rootshell: use magic Android GIDs to access sockets

Android kernels with CONFIG_ANDROID_PARANOID_NETWORK extensions set require users to have a few special group IDs before getting network access. Unfortunately, we need to use nightly to get access to the .groups() method.
EFForg · Jul 22, 2024 · f551112 · f551112
1 parent 1db54a5
commit f551112
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 1 deletion.
diff --git a/.github/workflows/build-release.yml b/.github/workflows/build-release.yml
@@ -32,7 +32,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - uses: dtolnay/rust-toolchain@stable
+      - uses: dtolnay/rust-toolchain@nightly
         with:
           targets: armv7-unknown-linux-gnueabihf
       - name: Install cross-compilation dependencies

diff --git a/rootshell/rust-toolchain.toml b/rootshell/rust-toolchain.toml
@@ -0,0 +1,2 @@
+[toolchain]
+channel = "nightly"
diff --git a/rootshell/src/main.rs b/rootshell/src/main.rs
@@ -1,10 +1,20 @@
+#![feature(setgroups)]
+
 //! a simple shell for uploading to the orbic device.
 //! 
 //! It literally just runs bash as UID/GID 0 
 use std::process::Command;
 use std::os::unix::process::CommandExt;
 use std::env;
 
+const ANDROID_PARANOID_NETWORK_GROUPS: &[u32] = &[
+   3001, // AID_BT
+   3002, // AID_BT_NET
+   3003, // AID_INET
+   3004, // AID_NET_RAW
+   3005, // AID_ADMIN
+];
+
 fn main() {
    let mut args = env::args();
 
@@ -14,5 +24,6 @@ fn main() {
 	.args(args)
 	.uid(0)
 	.gid(0)
+   .groups(ANDROID_PARANOID_NETWORK_GROUPS)
 	.exec();
 }