推荐两个性能优化学习地址:
Blog

androidperformance

MTK 6735/6739/6755/6763 android8.1 user版本打开root权限(adb root权限和 apk root权限)

MTK 6765/6739/6755/6761/6763 android9.0 user版本打开root权限(adb root权限和 apk root权限)

android10.0(Q) root MTK 6765 user版本打开root权限(adb root权限和 apk root权限)

修改方案
总共修改 12 个文件

modified:device/qcom/qssi/BoardConfig.mk
modified:device/qcom/trinket/BoardConfig.mk
modified:system/core/init/Android.bp
modified:system/core/init/Android.mk
modified:system/core/init/selinux.cpp
modified:system/core/fs_mgr/Android.bp
modified:system/core/adb/Android.bp
modified:system/core/adb/daemon/main.cpp
modified:system/sepolicy/Android.mk
modified:build/core/main.mk
modified:system/sepolicy/definitions.mk
modified:device/qcom/sepolicy/Android.mk

由于sm6125 找的是qssi 和trinket,所以找到qssi 和trinket 下面的BoardConfig.mk修改BOARD_KERNEL_CMDLINE
1、BOARD_KERNEL_CMDLINE默认添加androidboot.selinux=permissive

device/qcom/qssi/BoardConfig.mk

diff --git a/BoardConfig.mk b/BoardConfig.mk
index 3fbc788..03a8e16 100644
--- a/BoardConfig.mk
+++ b/BoardConfig.mk
@@ -98,7 +98,7 @@ endifTARGET_USES_ION := trueTARGET_USES_NEW_ION_API :=trueTARGET_USES_QCOM_BSP := false
-BOARD_KERNEL_CMDLINE := console=ttyMSM0,115200n8 earlycon=msm_geni_serial,0xa90000 androidboot.hardware=qcom androidboot.console=ttyMSM0 androidboot.memcg=1 lpm_levels.sleep_disabled=1 video=vfb:640x400,bpp=32,memsize=3072000 msm_rtb.filter=0x237 service_locator.enable=1 swiotlb=2048 loop.max_part=7 androidboot.usbcontroller=a600000.dwc3
+BOARD_KERNEL_CMDLINE := console=ttyMSM0,115200n8 earlycon=msm_geni_serial,0xa90000 androidboot.hardware=qcom androidboot.console=ttyMSM0 androidboot.memcg=1 lpm_levels.sleep_disabled=1 video=vfb:640x400,bpp=32,memsize=3072000 msm_rtb.filter=0x237 service_locator.enable=1 swiotlb=2048 loop.max_part=7 androidboot.usbcontroller=a600000.dwc3 androidboot.selinux=permissiveBOARD_EGL_CFG := device/qcom/$(TARGET_BOARD_PLATFORM)/egl.cfg

2、BOARD_KERNEL_CMDLINE默认添加androidboot.selinux=permissive

device/qcom/trinket/BoardConfig.mk

diff --git a/BoardConfig.mk b/BoardConfig.mk
index e041c85..76b76a4 100644
--- a/BoardConfig.mk
+++ b/BoardConfig.mk
@@ -223,9 +223,9 @@ ifeq (FACTORY, $(LCT_BUILD_TYPE))elseifeq (user, $(TARGET_BUILD_VARIANT))
-  BOARD_KERNEL_CMDLINE := console=ttyMSM0,115200n8 androidboot.hardware=qcom androidboot.console=ttyMSM0 androidboot.memcg=1 lpm_levels.sleep_disabled=1 video=vfb:640x400,bpp=32,memsize=3072000 msm_rtb.filter=0x237 service_locator.enable=1 swiotlb=1 earlycon=msm_geni_serial,0x4a90000 loop.max_part=7 cgroup.memory=nokmem,nosocket
+  BOARD_KERNEL_CMDLINE := console=ttyMSM0,115200n8 androidboot.hardware=qcom androidboot.console=ttyMSM0 androidboot.memcg=1 lpm_levels.sleep_disabled=1 video=vfb:640x400,bpp=32,memsize=3072000 msm_rtb.filter=0x237 service_locator.enable=1 swiotlb=1 earlycon=msm_geni_serial,0x4a90000 loop.max_part=7 cgroup.memory=nokmem,nosocket androidboot.selinux=permissiveelse
-  BOARD_KERNEL_CMDLINE := console=ttyMSM0,115200n8 androidboot.hardware=qcom androidboot.console=ttyMSM0 androidboot.memcg=1 lpm_levels.sleep_disabled=1 video=vfb:640x400,printk.devkmsg=on,bpp=32,memsize=3072000 msm_rtb.filter=0x237 service_locator.enable=1 swiotlb=1 earlycon=msm_geni_serial,0x4a90000 loop.max_part=7 cgroup.memory=nokmem,nosocket
+  BOARD_KERNEL_CMDLINE := console=ttyMSM0,115200n8 androidboot.hardware=qcom androidboot.console=ttyMSM0 androidboot.memcg=1 lpm_levels.sleep_disabled=1 video=vfb:640x400,printk.devkmsg=on,bpp=32,memsize=3072000 msm_rtb.filter=0x237 service_locator.enable=1 swiotlb=1 earlycon=msm_geni_serial,0x4a90000 loop.max_part=7 cgroup.memory=nokmem,nosocket androidboot.selinux=permissiveendifendif

