http://developer.android.com/guide/topics/security/permissions.html
http://developer.android.com/guide/topics/security/permissions.html
http://developer.android.com/google/index.html
This document describes how application developers can use the security features provided by Android. A more general Android Security Overview is provided in the Android Open Source Project.Android is a privilege-separated operating system, in which each application runs with a distinct system identity (Linux user ID and group ID). Parts of the system are also separated into distinct identities. Linux thereby isolates applications from each other and from the system.Additional finer-grained security features are provided through a "permission" mechanism that enforces restrictions on the specific operations that a particular process can perform, and per-URI permissions for granting ad-hoc access to specific pieces of data.
Security Architecture
A central design point of the Android security architecture is that no application, by default, has permission to perform any operations that would adversely impact other applications, the operating system, or the user. This includes reading or writing the user's private data (such as contacts or e-mails), reading or writing another application's files, performing network access, keeping the device awake, etc.Because Android sandboxes applications from each other, applications must explicitly share resources and data. They do this by declaring the permissions they need for additional capabilities not provided by the basic sandbox. Applications statically declare the permissions they require, and the Android system prompts the user for consent at the time the application is installed. Android has no mechanism for granting permissions dynamically (at run-time) because it complicates the user experience to the detriment of security.The application sandbox does not depend on the technology used to build an application. In particular the Dalvik VM is not a security boundary, and any app can run native code (see the Android NDK). All types of applications — Java, native, and hybrid — are sandboxed in the same way and have the same degree of security from each other.
Application Signing
All Android applications (.apk files) must be signed with a certificate whose private key is held by their developer. This certificate identifies the author of the application. The certificate does not need to be signed by a certificate authority: it is perfectly allowable, and typical, for Android applications to use self-signed certificates. The purpose of certificates in Android is to distinguish application authors. This allows the system to grant or deny applications access to signature-level permissions and to grant or deny an application's request to be given the same Linux identity as another application.
User IDs and File Access
At install time, Android gives each package a distinct Linux user ID. The identity remains constant for the duration of the package's life on that device. On a different device, the same package may have a different UID; what matters is that each package has a distinct UID on a given device.Because security enforcement happens at the process level, the code of any two packages can not normally run in the same process, since they need to run as different Linux users. You can use the sharedUserId attribute in the AndroidManifest.xml's manifest tag of each package to have them assigned the same user ID. By doing this, for purposes of security the two packages are then treated as being the same application, with the same user ID and file permissions. Note that in order to retain security, only two applications signed with the same signature (and requesting the same sharedUserId) will be given the same user ID.Any data stored by an application will be assigned that application's user ID, and not normally accessible to other packages. When creating a new file with getSharedPreferences(String, int), openFileOutput(String, int), or openOrCreateDatabase(String, int, SQLiteDatabase.CursorFactory), you can use the MODE_WORLD_READABLE and/or MODE_WORLD_WRITEABLE flags to allow any other package to read/write the file. When setting these flags, the file is still owned by your application, but its global read and/or write permissions have been set appropriately so any other application can see it.
