I’m developing an application for Android and I need to elevate the Dalvik VM to root uid, because in the alternative I need to write a lot of small applications that are started by the Java code using sh scripts (with superuser, they needs to be root) and I really don’t want to do that!

While I’m trying to use, right now, capsetp to set CAP_SETUID to the calling process, I don’t know if this will be widely supported by all Android kernels so I’m looking for possible alternatives.

My fallback solution would be to start a root process that will first use seteuid to switch to the right user, start Dalvik VM with the application (execl) and, using JNI, switch back to the root user …

Any alternative?

EDIT

I’m trying this code, but it fails to apply new capabilities (capsetp).

I’ve partially compiled libcap on Android (cap_file stuff is missing, but I don’t need it), but this code doesn’t work on a standard distro (Ubuntu).

#include <stdio.h>
#include <stdlib.h>
#include <stdint.h>
#include <unistd.h>
#include <sys/types.h>
#ifndef __user
#define __user
#endif
#include <linux/capability.h>
#include <sys/capability.h>

int main(int argc, char** argv)
{
    cap_t caps;
    cap_value_t cap_list[1];

    pid_t process_id = atoi(argv[1]);

    caps = cap_get_pid(process_id);
    if (caps == NULL)
    {
        perror("Failed to get capabilities");
        exit(-1);
    }

    printf("%s\n", cap_to_text(caps, NULL));

    cap_list[0] = CAP_SETUID; 

    if (cap_set_flag(caps, CAP_EFFECTIVE, 1, cap_list, CAP_SET) == -1)
    {
        perror("Failed to add new capability");
        exit(-1);
    }

    if (capsetp(process_id, caps) == -1)     
    {
        perror("Failed to apply capabilities");
        exit(-1);
    }

    cap_free(&caps);

    return 0;
}