Login/Register
What linux permissions are needed for SystemProperties.set to work? (android)
Asked Answered
Solved androidlinuxembedded-linux
S

3

5

What linux permissions are needed for SystemProperties.set to work? (android)

I am writing an app that runs in system/app on an android device.

It is running as

android:sharedUserId="android.uid.systemui"

in Android.mk

LOCAL_CERTIFICATE := platform

However, I am finding that I cannot create, write or set a property. In the console, I can do a getprop, setprop. However, my program cannot create it.

ls -l /data/property/

shows it does not exist.

        Slog.d(TAG, "key is not set, will set APPLE");
        SystemProperties.set(keyName, favorite);
        if(SystemProperties.get(keyName).equals(favorite)) {
            Slog.d(TAG, keyName + " = " + SystemProperties.get(keyName));
        } else {
            Slog.e(TAG, "setting SystemProperties failed. value written = " + SystemProperties.get(keyName));
        }

logcat:

Line 1365: D/MyTag( 2593): keyName: persist.fruit.user.favorite
Line 1373: D/MyTag( 2593): keyName has value []
Line 1377: D/MyTag( 2593): key is not set, will set APPLE
Line 1381: E/MyTag( 2593): setting SystemProperties failed. value written =

evidently perhaps it is a matter of insufficient permissions - but which ones?

Sclerite answered 22/12, 2014 at 23:1 Comment(0)
S
9

I had accepted fadden's answer but after more exploration, found it was incorrect though it was very helpful in reaching the correct answer.

step 1: look at the array in https://android.googlesource.com/platform/system/core/+/kitkat-release/init/property_service.c

{ "persist.sys.",     AID_SYSTEM,   0 },

the name of your property should begin with the same key string in the array. thus I had to change my property name to "persist.sys.fruit.user.favorite"

step 2: in your android manifest file, run as user id mentioned in the array above.

<manifest android:sharedUserId="android.uid.system" >
Sclerite answered 16/1, 2015 at 17:0 Comment(0)
G
4

It depends. In the 4.4 "KitKat" release, the list was contained in init's property_service.c (look around line 65). You can see, for example, that properties named debug.* can be updated by the "system" or "shell" user. (The mapping of system-recognized user IDs to numeric values can be found in android_filesystem_config.h.)

Some properties, such as ro.*, persist.*, and ctl.*, have additional restrictions or special behaviors.

In Android 5.0 "Lollipop", the list moved, but the behavior is the same.

Use adb shell ps to see what user ID your app is running under. If it's not system or shell, it won't be able to set system properties.

Griswold answered 23/12, 2014 at 5:50 Comment(5)
thanks for your reply. My permission persist.fruit.user.favorite is not in the list in property_service.c If I understand correctly, are you saying that I would have to edit the file and add my persist.fruit.user.favorite?Sclerite
I am using 4.4 KitkatSclerite
The system property mechanism is complicated and subject to change. I think you should seriously consider not using system properties for whatever it is you're trying to do.Griswold
I found the correct way to get it to work - see my answer belowSclerite
"in Android 5.0 "Lollipop", the list moved" - where has it moved to out of interest?Loosejointed
K
4

TL;DR: The rules on Android 5+ are more or less the same as for Android 4.4. Check the whitelist from the accepted answer and use a system app for writing sysprops.

Since Android 5 access to system properties is controlled only by SELinux policies. Depending on source security context (where you're calling from) you will have access to different system properties, which live in a designated target security context. A system service running in system server has more access than an app running with shared system UID - a system app.

The rules consist of several files:

  • property_contexts - maps system property prefixes to SELinux contexts
  • shell.te - specifies (among other) which properties are settable by ADB shell (or an app with shell UID)
  • system_app.te - specifies which properties are settable by a system app (an app with system UID)
  • system_server.te - specifies which properties are accessible from the system server

Context files are available on the device in location that varies with system version. *.te files are compiled to a binary file.

The default values are stored in AOSP repositories and both the values and the location changed over the years.

Lollipop

Nougat

Oreo

Notes

Generally you'd want to set system properties as a system app with one exception. Only a shell UID app may write log.tag. until Pie. A system UID app may also write log.tag. since Pie.

seapp_contexts defines SELinux contexts for apps. On Pie you can't run an app with shell system UID.

For more information see https://source.android.com/security/selinux/images/SELinux_Treble.pdf

Kirmess answered 18/4, 2019 at 7:24 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.