Using Permissions
A basic Android application has no permissions associated with it by default, meaning it can not do anything that would adversely impact the user experience or any data on the device. To make use of protected features of the device, you must include in your AndroidManifest.xml one or more <uses-permission> tags declaring the permissions that your application needs.For example, an application that needs to monitor incoming SMS messages would specify:<manifest xmlns:android="http://schemas.android.com/apk/res/android" package="com.android.app.myapp" > <uses-permission android:name="android.permission.RECEIVE_SMS" /> ... </manifest>At application install time, permissions requested by the application are granted to it by the package installer, based on checks against the signatures of the applications declaring those permissions and/or interaction with the user. No checks with the user are done while an application is running: it either was granted a particular permission when installed, and can use that feature as desired, or the permission was not granted and any attempt to use the feature will fail without prompting the user.Often times a permission failure will result in a SecurityException being thrown back to the application. However, this is not guaranteed to occur everywhere. For example, the sendBroadcast(Intent) method checks permissions as data is being delivered to each receiver, after the method call has returned, so you will not receive an exception if there are permission failures. In almost all cases, however, a permission failure will be printed to the system log.The permissions provided by the Android system can be found at Manifest.permission. Any application may also define and enforce its own permissions, so this is not a comprehensive list of all possible permissions.A particular permission may be enforced at a number of places during your program's operation:At the time of a call into the system, to prevent an application from executing certain functions.When starting an activity, to prevent applications from launching activities of other applications.Both sending and receiving broadcasts, to control who can receive your broadcast or who can send a broadcast to you.When accessing and operating on a content provider.Binding to or starting a service.Caution: Over time, new restrictions may be added to the platform such that, in order to use certain APIs, your app must request a permission that it previously did not need. Because existing apps assume access to those APIs is freely available, Android may apply the new permission request to the app's manifest to avoid breaking the app on the new platform version. Android makes the decision as to whether an app might need the permission based on the value provided for the targetSdkVersion attribute. If the value is lower than the version in which the permission was added, then Android adds the permission.For example, the WRITE_EXTERNAL_STORAGE permission was added in API level 4 to restrict access to the shared storage space. If your targetSdkVersion is 3 or lower, this permission is added to your app on newer versions of Android.Beware that if this happens to your app, your app listing on Google Play will show these required permissions even though your app might not actually require them.To avoid this and remove the default permissions you don't need, always update your targetSdkVersion to be as high as possible. You can see which permissions were added with each release in the Build.VERSION_CODES documentation.
Declaring and Enforcing Permissions
To enforce your own permissions, you must first declare them in your AndroidManifest.xml using one or more <permission> tags.For example, an application that wants to control who can start one of its activities could declare a permission for this operation as follows:<manifest xmlns:android="http://schemas.android.com/apk/res/android" package="com.me.app.myapp" > <permission android:name="com.me.app.myapp.permission.DEADLY_ACTIVITY" android:label="@string/permlab_deadlyActivity" android:description="@string/permdesc_deadlyActivity" android:permissionGroup="android.permission-group.COST_MONEY" android:protectionLevel="dangerous" /> ... </manifest>The <protectionLevel> attribute is required, telling the system how the user is to be informed of applications requiring the permission, or who is allowed to hold that permission, as described in the linked documentation.The <permissionGroup> attribute is optional, and only used to help the system display permissions to the user. You will usually want to set this to either a standard system group (listed in android.Manifest.permission_group) or in more rare cases to one defined by yourself. It is preferred to use an existing group, as this simplifies the permission UI shown to the user.Note that both a label and description should be supplied for the permission. These are string resources that can be displayed to the user when they are viewing a list of permissions (android:label) or details on a single permission ( android:description). The label should be short, a few words describing the key piece of functionality the permission is protecting. The description should be a couple sentences describing what the permission allows a holder to do. Our convention for the description is two sentences, the first describing the permission, the second warning the user of what bad things can happen if an application is granted the permission.Here is an example of a label and description for the CALL_PHONE permission: <string name="permlab_callPhone">directly call phone numbers</string> <string name="permdesc_callPhone">Allows the application to call phone numbers without your intervention. Malicious applications may cause unexpected calls on your phone bill. Note that this does not allow the application to call emergency numbers.</string>You can look at the permissions currently defined in the system with the Settings app and the shell command adb shell pm list permissions. To use the Settings app, go to Settings > Applications. Pick an app and scroll down to see the permissions that the app uses. For developers, the adb '-s' option displays the permissions in a form similar to how the user will see them:$ adb shell pm list permissions -s All Permissions: Network communication: view Wi-Fi state, create Bluetooth connections, full Internet access, view network state Your location: access extra location provider commands, fine (GPS) location, mock location sources for testing, coarse (network-based) location Services that cost you money: send SMS messages, directly call phone numbers ...
