A kernel module to provide /system/xbin/su to Android Kernel (especially to WSA)

Overview

WSA-Kernel-SU

Intro

This is a kernel module to provide /system/xbin/su to Android Kernel (especially to WSA).

Only works on 4.17+ kernel. For older kernel, you can refer to the origin repo.

How it works

  • Replace syscall newfstatat, faccessat and execve on /system/xbin/su to /system/bin/sh
  • When execve on /system/xbin/su, change SELinux to permissive, set all kinds of uids and gids to 0 and permit all capabilities.

Improvement

  • Instead of setting SELinux to permissive, we should set the target process to a permissive context
  • Instead of allowing all to access and execute /system/xbin/su, we should allow only permitive uid or gid.

License

GPLv2

Credits

Jason A. Donenfeld for the original implementation

You might also like...
Provide a unified trading framework and connectors to popular trading venues

Boost.connector Provide a unified trading framework and connectors to popular trading venues This is currently NOT an official Boost library. Introduc

Project is to port original Zmodem for Unix to CP/M and provide binaries and source code for platform specific modification as needed. Based on 1986 C source code by Chuck Forsberg

Zmodem-CP-M This repository is intended to foster a RetroBrewComputers community effort to port the original Zmodem source code for Unix to CP/M so ev

Project is to port original Zmodem for Unix to CP/M and provide binaries and source code for platform specific modification as needed. Based on 1986 C source code by Chuck Forsberg

Zmodem4CPM This repository is intended to foster a RetroBrewComputers community effort to port the original Zmodem source code for Unix to CP/M so eve

Using Pi Pico to provide trimwheel for Flightgear Flight Simulator

Trimwheel for FGFS This uses a Rotary Encoder (RE) and a Raspberry Pi Pico (Pico) to connect the RE to FlightGear Flight Simulator as a Pitch Trimwhee

Firmware update for XeniumOS used on Xenium and OpenXenium modchips to provide software fixes and various improvements.
Firmware update for XeniumOS used on Xenium and OpenXenium modchips to provide software fixes and various improvements.

Firmware update for XeniumOS used on Xenium and OpenXenium modchips to provide software fixes and various improvements. About • Features • Installatio

This is a repository entirely dedicated to all kind of questions ranging from basic DSA to CP. It aims to provide a solution to different questions. 📚

🎉 CP-DSA-Questions 🎉 This is a repository entirely dedicated to all kind of questions ranging from basic DSA to CP. It aims to provide a solution to

A python package to provide you with many useful tools for osu! servers, written in C++ for the best speeds possible.

pysu_bindings A python package to provide you with many useful tools for osu! servers, written in C++ for the best speeds possible. What? As most peop

rax/RAX is a C++ extension library designed to provide new, fast, and reliable cross-platform class types.

rax rax/RAX is a C++ extension library designed to provide cross-platform new, fast, and reliable class types for different fields such as work with I

A utility to automate the installation, maintenance, and debugging of Asterisk/DAHDI, while integrating additional patches to provide the richest telephony experience

PhreakScript A utility to automate the installation, maintenance, and debugging of Asterisk/DAHDI, while integrating additional patches to provide the

Comments
  • JavaBinder: !!! FAILED BINDER TRANSACTION !!!

    JavaBinder: !!! FAILED BINDER TRANSACTION !!!

    The hidden API is called through reflection. The original code is complex and simplified to: new android.app.UiAutomation(new HandlerThread("name").getLooper(), new UiAutomationConnection()).connect();

    adb shell "app_process64 ...'" works fine adb shell "su -c 'app_process64 ...'" working abnormally

    Logcat: 2022-08-29 12:46:56.917 212-212/? E/JavaBinder: !!! FAILED BINDER TRANSACTION !!! (parcel size = 192)

