RAM can i get by using this and ditching the superuser app? We can use this in our Galaxy 3 forum !
Get the list of all android activities from here
http://activities.droidicon.com/
Androidmarketuser said:
Can I avoid these little delays (the appearing popup of SuperSU or Superuser) with this alternative?
And if I have Superuser preinstalled can I delete it and are there other files which belongs to it and can be deleted?
Thank you for sharing your work
Click to expand...
Click to collapse
Delete system/xbin/su and uninstall your superuser app from the system.
Oh. Looks SimpleSU got in news
Androidmarketuser said:
Can I avoid these little delays (the appearing popup of SuperSU or Superuser) with this alternative?
And if I have Superuser preinstalled can I delete it and are there other files which belongs to it and can be deleted?
Thank you for sharing your work
Click to expand...
Click to collapse
You won't experience any delays - but in cost of manually editing the list. And no popups, it's simply a linux binary. After replacing su binary you may uninstall Java part.
Shree_Jamdar said:
Have you noticed any improvement in terms of speed etc? Is superuser really that heavy? How much RAM can i get by using this and ditching the superuser app? We can use this in our Galaxy 3 forum !
Click to expand...
Click to collapse
I did experience lags when using Superuser and SuperSU. I don't think modern device would benefit from SimpleSU. I expect to free 15-20MB. Good for Streak with 512MB.
I may eventually write a list editor, but most probably won't.
Again, this tool would do as preinstalled SU solution in Custom ROM (though i can't test >2.3 compatibility):
Grant predefined (and included in ROM) apps the superuser rights.
Allow end-user to choose and install he's preffered SU solution right from Play Store.
--
Have fun,
Sergei
_n0p_ said:
You won't experience any delays - but in cost of manually editing the list. And no popups, it's simply a linux binary. After replacing su binary you may uninstall Java part.
I did experience lags when using Superuser and SuperSU. I don't think modern device would benefit from SimpleSU. I expect to free 15-20MB. Good for Streak with 512MB.
I may eventually write a list editor, but most probably won't.
Again, this tool would do as preinstalled SU solution in Custom ROM (though i can't test >2.3 compatibility):
Grant predefined (and included in ROM) apps the superuser rights.
Allow end-user to choose and install he's preffered SU solution right from Play Store.
--
Have fun,
Sergei
Click to expand...
Click to collapse
Exactly what I searched, thanks :good:
I will test it on my old Desire with Android 4.1, I can tell you whether it's compatible or not.
nice tool...very lite. i m using this in extreme barebone roms for my galaxy mini. really nice, but the problem is only some apps r being granted permissions, some denied.
i hope u increase the list of activities. then this is a hit for me
good luck..
Android_United said:
nice tool...very lite. i m using this in extreme barebone roms for my galaxy mini. really nice, but the problem is only some apps r being granted permissions, some denied.
i hope u increase the list of activities. then this is a hit for me
good luck..
Click to expand...
Click to collapse
Can you provide an example of app you have added to the access list, but it didn't work?
i looked in the op and still dont understand how to install?? flash the simple SU zip in recovery.. then what???
evo401 said:
i looked in the op and still dont understand how to install?? flash the simple SU zip in recovery.. then what???
Click to expand...
Click to collapse
if you couldnt read/understand the OP, then your probably better off sticking with SuperSU or SuperUser...
Heres my non-developer understanding (potentially flawed):
Its a binary, with manual entry's (IE text editing) of pre-approved apps, it doesnt have a frontend/gui like SuperSU or SuperUser which allow you to graphically chose what to allow and what to deny...
OP: I like it so far, as for your thoughts on a graphical editor, I for one would love to see one, and before I get jumped for saying then whats the difference between the other options, an editor would be short and sweet, open, edit list, close, ram once again free (since that is the concern), instead of having it stay resident in RAM...
On that note, if I may, there are tools like Rays Toolbox and Android Tuner (formerly system tuner), that I would like to put in a feature request for them to add an editor in the app (Android Tuner already has a few editor's, adding a SimpleSU editor would just add to the overall completeness of the toolkit) to edit the list for SimpleSU, with your permission of course!
Thanks again!