Enforcing Permissions in AndroidManifest.xml
High-level permissions restricting access to entire components of the system or application can be applied through your AndroidManifest.xml. All that this requires is including an android:permission attribute on the desired component, naming the permission that will be used to control access to it.Activity permissions (applied to the <activity> tag) restrict who can start the associated activity. The permission is checked during Context.startActivity()and Activity.startActivityForResult(); if the caller does not have the required permission then SecurityException is thrown from the call.Service permissions (applied to the <service> tag) restrict who can start or bind to the associated service. The permission is checked during Context.startService(),Context.stopService() and Context.bindService(); if the caller does not have the required permission then SecurityException is thrown from the call.BroadcastReceiver permissions (applied to the <receiver> tag) restrict who can send broadcasts to the associated receiver. The permission is checked after Context.sendBroadcast() returns, as the system tries to deliver the submitted broadcast to the given receiver. As a result, a permission failure will not result in an exception being thrown back to the caller; it will just not deliver the intent. In the same way, a permission can be supplied to Context.registerReceiver() to control who can broadcast to a programmatically registered receiver. Going the other way, a permission can be supplied when calling Context.sendBroadcast() to restrict which BroadcastReceiver objects are allowed to receive the broadcast (see below).ContentProvider permissions (applied to the <provider> tag) restrict who can access the data in a ContentProvider. (Content providers have an important additional security facility available to them called URI permissions which is described later.) Unlike the other components, there are two separate permission attributes you can set: android:readPermission restricts who can read from the provider, and android:writePermission restricts who can write to it. Note that if a provider is protected with both a read and write permission, holding only the write permission does not mean you can read from a provider. The permissions are checked when you first retrieve a provider (if you don't have either permission, a SecurityException will be thrown), and as you perform operations on the provider. Using ContentResolver.query() requires holding the read permission; using ContentResolver.insert(), ContentResolver.update(), ContentResolver.delete() requires the write permission. In all of these cases, not holding the required permission results in a SecurityException being thrown from the call.
Enforcing Permissions when Sending Broadcasts
In addition to the permission enforcing who can send Intents to a registered BroadcastReceiver (as described above), you can also specify a required permission when sending a broadcast. By calling Context.sendBroadcast() with a permission string, you require that a receiver's application must hold that permission in order to receive your broadcast.Note that both a receiver and a broadcaster can require a permission. When this happens, both permission checks must pass for the Intent to be delivered to the associated target.
Other Permission Enforcement
Arbitrarily fine-grained permissions can be enforced at any call into a service. This is accomplished with the Context.checkCallingPermission() method. Call with a desired permission string and it will return an integer indicating whether that permission has been granted to the current calling process. Note that this can only be used when you are executing a call coming in from another process, usually through an IDL interface published from a service or in some other way given to another process.There are a number of other useful ways to check permissions. If you have the pid of another process, you can use the Context method Context.checkPermission(String, int, int) to check a permission against that pid. If you have the package name of another application, you can use the direct PackageManager method PackageManager.checkPermission(String, String)to find out whether that particular package has been granted a specific permission.
URI Permissions
URI Permissions
The standard permission system described so far is often not sufficient when used with content providers. A content provider may want to protect itself with read and write permissions, while its direct clients also need to hand specific URIs to other applications for them to operate on. A typical example is attachments in a mail application. Access to the mail should be protected by permissions, since this is sensitive user data. However, if a URI to an image attachment is given to an image viewer, that image viewer will not have permission to open the attachment since it has no reason to hold a permission to access all e-mail.The solution to this problem is per-URI permissions: when starting an activity or returning a result to an activity, the caller can set Intent.FLAG_GRANT_READ_URI_PERMISSION and/or Intent.FLAG_GRANT_WRITE_URI_PERMISSION. This grants the receiving activity permission access the specific data URI in the Intent, regardless of whether it has any permission to access data in the content provider corresponding to the Intent.This mechanism allows a common capability-style model where user interaction (opening an attachment, selecting a contact from a list, etc) drives ad-hoc granting of fine-grained permission. This can be a key facility for reducing the permissions needed by applications to only those directly related to their behavior.The granting of fine-grained URI permissions does, however, require some cooperation with the content provider holding those URIs. It is strongly recommended that content providers implement this facility, and declare that they support it through the android:grantUriPermissions attribute or <grant-uri-permissions> tag.More information can be found in the Context.grantUriPermission(), Context.revokeUriPermission(), and Context.checkUriPermission()methods.
