[Q]Restrict certain apps to access /system/xbin - General Questions and Answers

some apps have root detect,most of the checks can be disabled by Xprivacy.
but they still check for the /system/xbin folder to recognize if the device had been rooted or not.
so,as the title,i'd like to know if there is any solution to prevent the apps from accessing the folder.
(now i can use them by set the folder's permission to 0750 rwxr-x---,but i have to launch supersu to correct the permission again after using the apps that will check root)
any suggestion is welcome and thanks for the idea

Related

Giving su rights to an app on a not rooted device

Hey guys,
This is the wrong place forum, but I like you guys, so I will ask you a question
Say there is an app that requires root (in this case Cisco AnyConnect rooted version), but I do not want to have root access enabled from within Android OS. Is there a way to install the app with automatic root access? E.g. by flashing it from within the recovery?
Thanks,
Su
Do it need root access or system permissions ?
If it needs root, you must have "su" in android OS.
If it needs system permisssions, you could push it in /system/app/ or /system/priv-app/ (more access than /system/app/)
Hmm, from the description, it seems like root access... ah well, from the CM11 SuperUser settings, seems like it is possible to automatically deny root access to all requests, and only allow selected apps.
Perhaps this is a better way to set up the device...
Sumanji said:
Hmm, from the description, it seems like root access... ah well, from the CM11 SuperUser settings, seems like it is possible to automatically deny root access to all requests, and only allow selected apps.
Perhaps this is a better way to set up the device...
Click to expand...
Click to collapse
every app that wants SU permission should be prompting you the first time to allow or deny it.
if any app gets SU permission without you allowing it, something is wrong.
what i dont understand is, you said the phone is NOT rooted, then mentioned cm11. if you are running cm11, your phone is already rooted.

Remove Supersu.apk but keek root

In our project we "lock down" the device and let only our homescreen app running.
therefore we remove all unnecessary apps, and wondering if we can remove superuser or supersu.apk
of course we need root rights, but we dont need the controlling app
we have tested it on many devices, there are a lot where we could remove supersu.akp and our app kept the root right, but on many other devices we lost the root when we removed it
is there anything we have to handle before we remove it, or how does it work?
thanks,
@oisiss, root is dependent on whether or not there are the su binaries existent in /system/bin (among other things). SuperSU is just a root management app, and its being installed does not affect the root access in the device.
ИΘΘK¡€ said:
@oisiss, root is dependent on whether or not there are the su binaries existent in /system/bin (among other things). SuperSU is just a root management app, and its being installed does not affect the root access in the device.
Click to expand...
Click to collapse
Hello, thank you for your reply, but i have to disagree:
1., to check whether the device is rooted or not is not as simple to check if the su binary exists in the /system/bin folder. even if that exists it can happen that our app (and of course many others: rootchecker, es file explorer...) doesnt get admin rights
2., if it would be so simple the root checker app in the google play wouldnt have 10M-50M downloads
3., in our app we also check if the device is rooted, for that we check 5-6 methods: if the su exists, remounting rw the system foder, run su command, create and delete file in a secured folder...
4., many threads talking about how to replace supersu with superuser. all is telling to install superuser first and only after remove the original supersu, so they never mention to remove supersu firts
we have in our lab aprx 60 devices, made many tests, and this is my question:
1., when there is a properly rooted rom, checked by rootchecker.apk
2., we delete supersu.apk from the system/bin and restart the device
3., we check with rootchecker.akk again and says unrooted
so is there any hidden settings somewhere where for example there are default setting for granting or denying root request? or why do we loose the admin righs
I think there is an aswer:
if the original root was not complete (http://su.chainfire.eu/), it can cause issues
the Install-recovery.sh has to be corrected before deleting the supersu.apk (su, daemonsu...)
can someone confirm this?
oisiss said:
Hello, thank you for your reply, but i have to disagree:
1., to check whether the device is rooted or not is not as simple to check if the su binary exists in the /system/bin folder. even if that exists it can happen that our app (and of course many others: rootchecker, es file explorer...) doesnt get admin rights
2., if it would be so simple the root checker app in the google play wouldnt have 10M-50M downloads
3., in our app we also check if the device is rooted, for that we check 5-6 methods: if the su exists, remounting rw the system foder, run su command, create and delete file in a secured folder...
4., many threads talking about how to replace supersu with superuser. all is telling to install superuser first and only after remove the original supersu, so they never mention to remove supersu firts
we have in our lab aprx 60 devices, made many tests, and this is my question:
1., when there is a properly rooted rom, checked by rootchecker.apk
2., we delete supersu.apk from the system/bin and restart the device
3., we check with rootchecker.akk again and says unrooted
so is there any hidden settings somewhere where for example there are default setting for granting or denying root request? or why do we loose the admin righs
Click to expand...
Click to collapse
Please notice how I phrased it like this:
NOOKIE said:
...root is dependent on whether or not there are the su binaries existent in /system/bin (among other things).
Click to expand...
Click to collapse
I am fully aware that root is not as simple as su being in /system/bin. :silly:
oisiss said:
I think there is an aswer:
if the original root was not complete (http://su.chainfire.eu/), it can cause issues
the Install-recovery.sh has to be corrected before deleting the supersu.apk (su, daemonsu...)
can someone confirm this?
Click to expand...
Click to collapse
Yes, this sounds right. :good:

