将Android10编译成真正的具有root权限的系统
程序员文章站
2024-02-26 22:41:34
...
- 修改su命令的源码
位置:system/extras/su/su.cpp
注释main函数的开始两行:
//uid_t current_uid = getuid();
//if (current_uid != AID_ROOT && current_uid != AID_SHELL) error(1, 0, "not allowed");
- 为其他用户添加su命令的可执行权限
位置:system/core/libcutils/fs_config.cpp
文件中搜索修改为如下内容。
{ 06755, AID_ROOT, AID_SHELL, 0, "system/xbin/su" },
- 关闭selinux
位置:sytem/core/init/selinux.cpp
直接返回false,关闭selinux
bool IsEnforcing() {
return false;
if (ALLOW_PERMISSIVE_SELINUX) {
return StatusFromCmdline() == SELINUX_ENFORCING;
}
return true;
}
- 修改?(不确定需不需要修改)
位置:framework/base/core/jni/com_android_internal_os_Zygote.cpp
不知道是什么内容,需不需要修改,待确定。
static void DropCapabilitiesBoundingSet(fail_fn_t fail_fn) {
/*for (int i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >= 0; i++) {;
if (prctl(PR_CAPBSET_DROP, i, 0, 0, 0) == -1) {
if (errno == EINVAL) {
ALOGE("prctl(PR_CAPBSET_DROP) failed with EINVAL. Please verify "
"your kernel is compiled with file capabilities support");
} else {
fail_fn(CREATE_ERROR("prctl(PR_CAPBSET_DROP, %d) failed: %s", i, strerror(errno)));
}
}
}*/
}
- 修改adb及相关的内容
位置:build/make/core/main.mk
ifneq (,$(user_variant))
# Target is secure in user builds.
ADDITIONAL_DEFAULT_PROPERTIES += ro.secure=0
ADDITIONAL_DEFAULT_PROPERTIES += security.perf_harden=0
ifeq ($(user_variant),user)
ADDITIONAL_DEFAULT_PROPERTIES += ro.adb.secure=0
endif
ifeq ($(user_variant),userdebug)
# Pick up some extra useful tools
tags_to_install += debug
else
# Disable debugging in plain user builds.
enable_target_debugging :=
endif
# Disallow mock locations by default for user builds
ADDITIONAL_DEFAULT_PROPERTIES += ro.allow.mock.location=1
else # !user_variant
# Turn on checkjni for non-user builds.
ADDITIONAL_BUILD_PROPERTIES += ro.kernel.android.checkjni=1
# Set device insecure for non-user builds.
ADDITIONAL_DEFAULT_PROPERTIES += ro.secure=0
# Allow mock locations by default for non user builds
ADDITIONAL_DEFAULT_PROPERTIES += ro.allow.mock.location=1
endif # !user_variant
ifeq (true,$(strip $(enable_target_debugging)))
# Target is more debuggable and adbd is on by default
ADDITIONAL_DEFAULT_PROPERTIES += ro.debuggable=1
# Enable Dalvik lock contention logging.
ADDITIONAL_BUILD_PROPERTIES += dalvik.vm.lockprof.threshold=500
else # !enable_target_debugging
# Target is less debuggable and adbd is off by default
ADDITIONAL_DEFAULT_PROPERTIES += ro.debuggable=1
endif # !enable_target_debugging
修改后,就可以让apk执行su命令之后,具有了root权限。
上一篇: 组件间的通信
下一篇: react生命周期函数