I\'m writing an app that will use su
to execute some commands in the linux kernel. I was wondering how SuperUser figures out that the application is asking for root
Actually it's quite simple. Vanilla Android doesn't even have su
or superuser
. When you root the device you run a shell as root. Then you install the su
binary and superuser.apk
. After installing you set the shell back to it's normal permissions. All these root-only apps can now call su
to ask for root access.
When su
is run it calls superuser.apk
with a message asking you whether you want to elevate privileges. The su
binary and superuser.apk
are protected via Android's normal sandboxing. Note that once you give an app root privileges it's free to do whatever it wants including overwriting su with it's own version.
There are two parts to the superuser system - the superuser binary (su on the terminal) and the SuperUser.apk (Android app to manage apps using su). Looking at the source code of the su binary, when you request su access through
Process p = Runtime.getRuntime().exec("su");
it publishes an intent through the android messaging manager that an application has requested for superuser access.
sprintf(command, "/system/bin/am broadcast -a '%s' --es socket '%s' --ei caller_uid '%d' --ei allow '%d' --ei version_code '%d' > /dev/null",action, socket_path, ctx->from.uid, allow, VERSION_CODE);
The manager app listens for this intent and asks the user to handle the request (allow/deny).
When you run this:
Process p = Runtime.getRuntime().exec("su");
You are trying to execute "su" which only an app with superuser permissions can do! So whenever Android detects that you are trying to run "su" It will get that the App will need superuser permissions.
Also, Android has some area reserved which only Android system can access. If your app is trying to access something there, Android will understand that superuser is needed.
For example, say you are trying to modify the host file or modify some network configurations like DHCP. Or you are trying to access files from system area e.g. /data
Android will check if the app has superuser permissions, and then only will grant it access to such things.
About malicious software, whenever an app needs superuser access, system will prompt user to grant or deny superuser permissions to the app. Only then the app can get root access. So it's up to the user to decide, whether to accept or deny root access for any app. (System will prompt user every time an app is trying to access something that needs root access, UNLESS you tell system to remember your choice of acceptance or denial for a particular app.)
PS: You might consider checking out website for Superuser app.