Google Git
Sign in
android / platform / platform_testing / d7fbdad2c / . / utils / shell-as
tree: 845ccdf4c30c684a577b201fb3f35ef2b02f3cbd [path history] [tgz]
  1. app/
  2. shell-code/
  3. Android.bp
  4. AndroidManifest.xml.template
  5. command-line.cpp
  6. command-line.h
  7. context.cpp
  8. context.h
  9. elf-utils.cpp
  10. elf-utils.h
  11. execute.cpp
  12. execute.h
  13. gen-manifest.sh
  14. OWNERS
  15. README.md
  16. registers.h
  17. shell-as-main.cpp
  18. shell-as-test-app-key.pk8
  19. shell-as-test-app-key.x509.pem
  20. shell-code.cpp
  21. shell-code.h
  22. string-utils.cpp
  23. string-utils.h
  24. test-app.cpp
  25. test-app.h
utils/shell-as/README.md

shell-as

shell-as is a utility that can be used to execute a binary in a less privileged security context. This can be useful for verifying the capabilities of a process on a running device or testing PoCs with different privilege levels.

Usage

The security context can either be supplied explicitly, inferred from a process running on the device, or set to a predefined profile.

For example, the following are equivalent and execute /system/bin/id in the context of the init process.

shell-as \
    --uid 0 \
    --gid 0 \
    --selinux u:r:init:s0 \
    --seccomp system \
    /system/bin/id

shell-as --pid 1 /system/bin/id

The “untrusted-app” profile can be used to execute a binary with all the possible privileges attainable by an untrusted app:

shell-as --profile untrusted-app /system/bin/id