I have an app in Android that needs to modify the private databases of other apps using root. The current method works on all devices up to and including Lollypop, but seems to fail on Marshmallow devices due to SELinux.
To modify databases, the app does the following:
- From root:
- Copy target database to my app's folder preserving permissions and ownership (cp -p)
- Change permissions (chmod 777)
- From app, use SQLiteDatabase class to open database and execute queries
- From root
- Move back database and restore permissions
However, on Marshmallow, attempting to open the copied database with SQLiteDatabase fails and yields the follow AVC denial:
avc: denied { open } for path="/data/data/<my app package>/cache/<database>.db" dev="dm-0" ino=509488 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:app_data_file:s0 tclass=file permissive=0
The only thing I've tried is running chcon u:r:untrusted_app:s0 on the file as root, but it says permission denied.
Additionally, from what I've read here: http://ift.tt/1Swcqwf, it appears that SELinux was set to enforcing mode in the 5.0 release, so how come this is only an issue now on 6.0 but wasn't on 5.0?
Aucun commentaire:
Enregistrer un commentaire