You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
hmz007 36ed224bac
Rockchip Anroid14_SDK 20240628-rkr5 (2556df1a)
1 year ago
..
app/com/android/google/tools/security/shell_as Rockchip Anroid14_SDK 20240628-rkr5 (2556df1a) 1 year ago
shell-code Rockchip Anroid14_SDK 20240628-rkr5 (2556df1a) 1 year ago
Android.bp Rockchip Anroid14_SDK 20240628-rkr5 (2556df1a) 1 year ago
AndroidManifest.xml.template Rockchip Anroid14_SDK 20240628-rkr5 (2556df1a) 1 year ago
OWNERS Rockchip Anroid14_SDK 20240628-rkr5 (2556df1a) 1 year ago
README.md Rockchip Anroid14_SDK 20240628-rkr5 (2556df1a) 1 year ago
command-line.cpp Rockchip Anroid14_SDK 20240628-rkr5 (2556df1a) 1 year ago
command-line.h Rockchip Anroid14_SDK 20240628-rkr5 (2556df1a) 1 year ago
context.cpp Rockchip Anroid14_SDK 20240628-rkr5 (2556df1a) 1 year ago
context.h Rockchip Anroid14_SDK 20240628-rkr5 (2556df1a) 1 year ago
elf-utils.cpp Rockchip Anroid14_SDK 20240628-rkr5 (2556df1a) 1 year ago
elf-utils.h Rockchip Anroid14_SDK 20240628-rkr5 (2556df1a) 1 year ago
execute.cpp Rockchip Anroid14_SDK 20240628-rkr5 (2556df1a) 1 year ago
execute.h Rockchip Anroid14_SDK 20240628-rkr5 (2556df1a) 1 year ago
gen-manifest.sh Rockchip Anroid14_SDK 20240628-rkr5 (2556df1a) 1 year ago
registers.h Rockchip Anroid14_SDK 20240628-rkr5 (2556df1a) 1 year ago
shell-as-main.cpp Rockchip Anroid14_SDK 20240628-rkr5 (2556df1a) 1 year ago
shell-as-test-app-key.pk8 Rockchip Anroid14_SDK 20240628-rkr5 (2556df1a) 1 year ago
shell-as-test-app-key.x509.pem Rockchip Anroid14_SDK 20240628-rkr5 (2556df1a) 1 year ago
shell-code.cpp Rockchip Anroid14_SDK 20240628-rkr5 (2556df1a) 1 year ago
shell-code.h Rockchip Anroid14_SDK 20240628-rkr5 (2556df1a) 1 year ago
string-utils.cpp Rockchip Anroid14_SDK 20240628-rkr5 (2556df1a) 1 year ago
string-utils.h Rockchip Anroid14_SDK 20240628-rkr5 (2556df1a) 1 year ago
test-app.cpp Rockchip Anroid14_SDK 20240628-rkr5 (2556df1a) 1 year ago
test-app.h Rockchip Anroid14_SDK 20240628-rkr5 (2556df1a) 1 year ago

README.md

shell-as

shell-as is a utility that can be used to execute a binary in a less privileged security context. This can be useful for verifying the capabilities of a process on a running device or testing PoCs with different privilege levels.

Usage

The security context can either be supplied explicitly, inferred from a process running on the device, or set to a predefined profile.

For example, the following are equivalent and execute /system/bin/id in the context of the init process.

shell-as \
    --uid 0 \
    --gid 0 \
    --selinux u:r:init:s0 \
    --seccomp system \
    /system/bin/id
shell-as --pid 1 /system/bin/id

The "untrusted-app" profile can be used to execute a binary with all the possible privileges attainable by an untrusted app:

shell-as --profile untrusted-app /system/bin/id