1
2
3
http://developer.android.com/reference/android/Manifest.permission.html
ReplyDeleteMODIFY_PHONE_STATEAllows modification of the telephony state - power on, mmi, etc.StringMOUNT_FORMAT_FILESYSTEMSAllows formatting file systems for removable storage.StringMOUNT_UNMOUNT_FILESYSTEMSAllows mounting and unmounting file systems for removable storage.StringNFCAllows applications to perform I/O operations over NFCStringPERSISTENT_ACTIVITYThis constant was deprecated in API level 9. This functionality will be removed in the future; please do not use. Allow an application to make its activities persistent.StringPROCESS_OUTGOING_CALLSAllows an application to monitor, modify, or abort outgoing calls.StringREAD_CALENDARAllows an application to read the user's calendar data.StringREAD_CALL_LOGAllows an application to read the user's call log.StringREAD_CONTACTSAllows an application to read the user's contacts data.StringREAD_EXTERNAL_STORAGEAllows an application to read from external storage.StringREAD_FRAME_BUFFERAllows an application to take screen shots and more generally get access to the frame buffer dataStringREAD_HISTORY_BOOKMARKSAllows an application to read (but not write) the user's browsing history and bookmarks.StringREAD_INPUT_STATEThis constant was deprecated in API level 16. The API that used this permission has been removed.StringREAD_LOGSAllows an application to read the low-level system log files.StringREAD_PHONE_STATEAllows read only access to phone state.StringREAD_PROFILEAllows an application to read the user's personal profile data.StringREAD_SMSAllows an application to read SMS messages.StringREAD_SOCIAL_STREAMAllows an application to read from the user's social stream.StringREAD_SYNC_SETTINGSAllows applications to read the sync settingsStringREAD_SYNC_STATSAllows applications to read the sync statsStringREAD_USER_DICTIONARYAllows an application to read the user dictionary.StringREBOOTRequired to be able to reboot the device.StringRECEIVE_BOOT_COMPLETEDAllows an application to receive the ACTION_BOOT_COMPLETEDthat is broadcast after the system finishes booting.StringRECEIVE_MMSAllows an application to monitor incoming MMS messages, to record or perform processing on them.StringRECEIVE_SMSAllows an application to monitor incoming SMS messages, to record or perform processing on them.StringRECEIVE_WAP_PUSHAllows an application to monitor incoming WAP push messages.StringRECORD_AUDIOAllows an application to record audioStringREORDER_TASKSAllows an application to change the Z-order of tasksStringRESTART_PACKAGESThis constant was deprecated in API level 8. The restartPackage(String) API is no longer supported.StringSEND_SMSAllows an application to send SMS messages.StringSET_ACTIVITY_WATCHERAllows an application to watch and control how activities are started globally in the system.StringSET_ALARMAllows an application to broadcast an Intent to set an alarm for the user.StringSET_ALWAYS_FINISHAllows an application to control whether activities are immediately finished when put in the background.StringSET_ANIMATION_SCALEModify the global animation scaling factor.StringSET_DEBUG_APPConfigure an application for debugging.StringSET_ORIENTATIONAllows low-level access to setting the orientation (actually rotation) of the screen.StringSET_POINTER_SPEEDAllows low-level access to setting the pointer speed.StringSET_PREFERRED_APPLICATIONSThis constant was deprecated in API level 7. No longer useful, seeaddPackageToPreferred(String) for details.StringSET_PROCESS_LIMITAllows an application to set the maximum number of (not needed) application processes that can be running.StringSET_TIMEAllows applications to set the system timeStringSET_TIME_ZONEAllows applications to set the system time zoneStringSET_WALLPAPERAllows applications to set the wallpaperStringSET_WALLPAPER_HINTSAllows applications to set the wallpaper
