2

After reviewing this, I used termux-setup-storage on my phone and Andy Android emulator.

After running the above command, I am able to view root directory with ls on Andy emulator but not on phone.

INFO:
Android version 7.1.1
Xperia XZ
SoftBank locked the phone BIOS (or whatever it was) so I can't root it.
Storage permissions are granted.

What else can I try to use ls on root directory on my phone?

Irfan Latif
  • 20,353
  • 3
  • 70
  • 213
chrips
  • 165
  • 1
  • 2
  • 8
  • 1
    In Linux subject, "root" refers to the root of the file hierarchy /, not "root of Android storage" which is usually /storage/emulated/0. Which one do you mean? – iBug Aug 25 '18 at 17:42
  • root as in / . I didn't mention android storage. The script does a number of things like setup android storage but it also gives permission to view root on Andy and I mean the actual root, so I'm wondering what went wrong on phone – chrips Aug 26 '18 at 04:51
  • You may want to provide more information like Android version. – iBug Aug 26 '18 at 04:53
  • 1
    @chrips Note that termux-setup-storage has no effect on /. Moreover, I'm able to ls / as non-root user, so your situation might very well depend on your phone's configuration of /'s permissions, even moreso when Andy lets you see the directory's contents. – Grimoire Aug 26 '18 at 13:56
  • I'll dig around for an answer and close this if I can't find a solution. It's a pretty general question now – chrips Aug 27 '18 at 03:23
  • Andy is rooted by default, but real Android devices are not. Termux also does not have root user access by default AFAIK, and if your phone isn't rooted won't be able to access much of the filesystem outside of Termux and the SD card anyways, but the answers to this question may help in your situation if your physical device is/can be rooted. – l3l_aze Sep 02 '18 at 05:55
  • Thanks to all for this bounty of information. I can now answer my own question! – chrips Sep 02 '18 at 12:28

2 Answers2

4

termux-setup-storage only grants android.permission.WRITE_EXTERNAL_STORAGE that lets the app access internal SD card i.e. /sdcard.

Android's init creates rootfs / with permissions 0:0 (uid:gid) and 0755 (mode). So the root directory should be accessible to any non-root user.
However SELinux plays its role restricting unauthorized access to rootfs. You can view such policy denials by:

dmesg | grep 'avc: denied'

* Most probably SELinux will deny this command too if run from non-root app

To view all SEPolicy rules, sesearch tool from setools-android can be used.

To set SELinux permissive:

echo 0 >/sys/fs/selinux/enforce
# or
setenforce 0

Or add an exception to SELinux policy:

supolicy --live 'allow untrusted_app rootfs dir { read open }'

* supolicy tool is provided by rooting solutions e.g. Magisk, SuperSu

This policy allows reading rootfs but still you may get errors because reading attributes of files/directories under rootfs isn't permitted by policy.

Also both solutions need root privileges and are nonpersistent i.e. need to be set after reboot.

So if you are running a non-rooted production build of Android (with enforcing SELinux), you won't be able to read rootfs /.

Irfan Latif
  • 20,353
  • 3
  • 70
  • 213
  • Thanks a lot for this. Also: "dmesg | grep 'avc: denied'" gives dmesg: read kernel buffer failed: Permission denied If I cant even use dmesg I think up the creek without a paddle! – chrips Dec 30 '18 at 09:18
  • 1
    @chrips yeah, your SELinux policy doesn't let the dmesg read kernel log, so you get another avc denial while trying to read already occured avc denials – Irfan Latif Dec 30 '18 at 09:32
1

If you can't root your phone, you can't see root / The termux-storage-storage allows you to access SD card storage and NOT root /

Note: Andy emulator IS rooted by default - Thanks l3l_aze, iBug, Death Mask Salesman, Irfan Latif

chrips
  • 165
  • 1
  • 2
  • 8