Things to know about Android Filesystem

 Before we get into the rest of the Android OS, let’s first talk about the Android Filesystem. I’ll break it down into categories for easy reading.

Root & Root Admin Acess

                The Android filesystem represents the Root file hierarchy. Root is the character “/” (or “/”) that represents the root of a tree before there were files and filesystems. From there, the filesystems are divided into different levels. For example, if you have internal storage, you will see different levels like “/sdcard” or “/storage/emulated/0/”.

                (Reminder: Usually, Android phones do not allow you to touch the file system. If you want to know, just download an app called Root Explorer and go to it. However, if you have Root access, you will need RW access, so you should not modify system files without understanding them.) 

                The root file hierarchy is familiar to most Linux users, especially those who use Android as their base operating system. For most Linux users, the root file hierarchy architecture doesn’t need much explanation.

You may have heard of rooting. Is that really the correct term?

                Actually, root access is an acronym for root administrator privileges. For Linux users, you can simply type the su command in the Terminal and enter your password. Root admin access is easy to obtain. I would say that Android phones don’t have it on purpose.

                Linux is an open source, user-defined/preferences-based system, and there are no warranties or limitations, so root admin access is provided. It is possible to configure it as desired by the end-user. The sudo command (user-access) is also used instead of the root command. In Windows, there is a difference between User-account control and Administrator account.

                In our Android phones, we have all the rights to install User Account Control without having to use terminals like this, from the package-installer to the ready-made APK (Android Package Kit) files. But if you don’t have a terminal, you can also access the Shell with the Android debugging bridge (ADB) and use the command line without a computer with an app called Terminal Emulator. You can execute command lines in Android with binary files in /system/bin and /system/xbin. Busybox binary has also been a very useful binary on Android. (It is rarely included pre-installed. It is only included in custom OSes).

                Rooting was previously known as exploiting the security of the Android system, when there was no SELinux enforcing or System-less mode, and injecting the Root binary (aka su binary) into /system/bin and /system/xbin to mount Root access. SuperSU and SuperUser are just buffers that intentionally protect the root access grant and ask for permission from the user. If SU permission is Granted, you have Read/Write Access to /system and other /mnt, /data partitions, so you can modify the system as you like.

                Root access is not pre-installed on Android phones due to warranty issues (allowing it to be modified can cause many problems for the end-user), and to prevent viruses and potential privacy hacking malware. (However, the su binary is still present in the Android source. Whether or not to remove it is up to the developer who cooks the ROM). Since the mobile phones we use every day will reach many end-users, I believe it is better not to provide Root access in the first place. In the next article, I will refer to Root exploits and other hacks.

Basic filesystem for Android

                Android filesystems are pre-configured by the kernel during the boot process through mount points. If you want to know about mount points, you can go to /dev/block/mmblkxxxx (xxxx is the mount point. blk means block). There are quite a few. For example, our system partition has mount points like /dev/block/mmblk001 > /system, data partition has mount points like /dev/block/mmblk002 > /data. Custom recoveries use these mount points to write custom OSs from flashable zips using updater-script, copy and paste the relevant files, chmod (change permission) and install them (we will discuss this in the next article).

Directory names and solutions

/acct – Used for User Account Control
/cache – A cache partition, usually based on the mount point /dev/block/mtdblock2. The mount point may vary depending on the phone model.
/d – This is just a symbolic link to /sys/kernel/debug. This is just a place to view/log kernel debugs (Symbolic Links are not related to Mount points, we will explain this in a later article)
/data – This is the Data partition where our user apps and settings are stored. It doesn’t need much explanation. Generally, it is mounted at /dev/block/mtdblock1
/dev – This is the place where all the filesystem mount points and CPU control groups in our system are collected. The kernel also controls this place.
/etc – A symbolic link directly to the /system/etc directory. This is where Audio, Video, Data, Wifi and other permission files, hardware configuration files are stored.
/init – This is also an important file. The programs and scripts required for the Android booting process are run after the kernel boot. If you are familiar with init, you will understand the entire Android boot-up process. One thing to note is that there are many init sub-files under / . You will also see many .sh files. .sh is a shell script
/mnt – /mnt is a place where you can mount Internal storage, External storage (Sdcard, OTG, etc.) and tmpfs and obb. Obb is an app storage system that is used to add external storage to an application filesystem if it is larger than 50mb. Most of you know this. (You need .obb files for game files)
/proc – A mount point that provides access to the kernel’s data structure.
/sbin – A place where the standard binary files of the Linux filesystem are stored. It doesn’t need much explanation.
/sdcard – It’s just the name that has been used for a long time. Nowadays, most phones have their own internal storage, so that location is just internal storage with a symbolic link to “/mnt/sdcard”. When Android was first released, the filesystem relied on the SD card as internal storage for installing apps and other things. Now that is no longer the case.
/sys – The mount point of the kernel. It is located along with input devices and other system controls. Also known as the sysfs pseudo filesystem.
/system – The main HQ of the Android OS’s system files. This is where you will see a lot of symlinks in the root filesystem. 
/ueventd.goldfish.rc ueventd.rc – This file is the main control file for the configuration rules of the /dev location.
/vendor – This is a symbolic link to the /system/vendor location.

                I hope you have understood the Android filesystem quite well. If you have any questions, you can ask them through the TechX Myanmar Facebook page. In the next articles, we will continue to present important Android exploits and useful commands that you should know, so let me conclude with this. With all due respect to you all.