From 0237cb799bd35707e4d3d0c85200b2dfa42849e0 Mon Sep 17 00:00:00 2001 From: Will Greenberg Date: Mon, 22 Jul 2024 16:48:17 -0700 Subject: [PATCH] rootshell: use magic Android GIDs to access sockets Android kernels with CONFIG_ANDROID_PARANOID_NETWORK extensions set require users to have a few special group IDs before getting network access. Unfortunately, we need to use nightly to get access to the .groups() method. --- .github/workflows/build-release.yml | 2 +- rootshell/rust-toolchain.toml | 2 ++ rootshell/src/main.rs | 11 +++++++++++ 3 files changed, 14 insertions(+), 1 deletion(-) create mode 100644 rootshell/rust-toolchain.toml diff --git a/.github/workflows/build-release.yml b/.github/workflows/build-release.yml index 02a227c..554ad76 100644 --- a/.github/workflows/build-release.yml +++ b/.github/workflows/build-release.yml @@ -32,7 +32,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - uses: dtolnay/rust-toolchain@stable + - uses: dtolnay/rust-toolchain@nightly with: targets: armv7-unknown-linux-gnueabihf - name: Install cross-compilation dependencies diff --git a/rootshell/rust-toolchain.toml b/rootshell/rust-toolchain.toml new file mode 100644 index 0000000..5d56faf --- /dev/null +++ b/rootshell/rust-toolchain.toml @@ -0,0 +1,2 @@ +[toolchain] +channel = "nightly" diff --git a/rootshell/src/main.rs b/rootshell/src/main.rs index cecc5a6..19983e0 100644 --- a/rootshell/src/main.rs +++ b/rootshell/src/main.rs @@ -1,3 +1,5 @@ +#![feature(setgroups)] + //! a simple shell for uploading to the orbic device. //! //! It literally just runs bash as UID/GID 0 @@ -5,6 +7,14 @@ use std::process::Command; use std::os::unix::process::CommandExt; use std::env; +const ANDROID_PARANOID_NETWORK_GROUPS: &[u32] = &[ + 3001, // AID_BT + 3002, // AID_BT_NET + 3003, // AID_INET + 3004, // AID_NET_RAW + 3005, // AID_ADMIN +]; + fn main() { let mut args = env::args(); @@ -14,5 +24,6 @@ fn main() { .args(args) .uid(0) .gid(0) + .groups(ANDROID_PARANOID_NETWORK_GROUPS) .exec(); }