Latest version working on Galaxy fit !!! It really imporves performance on low ram(We got 256mb) devices maybe OP might consider sharing it by moving thread to a more general location on xda rather than on a device forum my thoughts.
Dark Passenger said:
Latest version working on Galaxy fit !!! It really imporves performance on low ram(We got 256mb) devices maybe OP might consider sharing it by moving thread to a more general location on xda rather than on a device forum my thoughts.
Click to expand...
Click to collapse
Yes, exactly.. it works on galaxy y duos and galaxy yseries.. its better to move it to android app development section may be? as it will get more support there i feel.. Please do consider op.. And thanks for this cool app.. Its awesome. And i dont think it needs an editor, as we can have editors from many apps .. i have around 4-5 apps which has editors.. surely users who use this app will be bit advanced users..
and i bet all of them will have file editors.. and all file explorer apps comes with editors nowadays.. well , just my thoughts.. but if you can keep the file browser to bare minimum and keep size of apk less.. then i would surely like to see it too
i am hoping to use this from now on.. so i will give review for new updates.. have you pushed it to play store? i think you should do that.. many will like this idea!
Thanks again..
As far as i understood we can edit it to add new apk names to give permission.. Because Android_united kinda confused me.. So, asked this again.. i did use it and it did worked.. its just may be he didnt see that?
Works like a charm! The only problem I had is that I was doing this through Terminal Emulator, and for some reason, when i did all this, superuser perrmisions were not granted for Terminal Emulator. After a little digging i found that i have to add this line
Code:
jackpal.androidterm2
and leave the one that's there by default
Code:
jackpal.androidterm
to the dsc.su_list
Now it works, i have SU for Terminal Emulator, Adfree, and i added SetDNS (Impossible to use Google play on CM7.2 without it )
I like the idea of this but be extra careful to only whitelist activities you really use.
I could imagine a malware somehow managing to enter your system and masquerading as one of the prepopulated entries in dsc.su_list, though of course no such vulnerability exists so far.
Thank you for feedback.
--
I cannot publish it on Play Store - it's not an Android app. To publish it, i need to write SimpleSU Installer, or something like that (see below).
--
Regarding editor - it would be nice if someone else would write it I really don't expect to have enough free time required.
--
A 0.4 version i consider as stable (revised potentially bad code with possible string overflows) attached to first post.
--
Malware that could act as Java class - i thought of several scenarios, but any requres root access beforehand. And if you install an app - it's your responsibily to be careful.
--
Have fun,
Sergei
_n0p_ said:
Can you provide an example of app you have added to the access list, but it didn't work?
Click to expand...
Click to collapse
titanium backup, es-file explorer. i tested wit only these 2. as these 2 weren't gaining root access, so i stopped using this. if u want me to test wit more apps, i can help u out.
will be using this surely once it receives more updates :good:
:good: gud luck..
Related
Hi,
I have a customer , say Foo. Foo has a requirement that the Android device should only have the Calling application,SMS application, Address book ,camera application and Foo's application. No other application should be allowed to install but an update of Foo's application should be allowed.
One solution i see is running shell scripts from Foo's application
- The shell script will rename or disable all the unwanted applications
- I am not very convinced y this solution because
1. Once u rename the apps. Its not very clean.. When u click on the app icons it will give u not very pleasant errors
2. Once renamed. Even after a wipeout the applications will still remain renamed. so they still remain useless unless enabled again
3. The shell commands are executed by private APIs. These can lead to future breaks
4. AFAI see.. the custom ROM may take same amount of time.
5. Not sure but even after rename. the user can download the app and use
Another solution i see is build on the 2.2 source and modify the PackageInstaller application to only allow installation of Foo's application.
But Foo would want the device dependency to be as less a possible. Foo wants that this custom ROM should be able to be flashed on all devices that came with stock 2.2
I request for suggestions and advices to implement this security policy.
Many Thanks,
Biju Chandran
Hi Guys,
Please help!
Regards
Biju Chandran
Does the OS itself include a text editor? I want to be able to ssh into my phone (a Samsung Galaxy SII running stock 2.3 if it's in any way relevant) and edit configuration files on the command line.
I have already installed an ssh server and have poked around in the OS and the only option I could find was sed which, although excellent for its intended task, is far from user friendly for editing config files.
