[TOOL] SimpleSU v0.7

[_n0p_]

So.
As i was slowly preparing DSC v2.0 i met a hard decision: what root tool to include
Both Superuser and SuperSU are nice, but quite heavy

I decided to take my own way - rewrite su executable itself to suit my vision:

I've aknowledged that i have not modified my root access list for half a year. I don't need and don't want a separate Java process to control root access. I want a simple way to allow root access for application (via whitelist), but block unwanted (i.e. all not in list). Still, it should allow end-user to install either SuperSU or Superuser.
In short - ideal su solution for myself that should also work good for depersonalized custom ROM (with predefined access list), leaving it to end-user to decide which app he will install for superuser access.
And i didn't find a ready solution, so decided to write my own.

Here it is (attached):

SimpleSU
Simplest and lightest superuser solution (with access control)

How it's done:
Same as usual SU for Linux with control access list read from /system/etc/dsc.su_list
dsc.su_list structure is very simple:
One line per android app (case sensitive), windows and unix line breaks should be supported fine.
Current proposed list for DSC 2.0 (and an example):

dsc.SimpleSU.acl
dsc.settings
dsc.uv
dsc.levels
dsc.mugen
jackpal.androidterm
ru.org.amip.ClockSync
eu.chainfire.supersu
eu.chainfire.supersu.pro
com.ryosoftware.adbw
com.googlecode.droidwall.free
com.noshufou.android.su
de.schaeuffelhut.android.openvpn
de.schaeuffelhut.android.openvpn.installer
com.elsdoerfer.android.autostarts
com.speedsoftware.rootexplorer
com.geeksoft.screenshot
com.rerware.android.MyBackupPro
com.ghostsq.commander
ws.plattner.cifsmanager
mobi.pruss.superdim
com.force.timezonefixer
com.bigtincan.android.adfree

Caller process tree is walked till init, if match is found, access is granted.

How to install?
Via adb shell:

adb push su /system/xbin/
adb shell chmod 6755 /system/xbin/su
adb push dsc.su_list /system/etc
adb shell chown root.root /system/etc/dsc.su_list
adb shell chmod 644 /system/etc/dsc.su_list

Note that you have to manually add entries to white list (/system/etc/dsc.su_list) to grant root access in form of app full Java class name. For example, it's com.keramidas.TitaniumBackup for Titanium Backup.

As pointed by dr911, works in multiuser environment (being a linux binary).

Currenly SimpleSU supports two command formats:

Usual: su -c 'make me a sandwich'. Note that only "-c" works now. Seems to be enough though. Command simply passed to the shell.

Legacy (as seen in Google/Android su source): su username make me a sandwich. Shell is not executed in this case, so no environment variables right now in this format.

Have fun,
Sergei.

Changelog:
02.04.2013: v0.7. ":service" suffix granted root access for already granted app, more logging on reject. (0.6 had only more logging)
27.11.2012: GUI updated - forgot about remounting /system in rw mode. Attached to this post.
21.11.2012: GUI done. http://forum.xda-developers.com/showpost.php?p=34439975&postcount=41
14.11.2012: v0.5. LD_LIBRARY_PATH fixup (taken from ChainsDD), pointed by Rupert Rawnsley. Also some legacy format command-line handling changed. Also, insecure version added (no checks made, asked=granted).
11.11.2012: v0.4. Code cleanup, no longer beta, revised and fixed code with potential string overflows.
09.11.2012: v0.3b. Code changed to allow legacy format command execution.
09.11.2012: v0.2b. Fixed call with multiply parameters. OpenVPN installer works. Dynamic linking, so very small binary. Logging to system log.
07.11.2012: Fixed segmentation fault on reject, added version and build date, removed debug info.

 

[_n0p_]

A request:
If somebody owns Pro/Elite/other commercial Superuser or SuperSU - would you provide it's full Java class name?

For example, it's

eu.chainfire.supersu
com.noshufou.android.su

for free versions.

 

[arryhariyadi]

eu.chainfire.supersu.pro

Sent from my Amazon Kindle Fire using Tapatalk 2

 

[Androidmarketuser]

Can I avoid these little delays (the appearing popup of SuperSU or Superuser) with this alternative?
And if I have Superuser preinstalled can I delete it and are there other files which belongs to it and can be deleted?
Thank you for sharing your work

 

[ItzCrooK2UxD]

com.noshufou.android.su.elite for Superuser Elite

 

[Shree_Jamdar]

Hi

Have you noticed any improvement in terms of speed etc? Is superuser really that heavy? How much RAM can i get by using this and ditching the superuser app? We can use this in our Galaxy 3 forum !

 

[karandpr]

Get the list of all android activities from here
http://activities.droidicon.com/

 

[pawan1993]

Can I avoid these little delays (the appearing popup of SuperSU or Superuser) with this alternative?
And if I have Superuser preinstalled can I delete it and are there other files which belongs to it and can be deleted?
Thank you for sharing your work

Delete system/xbin/su and uninstall your superuser app from the system.

 

[_n0p_]

Oh. Looks SimpleSU got in news

Can I avoid these little delays (the appearing popup of SuperSU or Superuser) with this alternative?
And if I have Superuser preinstalled can I delete it and are there other files which belongs to it and can be deleted?
Thank you for sharing your work

You won't experience any delays - but in cost of manually editing the list. And no popups, it's simply a linux binary. After replacing su binary you may uninstall Java part.

Have you noticed any improvement in terms of speed etc? Is superuser really that heavy? How much RAM can i get by using this and ditching the superuser app? We can use this in our Galaxy 3 forum !

