The problem I have is, When I finish writing java code to generate dex and execute it on an Android device using the app _ process command, I encountered an anomaly. When I use the root call, it returns the following exception
java.lang.SecurityException: uid 0 cannot remove accounts of type: org.telegram.messenger
When I switched to the system user and tried to run again, a new exception occurred. The log is as follows
7958-7958 app_process pid-7958 A runtime.cc:675] native: #02 pc 000000000062f670 /apex/com.android.art/lib64/libart.so (art::AbortState::DumpThread(std::__1::basic_ostream<char, std::__1::char_traits<char> >&, art::Thread*) const+72) (BuildId: 712666bec271d835f4eb1f6b0d41318a)
runtime.cc:675] native: #03 pc 000000000062f2d4 /apex/com.android.art/lib64/libart.so (art::AbortState::Dump(std::__1::basic_ostream<char, std::__1::char_traits<char> >&) const+456) (BuildId: 712666bec271d835f4eb1f6b0d41318a)
runtime.cc:675] native: #04 pc 00000000006199cc /apex/com.android.art/lib64/libart.so (art::Runtime::Abort(char const*)+1272) (BuildId: 712666bec271d835f4eb1f6b0d41318a)
runtime.cc:675] native: #05 pc 0000000000017114 /apex/com.android.art/lib64/libbase.so (android::base::SetAborter(std::__1::function<void (char const*)>&&)::$_3::__invoke(char const*)+84) (BuildId: ef369bfbad96b532c6d8e0b144a68b96)
runtime.cc:675] native: #06 pc 0000000000016648 /apex/com.android.art/lib64/libbase.so (android::base::LogMessage::~LogMessage()+356) (BuildId: ef369bfbad96b532c6d8e0b144a68b96)
runtime.cc:675] native: #07 pc 0000000000667b2c /apex/com.android.art/lib64/libart.so (art::Thread::AssertNoPendingException() const+1572) (BuildId: 712666bec271d835f4eb1f6b0d41318a)
runtime.cc:675] native: #08 pc 00000000002a4424 /apex/com.android.art/lib64/libart.so (art::ClassLinker::FindClass(art::Thread*, char const*, art::Handle<art::mirror::ClassLoader>)+68) (BuildId: 712666bec271d835f4eb1f6b0d41318a)
runtime.cc:675] native: #09 pc 0000000000463420 /apex/com.android.art/lib64/libart.so (art::JNI<false>::FindClass(_JNIEnv*, char const*)+1016) (BuildId: 712666bec271d835f4eb1f6b0d41318a)
runtime.cc:675] native: #10 pc 00000000000c5278 /system/lib64/libandroid_runtime.so (android::register_android_util_SeempLog(_JNIEnv*)+36) (BuildId: ca67843cc66193e6f4f2255f9e6f4b55)
runtime.cc:675] native: #11 pc 00000000000cd9b4 /system/lib64/libandroid_runtime.so (android::AndroidRuntime::startReg(_JNIEnv*)+68) (BuildId: ca67843cc66193e6f4f2255f9e6f4b55)
runtime.cc:675] native: #12 pc 00000000000cd670 /system/lib64/libandroid_runtime.so (android::AndroidRuntime::start(char const*, android::Vector<android::String8> const&, bool)+512) (BuildId: ca67843cc66193e6f4f2255f9e6f4b55)
runtime.cc:675] native: #13 pc 0000000000002610 /system/bin/app_process64 (main+1464) (BuildId: 6363373b68588b10c93602a28a32bb57)
runtime.cc:675] native: #14 pc 000000000008580c /apex/com.android.runtime/lib64/bionic/libc.so (__libc_init+100) (BuildId: 607a29162b319a50c57abd2b2141d335)
runtime.cc:675] (no managed stack frames)
runtime.cc:675] Pending exception java.lang.ClassNotFoundException: ma.NotificationPolicy.Main
runtime.cc:675] (Throwable with empty stack trace)
runtime.cc:675]
7958-7958 app_process pid-7958 A runtime.cc:683] No pending exception expected: java.lang.ClassNotFoundException: ma.NotificationPolicy.Main
runtime.cc:683] (Throwable with empty stack trace)
runtime.cc:683]
7999-7999 DEBUG pid-7999 A Cmdline: app_process / ma.NotificationPolicy.Main a
7999-7999 DEBUG pid-7999 A Abort message: 'No pending exception expected: java.lang.ClassNotFoundException: ma.NotificationPolicy.Main
(Throwable with empty stack trace)'
the main code
private static IBinder getSystemService(String name){
try {
@SuppressLint({"PrivateApi", "DiscouragedPrivateApi"})
Method getServiceMethod = Class.forName("android.os.ServiceManager").getDeclaredMethod("getService", String.class);
getServiceMethod.setAccessible(true);
return (IBinder) getServiceMethod.invoke(null, name);
} catch (Exception e) {
e.printStackTrace();
return null;
}
}
private static Account[] getAccountsAsUser(){
try {
@SuppressLint({"PrivateApi"})
Class<?> cStub = Class.forName("android.accounts.IAccountManager$Stub");
Method asInterface = cStub.getMethod("asInterface", IBinder.class);
Object mObjManager = asInterface.invoke(null, getSystemService("account"));
return (Account[]) mObjManager.getClass()
.getMethod("getAccountsAsUser", String.class, int.class, String.class)
.invoke(mObjManager,null, 0, "com.android.settings");
} catch (Exception e2) {
e2.printStackTrace();
return null;
}
}
private static boolean removeAccountExplicitly(Account account){
try {
@SuppressLint({"PrivateApi"})
Class<?> cStub = Class.forName("android.accounts.IAccountManager$Stub");
Method asInterface = cStub.getMethod("asInterface", IBinder.class);
Object mObjManager = asInterface.invoke(null, getSystemService("account"));
Method method = mObjManager.getClass().getDeclaredMethod("removeAccountExplicitly", Account.class);
method.setAccessible(true);
return (boolean) method.invoke(mObjManager,account);
} catch (Exception e2) {
e2.printStackTrace();
return false;
}
}
I tried to switch the user to system and execute it like this
su system -c "export CLASSPATH = /data/local/tmp/classes.dex; app_process / ma.Notification Policy.Main",
I expected it to remove the account object I specified, but it threw me an classnotfound exception