How to open “adb shell” in context of application

2020-03-07 10:27发布

When I just run adb shell, I get shell running from uid=2000(shell) gid=2000(shell), without ptrace access to my application.

How to open a shell with the same UID as launched application?

标签： android adb uid

3条回答

2楼-- · 2020-03-07 11:21

Workaround way using socat:

Add android.permission.INTERNET to your application;
Put socat binary (mirror) to /data/local/tmp/. Ensure everybody can start it;
Add Runtime.getRuntime().exec("/data/local/tmp/socat tcp-l:4446,fork,reuseaddr exec:/system/bin/sh,pty,stderr,setsid"); at startup of your Java-based application;
adb forward tcp:4446 tcp:4446
Use socat `tty`,raw,echo=0,opost=1 tcp:127.0.0.1:4446 on host to connect to the shell in your application context.

Note that this setup is not secure and should not be left in production app.

0人赞添加讨论(0) 举报

3楼-- · 2020-03-07 11:27

Contain the list of applications installed and their corresponding UID's.

Another answer in the same question suggests:

adb shell dumpsys package com.example.myapp | grep userId=

You can then open your shell as normal and run:

$ su <UID>

You should then have the same access and privileges as the app that uses that UID.

0人赞添加讨论(0) 举报

4楼-- · 2020-03-07 11:29

Use run-as <your package name> to switch to your app's UID or run-as <your package name> <command> to run a single command with your app's UID.

0人赞添加讨论(0) 举报