I'm not surprised that there is no emacs, or even vi (my favourite) but I thought that at least ex would be available.
Just to make it absolutely clear, I am not looking for a marketplace type app, I am looking for command line editor within the OS itself.
lotus49 said:
Does the OS itself include a text editor? I want to be able to ssh into my phone (a Samsung Galaxy SII running stock 2.3 if it's in any way relevant) and edit configuration files on the command line.
I have already installed an ssh server and have poked around in the OS and the only option I could find was sed which, although excellent for its intended task, is far from user friendly for editing config files.
I'm not surprised that there is no emacs, or even vi (my favourite) but I thought that at least ex would be available.
Just to make it absolutely clear, I am not looking for a marketplace type app, I am looking for command line editor within the OS itself.
Click to expand...
Click to collapse
If you root, you can install busybox, which includes vi.
Excellent, that's what I needed to know.
I thought busybox was already installed because I remember seeing all the binaries in /system/bin linked to the same binary but having checked I see it's something called toolbox, which is presumably something similar but not as good.
Since I had already rooted my phone and in the process, installed busybox, I thought I was home and dry.
Unfortunately, when I tried running busybox, it appears that it doesn't include vi or at least the version I have doesn't.
Code:
# busybox vi
vi: applet not found
It looks like my problem is still unsolved after all .
Root Checker will verify if it's installed correctly. Advanced mode will list all the commands included. You can use this to install or update it.
Thanks for your help. The first app verified that I do have busybox installed but as I thought, my version doesn't include vi.
The second suggestion did try to install a newer (and more complete) version of busybox. It didn't appear to succeed but I'm reasonably confident of being able to debug this myself without further help.
Here is my new ASOP distribution. I made no changes to the GUI but unlock all hidden Features and install BusyBox and a terminal. Superuser.apk doesn't work anymore with 4.2, so I have written quick-and-dirty replacement. But be warned: It gives alls apps root rights without asking. Install only apps you really trust. There is a new command "setup-swap". You can create or delete a swap file with it, if you need more memory. "install-gapps" doesn't work currently.
The "install-gnu" plug-in is much bigger now. It supports I18N and UTF-8 now. Your terminal is in the same language you set in the Android config. And I have added more programming languages, too. So if you want a real GNU environment on your Tablet, just type "install-gnu" on the command line. A Bluetooth keyboard is highly recommended.
Because of the December bug here is version 4.2.1 now:
Mirror 1
Mirror 2
My public key is here and here is the signature.
You install it like a factory firmware, so you need "fastboot" in your "PATH", then run "flash.sh". Warning: All data will be overwritten.
Supersu
x-alina said:
Superuser.apk doesn't work anymore with 4.2, so I have written quick-and-dirty replacement
Click to expand...
Click to collapse
Rom sounds good, might flash it, but about superuser, it hasn't worked very well since ICS was introduced (IMO), i have alsways used SuperSU, although 4.2 doesn't have full multi user settings on SuperSU yet, it has been patched to work. Just sayin XD
Also, have you thought about making some of these things flashable (like the install GNU and setup Swap) as I would love these alongside Paranoid android XD
Awesome stuff though =D
Thanks for your work! will test this out!
Nice work, will test it in some time.
All Mirrors are up and running now.
Sorry for the inconvenience.
Android 4.2.1 for Nerds
Because of the December bug here is version 4.2.1 now:
Mirror 1
Mirror 2
I'll test and sent you feedback...
x-alina said:
Here is my new ASOP distribution. I made no changes to the GUI but unlock all hidden Features and install BusyBox and a terminal. Superuser.apk doesn't work anymore with 4.2, so I have written quick-and-dirty replacement. But be warned: It gives alls apps root rights without asking. Install only apps you really trust. There is a new command "setup-swap". You can create or delete a swap file with it, if you need more memory. "install-gapps" doesn't work currently.
Try this mod for root permissions. http://forum.xda-developers.com/showthread.php?t=1663222
Click to expand...
Click to collapse
Inspired by SimpleSU (I really love it), which is not so simple to use after all (mainly because it is intended for shipping in the ramdisk or the likes), and closed source, I made my own superuser implementation, µSuper.
I provide it to you, mainly so you can give me some feed back or just try it, whatever you prefer.
