一、为什么需要adb root权限 问题:Relese版本,默认adb访问会降级到shell权限,一些敏感操作不能进行,远程调试比较麻烦。且Release版本没有su模块,不能切换Root用户。 开启adb调试以后,默认进入adb是syst
问题:Relese版本,默认adb访问会降级到shell权限,一些敏感操作不能进行,远程调试比较麻烦。且Release版本没有su模块,不能切换Root用户。
开启adb调试以后,默认进入adb是system权限,不能切换到root(因为Release没有集成su).
有两种方式切换Root:
1) Release也集成su模块
2)默认Release版本adb 开启Root权限
开启Root权限
ro.secure表示root权限,要开启Root权限,系统配置ro.secure=0 开启ROOT权限
build/make/core/main.mk
ifneq (,$(user_variant)) # ==== modify begin ==== # fix: zhouronghua default as root # Target is secure in user builds. ADDITioNAL_DEFAULT_PROPERTIES += ro.secure=0 # ==== modify end ==== ADDITIONAL_DEFAULT_PROPERTIES += security.perf_harden=1 ifeq ($(user_variant),user) # ==== modify begin ==== fix: default as root ADDITIONAL_DEFAULT_PROPERTIES += ro.adb.secure=0 # ==== modify end ==== endif
user版本就是Releae版本,userdebug版本就是debug版本。
frameworks/base/core/jni/com_Android_internal_os_Zygote.cpp
static void DropCapabilitiesBoundingSet(fail_fn_t fail_fn) { // ==== modify begin ==== zhouronghua #if 0 for (int i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >= 0; i++) {; if (prctl(PR_CAPBSET_DROP, i, 0, 0, 0) == -1) { if (errno == EINVAL) { ALOGE("prctl(PR_CAPBSET_DROP) failed with EINVAL. Please verify " "your kernel is compiled with file capabilities support"); } else { fail_fn(CREATE_ERROR("prctl(PR_CAPBSET_DROP, %d) failed: %s", i, strerror(errno))); } } } #endif // ==== modify end ====}
system/core/init/Android.bp
-DALLOW_PERMISSIVE_SELINUX=0 修改为 -DALLOW_PERMISSIVE_SELINUX=1
cc_defaults { name: "init_defaults", cpp_std: "experimental", sanitize: { misc_undefined: ["signed-integer-overflow"], }, cflags: [ "-DLOG_UEVENTS=0", "-Wall", "-Wextra", "-Wno-unused-parameter", "-Werror", "-Wthread-safety", "-DALLOW_FIRST_STAGE_CONSOLE=0", "-DALLOW_LOCAL_PROP_OVERRIDE=0", "-DALLOW_PERMISSIVE_SELINUX=1", "-DREBOOT_BOOTLOADER_ON_PANIC=0", "-DWORLD_WRITABLE_KMSG=0", "-DDUMP_ON_UMOUNT_FAILURE=0",
system/core/init/Android.mk
ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT)))init_options += \ -DALLOW_FIRST_STAGE_CONSOLE=1 \ -DALLOW_LOCAL_PROP_OVERRIDE=1 \ -DALLOW_PERMISSIVE_SELINUX=1 \ -DREBOOT_BOOTLOADER_ON_PANIC=1 \ -DWORLD_WRITABLE_KMSG=1 \ -DDUMP_ON_UMOUNT_FAILURE=1else# ==== modify begin ==== zhouronghua allow permissiveinit_options += \ -DALLOW_FIRST_STAGE_CONSOLE=0 \ -DALLOW_LOCAL_PROP_OVERRIDE=0 \ -DALLOW_PERMISSIVE_SELINUX=1 \ -DREBOOT_BOOTLOADER_ON_PANIC=0 \ -DWORLD_WRITABLE_KMSG=0 \ -DDUMP_ON_UMOUNT_FAILURE=0# ==== modify end ====endif
system/core/libcutils/fs_config.cpp
// the following two files are INTENTIONALLY set-uid, but they // are NOT included on user builds. { 06755, AID_ROOT, AID_ROOT, 0, "system/xbin/procmem" }, // ==== modify begin ==== zhouronghua su right improve { 06755, AID_ROOT, AID_SHELL, 0, "system/xbin/su" },
system/core/rootdir/init.rc
chown system system /sys/devices/system/cpu/cpufreq/interactive/io_is_busy chmod 0660 /sys/devices/system/cpu/cpufreq/interactive/io_is_busy # ==== modify begin ==== zhouronghua su right chmod 6755 /system/xbin/su # ==== modify end ====
system/extras/su/Android.mk
LOCAL_MODULE_PATH := $(TARGET_OUT_OPTIONAL_EXECUTABLES)# ==== modify begin ==== zhouronghua su as common moduleLOCAL_MODULE_TAGS := optional# ==== modify end ====
system/extras/su/su.cpp
int main(int arGC, char** argv) { // ==== modify begin ==== zhouronghua delete root shell check #if 0 uid_t current_uid = getuid(); if (current_uid != AID_ROOT && current_uid != AID_SHELL) error(1, 0, "not allowed"); #endif // ==== modify end ====
system/core/init/selinux.cpp
bool IsEnforcing() { // ==== modify start ==== zhouronghua 不需要强制安全检测return false; // ==== modify end if (ALLOW_PERMISSIVE_SELINUX) { return StatusFromCmdline() == SELINUX_ENFORCING; } return true;}
adbd启动时检查属性,决定是否进行权限降级到AID_SHELL
system/core/adb/daemon/main.cpp
static bool should_drop_privileges() { // ==== modify begin ==== // fix: zhouronghua "adb root" not allowed, always drop privileges. if (!ALLOW_ADBD_ROOT && !is_device_unlocked()) return false; // ==== modifu end ====
adb Root权限访问不需要降级。
kernel/configs/o-mr1/android-3.18/android-base.config
kernel/configs/o-mr1/android-4.4/android-base.config
kernel/configs/o-mr1/android-4.9/android-base.config
kernel/configs/o/android-3.18/android-base.config
kernel/configs/o/android-3.18/android-base.config
kernel/configs/o/android-4.4/android-base.config
kernel/configs/o/android-4.9/android-base.config
kernel/configs/p/android-4.14/android-base.config
kernel/configs/p/android-4.4/android-base.config
kernel/configs/p/android-4.9/android-base.config
kernel/configs/q/android-4.14/android-base.config
kernel/configs/q/android-4.19/android-base.config
kernel/configs/q/android-4.9/android-base.config
kernel/configs/r/android-4.14/android-base.config
kernel/configs/r/android-4.19/android-base.config
kernel/configs/r/android-5.4/android-base.config
CONFIG_XFRM_USER=y# ==== modify begin ==== zhouronghua selinuxCONFIG_SECURITY_SELINUX_DEVELOP=y# # ==== modify end ====
来源地址:https://blog.csdn.net/joedan0104/article/details/132650597
--结束END--
本文标题: Android 11编译第三弹 ADB开启ROOT权限
本文链接: https://www.lsjlt.com/news/423739.html(转载时请注明来源链接)
有问题或投稿请发送至: 邮箱/279061341@qq.com QQ/279061341
下载Word文档到电脑,方便收藏和打印~
2024-01-21
2023-10-28
2023-10-28
2023-10-27
2023-10-27
2023-10-27
2023-10-27
回答
回答
回答
回答
回答
回答
回答
回答
回答
回答
0