3、修改 SELinux权限为 Permissive
      SELinux 常用状态有两个 Permissive 和 Enforcing,通过 adb shell getenforce 可查看当前所处模式
     10.0 改到了 selinux.cpp 中
  3.1 system/core/init/Android.bp

diff --git a/init/Android.bp b/init/Android.bp
index 6be7290..189ddd6 100644
--- a/init/Android.bp
+++ b/init/Android.bp
@@ -26,11 +26,11 @@ cc_defaults {"-Wextra","-Wno-unused-parameter","-Werror",
-        "-DALLOW_LOCAL_PROP_OVERRIDE=0",
-        "-DALLOW_PERMISSIVE_SELINUX=0",
-        "-DREBOOT_BOOTLOADER_ON_PANIC=0",
-        "-DWORLD_WRITABLE_KMSG=0",
-        "-DDUMP_ON_UMOUNT_FAILURE=0",
+        "-DALLOW_LOCAL_PROP_OVERRIDE=1",
+        "-DALLOW_PERMISSIVE_SELINUX=1",
+        "-DREBOOT_BOOTLOADER_ON_PANIC=1",
+        "-DWORLD_WRITABLE_KMSG=1",
+        "-DDUMP_ON_UMOUNT_FAILURE=1","-DSHUTDOWN_ZERO_TIMEOUT=0",],product_variables: {

3.2 system/core/init/Android.mk

diff --git a/init/Android.mk b/init/Android.mk
index cca57a9..494c654 100644
--- a/init/Android.mk
+++ b/init/Android.mk
@@ -6,7 +6,7 @@ LOCAL_PATH:= $(call my-dir)# ---ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT)))
+ifneq (,$(filter user userdebug eng,$(TARGET_BUILD_VARIANT)))init_options += \-DALLOW_LOCAL_PROP_OVERRIDE=1 \-DALLOW_PERMISSIVE_SELINUX=1 \

3.3 system/core/init/selinux.cpp

diff --git a/init/selinux.cpp b/init/selinux.cpp
index 86238b4..9cd3f1e 100644
--- a/init/selinux.cpp
+++ b/init/selinux.cpp
@@ -97,10 +97,12 @@ EnforcingStatus StatusFromCmdline() {}bool IsEnforcing() {
+    return false;if (ALLOW_PERMISSIVE_SELINUX) {return StatusFromCmdline() == SELINUX_ENFORCING;}return true;
+    }