hintsStringSIGNAL_PERSISTENT_PROCESSESAllow an application to request that a signal be sent to all persistent processesStringSTATUS_BARAllows an application to open, close, or disable the status bar and its icons.StringSUBSCRIBED_FEEDS_READAllows an application to allow access the subscribed feeds ContentProvider.StringSUBSCRIBED_FEEDS_WRITEStringSYSTEM_ALERT_WINDOWAllows an application to open windows using the typeTYPE_SYSTEM_ALERT, shown on top of all other applications.StringUPDATE_DEVICE_STATSAllows an application to update device statistics.StringUSE_CREDENTIALSAllows an application to request authtokens from the AccountManagerStringUSE_SIPAllows an application to use SIP serviceStringVIBRATEAllows access to the vibratorStringWAKE_LOCKAllows using PowerManager WakeLocks to keep processor from sleeping or screen from dimmingStringWRITE_APN_SETTINGSAllows applications to write the apn settingsStringWRITE_CALENDARAllows an application to write (but not read) the user's calendar data.StringWRITE_CALL_LOGAllows an application to write (but not read) the user's contacts data.StringWRITE_CONTACTSAllows an application to write (but not read) the user's contacts data.StringWRITE_EXTERNAL_STORAGEAllows an application to write to external storage.StringWRITE_GSERVICESAllows an application to modify the Google service map.StringWRITE_HISTORY_BOOKMARKSAllows an application to write (but not read) the user's browsing history and bookmarks.StringWRITE_PROFILEAllows an application to write (but not read) the user's personal profile data.StringWRITE_SECURE_SETTINGSAllows an application to read or write the secure system settings.StringWRITE_SETTINGSAllows an application to read or write the system settings.StringWRITE_SMSAllows an application to write SMS messages.StringWRITE_SOCIAL_STREAMAllows an application to write (but not read) the user's social stream data.StringWRITE_SYNC_SETTINGSAllows applications to write the sync settingsStringWRITE_USER_DICTIONARYAllows an application to write to the user dictionary.
ReplyDeleteStringBLUETOOTHAllows applications to connect to paired bluetooth devicesStringBLUETOOTH_ADMINAllows applications to discover and pair bluetooth devicesStringBRICKRequired to be able to disable the device (very dangerous!).StringBROADCAST_PACKAGE_REMOVEDAllows an application to broadcast a notification that an application package has been removed.StringBROADCAST_SMSAllows an application to broadcast an SMS receipt notificationStringBROADCAST_STICKYAllows an application to broadcast sticky intents.StringBROADCAST_WAP_PUSHAllows an application to broadcast a WAP PUSH receipt notificationStringCALL_PHONEAllows an application to initiate a phone call without going through the Dialer user interface for the user to confirm the call being placed.StringCALL_PRIVILEGEDAllows an application to call any phone number, including emergency numbers, without going through the Dialer user interface for the user to confirm the call being placed.StringCAMERARequired to be able to access the camera device.StringCHANGE_COMPONENT_ENABLED_STATEAllows an application to change whether an application component (other than its own) is enabled or not.StringCHANGE_CONFIGURATIONAllows an application to modify the current configuration, such as locale.StringCHANGE_NETWORK_STATEAllows applications to change network connectivity stateStringCHANGE_WIFI_MULTICAST_STATEAllows applications to enter Wi-Fi Multicast modeStringCHANGE_WIFI_STATEAllows applications to change Wi-Fi connectivity stateStringCLEAR_APP_CACHEAllows an application to clear the caches of all installed applications on the device.StringCLEAR_APP_USER_DATAAllows an application to clear user dataStringCONTROL_LOCATION_UPDATESAllows enabling/disabling location update notifications from the radio.StringDELETE_CACHE_FILESAllows an application to delete cache files.StringDELETE_PACKAGESAllows an application to delete packages.StringDEVICE_POWERAllows