I have an Android app that will create a file in /data/ and immediately delete it. I want to know how can I catch this file or create a copy or even disable user permissions to delete a file? I have root access to the device.
Asked
Active
Viewed 735 times
1
Irfan Latif
- 20,353
- 3
- 70
- 213
Amin
- 49
- 4
1 Answers
1
You can achieve this using busybox inotifyd. Your kernel must be built with CONFIG_INOTIFY_USER=y for this to work. You can confirm with:
~# zcat /proc/config.gz | grep INOTIFY
Or the existence of /proc/sys/fs/inotify directory. /proc/config.gz may not exist on all devices depending on kernel build configuration.
Let's say /data/data/com.xyz/files/ is the directory you want to watch. Write a script to execute when a file or directory is created in the given directory:
#!/system/bin/sh
# remove first argument: EVENT
shift
# create directiry to backup files
mkdir -p /sdcard/backup/
# copy newly created file/directory
[ -e "$1/$2" ] || exit
cp -av "$1/$2" /sdcard/backup/
Place the script at /data/local/tmp/copy_it.sh and chmod a+x. Now execute:
~# inotifyd /data/local/tmp/copy_it.sh /data/data/com.xyz/files:n
Note :n at the end of line, which is the event that reports that a file/directory is created in watched directory. However watches are not established recursively.
For more complex operations, use inotifywait from inotify-tools as explained here.
Irfan Latif
- 20,353
- 3
- 70
- 213