Last active
January 29, 2025 15:20
-
-
Save xwjqv/35179d08df60648dd4f2dbceac40444b to your computer and use it in GitHub Desktop.
Nix-on-droid login without proot but with chroot and root
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/system/bin/sh | |
uid=$(stat -c %u /data/data/com.termux.nix) | |
pid=$(pidof -s com.termux.nix) | |
if test -z $pid; then | |
which -a pidof | |
pgrep com.termux.nix | |
echo Nix on Droid App process not found | |
exit | |
fi | |
label=$(cat /proc/$pid/attr/current) | |
pol_target=$(echo $label | sed 's/.*:\([untrusted_app_[1-9]*\):.*/\1/') | |
supolicy --live "allow $pol_target shell_exec file entrypoint" | |
groups="3003,3004,2000,9997,20166,50166" #used setpriv -d to copy from app | |
#export LD_LIBRARY_PATH=/data/data/com.termux/files/usr/lib | |
#exec nsenter -t $pid -m setpriv --reuid $uid --regid $uid --groups $groups --bounding-set -all --selinux-label $label -- /system/bin/sh -c 'exec /data/data/com.termux/files/usr/bin/bash' | |
#busybox setpriv does not have enough features | |
#nix-shell -p util-linux --run "setpriv --reuid $uid --regid $uid --groups $groups --bounding-set -all --selinux-label $label -- /system/bin/sh -c 'exec /data/data/com.termux.nix/files/usr/usr/lib/login-inner'" | |
#change path to executable on your system | |
setpriv="/nix/store/flkd9iwf9mq3lpyz4d519g23nv1b349m-util-linux-2.39.2-bin/bin/setpriv" | |
echo setpriving | |
$setpriv --reuid $uid --regid $uid --groups $groups --bounding-set -all --selinux-label $label -- /system/bin/sh -c 'exec sh /data/data/com.termux.nix/files/usr/usr/lib/login-inner' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/system/bin/sh | |
# I modified /data/data/com.termux.nix/files/usr/bin/login | |
# for this file, some old stuff is left here | |
set -eu -o pipefail | |
#This is i lie if we keep root privs | |
export USER="nix-on-droid" | |
export HOME="/data/data/com.termux.nix/files/home" | |
export PROOT_TMP_DIR=/data/data/com.termux.nix/files/usr/tmp | |
export PROOT_L2S_DIR=/data/data/com.termux.nix/files/usr/.l2s | |
export PATH=$PATH:/system/bin/ | |
export TMPDIR=/data/data/com.termux.nix/files/usr/tmp | |
#change root_login.sh to this file | |
test $(/system/bin/whoami) != root \ | |
&& echo 'use root? [y/N]' && read x && [[ "$x" == "y" ]] \ | |
&& /system/bin/su -c /system/bin/unshare -m $HOME/root_login.sh \ | |
&& exit | |
if ! /system/bin/pgrep proot-static > /dev/null; then | |
if test -e /data/data/com.termux.nix/files/usr/bin/.proot-static.new; then | |
echo "Installing new proot-static..." | |
/system/bin/mv /data/data/com.termux.nix/files/usr/bin/.proot-static.new /data/data/com.termux.nix/files/usr/bin/proot-static | |
fi | |
if test -e /data/data/com.termux.nix/files/usr/usr/lib/.login-inner.new; then | |
echo "Installing new login-inner..." | |
/system/bin/mv /data/data/com.termux.nix/files/usr/usr/lib/.login-inner.new /data/data/com.termux.nix/files/usr/usr/lib/login-inner | |
fi | |
fi | |
#Script ignores fakeProcStat and fakeProcUptime | |
CHROOT_PATH=/data/data/com.termux.nix/files/chroot | |
WORKDIR_PATH=/data/data/com.termux.nix/files/overlayfs_workdirs | |
mkdir -p $CHROOT_PATH | |
NOD_DIRS="nix bin etc tmp usr dev/shm" | |
FILES_USR=/data/data/com.termux.nix/files/usr | |
#toybox does not have this feature | |
busybox mount --make-rslave / | |
for DIR in /*/ ; do | |
mkdir -p $CHROOT_PATH/$DIR | |
for DIR2 in $NOD_DIRS; do | |
if test $DIR == $DIR2 ; then continue 2; fi | |
done | |
mount --rbind $DIR $CHROOT_PATH/$DIR | |
done | |
for DIR in $NOD_DIRS; do | |
mkdir -p $CHROOT_PATH/$DIR | |
##somehow mounting overlayfs returns error EINVAL | |
#if echo /*/ | grep $DIR; | |
#then #merge dirs | |
# mkdir -p $WORKDIR_PATH/$DIR | |
# strace mount -t overlay \ | |
# -o lowerdir=/$DIR,upperdir=$FILES_USR/$DIR,workdir=$WORKDIR_PATH/$DIR \ | |
# overlay $CHROOT_PATH | |
#else | |
# mount --rbind $FILES_USR/$DIR $CHROOT_PATH/$DIR | |
#fi | |
mount --rbind $FILES_USR/$DIR $CHROOT_PATH/$DIR | |
done | |
echo "Keep root? [y/N]" | |
read x | |
if [[ "$x" == "y" ]]; then | |
exec chroot $CHROOT_PATH sh /data/data/com.termux.nix/files/usr/usr/lib/login-inner "$@" | |
else | |
#magisk su changes mount namespace so we have to use something else | |
exec chroot $CHROOT_PATH \ | |
sh /data/data/com.termux.nix/files/home/drop_root.sh "$@" | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment