Samsung S4 mini custom ROM
Re: Samsung S4 mini custom ROM
I just re-generated the ZIP - now the contents look ok - will try with that one
Re: Samsung S4 mini custom ROM
With the freshly generated zip, your App worked just fine.
So now I only need to find the right SE-Android set of rules to run you app when the phone is operating in "strict" mode.
Thanks for your support!
So now I only need to find the right SE-Android set of rules to run you app when the phone is operating in "strict" mode.
Thanks for your support!
Re: Samsung S4 mini custom ROM
Just out of curiosity: what are you doing? Do you create a custom ROM for some user group? 
I don't think you need any special security settings. The "dangerous" stuff is done in the context of the RIL demon (/system/bin/rild) which should not need additional rights because of rSAP. And the app itself does standard Bluetooth.
I don't think you need any special security settings. The "dangerous" stuff is done in the context of the RIL demon (/system/bin/rild) which should not need additional rights because of rSAP. And the app itself does standard Bluetooth.
Re: Samsung S4 mini custom ROM
Hi - sorry for the late reply.
As you guessed, I am creating a custom ROM with some hardening (SE-Android).
Looking at the system log, I can see that the app is trying to execute a shell script as root in order to modify permissions to /dev/socket (777). Since this is a rather broad requirement: What access does the app actually need - and if it already has access to that specific dev file, will it still try to execute the command as root?
I don't want to grant the ability to execute (any) shell scripts as root on the phone but I could pre-set the permission on the specific dev file as required in the ROM-image itself(?).
As you guessed, I am creating a custom ROM with some hardening (SE-Android).
Looking at the system log, I can see that the app is trying to execute a shell script as root in order to modify permissions to /dev/socket (777). Since this is a rather broad requirement: What access does the app actually need - and if it already has access to that specific dev file, will it still try to execute the command as root?
I don't want to grant the ability to execute (any) shell scripts as root on the phone but I could pre-set the permission on the specific dev file as required in the ROM-image itself(?).
Re: Samsung S4 mini custom ROM
The app itself does not need root on recent phones, the remaining stuff is mostly a leftover from the past which may be necessary on older phones. You can simply check this by denying root access for the rSAP app, it should still work on an S4 mini.
Re: Samsung S4 mini custom ROM
This is the log I get after manually installing the rsap-installer apk (from within recovery, since there is no root-access from within the rom) and running the actual rsap app: (it works ok, when I allow this command to execute)
Apparently it is unable to create /dev/socket/rsap due to file permissions:
But even if i manually set /dev/socket to chmod 777, it still tries to execute the script as root.
Code: Select all
W/System.err( 3128): java.io.IOException: Error running exec(). Command: [su, -c, /system/bin/sh /data/data/com.android_rsap.rsap/files/rsap.sh] Working Directory: null Environment: [EMULATED_STORAGE_SOURCE=/mnt/shell/emulated, ANDROID_SOCKET_zygote=17, SECONDARY_STORAGE=/storage/sdcard1:/storage/usbdisk0, ANDROID_STORAGE=/storage, ANDROID_BOOTLOGO=1, EXTERNAL_STORAGE=/storage/emulated/legacy, ANDROID_ASSETS=/system/app, EMULATED_STORAGE_TARGET_SEC=/storage/emulated_sec, PATH=/sbin:/vendor/bin:/system/sbin:/system/bin:/system/xbin, ASEC_MOUNTPOINT=/mnt/asec, LOOP_MOUNTPOINT=/mnt/obb, BOOTCLASSPATH=/system/framework/core.jar:/system/framework/core-junit.jar:/system/framework/bouncycastle.jar:/system/framework/ext.jar:/system/framework/framework.jar:/system/framework/telephony-common.jar:/system/framework/mms-common.jar:/system/framework/android.policy.jar:/system/framework/services.jar:/system/framework/apache-xml.jar, EMULATED_STORAGE_TARGET=/storage/emulated, ANDROID_DATA=/data, LD_LIBRARY_PATH=/vendor/lib:/system/lib, ANDROID_ROOT=/system, ANDROID_PROPERTY_WORKSPACE=16,49152]