Just like SimpleSU it uses a text file.
Unlike SimpleSU this text file contains the UIDs of the apps, not their package names (which makes µSU less vulnerable to frauds). It is also not on the hard to access /system partition, but in the private data directory of µSU, and globally set to read-only.
With only 309 SLOC (app and binary combined) I think it is safe to say that it is really tiny.
The source code is publicly available on Github.
@MarcoToo I know this has been here for ages but I'm amazed this thread has less than 600 views and You've only got 3 thanks... It's my favourite SuperUser app as it uses next to no resources. The only thing wrong is that it won't work with anything above JellyBean 4.2.2 which is a shame; I don't supposed you plan to support further Android versions? or is it easy for me to build this to support further versions?
Thanks anyway, all the people not using this are missing out
HTCDreamOn said:
@MarcoToo I know this has been here for ages but I'm amazed this thread has less than 600 views and You've only got 3 thanks... It's my favourite SuperUser app as it uses next to no resources. The only thing wrong is that it won't work with anything above JellyBean 4.2.2 which is a shame; I don't supposed you plan to support further Android versions? or is it easy for me to build this to support further versions?
Thanks anyway, all the people not using this are missing out
Click to expand...
Click to collapse
theres a reason to it, because the developer hasn't kept the app updated, while supersu is updated almost weekly. The lastest SuperSU has way more support as to this because it is outdated, and in beta at that. Safer and more compatible alternative would be SuperSU
Aiko0923 said:
theres a reason to it, because the developer hasn't kept the app updated, while supersu is updated almost weekly. The lastest SuperSU has way more support as to this because it is outdated, and in beta at that. Safer and more compatible alternative would be SuperSU
Click to expand...
Click to collapse
I see your point but I still stick with this SU: SuperSU is closed source, and even Koush' open source Superuser app is theoretically less secure than this, due to the whole granting mechanism; with µSuper the user must explicitly select which apps gain su access whether they ask for it or not, and the code is so small there's little which could go wrong. Each to their own, though , I use this because the Desire Z is lacking in memory and CPU power so every little helps, but on a more powerful device it wouldn't bother me.
HTCDreamOn said:
I don't supposed you plan to support further Android versions? or is it easy for me to build this to support further versions?
Click to expand...
Click to collapse
I think the location for app files has changed from /data/data to something else. Since µSuper's su binary uses a hardcoded path to the permissions file (using an environment variable would be quite unsafe), the only things you would have to change are the targetSdkVersion in the app's AndroidManifest.xml and (if it did change) the path to the permissions file in su.c.
MarcoToo said:
I think the location for app files has changed from /data/data to something else. Since µSuper's su binary uses a hardcoded path to the permissions file (using an environment variable would be quite unsafe), the only things you would have to change are the targetSdkVersion in the app's AndroidManifest.xml and (if it did change) the path to the permissions file in su.c.
Click to expand...
Click to collapse
Forked and synced let's see if I can fix this for later versions I don't suppose you'd know how to implement this into a ROM (using source code)? From the README I assume I'm allowed to
Hi,
Some users don't root their devices or, even if rooted, some stock kernels don't includes support for init.d scripts folder.
With this simple app you can define a folder (at sdcard) containing all your initialization scripts and execute it after the boot sequence.
Note that some scripts (like the scripts needed to set min/max CPU speed) needs root permissions.
Operation is very simple, and you only need to select the scripts folder and activate the "run on boot" checkbox.
Note that you can provide superuser permissions to the scripts if you will.
Link: https://play.google.com/store/apps/details?id=com.ryosoftware.initd
First x) Awesome app mate!
Keep up the good work, and this is definitely a great tool.
Sent from my Nexus 5
any chance for a download link that isnt google play? (i run gapp-less on my att s3 i747)
thanks for good work regardless.
peace.
err on the side of kindness
Can I integrate this in my rom?
Can't run from /system/etc/init.d ?
Please help, and thanks for the great work.
Hello,
How can we make sure the init.d start soon enough ? Sooner than debuggerd ?
Would it start soon enough to remount important folders elsewhere before they are called ?
Same question
When does the script added to init.d actually run ?
Has the OS fully booted and are all services started/ready ?
Is this documented somewhere ? How can I tell ?
Thank you