1# shell-as 2 3shell-as is a utility that can be used to execute a binary in a less privileged 4security context. This can be useful for verifying the capabilities of a process 5on a running device or testing PoCs with different privilege levels. 6 7## Usage 8 9The security context can either be supplied explicitly, inferred from a process 10running on the device, or set to a predefined profile. 11 12For example, the following are equivalent and execute `/system/bin/id` in the 13context of the init process. 14 15```shell 16shell-as \ 17 --uid 0 \ 18 --gid 0 \ 19 --selinux u:r:init:s0 \ 20 --seccomp system \ 21 /system/bin/id 22``` 23 24```shell 25shell-as --pid 1 /system/bin/id 26``` 27 28The "untrusted-app" profile can be used to execute a binary with all the 29possible privileges attainable by an untrusted app: 30 31```shell 32shell-as --profile untrusted-app /system/bin/id 33``` 34