4、解锁 fastboot,并关闭 verity 按需操作

4.1 system/core/adb/Android.bp

diff --git a/adb/Android.bp b/adb/Android.bp
index 01e00dd..b6b117c 100644
--- a/adb/Android.bp
+++ b/adb/Android.bp
@@ -24,7 +24,7 @@ cc_defaults {"-Wno-missing-field-initializers","-Wthread-safety","-Wvla","-DADB_HOST=1",         // overridden by adbd_defaults
-        "-DALLOW_ADBD_ROOT=0",  // overridden by adbd_defaults
+        "-DALLOW_ADBD_ROOT=1",  // overridden by adbd_defaults],cpp_std: "experimental",
@@ -76,7 +76,14 @@ cc_defaults {name: "adbd_defaults",defaults: ["adb_defaults"],-    cflags: ["-UADB_HOST", "-DADB_HOST=0"],
+    cflags: [
+           "-UADB_HOST",
+           "-DADB_HOST=0"
+               "-UALLOW_ADBD_ROOT",
+        "-DALLOW_ADBD_ROOT=1",
+        "-DALLOW_ADBD_DISABLE_VERITY",
+        "-DALLOW_ADBD_NO_AUTH",
+       ],product_variables: {debuggable: {cflags: [
@@ -403,6 +410,8 @@ cc_library {"libcutils","liblog",],
+
+    required: [ "remount",],product_variables: {debuggable: {

4.2 system/core/adb/daemon/main.cpp

diff --git a/adb/daemon/main.cpp b/adb/daemon/main.cpp
index e5a4917..5f8de1b 100644
--- a/adb/daemon/main.cpp
+++ b/adb/daemon/main.cpp
@@ -63,6 +63,7 @@ static inline bool is_device_unlocked() {}static bool should_drop_capabilities_bounding_set() {
+       return false;if (ALLOW_ADBD_ROOT || is_device_unlocked()) {if (__android_log_is_debuggable()) {return false;
@@ -73,6 +74,7 @@ static bool should_drop_capabilities_bounding_set() {static bool should_drop_privileges() {// "adb root" not allowed, always drop privileges.
+       return false;if (!ALLOW_ADBD_ROOT && !is_device_unlocked()) return true;// The properties that affect `adb root` and `adb unroot` are ro.secure and

5、修改 adb root 权限,user 和 userdebug 区别在于 remount 时走的地方不一样,userdebug remount 时打印的日志来自 system\core\fs_mgr\fs_mgr_remount.cpp

diff --git a/fs_mgr/Android.bp b/fs_mgr/Android.bp
index 4ee9624..ebaa390 100644
--- a/fs_mgr/Android.bp
+++ b/fs_mgr/Android.bp
@@ -75,7 +75,8 @@ cc_library {"libfstab",],cppflags: [
-        "-DALLOW_ADBD_DISABLE_VERITY=0",
+        "-UALLOW_ADBD_DISABLE_VERITY",
+        "-DALLOW_ADBD_DISABLE_VERITY=1",],product_variables: {debuggable: {
@@ -132,7 +133,8 @@ cc_binary {"fs_mgr_remount.cpp",],cppflags: [
-        "-DALLOW_ADBD_DISABLE_VERITY=0",
+        "-UALLOW_ADBD_DISABLE_VERITY",
+        "-DALLOW_ADBD_DISABLE_VERITY=1",],product_variables: {debuggable: {

