2

I have an old tablet running LNOS 14.1. It has an external SDCard with some Books, Videos etc. The card is configured as movable storage. .android_secure is an empty directory, and though I haven't deliberately installed any apps on the card, it does appear there are some in the Android directory. I have noticed that though I have root on the tablet, there are things that I can not do via a shell or by ssh'ing in. I can't look in .androd_secure for instance, but more importantly, though I can copy to the root of the SDCard, I can not copy to any of the subfolders! I am able to enter and read from the subfolders, as can apps like Kodi and Librara.

I am sure I have root as I set access permission in Developer tools, and multiple apps have caused the OS to produce pop ups requesting root access. Also, the Root Verifier app reports that I have root. In addition, Termux and simpleSSHD allow me to su - root, & I am able to do some things with root that I can't otherwise. eg. without root I can't write to the SDCard at all! But I still can't do this.

A friend suggested SELinux issues, so I include ls -Z. Is there a way around this?

# whoami
root

pwd


/storage/1dc31997-9ebf-4573-9c75-3e57793b4071


cat /proc/mounts | grep "/storage/1"


/dev/fuse /storage/1dc31997-9ebf-4573-9c75-3e57793b4071 fuse rw,nosuid,nodev,noexec,noatime,user_id=1023,group_id=1023,default_permissions,allow_other 0 0


ls -la


ls: ./.android_secure: Permission denied
total 5852
drwxrwx--x 12 root sdcard_rw    4096 2020-12-12 01:53 .
drwxr-xr-x  5 root root          100 2020-12-11 18:49 ..
drwxrwx--x  5 root sdcard_rw    4096 2020-12-09 22:56 .Trash-1000
drwxrwx--x  2 root sdcard_rw    4096 2020-12-10 22:49 AOSP.7.0.Root.Install.amaces
drwxrwx--x  5 root sdcard_rw    4096 2020-12-09 22:04 Android
drwxrwx--x  2 root sdcard_rw    4096 2020-12-10 04:38 Apps
drwxrwx--x 25 root sdcard_rw    4096 2020-12-06 19:04 Books
drwxrwx--x  2 root sdcard_rw    4096 2020-12-10 22:45 LNOS.14.1.amaces
drwxrwx--x  2 root sdcard_rw    4096 2000-01-02 12:25 LOST.DIR
drwxrwx--x  3 root sdcard_rw    4096 2020-10-25 02:18 TWRP
drwxrwx--x  3 root sdcard_rw    4096 2020-10-29 23:41 Videos
-rw-rw----  1 root sdcard_rw    5294 2020-12-12 01:53 bottled.zip
-rw-rw----  1 root sdcard_rw 5888840 2020-12-11 04:49 org.fdroid.fdroid.privileged.ota_2110.zip


cp bottled.zip bottled.1.zip


ls -lZ


ls: ./.android_secure: Permission denied
total 5848
drwxrwx--x  2 root sdcard_rw u:object_r:fuse:s0    4096 2020-12-10 22:49 AOSP.7.0.Root.Install.amaces
drwxrwx--x  5 root sdcard_rw u:object_r:fuse:s0    4096 2020-12-09 22:04 Android
drwxrwx--x  2 root sdcard_rw u:object_r:fuse:s0    4096 2020-12-10 04:38 Apps
drwxrwx--x 25 root sdcard_rw u:object_r:fuse:s0    4096 2020-12-06 19:04 Books
drwxrwx--x  2 root sdcard_rw u:object_r:fuse:s0    4096 2020-12-10 22:45 LNOS.14.1.amaces
drwxrwx--x  2 root sdcard_rw u:object_r:fuse:s0    4096 2000-01-02 12:25 LOST.DIR
drwxrwx--x  3 root sdcard_rw u:object_r:fuse:s0    4096 2020-10-25 02:18 TWRP
drwxrwx--x  3 root sdcard_rw u:object_r:fuse:s0    4096 2020-10-29 23:41 Videos
-rw-rw----  1 root sdcard_rw u:object_r:fuse:s0    5294 2020-12-12 03:26 bottled.1.zip
-rw-rw----  1 root sdcard_rw u:object_r:fuse:s0    5294 2020-12-12 01:53 bottled.zip
-rw-rw----  1 root sdcard_rw u:object_r:fuse:s0 5888840 2020-12-11 04:49 org.fdroid.fdroid.privileged.ota_2110.zip