W/System.err( 3128): at java.lang.ProcessManager.exec(ProcessManager.java:211)
W/System.err( 3128): at java.lang.ProcessBuilder.start(ProcessBuilder.java:195)
W/System.err( 3128): at com.android_rsap.rsap.kd.a(kd.java)
W/System.err( 3128): at com.android_rsap.rsap.kd.b(kd.java)
W/System.err( 3128): at com.android_rsap.rsap.kd.a(kd.java)
W/System.err( 3128): at com.android_rsap.rsap.kd.a(kd.java)
W/System.err( 3128): at com.android_rsap.rsap.j.a(j.java)
W/System.err( 3128): at com.android_rsap.rsap.j.a(j.java)
W/System.err( 3128): at com.android_rsap.rsap.rd.run(rd.java)
W/System.err( 3128): Caused by: java.io.IOException: Permission denied
W/System.err( 3128): at java.lang.ProcessManager.exec(Native Method)
W/System.err( 3128): at java.lang.ProcessManager.exec(ProcessManager.java:209)
W/System.err( 3128): ... 8 more
I/BluetoothRSAPPhone( 3128): BluetoothRSAPPhone.setState(ConnectError)
D/dalvikvm( 3128): GC_CONCURRENT freed 1968K, 26% free 6224K/8300K, paused 2ms+2ms, total 73ms
E/BluetoothRSAPPhone( 3128): rsap
E/BluetoothRSAPPhone( 3128): java.io.IOException: Permission denied
E/BluetoothRSAPPhone( 3128): at android.net.LocalSocketImpl.connectLocal(Native Method)
E/BluetoothRSAPPhone( 3128): at android.net.LocalSocketImpl.connect(LocalSocketImpl.java:238)
E/BluetoothRSAPPhone( 3128): at android.net.LocalSocket.connect(LocalSocket.java:108)
E/BluetoothRSAPPhone( 3128): at com.android_rsap.rsap.rd.a(rd.java)
E/BluetoothRSAPPhone( 3128): at com.android_rsap.rsap.rd.run(rd.java)
E/BluetoothRSAPPhone( 3128): /dev/socket/rsap
E/BluetoothRSAPPhone( 3128): java.io.IOException: No such file or directory
E/BluetoothRSAPPhone( 3128): at android.net.LocalSocketImpl.connectLocal(Native Method)
E/BluetoothRSAPPhone( 3128): at android.net.LocalSocketImpl.connect(LocalSocketImpl.java:238)
E/BluetoothRSAPPhone( 3128): at android.net.LocalSocket.connect(LocalSocket.java:108)
E/BluetoothRSAPPhone( 3128): at com.android_rsap.rsap.rd.a(rd.java)
E/BluetoothRSAPPhone( 3128): at com.android_rsap.rsap.rd.run(rd.java)
Code: Select all
root@android:/ # ls -la /dev/socket
srw-rw---- system system 2014-07-27 12:28 adbd
srw-rw---- root inet 2014-07-27 12:29 dnsproxyd
srw------- system system 2014-07-27 12:29 installd
srw-rw-rw- root root 2014-07-27 12:29 keystore
srw-rw---- root system 2014-07-27 12:29 mdns
srw-rw-rw- root system 2014-07-27 12:28 mpctl
srw-rw---- root system 2014-07-27 12:28 mpdecision
srw-rw---- root system 2014-07-27 12:29 netd
srw-rw-rw- root root 2014-07-27 12:28 property_service
drwxrws--- media audio 2014-07-27 12:29 qmux_audio
drwxrws--- bluetooth bluetooth 2014-07-27 12:29 qmux_bluetooth
drwxrws--- gps gps 2014-07-27 12:29 qmux_gps
drwxrws--- radio radio 2014-07-27 12:29 qmux_radio
srw-rw---- root radio 2014-07-27 12:29 rild
srw-rw---- radio system 2014-07-27 12:29 rild-debug
srw-rw-rw- root root 2014-07-27 12:29 thermald-client
srw-rw---- root mount 2014-07-27 12:28 vold
srw-rw---- wifi wifi 2014-07-27 12:29 wpa_wlan0
srw-rw---- root system 2014-07-27 12:29 zygote
root@android:/ # ls -la /dev | grep socket
drwxr-xr-x root root 2014-07-27 12:29 socket
Re: Samsung S4 mini custom ROM
The app should handle the failed operations gracefully. I always deny root access on my phones for my app. What happens when you let it run without root?
Re: Samsung S4 mini custom ROM
Finally got it working - needed a special permission on SE-Android in order to create sockets. Once that was sorted out, the full version is now running fine 
Re: Samsung S4 mini custom ROM
Hey, I'm currently having this problem with Android L! Can you give me a hint what permission to add? I guess this can only be done at build time...?