6、user 版本启用 overlayfs 来装载 remount 对应分区 user 版本不允许 permissive domains

system/sepolicy/Android.mk

diff --git a/Android.mk b/Android.mk
index dadd7b0..24278d5 100644
--- a/Android.mk
+++ b/Android.mk
@@ -309,7 +309,7 @@ LOCAL_REQUIRED_MODULES += \endif-ifneq ($(TARGET_BUILD_VARIANT), user)
+ifneq ($(TARGET_BUILD_VARIANT), eng)LOCAL_REQUIRED_MODULES += \selinux_denial_metadata \@@ -978,7 +978,7 @@ $(built_sepolicy_neverallows)@mkdir -p $(dir $@)$(hide) $< -m -M true -G -c $(POLICYVERS) $(PRIVATE_NEVERALLOW_ARG) $(PRIVATE_CIL_FILES) -o $@.tmp -f /dev/null$(hide) $(HOST_OUT_EXECUTABLES)/sepolicy-analyze $@.tmp permissive > $@.permissivedomains
-       $(hide) if [ "$(TARGET_BUILD_VARIANT)" = "user" -a -s $@.permissivedomains ]; then \
+       $(hide) if [ "eng" = "user" -a -s $@.permissivedomains ]; then \echo "==========" 1>&2; \echo "ERROR: permissive domains not allowed in user builds" 1>&2; \echo "List of invalid domains:" 1>&2; \
@@ -1032,7 +1032,7 @@ $(LOCAL_BUILT_MODULE): $(sepolicy.recovery.conf) $(HOST_OUT_EXECUTABLES)/checkpo$(hide) $(CHECKPOLICY_ASAN_OPTIONS) $(HOST_OUT_EXECUTABLES)/checkpolicy -M -c \$(POLICYVERS) -o $@.tmp $<$(hide) $(HOST_OUT_EXECUTABLES)/sepolicy-analyze $@.tmp permissive > $@.permissivedomains
-       $(hide) if [ "$(TARGET_BUILD_VARIANT)" = "user" -a -s $@.permissivedomains ]; then \
+       $(hide) if [ "eng" = "user" -a -s $@.permissivedomains ]; then \echo "==========" 1>&2; \echo "ERROR: permissive domains not allowed in user builds" 1>&2; \echo "List of invalid domains:" 1>&2; \
@@ -1104,7 +1104,7 @@ endififneq ($(filter address,$(SANITIZE_TARGET)),)local_fc_files += $(wildcard $(addsuffix /file_contexts_asan, $(PLAT_PRIVATE_POLICY)))endif
-ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT)))
+ifneq (,$(filter user userdebug eng,$(TARGET_BUILD_VARIANT)))local_fc_files += $(wildcard $(addsuffix /file_contexts_overlayfs, $(PLAT_PRIVATE_POLICY)))endififeq ($(TARGET_FLATTEN_APEX),true)
@@ -1166,7 +1166,7 @@ file_contexts.device.tmp :=file_contexts.local.tmp :=##################################
-ifneq ($(TARGET_BUILD_VARIANT), user)
+ifneq ($(TARGET_BUILD_VARIANT), eng)include $(CLEAR_VARS)LOCAL_MODULE := selinux_denial_metadata

system/sepolicy/definitions.mk

diff --git a/definitions.mk b/definitions.mk
index 16c8bd6..d64ea4c 100644
--- a/definitions.mk
+++ b/definitions.mk
@@ -4,7 +4,7 @@ define transform-policy-to-conf@mkdir -p $(dir $@)$(hide) m4 --fatal-warnings $(PRIVATE_ADDITIONAL_M4DEFS) \-D mls_num_sens=$(PRIVATE_MLS_SENS) -D mls_num_cats=$(PRIVATE_MLS_CATS) \
-       -D target_build_variant=$(PRIVATE_TARGET_BUILD_VARIANT) \
+       -D target_build_variant=eng \-D target_with_dexpreopt=$(WITH_DEXPREOPT) \-D target_arch=$(PRIVATE_TGT_ARCH) \-D target_with_asan=$(PRIVATE_TGT_WITH_ASAN) \

7、打开 USB 调试时默认授权,不再弹授权框  打开deug

build/core/main.mk

diff --git a/core/main.mk b/core/main.mk
index c2206db..bc2996d 100644
--- a/core/main.mk
+++ b/core/main.mk
@@ -293,7 +293,7 @@ ifneq (,$(user_variant))ifeq (FACTORY, $(LCT_BUILD_TYPE))ADDITIONAL_DEFAULT_PROPERTIES += ro.secure=0else
-    ADDITIONAL_DEFAULT_PROPERTIES += ro.secure=1
+    ADDITIONAL_DEFAULT_PROPERTIES += ro.secure=0endif#add NHK-M528-A01-137 -factory open root default modify by mafei 20191021-endADDITIONAL_DEFAULT_PROPERTIES += security.perf_harden=1
@@ -304,7 +304,7 @@ ifneq (,$(user_variant))ifeq (FACTORY, $(LCT_BUILD_TYPE))ADDITIONAL_DEFAULT_PROPERTIES += ro.adb.secure=0else
-      ADDITIONAL_DEFAULT_PROPERTIES += ro.adb.secure=1
+      ADDITIONAL_DEFAULT_PROPERTIES += ro.adb.secure=0endif#add NHK-M528-A01-137 -factory open root default modify by mafei 20191021-endendif
@@ -341,7 +341,7 @@ else # !enable_target_debuggingifeq (FACTORY, $(LCT_BUILD_TYPE))ADDITIONAL_DEFAULT_PROPERTIES += ro.debuggable=1else
-    ADDITIONAL_DEFAULT_PROPERTIES += ro.debuggable=0
+    ADDITIONAL_DEFAULT_PROPERTIES += ro.debuggable=1endif #add NHK-M528-A01-137 -factory open root default modify by mafei 20191021-endendif # !enable_target_debugging

