How to open “adb shell” in context of application being debugged (on non-rooted device)?

Question

When I just run adb shell, I get shell running from uid=2000(shell) gid=2000(shell), without ptrace access to my application.

How to open a

Answer 1

From this answer:

• The packages.xml file present in /data/system
• The packages.list file present in /data/system

Contain the list of applications installed and their corresponding UID's.

Another answer in the same question suggests:

adb shell dumpsys package com.example.myapp | grep userId=

You can then open your shell as normal and run:

$ su <UID>

You should then have the same access and privileges as the app that uses that UID.

Answer 2

Workaround way using socat:

1. Add android.permission.INTERNET to your application;
2. Put socat binary (mirror) to /data/local/tmp/. Ensure everybody can start it;
3. Add Runtime.getRuntime().exec("/data/local/tmp/socat tcp-l:4446,fork,reuseaddr exec:/system/bin/sh,pty,stderr,setsid"); at startup of your Java-based application;
4. adb forward tcp:4446 tcp:4446
5. Use socat `tty`,raw,echo=0,opost=1 tcp:127.0.0.1:4446 on host to connect to the shell in your application context.

Note that this setup is not secure and should not be left in production app.

Answer 3

Use run-as <your package name> to switch to your app's UID or run-as <your package name> <command> to run a single command with your app's UID.