How works ApplicationInfo().uid and are there distinction with system apps?

Question

I am trying to know if I can get root privileges with a system app to execute commands.

In this code:

getApplicationInfo().uid

In the documentation I can read that the uid is the kernel user-ID that has been assigned to this application; currently this is not a unique ID (multiple applications can have the same uid).

But how is this assigned?,

And the uid assigned to system apps, does it has more privileges than normal apps to execute commands?

Answer 1

For all practical purposes, your Application's process will never be executing as uid=0 or root, as it has irreversibly changed to an ordinary user ID before a single line of code written by you executes.

When people make "root" apps, they are not changing the application process itself back to root - that is simply not possible. Instead, what they are doing is executing a new helper process which runs as root. Underneath the java level, this is ultimately done by calling an exec() family function on a file which has the setuid bit set. This file might either be the helper program itself, or more commonly it is a "root shim" such as a hacked "su" which in turn runs the specified helper program as root. Such a helper program is almost always native code, and is probably not registered with the Android framework to be able to utilize Android-level functionality.

System Applications do not run as root either. What they have that third party apps do not is special Android-level Permissions which cause platform services that do run as root or other privileged user id's to privileged things on their behalf. A few android permissions can also confer membership in user groups which have special access - some of these are available to third party apps (Internet permission for example) and some are not.

Answer 2

Basically, (I am not delving into the entire Linux explanation about uids. It can be easily found if you are interested). The uid in android is comprised of 2 parameters:

• Application id
• User id

The formula is this:

uid = app_id+100,000 * user_id

app_id is basically a random number (not REALLY random, but is different from device to device) that is assigned ti each application and the user_id, which is used on tablets running JellyBean, is assigned per user on the device (users are assigned a number starting user 0 , user 1, ...user n - for every new user defined on the device).

Applications can share an id as explained here: http://developer.android.com/guide/topics/manifest/manifest-element.html

Of course an app can't have the same uid for two different users, but the same app can have the same uid as another app the same user possesses.

System apps run are the only apps that may actually have access to services that other users may not have access to. They are located on the device under /system. In order to write a system application you need to download the AOSP from Google, and compile it yourself with your app included.