[Android 4.1] framework-res.apk permission denied

aauer1 · March 25, 2013, 01:57:38 PM

Hello,

I'm currently working on booting Android from SD card. So, we don't need this (strange) Chinese LiveSuit tool.
Right now, I managed to boot the kernel and the init process /init is started, too.

The problem I get is that zygote (app_process) is looking for framework-res.apk and doesn't "find" it or has no permissions. The thing is that the file is there. I have started app_process with strace and can see that framework-res.apk is used as parameter for the function stat64(...). This function returns errno = 13 which means "permission denied". The man page of stat() says that this error is returned if one of the directories doesn't have the search permission. I set all my directories to 0777 and it doesn't work.

I also wrote a little program which calls the stat() function. Giving the program the path to the framework-res.apk file is returning the status code for "regular file". So, in general stat() seems to be working fine but not in the app_process application.

Has anybody an idea what could cause this strange behavior?

Thank you very much,
Andreas

bernard · March 25, 2013, 02:16:36 PM

I have no idea how to help you there, but I certainly am interested in the outcome! I also dislike LiveSuit shortcomings and its lack of published documentation / specifications. (We could re-write it if we at least knew how to talk to those AllWinner CPUs!). The Linux version is not complete either.

JohnS · March 25, 2013, 03:17:27 PM

A couple of ideas: what effective/real id/group is the failing process using? (Just in case it's got no access)
(I expect it's root but maybe it's not.)

Could it be using a different path to the one you think it's using? E.g. bad root dir (for the process) or a non-printing character or ...

John

aauer1 · March 26, 2013, 03:25:50 PM

It seems that it has something to do with the effective user id. I modified the function and added a line to test the failing function (stat()). Additionally I printed the real and effective user id.
During startup the function is called two times. The first call is made with the root user (effective and real uid is 0). This call is successful.
The second call is made with the effective user id 9999. In this time the call fails. So, I think you were right and the problem has something to do with the user id.

Does anybody know how I can fix this? Which user has the id 9999?

Thanks,
Andreas

mb · March 26, 2013, 04:53:11 PM

According to https://github.com/keesj/gomo/wiki/AndroidSecurityUserAndGroups user id 9999 belongs to "nobody". $:-\$

aauer1 · March 26, 2013, 08:00:18 PM

Quote from: mb on March 26, 2013, 04:53:11 PM
According to https://github.com/keesj/gomo/wiki/AndroidSecurityUserAndGroups user id 9999 belongs to "nobody". $:-\$

Thanks for the link. I already found the include file in the source tree. But I don't know, why "nobody" doesn't have permissions to "stat()" the framework-res.apk file. File and directory permissions seems to be fine. Everybody may browse the directories and read the file. So, that shouldn't be a problem.

Another strange thing is, that if I try to switch from user "root" to "nobody" ("su nobody") isn't working because the system says that "/system/bin/sh" could not be opened (permission denied).

Which part of the Android system is managing the access permissions on filesystem level? I think this should be handled by the kernel, shouldn't it? If this is right, it seems to be an kernel issue?!

Hopefully, someone has a clue to solve this problem. I think when the problem is solved, it should be possible to run Android from SD card.

Cheers,
Andreas

JohnS · March 26, 2013, 08:52:56 PM

User nobody is supposed to have very few abilities. Maybe it should not be trying to do whatever it is that's failing (or maybe it's supposed to fail). I think any file/dir it tries to access may need already to be owned by it. It seems to be a semi-documented feature at best so you may have to dig through the kernel / net data

John

aauer1 · March 27, 2013, 11:12:16 AM

I did some reading in the Android source code. I looks like the Android OS has some hardcoded path and file permissions specified in "system/core/include/private/android_filesystem_config.h". I was kind of surprised about that.

However, I disabled switching from root to nobody and the file is now successfully loaded. Perfect. One step closer to have Android running from SD card.

Thanks,
Andreas