Skip to content
/ Almighty Public

[ABANDONED] A new app for granting root access to android apps

License

GPL-3.0 license
3 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

thejh/Almighty

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
res
res
 
 
src/thejh/almighty
src/thejh/almighty
 
 
.classpath
.classpath
 
 
.gitignore
.gitignore
 
 
AndroidManifest.xml
AndroidManifest.xml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
proguard-project.txt
proguard-project.txt
 
 
project.properties
project.properties
 
 

Repository files navigation

This is an android application for granting root access to other apps. To work, it needs the su binary from https://github.com/thejh/almighty_su to be installed as a setuid binary in the PATH.

Design

The only other Superuser app does a few things different - here are the reasons why this app does stuff different.

In general, the codebase of this app should be as small and simple as possible to reduce the attack surface and increase maintainability.

Volatile permission decisions

ChainsDD's Superuser allows users to grant root access only once or permanently. As an app that has obtained root access once can persist this root access anyway (e.g. by dropping a setuid executable in /system), this is only of limited use. However, it means that there must be two code paths for determining whether permissions should be granted, increasing attack surface.

Fine-grained access control

ChainsDD's Superuser grants or denies access for combinations of caller UID, wanted UID and command. However, all apps that use su just request full root access and specify /system/bin/su as command so that they don't have to obtain access for every seperate command. Therefore, this app grants access solely based on the caller's UID.

Logfiles

ChainsDD's Superuser manages logfiles about permission requests. However, as soon as an application has obtained root access, it can alter those logfiles, so they're not very useful. Also, logfiles need some kind of database with purging logic, so they create attack surface.

Architecture

When an app uses su for the first time, su will use an intent to launch thejh.almighty.AskPermissionActivity. This activity asks the user whether he wants to grant full access to the device and store the result in /data/data/thejh.almighty/uid_ok/uid:<uid> as one character (A for "allow" and D for "deny"). Afterwards, it sends SIGKILL to a child of su, thereby notifying su that it should expect a result to be present.

Reporting Bugs

Non-security bugs should be reported at https://github.com/thejh/Almighty/issues (or at https://github.com/thejh/almighty_su/issues if they mainly affect the su binary). For security-relevant bugs, please contact me at jannhorn@googlemail.com.

About

[ABANDONED] A new app for granting root access to android apps

Resources

Readme

License

GPL-3.0 license
Activity

Stars

3 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Languages