Running under /system/bin on Android 10 still gives restricted SELinux context on Samsung devices

Question

Running under /system/bin on Android 10 still gives restricted SELinux context on Samsung devices

Mygod opened this issue 4 years ago · 1 comments

Only seen in collected analytics. Probably due to KNOX additional security measures.

Answer 1 · 2020-08-07T00:49:17.000Z

A proof of concept script to hijack linker to make appProcess relocation work: (tested on Android 11 beta 3)

mkdir /apex/myfs
mount -t tmpfs -o size=1M tmpfs /apex/myfs
mkdir /apex/myfs/bin /apex/myfs/etc
echo dir.system = /apex/myfs >/apex/myfs/etc/ld.config.txt
# or /system/etc/ld.config.29.txt for API 29
cat /linkerconfig/ld.config.txt >>/apex/myfs/etc/ld.config.txt
cp /system/bin/app_process /apex/myfs/bin
/apex/myfs/bin/app_process