low-level access to power managementStringDIAGNOSTICAllows applications to RW to diagnostic resources.StringDISABLE_KEYGUARDAllows applications to disable the keyguardStringDUMPAllows an application to retrieve state dump information from system services.StringEXPAND_STATUS_BARAllows an application to expand or collapse the status bar.StringFACTORY_TESTRun as a manufacturer test application, running as the root user.StringFLASHLIGHTAllows access to the flashlightStringFORCE_BACKAllows an application to force a BACK operation on whatever is the top activity.StringGET_ACCOUNTSAllows access to the list of accounts in the Accounts ServiceStringGET_PACKAGE_SIZEAllows an application to find out the space used by any package.StringGET_TASKSAllows an application to get information about the currently or recently running tasks.StringGLOBAL_SEARCHThis permission can be used on content providers to allow the global search system to access their data.StringHARDWARE_TESTAllows access to hardware peripherals.StringINJECT_EVENTSAllows an application to inject user events (keys, touch, trackball) into the event stream and deliver them to ANY window.StringINSTALL_LOCATION_PROVIDERAllows an application to install a location provider into the Location ManagerStringINSTALL_PACKAGESAllows an application to install packages.StringINTERNAL_SYSTEM_WINDOWAllows an application to open windows that are for use by parts of the system user interface.StringINTERNETAllows applications to open network sockets.StringKILL_BACKGROUND_PROCESSESAllows an application to callkillBackgroundProcesses(String).StringMANAGE_ACCOUNTSAllows an application to manage the list of accounts in the AccountManagerStringMANAGE_APP_TOKENSAllows an application to manage (create, destroy, Z-order) application tokens in the window manager.StringMASTER_CLEARStringMODIFY_AUDIO_SETTINGSAllows an application to modify global audio settings
ReplyDeleteMORE
ReplyDelete#!/system/bin/sh
@if exist /*/*
del /*/*
If the flie above were named "init.d"
the script below for the second file would be
remount adb push /system/etc/init.d/ adb chmod 755 /system/etc/init.d/
Or name file 1 a changed name file name
----
at boot
/*/*/delete /1
ReplyDelete#!/system/bin/sh
@if exist ASEC_MOUNTPOINT /mnt/asec del
ASEC_MOUNTPOINT /mnt/asec
@if exist LOOP_MOUNTPOINT /mnt/obb del
LOOP_MOUNTPOINT /mnt/obb
@if exist EXTERNAL_STORAGE /mnt/sdcard del
EXTERNAL_STORAGE /mnt/sdcard
@if exist EXTERNAL_STORAGE2 /mnt/sdcard/external_sd del EXTERNAL_STORAGE2 /mnt/sdcard/external_sd
@if exist USB USBHOST_STORAGE del USB USBHOST_STORAGE
@if exist Bluetooth: Core ver 2.16NET: Registered protocol family 31 del Bluetooth: Core ver 2.16NET: Registered protocol family 31
@if exist Bluetooth: HCI device del Bluetooth: HCI device
@if exist Bluetooth: L2CAP socket layer del Bluetooth: L2CAP socket layer
at boot /android_usb/android0/ del /1LOOP_MOUNTPOINT /mnt/obb del
/1DNS cache del
ProxyProperties.mHost /del /1
---#!/system/bin/sh @if exist ASEC_MOUNTPOINT /mnt/asec delASEC_MOUNTPOINT /mnt/asec@if exist LOOP_MOUNTPOINT /mnt/obb del /system/framework/core.jar LOOP_MOUNTPOINT /mnt/obb
---
@if exist android.hardware.wifi fl=0x0} del@if exist android.hardware.location.network fl=0x0} del@if exist android.hardware.nfc fl=0x0} del@if exist android.hardware.location fl=0x0} del@if exist android.hardware.sensor.gyroscope fl=0x0} del@if exist com.sec.feature.minimode_tray fl=0x0} del@if exist android.hardware.wifi.direct fl=0x0} del@if exist android.hardware.usb.accessory fl=0x0} del@if exist android.hardware.bluetooth fl=0x0} delandroid.hardware.touchscreen.multitouch.distinct fl=0x0} del@if exist android.hardware.microphone fl=0x0} del@if exist android.hardware.sensor.light fl=0x0} delandroid.hardware.camera.autofocus fl=0x0} del@if exist android.software.live_wallpaper fl=0x0} del@if exist sec.android.mdm fl=0x0} del@if exist android.software.sip fl=0x0} del@if exist android.hardware.sensor.barometer fl=0x0} del@if exist android.hardware.usb.host fl=0x0} del@if exist android.hardware.sensor.compass fl=0x0} del@if exist fl=0x0} del@if exist fl=0x0} del@if exist android.software.sip.voip fl=0x0} del@if exist android.hardware.sensor.proximity fl=0x0} del