    --------- beginning of system
    

    2022-08-29 12:46:56.917 212-212/? W/UiAutomationManager: Error initialized connection android.os.DeadObjectException: Transaction failed on small parcel; remote process probably died at android.os.BinderProxy.transactNative(Native Method) at android.os.BinderProxy.transact(BinderProxy.java:571) at android.accessibilityservice.IAccessibilityServiceClient$Stub$Proxy.init(IAccessibilityServiceClient.java:347) at com.android.server.accessibility.UiAutomationManager$UiAutomationService.lambda$connectServiceUnknownThread$0$UiAutomationManager$UiAutomationService(UiAutomationManager.java:281) at com.android.server.accessibility.UiAutomationManager$UiAutomationService$$ExternalSyntheticLambda0.run(Unknown Source:2) at android.os.Handler.handleCallback(Handler.java:938) at android.os.Handler.dispatchMessage(Handler.java:99) at android.os.Looper.loopOnce(Looper.java:201) at android.os.Looper.loop(Looper.java:288) at com.android.server.SystemServer.run(SystemServer.java:904) at com.android.server.SystemServer.main(SystemServer.java:611) at java.lang.reflect.Method.invoke(Native Method) at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:548) at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:981) 2022-08-29 12:46:56.918 212-212/? E/JavaBinder: !!! FAILED BINDER TRANSACTION !!! (parcel size = 192) 2022-08-29 12:47:01.943 4428-4445/? E/app: Java.Lang.RuntimeException: java.util.concurrent.TimeoutException: Timeout while connecting [email protected][id=-1, flags=0] ---> Java.Util.Concurrent.TimeoutException: Timeout while connecting [email protected][id=-1, flags=0]

      --- End of managed Java.Util.Concurrent.TimeoutException stack trace ---
    java.util.concurrent.TimeoutException: Timeout while connecting [email protected][id=-1, flags=0]
        at android.app.UiAutomation.connectWithTimeout(UiAutomation.java:346)
        at android.app.UiAutomation.connect(UiAutomation.java:276)
    
      --- End of managed Java.Util.Concurrent.TimeoutException stack trace ---
    java.util.concurrent.TimeoutException: Timeout while connecting [email protected][id=-1, flags=0]
        at android.app.UiAutomation.connectWithTimeout(UiAutomation.java:346)
        at android.app.UiAutomation.connect(UiAutomation.java:276)
    

    dmesg: [ 4206.368888] audit: type=1400 audit(1661665816.648:152): avc: denied { getattr } for pid=1874 comm="sh" path="/system/bin/app_process64" dev="pmem0" ino=163 scontext=u:r:su:s0 tcontext=u:object_r:zygote_exec:s0 tclass=file permissive=1 [ 4206.372815] audit: type=1400 audit(1661665816.648:153): avc: denied { execute } for pid=1874 comm="sh" name="app_process64" dev="pmem0" ino=163 scontext=u:r:su:s0 tcontext=u:object_r:zygote_exec:s0 tclass=file permissive=1 [ 4206.375633] audit: type=1400 audit(1661665816.648:154): avc: denied { read open } for pid=1930 comm="sh" path="/system/bin/app_process64" dev="pmem0" ino=163 scontext=u:r:su:s0 tcontext=u:object_r:zygote_exec:s0 tclass=file permissive=1 [ 4206.377713] audit: type=1400 audit(1661665816.648:155): avc: denied { execute_no_trans } for pid=1930 comm="sh" path="/system/bin/app_process64" dev="pmem0" ino=163 scontext=u:r:su:s0 tcontext=u:object_r:zygote_exec:s0 tclass=file permissive=1 [ 4206.379807] audit: type=1400 audit(1661665816.648:156): avc: denied { map } for pid=1930 comm="app_process64" path="/system/bin/app_process64" dev="pmem0" ino=163 scontext=u:r:su:s0 tcontext=u:object_r:zygote_exec:s0 tclass=file permissive=1 [ 4206.410895] audit: type=1400 audit(1661665816.688:157): avc: denied { read } for pid=1930 comm="app_process64" name="u:object_r:dalvik_runtime_prop:s0" dev="tmpfs" ino=85 scontext=u:r:su:s0 tcontext=u:object_r:dalvik_runtime_prop:s0 tclass=file permissive=1 [ 4206.416126] audit: type=1400 audit(1661665816.688:158): avc: denied { open } for pid=1930 comm="app_process64" path="/dev/properties/u:object_r:dalvik_runtime_prop:s0" dev="tmpfs" ino=85 scontext=u:r:su:s0 tcontext=u:object_r:dalvik_runtime_prop:s0 tclass=file permissive=1 [ 4206.419072] audit: type=1400 audit(1661665816.688:159): avc: denied { getattr } for pid=1930 comm="app_process64" path="/dev/properties/u:object_r:dalvik_runtime_prop:s0" dev="tmpfs" ino=85 scontext=u:r:su:s0 tcontext=u:object_r:dalvik_runtime_prop:s0 tclass=file permissive=1 [ 4206.421936] audit: type=1400 audit(1661665816.688:160): avc: denied { map } for pid=1930 comm="app_process64" path="/dev/properties/u:object_r:dalvik_runtime_prop:s0" dev="tmpfs" ino=85 scontext=u:r:su:s0 tcontext=u:object_r:dalvik_runtime_prop:s0 tclass=file permissive=1 [ 4206.425576] audit: type=1400 audit(1661665816.688:161): avc: denied { read } for pid=1930 comm="app_process64" name="u:object_r:dalvik_config_prop:s0" dev="tmpfs" ino=83 scontext=u:r:su:s0 tcontext=u:object_r:dalvik_config_prop:s0 tclass=file permissive=1 [ 4206.740184] binder: 598:598 transaction failed 29201/-1, size 192-16 line 2746 [ 4206.740820] binder: 598:598 transaction failed 29201/-1, size 192-0 line 2746