7、修改导致selinux报错问题

device/qcom/sepolicy/Android.mk

diff --git a/Android.mk b/Android.mk
index c490fba..873b15b 100644
--- a/Android.mk
+++ b/Android.mk
@@ -45,7 +45,7 @@ ifeq (,$(filter sdm845 sdm710, $(TARGET_BOARD_PLATFORM)))BOARD_SEPOLICY_DIRS += $(LOCAL_PATH)/qva/vendor/$(TARGET_SEPOLICY_DIR)endif-    ifneq (,$(filter userdebug eng, $(TARGET_BUILD_VARIANT)))
+    ifneq (,$(filter user userdebug eng, $(TARGET_BUILD_VARIANT)))BOARD_SEPOLICY_DIRS += $(LOCAL_PATH)/generic/vendor/testBOARD_SEPOLICY_DIRS += $(LOCAL_PATH)/qva/vendor/testendif
@@ -65,7 +65,7 @@ ifneq (,$(filter sdm845 sdm710, $(TARGET_BOARD_PLATFORM)))elseBOARD_SEPOLICY_DIRS += $(LOCAL_PATH)/legacy/vendor/$(TARGET_SEPOLICY_DIR)endif
-    ifneq (,$(filter userdebug eng, $(TARGET_BUILD_VARIANT)))
+    ifneq (,$(filter user userdebug eng, $(TARGET_BUILD_VARIANT)))BOARD_SEPOLICY_DIRS += $(LOCAL_PATH)/legacy/vendor/testendifendif