What is "Trust System User" option in SuperSU?

Hello people.
I took it as this option is to make apps that are stored in /system/app gain root access without asking for confirmation. However, the apps that I have moved to /system/app folder still ask for root access nonetheless. Isn't it the system apps that is meant by "system user" in this description?
Its a mode that will always trust the superuser. this mode can be dangerous, since it hides all root privilege pop-ups and assumes an affirmative*

System signing keys

If an application is signed with the system signing keys and installed into system-priv does that application have root privileges? Does it have access to all permissions and have the ability to run shell scripts as root?
Thanks
cbrammer said:
If an application is signed with the system signing keys and installed into system-priv does that application have root privileges? Does it have access to all permissions and have the ability to run shell scripts as root?
Thanks
Click to expand...
Click to collapse
Yes, it certainly does...
Thank you !
cbrammer said:
If an application is signed with the system signing keys and installed into system-priv does that application have root privileges? Does it have access to all permissions and have the ability to run shell scripts as root?
Thanks
Click to expand...
Click to collapse
Not strictly "root" permissions. It has access to "system" and "signatureOrSystem" permissions, which are the highest Android permissions available.
They shouldn't be able to violate the Android sandbox however (i.e. read data from other apps etc), but will have access to do many privileged operations.
pulser_g2 said:
Not strictly "root" permissions. It has access to "system" and "signatureOrSystem" permissions, which are the highest Android permissions available.
They shouldn't be able to violate the Android sandbox however (i.e. read data from other apps etc), but will have access to do many privileged operations.
Click to expand...
Click to collapse
Great answer, thank you! Does it have access to running commands like `pm install ...`, `settings put ...` ?
cbrammer said:
Great answer, thank you! Does it have access to running commands like `pm install ...`, `settings put ...` ?
Click to expand...
Click to collapse
Yes, it can install apps without prompting the user (that's how Google play do it I believe).
You don't need to use the shell commands for this though - you can call the internal APIs when you are signature or system. Check the source for ideas of how to do it. For example the settings app is a good place to figure out how to change system settings in the global settings store, and there are APIs available for this.
I guess he does not need to install root

Install BusyBox with temporary root

I get temp-root with Kingroot(locked bootlader). In some devices you can then install BusyBox, not my case because I don't have write permissions in /system.
If I install it in custom paths I've tried, it isn't detected.
Any ideas?
M4rcs said:
I get temp-root with Kingroot(locked bootlader). In some devices you can then install BusyBox, not my case because I don't have write permissions in /system.
If I install it in custom paths I've tried, it isn't detected.
Any ideas?
Click to expand...
Click to collapse
You cant install busybox without system write permissions and writting in any other location ( example. system/bin or system/xbin ) also requires write access
try magisk for rooting and what is temporary root, kingroot dont give temporary roots although it sometimes gives bootloops:silly::laugh:
Supreme Genius said:
You cant install busybox without system write permissions and writting in any other location ( example. system/bin or system/xbin ) also requires write access
try magisk for rooting and what is temporary root, kingroot dont give temporary roots although it sometimes gives bootloops:silly::laugh:
Click to expand...
Click to collapse
The thing is that I would want to do that with locked bootloader (I know it's possible in some devices).
I don't know exactly what Kingroot does, but it allows me to give root permissions to the apps that request it and everything seems to work except writting in system partition. When I reboot, that "root" disappear, that´s what I thought was called temporary-root.
However, I can write in directories like "/","/storage", but if I install BusyBox there, apps that require it seem unable to detect it.

Categories

Resources