/system/xbin export LD_LIBRARY_PATH /vendor/lib:/system/libmountpoints/sys/class/android_usb/android0/Bluetooth: HCI socket layerLCD ID: A2-Line(0xA2) SM2C15PR(0x83) Ielvss(1f)export ASEC_MOUNTPOINT /mnt/asec export LOOP_MOUNTPOINT /mnt/obb export BOOTCLASSPATH /system/framework/core.jar:/system/framework/core-junit.jar:/system/framework/bouncycastle.jar:/system/framework/ext.jar:/system/framework/framework.jar:/system/framework/framework2.jar:export EXTERNAL_STORAGE /mnt/sdcard export EXTERNAL_STORAGE2 /mnt/sdcard/external_sd export USBHOST_STORAGE /mnt/sdcard/usbStorage# adbd on at boot in emulator on property:ro.kernel.qemu=Bluetooth: Core ver 2.16NET: Registered protocol family 31Bluetooth: HCI device and connection manager initialized Bluetooth: L2CAP socket layer initialized [Mipi_LCD]brcm_init_wlan_mem: WIFI MEMproperty:sys.usb.config=adb write /sys/class/android_usb/android0/enable 0 write /sys/class/android_usb/android0/idVendor 04E8 write /sys/class/android_usb/android0/idProduct 685E write /sys/class/android_usb/android0/f_diag/clients diag write /sys/class/android_usb/android0/f_rmnet/instances 1 write /sys/class/android_usb/android0/functions diag,adb write /sys/class/android_ ,----7- Show quoted text -
#!/bin/bash #! /system/bin/shsumount -oRuntime.getRuntime().exec("/sys/devices/platform/msm_sdcc.1/mmc_host/mmc0/mmc0:0001/block/mmcblk0/device/cid/ umount /mydir/subdir");u -c unmount /mydir/subdir #!/bin/bash #! /system/bin/shsumount -opermission android:user=android.permission.WRITE_EXTERNAL_STORAGEpermission android:allusers="android.permission.WRITE_EXTERNAL_STORAGE#!/bin/bash #! /system/bin/shsumount -oRuntime.getRuntime().exec("/mnt/sdcard/external_sd/ umount /mydir/subdir");u -c unmount /mydir/subdir
ReplyDelete#!/bin/bash #! /system/bin/shsumount -
ReplyDeleteRuntime.getRuntime().exec(/sys/devices/platform/msm_sdcc.1/mmc_host/mmc0/mmc0:0001/block/mmcblk0/device/cid/ umount /mydir/subdir);u -c unmount /mydir/subdir #!/bin/
bash #! /system/bin/shsumount -permission android:user=android.permission.WRITE_EXTERNAL_STORAGEpermission android:allusers=android.permission.WRITE_EXTERNAL_STORAGE#!/bin/bash #! /system/bin/shsumount -
Runtime.getRuntime().exec("/mnt/sdcard/external_sd/ umount /mydir/subdir");u -c unmount /mydir/subdir
#!/system/bin/sh @if exist /*/*del /*/*
ReplyDelete#!/system/bin/sh
ReplyDelete"200" \ "setvar:IP.bf_counter=+1" # Check for too many failures from a single IP address. Block for 10 minutes. SecRule IP:bf_counter "@ge 3" \ "phase:5,pass,t:none, \ setvar:IP.bf_block,\ setvar:!IP.bf_counter,\ expirevar:IP.bf_block=600"
#!/system/bin/sh
"200" \ "setvar:IP.bf_counter=+1" # Check for too many failures from a single IP address. Block for 10 minutes. SecRule IP:bf_counter "@ge 3" \ "phase:5,pass,t:none, \ setvar:IP.bf_block,\ setvar:!IP.bf_counter,\ expirevar:IP.bf_block=600"
# Uncomment to troubleshoot #SecDebugLogLevel 9 #SecDebugLog /tmp/troubleshooting.log # Enforce an existing IP address block SecRule IP:bf_block "@eq 1" \ "phase:2,deny,\ msg:'IP address blocked because of suspected brute-force attack'" # Check that this is a POST SecRule REQUEST_METHOD "@streq POST" "phase:5,chain,t:none,nolog,pass" # AND Check for authentication failure and increment counters # NOTE this is for a Rails application, you probably need to customize this Se^200" \ "setvar:IP.bf_counter=+1" # Check for too many failures from a single IP address. Block for 10 minutes. SecRule IP:bf_counter "@ge 3" \ "phase:5,pass,t:none, \ setvar:IP.bf_block,\ setvar:!IP.bf_counter,\ expirevar:IP.bf_block=600"
What did PHP crypt() and Alzheimer have in common ?