patch汇总

一、device/qcom/trinket/
diff --git a/device/qcom/trinket/BoardConfig.mk b/device/qcom/trinket/BoardConfig.mk
index e041c85..76b76a4 100644
--- a/device/qcom/trinket/BoardConfig.mk
+++ b/device/qcom/trinket/BoardConfig.mk
@@ -223,9 +223,9 @@elseifeq (user, $(TARGET_BUILD_VARIANT))
-  BOARD_KERNEL_CMDLINE := console=ttyMSM0,115200n8 androidboot.hardware=qcom androidboot.console=ttyMSM0 androidboot.memcg=1 lpm_levels.sleep_disabled=1 video=vfb:640x400,bpp=32,memsize=3072000 msm_rtb.filter=0x237 service_locator.enable=1 swiotlb=1 earlycon=msm_geni_serial,0x4a90000 loop.max_part=7 cgroup.memory=nokmem,nosocket
+  BOARD_KERNEL_CMDLINE := console=ttyMSM0,115200n8 androidboot.hardware=qcom androidboot.console=ttyMSM0 androidboot.memcg=1 lpm_levels.sleep_disabled=1 video=vfb:640x400,bpp=32,memsize=3072000 msm_rtb.filter=0x237 service_locator.enable=1 swiotlb=1 earlycon=msm_geni_serial,0x4a90000 loop.max_part=7 cgroup.memory=nokmem,nosocket androidboot.selinux=permissiveelse
-  BOARD_KERNEL_CMDLINE := console=ttyMSM0,115200n8 androidboot.hardware=qcom androidboot.console=ttyMSM0 androidboot.memcg=1 lpm_levels.sleep_disabled=1 video=vfb:640x400,printk.devkmsg=on,bpp=32,memsize=3072000 msm_rtb.filter=0x237 service_locator.enable=1 swiotlb=1 earlycon=msm_geni_serial,0x4a90000 loop.max_part=7 cgroup.memory=nokmem,nosocket
+  BOARD_KERNEL_CMDLINE := console=ttyMSM0,115200n8 androidboot.hardware=qcom androidboot.console=ttyMSM0 androidboot.memcg=1 lpm_levels.sleep_disabled=1 video=vfb:640x400,printk.devkmsg=on,bpp=32,memsize=3072000 msm_rtb.filter=0x237 service_locator.enable=1 swiotlb=1 earlycon=msm_geni_serial,0x4a90000 loop.max_part=7 cgroup.memory=nokmem,nosocket androidboot.selinux=permissiveendifendif二、device/qcom/qssi/
diff --git a/device/qcom/qssi/BoardConfig.mk b/device/qcom/qssi/BoardConfig.mk
index 3fbc788..03a8e16 100644
--- a/device/qcom/qssi/BoardConfig.mk
+++ b/device/qcom/qssi/BoardConfig.mk
@@ -98,7 +98,7 @@TARGET_USES_ION := trueTARGET_USES_NEW_ION_API :=trueTARGET_USES_QCOM_BSP := false
-BOARD_KERNEL_CMDLINE := console=ttyMSM0,115200n8 earlycon=msm_geni_serial,0xa90000 androidboot.hardware=qcom androidboot.console=ttyMSM0 androidboot.memcg=1 lpm_levels.sleep_disabled=1 video=vfb:640x400,bpp=32,memsize=3072000 msm_rtb.filter=0x237 service_locator.enable=1 swiotlb=2048 loop.max_part=7 androidboot.usbcontroller=a600000.dwc3
+BOARD_KERNEL_CMDLINE := console=ttyMSM0,115200n8 earlycon=msm_geni_serial,0xa90000 androidboot.hardware=qcom androidboot.console=ttyMSM0 androidboot.memcg=1 lpm_levels.sleep_disabled=1 video=vfb:640x400,bpp=32,memsize=3072000 msm_rtb.filter=0x237 service_locator.enable=1 swiotlb=2048 loop.max_part=7 androidboot.usbcontroller=a600000.dwc3 androidboot.selinux=permissiveBOARD_EGL_CFG := device/qcom/$(TARGET_BOARD_PLATFORM)/egl.cfg三、system/core/
diff --git a/system/core/init/Android.bp b/system/core/init/Android.bp
index 6be7290..189ddd6 100644
--- a/system/core/init/Android.bp
+++ b/system/core/init/Android.bp
@@ -26,11 +26,11 @@"-Wextra","-Wno-unused-parameter","-Werror",
-        "-DALLOW_LOCAL_PROP_OVERRIDE=0",
-        "-DALLOW_PERMISSIVE_SELINUX=0",
-        "-DREBOOT_BOOTLOADER_ON_PANIC=0",
-        "-DWORLD_WRITABLE_KMSG=0",
-        "-DDUMP_ON_UMOUNT_FAILURE=0",
+        "-DALLOW_LOCAL_PROP_OVERRIDE=1",
+        "-DALLOW_PERMISSIVE_SELINUX=1",
+        "-DREBOOT_BOOTLOADER_ON_PANIC=1",
