As i was slowly preparing DSC v2.0 i met a hard decision: what root tool to include
Both Superuser and SuperSU are nice, but quite heavy
I decided to take my own way - rewrite su executable itself to suit my vision:
I've aknowledged that i have not modified my root access list for half a year. I don't need and don't want a separate Java process to control root access. I want a simple way to allow root access for application (via whitelist), but block unwanted (i.e. all not in list). Still, it should allow end-user to install either SuperSU or Superuser.
In short - ideal su solution for myself that should also work good for depersonalized custom ROM (with predefined access list), leaving it to end-user to decide which app he will install for superuser access.
And i didn't find a ready solution, so decided to write my own.
Here it is (attached):
Simplest and lightest superuser solution (with access control)
How it's done:
Same as usual SU for Linux with control access list read from /system/etc/dsc.su_list
dsc.su_list structure is very simple:
One line per android app (case sensitive), windows and unix line breaks should be supported fine.
Current proposed list for DSC 2.0 (and an example):
Caller process tree is walked till init, if match is found, access is granted.
How to install?
Via adb shell:
adb push su /system/xbin/ adb shell chmod 6755 /system/xbin/su adb push dsc.su_list /system/etc adb shell chown root.root /system/etc/dsc.su_list adb shell chmod 644 /system/etc/dsc.su_list
As pointed by dr911, works in multiuser environment (being a linux binary).
Currenly SimpleSU supports two command formats:
Usual: su -c 'make me a sandwich'. Note that only "-c" works now. Seems to be enough though. Command simply passed to the shell.
Legacy (as seen in Google/Android su source): su username make me a sandwich. Shell is not executed in this case, so no environment variables right now in this format.
02.04.2013: v0.7. ":service" suffix granted root access for already granted app, more logging on reject. (0.6 had only more logging)
27.11.2012: GUI updated - forgot about remounting /system in rw mode. Attached to this post.
21.11.2012: GUI done. http://forum.xda-developers.com/show...5&postcount=41
14.11.2012: v0.5. LD_LIBRARY_PATH fixup (taken from ChainsDD), pointed by Rupert Rawnsley. Also some legacy format command-line handling changed. Also, insecure version added (no checks made, asked=granted).
11.11.2012: v0.4. Code cleanup, no longer beta, revised and fixed code with potential string overflows.
09.11.2012: v0.3b. Code changed to allow legacy format command execution.
09.11.2012: v0.2b. Fixed call with multiply parameters. OpenVPN installer works. Dynamic linking, so very small binary. Logging to system log.
07.11.2012: Fixed segmentation fault on reject, added version and build date, removed debug info.