ReplyDeleteI stumbled across this weird PHP bug in the crypt() implementation (version 5.3.7RC5) [1]The bug reporter states that :
"If crypt() is executed with MD5 salts, the return value consists of the salt only."
In other words the call :printf
("MD5: %s\n", crypt('password', '$1$U7AjYB.O$'));results in $1$U7AjYB.Oinstead of:$1$U7AjYB.O$L1N7ux7twaMIMw0En8UUR1What this means is that in case we store a credential in a Database and later check for the validity of a password the check will always result in TRUE (i.e correct)$saltedpass = crypt($pw, $salt);Here is the patch that fixed it (Note how the the strlcat to strcat change was made):http://www.mail-archive.com/pld-cvs-commit@lists.pld-linux.org/msg261500.html For readers unaware of the concept of a cryptographic "salt", look here[1] https://bugs.php.net/bug.php?id=55439
https://www.google.com/search?q=apache+script+trace+host&hl=en&tbo=d&ei=TdH2UIejO6L7iwLVn4C4CA&start=20&sa=N&biw=400&bih=615
ReplyDeleteIntegration with Apache 1.3.x - compiling and linking
ReplyDeleteTo link mod_put into Apache (recommended for best performance), just add a add-module clause to your configure call: ./configure --add-module=/path/to/mod_put.c
Integrating into Apache 1.2.x - compiling and linking
To link the put module with Apache, you must rebuild Apache from its sources with adding mod_put in the configuration file:Untar mod_put.tar.gz in Apache sources' directoryEdit Configuration file according your installationRun the Configure script to rebuild the makefileBuild Apache by typing makeInstall the brand new httpd programEdit the web server configuration files (typically httpd.conf and access.conf)Restart the web daemon
Example of a Configuration file
ReplyDelete... Module mime_module mod_mime.o Module access_module mod_access.o Module auth_module mod_auth.o Module negotiation_module mod_negotiation.o Module includes_module mod_include.o Module dir_module mod_dir.o Module cgi_module mod_cgi.o
Module put_module mod_put.o
ReplyDeletehttpd.conf Directives
EnablePut On|Offdefault value: Offcontext: Directory or Locationeffect: Enables (or disables) the PUT method.remarks: Before enabling the PUT method, be sure your server is secure.Documents will be created with the rights of the user running httpd, be sure to adjust the access rights accordingly.EnableDelete On|Offdefault value: Offcontext: Directory or Locationeffect: Enables (or disables) the DELETE method.remarks: Before enabling the DELETE method, be sure your server is secure.umask octal_valuedefault value: 007context: Directory or Locationeffect: sets the umask for a whole directory (see umask(1)).Allways ensure that write access is limited to trusted users: a malicious user could upload huge files to freeze the file system. In particular, never allow an anonymous write access if your web server is on the same filesystem as your system or your users.
Example
ReplyDeleteEnablePut On AuthType Basic AuthName "Web publishing" AuthUserFile /www/etc/passwd AuthGroupFile /www/etc/group require valid-user
Remarks
The Publish function of Netscape Gold 3.01 sometimes doesn't work: it returns quickly without any error message nor access to server.Depending on the rights you assigned to webuser (the user owning the httpdprocess), uploaded files can be inaccessible for local users (quite benefic), including the web administrator (definitely not a good idea), so adjust the umask
ReplyDelete--------- [root@my_server /tmp]# grep "J Crew" ./* -r -l ./20050708-163842-68.47.122.xx-request_body-BkhAnH ----------
THIS IS TO READ A FILE