+        "-DWORLD_WRITABLE_KMSG=1",
+        "-DDUMP_ON_UMOUNT_FAILURE=1","-DSHUTDOWN_ZERO_TIMEOUT=0",],product_variables: {diff --git a/system/core/init/Android.mk b/system/core/init/Android.mk
index cca57a9..494c654 100644
--- a/system/core/init/Android.mk
+++ b/system/core/init/Android.mk
@@ -6,7 +6,7 @@# ---ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT)))
+ifneq (,$(filter user userdebug eng,$(TARGET_BUILD_VARIANT)))init_options += \-DALLOW_LOCAL_PROP_OVERRIDE=1 \-DALLOW_PERMISSIVE_SELINUX=1 \
diff --git a/system/core/init/selinux.cpp b/system/core/init/selinux.cpp
index 86238b4..9cd3f1e 100644
--- a/init/selinux.cpp
+++ b/init/selinux.cpp
@@ -97,10 +97,12 @@}bool IsEnforcing() {
+    return false;if (ALLOW_PERMISSIVE_SELINUX) {return StatusFromCmdline() == SELINUX_ENFORCING;}return true;
+    }// Forks, executes the provided program in the child, and waits for the completion in the parent.diff --git a/system/core/adb/Android.bp b/system/core/adb/Android.bp
index 01e00dd..0854dd1 100644
--- a/system/core/adb/Android.bp
+++ b/system/core/adb/Android.bp
@@ -25,7 +25,7 @@"-Wthread-safety","-Wvla","-DADB_HOST=1",         // overridden by adbd_defaults
-        "-DALLOW_ADBD_ROOT=0",  // overridden by adbd_defaults
+        "-DALLOW_ADBD_ROOT=1",  // overridden by adbd_defaults],cpp_std: "experimental",@@ -76,7 +76,14 @@name: "adbd_defaults",defaults: ["adb_defaults"],-    cflags: ["-UADB_HOST", "-DADB_HOST=0"],
+    cflags: [
+             "-UADB_HOST",
+             "-DADB_HOST=0",
+             "-UALLOW_ADBD_ROOT",
+             "-DALLOW_ADBD_ROOT=1",
+             "-DALLOW_ADBD_DISABLE_VERITY",
+             "-DALLOW_ADBD_NO_AUTH",
+             ],product_variables: {debuggable: {cflags: [
@@ -404,6 +411,8 @@"liblog",],+    required: [ "remount",],
+    product_variables: {debuggable: {required: [
diff --git a/system/core/adb/daemon/main.cpp b/system/core/adb/daemon/main.cpp
index e5a4917..5f8de1b 100644
--- a/system/core/adb/daemon/main.cpp
+++ b/system/core/adb/daemon/main.cpp
@@ -63,6 +63,7 @@}static bool should_drop_capabilities_bounding_set() {
+  return false;if (ALLOW_ADBD_ROOT || is_device_unlocked()) {if (__android_log_is_debuggable()) {return false;
@@ -73,6 +74,7 @@static bool should_drop_privileges() {// "adb root" not allowed, always drop privileges.
+  return false;if (!ALLOW_ADBD_ROOT && !is_device_unlocked()) return true;// The properties that affect `adb root` and `adb unroot` are ro.secure and diff --git a/system/core/fs_mgr/Android.bp b/system/core/fs_mgr/Android.bp
index 4ee9624..ebaa390 100644
--- a/system/core/fs_mgr/Android.bp
+++ b/system/core/fs_mgr/Android.bp
@@ -75,7 +75,8 @@"libfstab",],cppflags: [
-        "-DALLOW_ADBD_DISABLE_VERITY=0",
+        "-UALLOW_ADBD_DISABLE_VERITY",
+        "-DALLOW_ADBD_DISABLE_VERITY=1",],product_variables: {debuggable: {
@@ -132,7 +133,8 @@"fs_mgr_remount.cpp",],cppflags: [
-        "-DALLOW_ADBD_DISABLE_VERITY=0",
+        "-UALLOW_ADBD_DISABLE_VERITY",
+        "-DALLOW_ADBD_DISABLE_VERITY=1",],product_variables: {debuggable: {四、system/sepolicy
diff --git a/system/sepolicy/Android.mk b/system/sepolicy/Android.mk
index dadd7b0..24278d5 100644
--- a/system/sepolicy/Android.mk
+++ b/system/sepolicy/Android.mk
@@ -309,7 +309,7 @@endif-ifneq ($(TARGET_BUILD_VARIANT), user)
