Android : programmatically copying apk to /system/

2019-04-07 00:49发布

I am trying to install a system app from my java code, and so far, I haven't had any success.

Following is what I have done so far:

  1. My device is rooted.
  2. My "installer" app is installed as a system app. (copied it manually to /system/app)
  3. I have signed the installer apk with platform key, and I have android:sharedUserId="android.uid.system" in the Manifest.
  4. I have been trying (and trying, and then some more) for Runtime.getRuntime.exec("su"). I intend to mount the system partition as rw, do a cat for the apk, and then make system partition ro. Following is the list of commands:

    mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system<br>
    cat /sdcard/application.apk > /system/app/application.apk<br>
    mount -o remount,ro -t yaffs2 /dev/block/mtdblock3 /system<br><br>The application.apk here is the app being installed from the installer app. This app is also signed with platform key, and has the sharedUserId configured.
    
  5. I have requested for the INSTALL_PACKAGES permission in the manifest.

I have tried a number of variations of the exec("") format, including using 'su -c' with every command. I have gotten the Broken Pipe exception and Security exception. Sometimes, I don't get an exception, but the file isn't copied.


Please let me know what I am missing here. Has anyone got this working?

Thanks!

1条回答
倾城 Initia
2楼-- · 2019-04-07 01:24

I kept on digging, and here are the results:

  • Android has this check in su.c: ["root of android source"/system/extras/su/su.c]
/* Until we have something better, only root and the shell can use su.*/
myuid = getuid();
if (myuid != AID_ROOT && myuid != AID_SHELL) {
    fprintf(stderr,"su: uid %d not allowed to su\n", myuid);
    return 1;
}

ChainsDD (SuperUser) and cyanogen mod get around this by implementing their own su.c: https://github.com/CyanogenMod/android_system_su/blob/master/su.c

I am accepting this as answer for now.

查看更多
登录 后发表回答