this post was submitted on 12 May 2024
1 points (66.7% liked)
GrapheneOS
129 readers
1 users here now
A community for GrapheneOS related questions and discussion.
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I don't know of a way to add a SU or SUDO binary. It is really dumb to do so if you have a basic understanding of the hardware and how the whole system works. Your hardware is untrusted from the get go. It is sandboxed but the presence of the root binary breaks that sandbox entirely. They have access to all the binaries in essence, but it is the lack of binaries capable of making changes to take control that protects you along with the SELinux context for each directory and application. All apps have an enormous amount of freedom inside their sandboxes. They are more like Linux users themselves than they are some software application. With every application you're basically trusting the developer to exist along side you on your device. This is the mechanism that enables users to have no background knowledge or interest in security and still have a functional device. The developer is given all the needed access in a sandbox where they have enormous access to the device; they are doing all the work for you. If the root binary, wget, or curl are present on the device, every app is a root kit to do whatever they want. In addition, the code on android apps is fail safe because of the lack of these binaries. They have super buggy junk code as standard. This only works because of no root.
All that said, I think you'd have to compile from source to add such a binary manually, but I could've wrong. IIRC, the root directory is accessible when USB is plugged in and the options enabled.
Thanks for the explanation, I didn't know that worked like that.