'su -c "/system/bin/mount -v -t ext3 /data/data/com.termux /storage/emulated/0/t"' not working?
Objective
- be able to temporarily give access to files inside Termux directory even for apps which only support using Internal Storage (don't want to use ‘mv’ as that's particularly slow for lots of files, and I'd like to avoid having to physically remove/insert an SD card)
Problem
I tried a few different cmds on Termux, but everything was pretty unsuccessful, and I'm not sure what else to try!
Steps to reproduce
1. Reboot
2. Open LocalSend (to copy cmd from my non-testing device)
3. Open Termux (you can follow along what I did from the ‘log.txt’ file)
30 Replies
not something that will help you with this situation but i want to let you know that sudo exists you can just
sudo ls /system/bin
Somewhat recently I found out that if you have a device that has SELinux DIsabled, then there actually is a way to do this that works and fits into all your requirements (no
cp, no SAF), which I did not really know about before, but,
- like I mentioned, while it does work even on Android 14, it only works on SELinux-Disabled devices, which means the whole device would be more insecure than regular Android 14
- it requires changing some permissions to be even more insecure than they would be even by default on SELinux-Disabled devices
- it only works on F-Droid Termux currently and it doesn't actually work on Google Play Termux because Google Play Termux has a higher target API level, which is fine for now but it would mean that the technique could stop working eventually if F-Droid Termux increases its API level.do you mean by selinux disabled is setting it to permissive?
This is what the settings screen will look like if your device is SELinux-DIsabled, when i search "selinux" in settings it shows this page
i think this may be different even from "selinux permissive" it actually says "disabled"
probably very few devices are like this, it's uncommon because i think it has a tendency to make a lot of closed source apps not work
all open source apps like ones on f-droid work fine on this device (Samsung Galaxy S8+ SM-G955F) but I don't use google play apps on this device so I don't really know what would happen if I tried to
But they have the same effect... A lot of people mean permissive by saying disabled because it doesn't do anything when setting it to permissive what is this app you are using?
oh ok
the app in the screenshot is the lineageos 21 settings app
and i search "selinux" in the search bar and it goes there
here's a screenshot of the same thing in a different device i have that's not SELinux-Disabled
and the same technique to give all apps permission for F-Droid Termux files doesn't work on this other device but it does work on the device that says "SELinux Disabled"
Try in a su
setenforce 0
And then come to this screen again
oh ok yes interestring, I have a question though
if I do that then is it possible to change it back by just using
setenforce 1 or could it get stuck?
@treecosia_44893 so based on the content we have discussed so far, if you have root then it might be possible to disable SELinux on your device and then from there it might be possible to grant all apps extremely permissive access to Termux files by doing an additional step,
BUT
I really need to mention here that SELinux on Android being enabled by default is VERY important for security
and SELinux-Disabled Android devices are VERY insecure
because
I noticed that according to TopJohnWu the creator of Magisk,
on SELinux-disabled Android devices, there is a way that any app can actually privilege escalate instantaneously from unprivileged to root just by opening the app, without having to approve the app in MagiskJohn Wu (@topjohnwu) on X
Remember when I said using SELinux permissive is really bad? Here is a privilege escalation PoC where the only requirement is SELinux permissive. If you are still releasing custom ROMs/kernels with permissive, YOU ARE LITERALLY BACKDOORING YOUR USERS!
https://t.co/iJ48PeDood
X
so it would mean that if you installed any kind of virus app accidentally ever, then the whole device would be infected by the virus and you wouldn't be able to get rid of it by uninstalling the app you would have to flash a new ROM
Yeah it's pretty fine to do it and you can just setenforce 1 it will be enforcing also a reboot will reset it
I see... and I assume I would need to disable SELinux for as long as I need to access files in Termux (ie. it isn't just a matter of disabling it to do the mounting itself, as enabling it again would 'break' the mount?)
Because I suppose disabling it temporarily is already a little more secure, and the longer time I can keep my device under SELinux the better I guess.
Here are a few workarounds I was thinking of, do let me know what you consider most feasible:
1. Use SAF while mounting (for some apps that don't restrict to Internal Storage, accessing Termux files is possible when some sort of file picker menu appears): not really sure what that would look like in terms of commands though
2. Mounting with TWRP (before the OS actually loads): this will let me mount Termux directory whilst keeping SELinux turned on (and actually being effective?),
Thanks for pointing out the thing about SELinux, I use Linux when possible so Android's peculiarities really do drive me nuts sometimes XD
basically yes, you would stop being able to access the files when SELinux is reenabled
for using SAF, you basically need to either use an app that can connect to the termux SAF folder, or write SAF support into the app that you are trying to use to access the Termux folder, I don't know of any way to "mount" it for all other apps to access using only SAF
regarding TWRP, I am not sure. I don't know if there is any way to achieve what you want inside TWRP in a way that persists when the OS is booted
weird (or not so weird) side effect i just figured out - if using the super insecure configuration I described, where SELinux is disabled and then insecure permissions are set to allow any other app to directly access the Termux folders, if you use
sshd and also use SSH keys, your SSH keys stop working and sshd forces you to log in with password every time.
it's another reason why allowing unrestricted, noninteractive permission to the termux folder is not really a good idea and it's likely best, unfortunately, to just get used to using a SAF file browser, the cp command, or the rsync or scp commands, etc. to copy files to and from the Termux folders.
it happens because sshd is actually able to somehow "smartly" detect that the permissions of one or more of the parent directories of the .ssh/authorized_keys file, like the $HOME directory, are insecure, and it automatically disables all the affected SSH keys when that happens
it makes a lot of sense, since from the perspective of most programs in Termux, Termux is a whole "user account", and every other app in the device is technically a "different user account", and in a regular linux server it definitely wouldn't be good for other user accounts to have access to the SSH key files of an account.Ah interesting, thanks for the clarification, hope this will be useful for other users!
