Issue
I'm building a custom Android 10 firmware. I want to prevent the user of the device from being able to copy the firmware code from the device via ADB.
It's a USER build variant.
The user must have ADB access and can't limit it to specific commands.
Currently to get the code he could just do, for example:
adb pull /system/framework/services.jar
How can I modify AOSP to limit this access? Preferably l would like to prevent access to any other way to get the code from a running device.
Note:
- I know obfuscation is an option, rather have a stronger prevention.
- The user is prevented from going into bootloader mode.
Solution
You can restrict shell process to which all partitions it can get access to. This can be achieved by making the changes in SELinux policy.
Reference: https://source.android.com/security/selinux/customize
Answered By - Daud Arfin
0 comments:
Post a Comment
Note: Only a member of this blog may post a comment.