Permission denial on Android 7.1-

[Mygod]

Hi I am not using this library but I have a similar solution that I wrote based on your code and Chainfire's: https://github.com/Mygod/VPNHotspot/tree/master/mobile/src/main/java/be/mygod/librootkotlinx

From my testing on some Android 5-7.1 devices if the app_process is launched directly without being copied to /dev/, likely due to some vendor's kernel patches. (I am seeing mostly Samsung, but also from MTS SMART Sprint 4G, OPPO and LGE.) For example, on some devices fork then exec will fail (Chainfire/librootjava#19), on others it succeeds but the resulting process is very restricted:

echo 1 >/proc/sys/net/ipv4/ip_forward exited with 1
=== stderr ===
sh: can't create /proc/sys/net/ipv4/ip_forward: Permission denied

ndc ipfwd enable wlan1 exited with 4
=== stderr ===
Error connecting (Permission denied)

Any thoughts?

[topjohnwu]

The kernel restriction is applied when launching executable from /data.

[topjohnwu]

I believe launching stuff from /proc is also not allowed, which is why resolving the exe should be required.

[Mygod]

I believe launching stuff from /proc is also not allowed, which is why resolving the exe should be required.

Interesting. Do you have a reference for this? I thought symlink would be resolved first when checking the executable binary.

[vvb2060]

I think it is possible to launch from /proc.
However, procfs is a magic filesystem, its symlinks are not "pure" and come with mount namespace info. Resolving path removes the magic.