    After setenforce 0, it can work normally

    WSA:2206.40000.15.0_x64 Kernel: Linux version 5.10.110-windows-subsystem-for-android-20220617 (Ubuntu clang version 10.0.1-++20211003084855+ef32c611aa21-1~exp1~20211003085243.2, LLD 10.0.1)

    opened by dczuo 0
Releases(5.10.43-2-20211102)
Owner
LSPosed
LSPosed
built-in CMSIS-DAP debugger tailored especially for the RP2040 “Raspberry Pi Pico”

RP2040 has two ARM Cortex-M0+ cores, and the second core normally remains dormant. pico-debug runs on one core in a RP2040 and provides a USB CMSIS-DAP interface to debug the other core. No hardware is added; it is as if there were a virtual debug pod built-in.

null 254 Nov 15, 2022
This project contains three scripts to help working with the steam-runtime, especially outside of Steam.

This project contains three scripts to help working with the steam-runtime, especially outside of Steam. See these blog posts for more details: steam-

Jørgen P. Tjernø 12 Sep 27, 2022
It's a static library that's provide a way to do hooking (intercepting software components) in native shared object from some Android Packages

ARM_hook It's a static library that's provide a way to do hooking (intercepting software components) in native shared object from some Android Package

Gabriel Correia 1 Feb 17, 2022
A customized LGL Android mod menu, containing ESP only for PUBG Mobile 1.3.0 for Android

PUBG Mobile ESP Mod Menu A customized LGL mod menu, containing ESP only for PUBG Mobile 1.3.0 for Android. Everything are fixed so it works with both

null 42 Mar 19, 2022
First open source android modding library for Geometry Dash Based on Hooking-and-Patching-android-template

Android-ML First open source android modding library for Geometry Dash Based on Hooking-and-Patching-android-template Installation Download this githu

BlackTea ML 21 Jul 17, 2022
A simple library that helps Android developers to execute JavaScript code from Android native side easily without using Webview.

AndroidJSModule A simple library that helps Android developers to execute JavaScript code from Android native side easily without using Webview. Insta

Hung Nguyen 5 May 24, 2022
A repository for experimenting with elf loading and in-place patching of android native libraries on non-android operating systems.

droidports: A repository for experimenting with elf loading and in-place patching of android native libraries on non-android operating systems. Discla

João Henrique 25 Nov 25, 2022
Android NDK samples with Android Studio

NDK Samples This repository contains Android NDK samples with Android Studio C++ integration. These samples use the new CMake Android plugin with C++

Android 9.2k Nov 19, 2022
A kernel module that patches Linux kernel "on-the-fly" to skip TASK_RSS_EVENTS_THRESH check in check_sync_rss_stat

split-rss-counting-patch A kernel module that patches Linux kernel "on-the-fly" to skip TASK_RSS_EVENTS_THRESH check in check_sync_rss_stat. Why? Read

Bao-Hiep Le 3 Mar 6, 2022
A package to provide plug-in for Livox Series LiDAR.

Livox Laser Simulation A package to provide plug-in for Livox Series LiDAR. Requirements ROS(=Melodic) Gazebo (= 9.x, http://gazebosim.org/) Ubuntu(=1

livox 81 Nov 25, 2022