I have also tried
sudo chown root:root * and sudo chmod 700 * inside /storage/self/primary/ (which I though was not emulated, therefore I should be able to change file permissions), but again, it only seems to work in the Termux directory (https://www.reddit.com/r/termux/comments/l2rkmz/am_i_missing_something_basic_cant_change/)
Some of my research:
- https://android.stackexchange.com/questions/157943/how-does-the-android-interface-work-unix-permission-wise
- https://stackoverflow.com/questions/6123434/obtain-the-linux-uid-of-an-android-app
- https://source.android.com/docs/core/runtime/zygote
PS
funny how file permssions stay at -rw-rw---- 1 root everybody (from ls -l) even with sudoAndroid Open Source Project
About the Zygote processes | Android Open Source Project
umm well I don't actually know why that folder is called "emulated", i've always assumed it's just an expression since I don't think it's actually "emulated" any more than any other folder in particular is
in reality, the reason why you can't set permissions on it is because it's a FAT32 partition and FAT32 partitions don't support the
chmod or chown commands.
oh, actually it's not specifically because it's FAT32, it's because it is FUSE, i guess that is what is meant by "emulated"
https://android.stackexchange.com/a/36953/364060
on most devices the termux home folder is in an ext4 partition, so that is why permissions and symbolic links work there.So I finally worked out how to format to ext4 on Android (
sudo mkfs /dev/block/mmcblk1p1 -t ext4), but now my system is refusing to read the card and asking me to reformat to FAT32 😄- that makes me very curious as to ask, how does Termux use ext4? ...
Because if a part of Internal Storage (in this case Termux) can be set to ext4, maybe I can reformat the whole filesystem to it...could you send a screenshot of what you see when the system refuses to read the card?
using root to mount it manually with permission for the Termux user and browsing it in Termux might work around that.
Actually, I forgot to say that card originally had 2 partitions (bootfs and rootfs for Raspberry Pi OS), but I sorted that out by changing it to vfat first on the Raspberry and getting rid of the 2 separate partitions: now when I format it on Android it just 'disappears' from the Files app (sorry don't have a screenshot of what was happening before, but basically it was asking me to allow Android to 'repair' the card, as bootfs is actually in FAT32 on Raspberries, so Android found that to use I presume.
I tried ntfs, ext2, ext3, ext4 to no avail! I think I'll stick to Termux directory for now as that's 'good enough', perhaps some time in the future I might attempt to format Internal Storage
Anyway thank you so much @owokitty, I learnt lots about Linux, Android and their differences along the way, and I hope this will be useful to someone else!
i don't think you'll be able to "format internal storage as ext4" without uninstalling Android and installing a different operating system
For example I have been able to do that and actually install anything into the "internal storage" partition, but it required doing a long series of steps in TWRP to install an Alpine Linux (postmarketos) operating system instead of Android.
unfortunately for that to work, even if you have root and TWRP already, in addition to those, a kernel, device tree and all necessary drivers have to be available for Alpine Linux for the exact model of device you have
the reason why the Termux folder can be ext4 is because it's not really "internal storage" like the folder that shows up in file browser that contains the folders "Documents" "Download" etc.
it's a separate partition for "app storage"
👍
If "app storage" and "internal storage" are in separate partition, wouldn't they have different capacities? In reality, we see them as one.
TIL that
/storage/emulated/0 is actually an altered representation of /data/media/0. The actual files live in the same partition as the app storage, and therefore mounted as ext4.
https://android.stackexchange.com/a/205434
I wonder if you can simply switch /storage/emulated/0 with a symlink to /data/media/0.you are correct, what i said does not apply to most devices. when i said that i was thinking specifically of Samsung Galaxy S II Epic 4G Touch, which does actually have apps and documents in two separate partitions by default and if you don't do something to work around it, then on that device the "apps" partition can fill up, preventing the installation of any other apps, but leave the "documents" partition with space still available.
that device is now kind of extremely old and on new devices, the storage folder is on the same partition by the drive partition table as the app storage folder
so really what would need to be done to make a symbolic link in the same folder as the "Documents" folder, is something like that yes, i think the only way to do that would be to make a custom ROM with the FUSE mount disabled and
/data/media/0 given different permissions from the restricted permissions I see on Samsung Galaxy S9
and then even if that worked, I believe some apps might not work properly with that ROM because they would not expect symbolic links to exist in that folderMaybe not a symlink. A bind mount should work nicely.