Running an executable as root from init.rc

I know I can’t change the init.rc file because it’s rewritten upon restart.
Hence, I’ve tried something “wrong” just for the sake of it (a temporary solution, only to see if it works) – I have noticed commands like these in init.rc:

service DR-daemon /system/bin/ddexe
class main
user root
group system radio inet net_raw

service SMD-daemon /system/bin/smdexe
    class main
    user root
    group system radio inet net_raw

service BCS-daemon /system/bin/connfwexe
    class main
    user root
    group system radio inet net_raw

I picked one of them, for example connfwexe, and made an executable of my own, under the same name, and replaced the original connfwexe with mine.
one of the commands in my executable was mkdir /sdcard/1234 and indeed, upon restart, the directory appears.
However, another command I’ve tried is either system("setenforce 0"); or system("echo 0 > /sys/fs/selinux/enforce") – none of which is working.
When the device is up again, SELinux is enforcing.

I know that root can set it to permissive (I can directly from the shell) and system cannot; question is, why the services above, that are run as root, are not able to set SELinux to permissive? is it because I’m using the “system()” call? or maybe the phase where the services are run is too early?
What is wrong here and is it possible for me, this way, to run commands as root?

I know it’s looks like ugly hacking, this will not be the final solution, but only for learning porpuses, so please spare unhelpful comments such as “you shouldn’t do so”. Thanks


Source: linux

Leave a Reply