Profile

Cover photo
Pascal Heidmann
Works at Pokémontrainer
Lives in Vertania City
63 followers|97,455 views
AboutPostsPhotos

Stream

Pascal Heidmann

Shared publicly  - 
 
Gotta see the video on your mobile with gyroscope!
Image quality and music are not that awesome but still seeing an interactive 360° video is a cool experience
 
Another insanely cool 360 video :o

Open this in Chrome or on an Android phone!
126 comments on original post
1
Add a comment...

Pascal Heidmann

General Discussion  - 
 
An 1+1 invite randomly popped up in my inbox:
https://account.oneplus.net/invite/claim/GLVD-XTRW-GLTE-FH6E
Good luck!
1
Add a comment...

Pascal Heidmann

Shared publicly  - 
 
Irgendwie musste ich dann doch schmunzeln - ausgerechnet, die davon profitieren sollen, weisen darauf hin, dass es vor allem eines ist: schädlich für alle Beteiligten.

#lsr  
 ·  Translate
Verlegerverbände aus Spanien, Italien und Frankreich sehen die EU-Kommission in der Pflicht, sich gegen Entwicklungen wie das neue spanische Leistungsschutzrecht zu stemmen. Die Informationsfreiheit sei in Gefahr.
1
Add a comment...

Pascal Heidmann

Shared publicly  - 
1
Add a comment...

Pascal Heidmann

Shared publicly  - 
 
Go go go! getting the #AndroidLSDK could be faster ;)
Want to try #Camera2 APIs :)
1
Add a comment...
Have them in circles
63 people
Joachim Schumacher's profile photo
plattenschubser_ENL chris's profile photo
Guus van Weelden's profile photo
Uwe Joswig's profile photo
ZeltHost Network's profile photo
Julian Kauk's profile photo
Appexam's profile photo
Tobias Martin's profile photo
Michael Ifeanyichukwu's profile photo

Pascal Heidmann

Shared publicly  - 
 
Cause JavaScript can only work with jQuery.

Via +Michael Panzer​ & +Sebastian Mauer
1
1
Guus van Weelden's profile photo
Add a comment...

Pascal Heidmann

Shared publicly  - 
 
Boom!
1
Add a comment...

Pascal Heidmann

Shared publicly  - 
 
As +Andreas Proschofsky wrote: deciding which phone to select based on open bootloaders gets more important.
+Sony Xperia, +HTC and even some +Motorola Mobility and +ASUS devices come into my mind but sadly there aren't any other big android manufactures that care about their passionate developer fans. Is it a coincidence that these are the same major manufactures that make some of the best android devices even if they aren't the ones with the biggest marked share?
(I don't want to forget the nexus series as my daily driver is an of course rooted and modded Nexus 5 but they are indented for devs and have this great fastboot oem unlock support build in)
 
On LPX13D, SELinux, and root

As promised, here are some more details about the current situation.

Why it breaks

Google has really put some effort into better securing Android, and we've seen a lot of SELinux related commits to the AOSP tree over the past months. There is some disconnect between the AOSP tree and actual L preview builds, some things from AOSP are not in the L preview build, and vice versa. Ultimately, it's a pretty good bet these things will mostly align, though.

On most devices and firmwares, SuperSU's daemon is started by the install-recovery.sh service script that runs at system boot time, as user root with the init context. This is what the daemon needs to function.

Recently, they've started requiring all started services to run in their own SELinux context, instead of init. Developers and security guys following AOSP have known this was coming; AOSP builds have been logging complaints about this specific service not having its own context for a while now.

Now this script runs as root, but as the install_recovery context, which breaks SuperSU's operation, as it is a very restrictive context.

In the last AOSP build I have tried (a few weeks old), there were a fair number of other holes that we could use to launch the daemon. At first glance(!), it seems those have all been closed. An impressive feat by the guys working on this, if it proves true.

How to fix it

To fix root, all that really had to be done was ensure the daemon's startup script is run at boot as the root user with the init context.

There are multiple ways to do this, but unfortunately for now it seems that it does require a modified kernel package (changing the ramdisk).

In the modified kernel packages I've posted for the Nexus 5 and Nexus 7, the daemon's startup is fixed by commenting out the line in init.rc that forces the install-recovery.sh script to run as the install_recovery context, so now it runs as init again, and all is well.

