xref: /aosp_15_r20/platform_testing/utils/shell-as/README.md (revision dd0948b35e70be4c0246aabd6c72554a5eb8b22a) 
1*dd0948b3SAndroid Build Coastguard Worker# shell-as
2*dd0948b3SAndroid Build Coastguard Worker
3*dd0948b3SAndroid Build Coastguard Workershell-as is a utility that can be used to execute a binary in a less privileged
4*dd0948b3SAndroid Build Coastguard Workersecurity context. This can be useful for verifying the capabilities of a process
5*dd0948b3SAndroid Build Coastguard Workeron a running device or testing PoCs with different privilege levels.
6*dd0948b3SAndroid Build Coastguard Worker
7*dd0948b3SAndroid Build Coastguard Worker## Usage
8*dd0948b3SAndroid Build Coastguard Worker
9*dd0948b3SAndroid Build Coastguard WorkerThe security context can either be supplied explicitly, inferred from a process
10*dd0948b3SAndroid Build Coastguard Workerrunning on the device, or set to a predefined profile.
11*dd0948b3SAndroid Build Coastguard Worker
12*dd0948b3SAndroid Build Coastguard WorkerFor example, the following are equivalent and execute `/system/bin/id` in the
13*dd0948b3SAndroid Build Coastguard Workercontext of the init process.
14*dd0948b3SAndroid Build Coastguard Worker
15*dd0948b3SAndroid Build Coastguard Worker```shell
16*dd0948b3SAndroid Build Coastguard Workershell-as \
17*dd0948b3SAndroid Build Coastguard Worker    --uid 0 \
18*dd0948b3SAndroid Build Coastguard Worker    --gid 0 \
19*dd0948b3SAndroid Build Coastguard Worker    --selinux u:r:init:s0 \
20*dd0948b3SAndroid Build Coastguard Worker    --seccomp system \
21*dd0948b3SAndroid Build Coastguard Worker    /system/bin/id
22*dd0948b3SAndroid Build Coastguard Worker```
23*dd0948b3SAndroid Build Coastguard Worker
24*dd0948b3SAndroid Build Coastguard Worker```shell
25*dd0948b3SAndroid Build Coastguard Workershell-as --pid 1 /system/bin/id
26*dd0948b3SAndroid Build Coastguard Worker```
27*dd0948b3SAndroid Build Coastguard Worker
28*dd0948b3SAndroid Build Coastguard WorkerThe "untrusted-app" profile can be used to execute a binary with all the
29*dd0948b3SAndroid Build Coastguard Workerpossible privileges attainable by an untrusted app:
30*dd0948b3SAndroid Build Coastguard Worker
31*dd0948b3SAndroid Build Coastguard Worker```shell
32*dd0948b3SAndroid Build Coastguard Workershell-as --profile untrusted-app /system/bin/id
33*dd0948b3SAndroid Build Coastguard Worker```
34