I looked at the code (briefly)... I was assuming it checked the manifest as it would be quite an error not too. But I just wanted to sanity check with the community and someone who has studied run as in-depth. On Nov 14, 2012 5:42 AM, "Stephen Smalley" <s...@tycho.nsa.gov> wrote:
> On 11/14/2012 08:37 AM, William Roberts wrote: > >> Looking at run-as it says it allows the caller (shell or root) to setuid >> to an appuid. They give the example of debugging an apk and you want to >> pull a data file off the device. Does the run-as daemon check to see if >> the app is debuggable (debug true in manifest) or can anyone use this to >> pull data and ptrace an app? >> > > run-as checks whether the app is marked debuggable. The source code for > it is in system/core/run-as. It isn't something we added - it is part of > stock AOSP and is expected to work to allow app developers to debug their > apps on even non-rooted devices. So it has to work from an unprivileged > adb shell. That's why we went ahead and did the necessary changes to > run-as and policy to support it. I did define a policy boolean however to > allow disabling it for a hardened configuration. > > > >
