You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
hmz007
36ed224bac
|
1 year ago | |
|---|---|---|
| .. | ||
| app/com/android/google/tools/security/shell_as | 1 year ago | |
| shell-code | 1 year ago | |
| Android.bp | 1 year ago | |
| AndroidManifest.xml.template | 1 year ago | |
| OWNERS | 1 year ago | |
| README.md | 1 year ago | |
| command-line.cpp | 1 year ago | |
| command-line.h | 1 year ago | |
| context.cpp | 1 year ago | |
| context.h | 1 year ago | |
| elf-utils.cpp | 1 year ago | |
| elf-utils.h | 1 year ago | |
| execute.cpp | 1 year ago | |
| execute.h | 1 year ago | |
| gen-manifest.sh | 1 year ago | |
| registers.h | 1 year ago | |
| shell-as-main.cpp | 1 year ago | |
| shell-as-test-app-key.pk8 | 1 year ago | |
| shell-as-test-app-key.x509.pem | 1 year ago | |
| shell-code.cpp | 1 year ago | |
| shell-code.h | 1 year ago | |
| string-utils.cpp | 1 year ago | |
| string-utils.h | 1 year ago | |
| test-app.cpp | 1 year ago | |
| test-app.h | 1 year ago | |
README.md
shell-as
shell-as is a utility that can be used to execute a binary in a less privileged security context. This can be useful for verifying the capabilities of a process on a running device or testing PoCs with different privilege levels.
Usage
The security context can either be supplied explicitly, inferred from a process running on the device, or set to a predefined profile.
For example, the following are equivalent and execute /system/bin/id in the
context of the init process.
shell-as \
--uid 0 \
--gid 0 \
--selinux u:r:init:s0 \
--seccomp system \
/system/bin/id
shell-as --pid 1 /system/bin/id
The "untrusted-app" profile can be used to execute a binary with all the possible privileges attainable by an untrusted app:
shell-as --profile untrusted-app /system/bin/id