Repercussions

As stated above, it seems for now that modifications to the kernel package are required to have root, we cannot attain it with only modifications to the system partition.

Combine that with a locked bootloader (and optionally dm-verity) and a device becomes nigh unrootable - exactly as intended by the security guys.

Exploit-based roots are already harder to do thanks to SELinux, and now because of the kernel requirements for persistent root, these exploits will need to be run at every boot. Exploits that make the system unstable (as many do) are thus out as well.

Of course, this is all dependent on OEMs implementing everything exactly right. If a certain OEM doesn't protect one of their services correctly, then we can leverage that to launch the daemon without kernel modifications. While I'm fairly certain this will be the case for a bunch of devices and firmwares, especially the earlier L firmwares, this is not something you should expect or base decisions on. It is now thus more important than ever to buy unlocked devices if you want root.

It might also mean that every firmware update will require re-rooting, and OTA survival mode will be broken. For many (but far from all) devices we can probably automate patching the kernel package right in the SuperSU installer ZIP. We can try to keep it relatively easy, but updating stock firmwares while maintaining root is probably not going to work as easy and fast as it did until now.

Apps need updates

Unsurprisingly, with a new major Android release, apps will need updates. None more so than apps that go beyond the Android API, as root apps do, but even some non-root apps will be affected by the security changes.

As one example, someone posted in the SuperSU thread of a kernel flashing app that didn't work. From the logcat you could see that it was looking for partitions in /dev/block from its normal non-root user and non-init context. That used to be possible, but now it is restricted: normal apps no longer have read access there. 

The solution for that app is actually quite simple: list the /dev/block contents using root instead. But simple solution or not, the app will still need to be updated.

By far most root apps should be updateable for L without too much issue. There are indeed exceptions that will need some special care, but those are rare.

Permissive vs enforcing

The kernel packages I posted for the Nexus 5 and 7 LPX13D  firmware keep SELinux mostly set to enforcing. I say mostly, because SuperSU actually switches a small part of the system to permissive, so apps calling su can do most things without much interference. The details on this are lengthy (yes, your apps will be able to modify policies as well if needed, which should be rare), and I will document these for other developers after L retail release, assuming it will all still work at that time.

Alternatively, you can set the whole system to permissive or otherwise disable SELinux. There are other kernel packages released that indeed do this. The advantage here is that it instantly fixes some apps' issues, as the SELinux based restrictions have all gone the way of the dodo. The disadvantage here is that you've just shut down a major part of the security system of the device.

Some would argue that a device with an unlocked bootloader, root, encrypted modem firmwares of which nobody really knows what they're doing, etc, is inherently insecure, and thus disabling SELinux doesn't make much difference.

I personally disagree with this. While I do agree that these things weaken security down from the ideal level, I would still not disable more security features than I absolutely need to. Just because you cannot eliminate all attack vectors, is no reason to just completely give up on defending against them.

It is of course your own choice if you want to run a permissive system or not. I will strive to keep everything working in enforcing mode though, and I hope other root app developers will do the same - as stated earlier in the post, I believe this is still possible.

(everything in this post is subject to change for retail L release, obviously)
133 comments on original post
1
Add a comment...

Pascal Heidmann

Shared publicly  - 
 
Now I'm feeling even more convinced that maybe creating a camera app isn't the best way to start Android development but it pays off.
1
1
Volker Graubaum's profile photo
Add a comment...

Pascal Heidmann

Shared publicly  - 
 
 
Favourite thing in my .bashrc remains: 
alias fuck='sudo $(history -p \!\!)' 

Credit - https://twitter.com/liamosaur/status/506975850596536320


#linux   #bash   #unix   #bsd   #osx   #tipsandtricks  
12 comments on original post
2
Add a comment...
People
Have them in circles
63 people
Joachim Schumacher's profile photo
plattenschubser_ENL chris's profile photo
Guus van Weelden's profile photo
Uwe Joswig's profile photo
ZeltHost Network's profile photo
Julian Kauk's profile photo
Appexam's profile photo
Tobias Martin's profile photo
Michael Ifeanyichukwu's profile photo
Work
Employment
  • Pokémontrainer
    present
Links
Other profiles
Contributor to
Story
Tagline
Suck it or lick it - you can decide it!
Places
Map of the places this user has livedMap of the places this user has livedMap of the places this user has lived
Currently
Vertania City
Previously
Hamburg
Apps with Google+ Sign-in