-
-
Notifications
You must be signed in to change notification settings - Fork 3.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add custom permission to call TermuxService from external apps #1029
Conversation
Just curious, does this mean that apps with this permission effectively have access to |
No you don't have access to it. You need to use some storage permission I guess. |
Yet another way to do it is to give storage access to termux and store the script where it can find it. |
So I have completed a termux plugin on Easer which fully use the permission. Please have a look here: renyuneyun/Easer#205 |
We discussed this in a chat session (https://gitter.im/termux/dev) today, and I think this is a really interesting thing to have. Some notes from the chat: The thing we want to minimise is the risk for evil apps to infect Termux installations (due to people ignoring/not understanding what the permission does). A conservative change could be to make this some kind of opt in, like requiring a property in termux.properties for this to be allowed Or it could be a runtime permission. Perhaps a dialog like "The app XXX is trying to run a script. Allow that?" with a checkbox to remember the choice though that obviously complicates the code and also the user experience. Thoughts on that? @xeffyr: A dialog like "The app XXX is trying to run a script. Allow that?" with a checkbox to remember the choice seems better than termux.properties. @fornwall What I can't decide on is if that is necessary :). One point is that the app is a terminal emulator, users should be expected to a bit more technically skilled than an average app users and careful with accepting permissions. ... On the other hand, if the effect of opening up permissions is that several users have e.g. their ssh/gpg private keys stolen or likewise, it's bad regardless of if those users can be blamed for not reading through permissions. Feedback, thoughts and ideas are welcome here! Even with the above said I'm leaning against merging this as is. |
As @fornwall said, I am not sure we need to add an extra layer of security. First as it is said the users of termux are expected to be advanced users and so, in my opinion, should be aware of what implies to accept a permission. Well for me even non advanced users should be aware of this... Second, it is the termux app which defines the permission and so the description can be explicit. And if a user do not want to read the permission dialog why should he want to read yet another popup dialog. About the part of "their ssh/gpg private keys stolen or likewise, it's bad regardless of if those users can be blamed for not reading through permissions" you completly right but if the user gives root access to another app, it can also stole its data and termux is not able to protect those data even without speaking of permission. In the end, and this is mostly my really subjective opinion 😃, users are still responsible of what happens and permissions are something which is not just a bother which display annoying dialog. However, if you are still willing something, i will propose to add a notification with multiple actions.
Why I am proposing a notification is because I don't want to be interrupted by something that I may have not ask for (e.g. an automation script). But again for me, this is only an extra layer of security for supposed advanced termux users and I think they do not need that. |
little late too the party, but what about outsourcing this to another app?: #1048 |
@ujeropoc Executing commands via URLs is weird solution from security side. It just won't be possible to use Android permissions here. Main idea is to allow execution only for limited set of applications. That's not possible for URLs - only either allow all URLs or not allow. Whitelisting also bad, think 3 times why... |
What @edaubert suggests, with a dialog that resembles SuperSu's or through a notification, is handy. But it would also be good to be able to pre-configure the permissions before running because, as was mentioned, the point is to run automated and we may not know in advance when this will happen. Edit: My use-case shows that, if this takes on, soon it would be not only the advanced users who use this functionality. So, having a GUI option as well as editing the authorization permissions file manually, would be practical. |
I don't think this needs extra layer of security either, termux is for developers mostly anyway. Having just blanket permission is just fine. But if main devs want extra security, you could restrict it to e.g. directory:
So that apps are allowed to run scripts only from appscripts folder. |
I also agree with the fact that having a working version (whose security can later be improved) is better than not having this functionality at all. |
Would someone be able to provide an example of this being implemented/used? Sending a command an executing from another from another app? I already built a version of termux with this implemented just can't get the other part to work. I want it to work off a button press. Thank You |
@RoninNada Make sure that application implements Termux service call in the way like: // scriptUri is URI path to script file.
Intent executeIntent = new Intent("com.termux.service_execute", scriptUri);
executeIntent.setClassName("com.termux", "com.termux.app.TermuxService");
// Whether to execute script in background.
//executeIntent.putExtra("com.termux.execute.background", true);
if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.O) {
context.startForegroundService(executeIntent);
} else {
context.startService(executeIntent);
} Service access permission must be granted to that "another application" in order to make code above work. |
@xeffyr , thank you so much really helpful |
I'm trying to understand the pushes above, was this merged? Is it now possible to call shell scripts from within other apps? |
It isn't merged and current implementation available here won't be merged. With @fornwall we agreed to:
|
@xeffyr How is that going? |
Re-implementation of #1029. If Termux has property "allow-external-apps" set to "true", a third-party program will be able to send intents for executing custom commands within Termux environment. Third-party program must declare permission "com.termux.permission.RUN_COMMAND".
Implemented in db3ff7b. |
This isn't possible with intents. Here you just start an activity or service with specific parameters. |
@xeffyr but is there any way to achieve what I want? Thanks. |
@xeffyr When will this important improvement be released? :) |
@ZhaoTzuHsien It is already released by db3ff7b in application version 0.95. |
@xeffyr you didn't answer my last question. Is there any way to achieve that? Or will it be possible? Or at least, can I read some file where the output it's being written so I can pool it? Thanks. |
Will be possible as soon as someone will write an API engine for that, with IPC, proper permission checks, etc. |
@xeffyr can support be added so that the |
@xeffyr it seems that the RUN_COMMAND_ARGUMENTS is not working. You are receiving and sending it as a string extra in RunCommandService but receiving it as a string array extra in TermuxService resulting it in being ignored as far as I can see. A simple You probably have your own test app but leaving following instructions for others: The After you grant the permission, you also need to add the
After that you can run the command with a
|
Ok, that's a bug. You can submit a pull request to fix it. |
Should I also include support for passing the background flag as well or not? |
Yes. |
Okay thank. I will do it and let you know. |
as a string array extra instead of a string extra since TermuxService expects it that way. Added "RUN_COMMAND_BACKGROUND" boolean extra so that Termux session can be started in background when running a command. Updated usage docs. Check termux#1029 for details.
I have added a pull request here. Let me know if any changes need to be made. I also updated the docs a bit, I hope that's all right. |
as a string array extra instead of a string extra since TermuxService expects it that way. Added "RUN_COMMAND_BACKGROUND" boolean extra so that Termux session can be started in background when running a command. Updated usage docs. Check #1029 for details.
Can I run the command from another application to termux? Who has a sample for my reference? |
as a string array extra instead of a string extra since TermuxService expects it that way. Added "RUN_COMMAND_BACKGROUND" boolean extra so that Termux session can be started in background when running a command. Updated usage docs. Check termux#1029 for details.
Re-implementation of termux#1029. If Termux has property "allow-external-apps" set to "true", a third-party program will be able to send intents for executing custom commands within Termux environment. Third-party program must declare permission "com.termux.permission.RUN_COMMAND".
as a string array extra instead of a string extra since TermuxService expects it that way. Added "RUN_COMMAND_BACKGROUND" boolean extra so that Termux session can be started in background when running a command. Updated usage docs. Check termux#1029 for details.
Re-implementation of termux#1029. If Termux has property "allow-external-apps" set to "true", a third-party program will be able to send intents for executing custom commands within Termux environment. Third-party program must declare permission "com.termux.permission.RUN_COMMAND".
as a string array extra instead of a string extra since TermuxService expects it that way. Added "RUN_COMMAND_BACKGROUND" boolean extra so that Termux session can be started in background when running a command. Updated usage docs. Check termux#1029 for details.
This pull request is an attempt to provide a solution to #804