mv bottled.zip Videos


mv: bad 'bottled.zip': Permission denied


cd Videos


ls -lZ


total 7434136
-rw-rw---- 1 root sdcard_rw u:object_r:fuse:s0  402069980 2015-07-24 03:56 Hold Fast-15351476.mp4


mv ../bottled.zip .


mv: bad '../bottled.zip': Permission denied
Diagon
  • 153
  • 6
  • 1
    Most probably a problem with SELinux or FUSE. Root isn't always allowed to do anything: https://android.stackexchange.com/a/221485/218526. What's your shell's SELinux context? Did you try with permissive mode? Checked dmesg | grep avc? Tried to write to underlying filesystem bypassing FUSE? – Irfan Latif Dec 12 '20 at 12:52
  • @IrfanLatif - I'm weak on SELinux, so I'm not sure how to set permissive mode (I'll look it up). dmesg produces a lot of avc denied message, but none associated with my attempt to copy into say the Videos subfolder. I'm also not sure how to bypass FUSE, but I'll look that up, too. Thanks for the suggestions. – Diagon Dec 12 '20 at 13:10
  • I see. It's as simple as going to this directory: /mnt/media_rw/1dc31997-9ebf-4573-9c75-3e57793b4071 instead of this one: /storage/1dc31997-9ebf-4573-9c75-3e57793b4071. The latter is a FUSE mounted version of the former. That's supposed to allow users to access it. At least, that's according to the link you offered. (But then why do I need root to even see that latter folder?) – Diagon Dec 12 '20 at 13:18
  • If you want to write that up as an answer, I'll be happy to accept it. – Diagon Dec 12 '20 at 13:42
  • 2
    How about self answering? It's encouraged here. – Irfan Latif Dec 12 '20 at 13:45

1 Answers1

1

@IrfanLatif offered a comment that included an excellent link to all the things root can't do. It turns out, reading a FUSE filesystem owned by another user, is one of them. Android, will mount a device at multiple places, each with different permissions. Going to /storage/[UUID], you are visiting a FUSE filesystem. On the other hand, going to /mnt/media_rw/[UUID], you are visiting the filesystem directly. There may, in addition, be SELinux permission issues, as described in that link, but in my case those did not appear.

$ mount | grep 1dc31997
/dev/block/vold/public:179_97 on /mnt/media_rw/1dc31997-9ebf-4573-9c75-3e57793b4071 type f2fs (rw,dirsync,context=u:object_r:sdcard_posix:s0,nosuid,nodev,noatime,background_gc=on,user_xattr,active_logs=6)
/dev/fuse on /mnt/runtime/default/1dc31997-9ebf-4573-9c75-3e57793b4071 type fuse (rw,nosuid,nodev,noexec,noatime,user_id=1023,group_id=1023,default_permissions,allow_other)
/dev/fuse on /mnt/runtime/read/1dc31997-9ebf-4573-9c75-3e57793b4071 type fuse (rw,nosuid,nodev,noexec,noatime,user_id=1023,group_id=1023,default_permissions,allow_other)
/dev/fuse on /mnt/runtime/write/1dc31997-9ebf-4573-9c75-3e57793b4071 type fuse (rw,nosuid,nodev,noexec,noatime,user_id=1023,group_id=1023,default_permissions,allow_other)
/dev/fuse on /storage/1dc31997-9ebf-4573-9c75-3e57793b4071 type fuse (rw,nosuid,nodev,noexec,noatime,user_id=1023,group_id=1023,default_permissions,allow_other)
Diagon
  • 153
  • 6