I did experience lags when using Superuser and SuperSU. I don't think modern device would benefit from SimpleSU. I expect to free 15-20MB. Good for Streak with 512MB.
I may eventually write a list editor, but most probably won't.

Again, this tool would do as preinstalled SU solution in Custom ROM (though i can't test >2.3 compatibility):
Grant predefined (and included in ROM) apps the superuser rights.
Allow end-user to choose and install he's preffered SU solution right from Play Store.

--
Have fun,
Sergei

 

[Androidmarketuser]

You won't experience any delays - but in cost of manually editing the list. And no popups, it's simply a linux binary. After replacing su binary you may uninstall Java part.

I did experience lags when using Superuser and SuperSU. I don't think modern device would benefit from SimpleSU. I expect to free 15-20MB. Good for Streak with 512MB.
I may eventually write a list editor, but most probably won't.

Again, this tool would do as preinstalled SU solution in Custom ROM (though i can't test >2.3 compatibility):
Grant predefined (and included in ROM) apps the superuser rights.
Allow end-user to choose and install he's preffered SU solution right from Play Store.

--
Have fun,
Sergei

Exactly what I searched, thanks :good:
I will test it on my old Desire with Android 4.1, I can tell you whether it's compatible or not.

 

[A_U]

nice tool...very lite. i m using this in extreme barebone roms for my galaxy mini. really nice, but the problem is only some apps r being granted permissions, some denied.
i hope u increase the list of activities. then this is a hit for me
good luck..

 

[_n0p_]

nice tool...very lite. i m using this in extreme barebone roms for my galaxy mini. really nice, but the problem is only some apps r being granted permissions, some denied.
i hope u increase the list of activities. then this is a hit for me
good luck..

Can you provide an example of app you have added to the access list, but it didn't work?

 

[P.Mobile]

i looked in the op and still dont understand how to install?? flash the simple SU zip in recovery.. then what???

 

[Hammerfest]

i looked in the op and still dont understand how to install?? flash the simple SU zip in recovery.. then what???

if you couldnt read/understand the OP, then your probably better off sticking with SuperSU or SuperUser...

Heres my non-developer understanding (potentially flawed):
Its a binary, with manual entry's (IE text editing) of pre-approved apps, it doesnt have a frontend/gui like SuperSU or SuperUser which allow you to graphically chose what to allow and what to deny...



OP: I like it so far, as for your thoughts on a graphical editor, I for one would love to see one, and before I get jumped for saying then whats the difference between the other options, an editor would be short and sweet, open, edit list, close, ram once again free (since that is the concern), instead of having it stay resident in RAM...

On that note, if I may, there are tools like Rays Toolbox and Android Tuner (formerly system tuner), that I would like to put in a feature request for them to add an editor in the app (Android Tuner already has a few editor's, adding a SimpleSU editor would just add to the overall completeness of the toolkit) to edit the list for SimpleSU, with your permission of course!



Thanks again!

 

[Dark Passenger]

Latest version working on Galaxy fit !!! It really imporves performance on low ram(We got 256mb) devices maybe OP might consider sharing it by moving thread to a more general location on xda rather than on a device forum my thoughts.

 

[Deadly]

Latest version working on Galaxy fit !!! It really imporves performance on low ram(We got 256mb) devices maybe OP might consider sharing it by moving thread to a more general location on xda rather than on a device forum my thoughts.

Yes, exactly.. it works on galaxy y duos and galaxy yseries.. its better to move it to android app development section may be? as it will get more support there i feel.. Please do consider op.. And thanks for this cool app.. Its awesome. And i dont think it needs an editor, as we can have editors from many apps .. i have around 4-5 apps which has editors.. surely users who use this app will be bit advanced users..

and i bet all of them will have file editors.. and all file explorer apps comes with editors nowadays.. well , just my thoughts.. but if you can keep the file browser to bare minimum and keep size of apk less.. then i would surely like to see it too

i am hoping to use this from now on.. so i will give review for new updates.. have you pushed it to play store? i think you should do that.. many will like this idea!
Thanks again..

As far as i understood we can edit it to add new apk names to give permission.. Because Android_united kinda confused me.. So, asked this again.. i did use it and it did worked.. its just may be he didnt see that?

 

[domcale]

Works like a charm! The only problem I had is that I was doing this through Terminal Emulator, and for some reason, when i did all this, superuser perrmisions were not granted for Terminal Emulator. After a little digging i found that i have to add this line

jackpal.androidterm2

and leave the one that's there by default

jackpal.androidterm

to the dsc.su_list
Now it works, i have SU for Terminal Emulator, Adfree, and i added SetDNS (Impossible to use Google play on CM7.2 without it )

 

[TwoPointZero]

I like the idea of this but be extra careful to only whitelist activities you really use.
I could imagine a malware somehow managing to enter your system and masquerading as one of the prepopulated entries in dsc.su_list, though of course no such vulnerability exists so far.

 

[_n0p_]

Thank you for feedback.
--
I cannot publish it on Play Store - it's not an Android app. To publish it, i need to write SimpleSU Installer, or something like that (see below).
--
Regarding editor - it would be nice if someone else would write it I really don't expect to have enough free time required.
--
A 0.4 version i consider as stable (revised potentially bad code with possible string overflows) attached to first post.
--
Malware that could act as Java class - i thought of several scenarios, but any requres root access beforehand. And if you install an app - it's your responsibily to be careful.
--
Have fun,
Sergei

 

[A_U]

Can you provide an example of app you have added to the access list, but it didn't work?

titanium backup, es-file explorer. i tested wit only these 2. as these 2 weren't gaining root access, so i stopped using this. if u want me to test wit more apps, i can help u out.
will be using this surely once it receives more updates :good:
:good: gud luck..