Menu
I'm compiling an Android ROM from source, and I have one application that I want it to be pre-installed and have it run with root permission.
How can I grant root access to this specific application, without rooting entire ROM?
799
Typical stock Android ROMs provide root privileges to very few things, in line with the principle of least privilege. Instead, apps are granted the precise permissions they need.
Why exactly do you need this app to have root permissions? You should first look through the list of all the internal unpublished Android permissions to see if one of them does what you want. Since you're building a system app, you can even use signature permissions which are not normally available to other apps. You just need to ensure that your app is signed by the key with which you build the Android ROM - you can then distribute it with the ROM or separately, and it will still have access to the permissions you require.
The advantages of doing it this way are:
So if you can possibly do your task this way, do.
If you really do need root, then things get tricky.
You have three options. In order of preference:
su binary to check exactly who is calling it.If you really do need root, then I would add a new system service. This can run as root. You would then add suitable extra APIs so that your app can call into it - and the permissions can be signature-level so that only your system app can call it. This is the architecturally 'correct' way to do it in Android-land.
The second or third options involve creating some command-line tool which does what you want, but I don't know a secure way for such a tool to check who is calling it. It may be acceptable to allow any app to call this functionality. If so, a new setuid-root executable might be the way to go. However, as I say, I don't know a way to stop other apps running it.
117
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