+ifneq ($(TARGET_BUILD_VARIANT), eng)LOCAL_REQUIRED_MODULES += \selinux_denial_metadata \@@ -978,7 +978,7 @@@mkdir -p $(dir $@)$(hide) $< -m -M true -G -c $(POLICYVERS) $(PRIVATE_NEVERALLOW_ARG) $(PRIVATE_CIL_FILES) -o $@.tmp -f /dev/null$(hide) $(HOST_OUT_EXECUTABLES)/sepolicy-analyze $@.tmp permissive > $@.permissivedomains
-   $(hide) if [ "$(TARGET_BUILD_VARIANT)" = "user" -a -s $@.permissivedomains ]; then \
+  $(hide) if [ "eng" = "user" -a -s $@.permissivedomains ]; then \echo "==========" 1>&2; \echo "ERROR: permissive domains not allowed in user builds" 1>&2; \echo "List of invalid domains:" 1>&2; \
@@ -1032,7 +1032,7 @@$(hide) $(CHECKPOLICY_ASAN_OPTIONS) $(HOST_OUT_EXECUTABLES)/checkpolicy -M -c \$(POLICYVERS) -o $@.tmp $<$(hide) $(HOST_OUT_EXECUTABLES)/sepolicy-analyze $@.tmp permissive > $@.permissivedomains
-   $(hide) if [ "$(TARGET_BUILD_VARIANT)" = "user" -a -s $@.permissivedomains ]; then \
+  $(hide) if [ "eng" = "user" -a -s $@.permissivedomains ]; then \echo "==========" 1>&2; \echo "ERROR: permissive domains not allowed in user builds" 1>&2; \echo "List of invalid domains:" 1>&2; \
@@ -1104,7 +1104,7 @@ifneq ($(filter address,$(SANITIZE_TARGET)),)local_fc_files += $(wildcard $(addsuffix /file_contexts_asan, $(PLAT_PRIVATE_POLICY)))endif
-ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT)))
+ifneq (,$(filter user userdebug eng,$(TARGET_BUILD_VARIANT)))local_fc_files += $(wildcard $(addsuffix /file_contexts_overlayfs, $(PLAT_PRIVATE_POLICY)))endififeq ($(TARGET_FLATTEN_APEX),true)
@@ -1166,7 +1166,7 @@file_contexts.local.tmp :=##################################
-ifneq ($(TARGET_BUILD_VARIANT), user)
+ifneq ($(TARGET_BUILD_VARIANT), eng)include $(CLEAR_VARS)LOCAL_MODULE := selinux_denial_metadatadiff --git a/system/sepolicy/definitions.mk b/system/sepolicy/definitions.mk
index 16c8bd6..d64ea4c 100644
--- a/system/sepolicy/definitions.mk
+++ b/system/sepolicy/definitions.mk
@@ -4,7 +4,7 @@@mkdir -p $(dir $@)$(hide) m4 --fatal-warnings $(PRIVATE_ADDITIONAL_M4DEFS) \-D mls_num_sens=$(PRIVATE_MLS_SENS) -D mls_num_cats=$(PRIVATE_MLS_CATS) \
-   -D target_build_variant=$(PRIVATE_TARGET_BUILD_VARIANT) \
+  -D target_build_variant=eng \-D target_with_dexpreopt=$(WITH_DEXPREOPT) \-D target_arch=$(PRIVATE_TGT_ARCH) \-D target_with_asan=$(PRIVATE_TGT_WITH_ASAN) \五、/build
diff --git a/build/core/main.mk b/build/core/main.mk
index c2206db..bc2996d 100644
--- a/build/core/main.mk
+++ b/build/core/main.mk
@@ -293,7 +293,7 @@ifeq (FACTORY, $(LCT_BUILD_TYPE))ADDITIONAL_DEFAULT_PROPERTIES += ro.secure=0else
-    ADDITIONAL_DEFAULT_PROPERTIES += ro.secure=1
+    ADDITIONAL_DEFAULT_PROPERTIES += ro.secure=0endif#add NHK-M528-A01-137 -factory open root default modify by mafei 20191021-endADDITIONAL_DEFAULT_PROPERTIES += security.perf_harden=1
@@ -304,7 +304,7 @@ifeq (FACTORY, $(LCT_BUILD_TYPE))ADDITIONAL_DEFAULT_PROPERTIES += ro.adb.secure=0else
-      ADDITIONAL_DEFAULT_PROPERTIES += ro.adb.secure=1
+      ADDITIONAL_DEFAULT_PROPERTIES += ro.adb.secure=0endif#add NHK-M528-A01-137 -factory open root default modify by mafei 20191021-endendif
@@ -341,7 +341,7 @@ifeq (FACTORY, $(LCT_BUILD_TYPE))ADDITIONAL_DEFAULT_PROPERTIES += ro.debuggable=1else
-    ADDITIONAL_DEFAULT_PROPERTIES += ro.debuggable=0
+    ADDITIONAL_DEFAULT_PROPERTIES += ro.debuggable=1endif #add NHK-M528-A01-137 -factory open root default modify by mafei 20191021-endendif # !enable_target_debugging六、/device/qcom/sepolicy
diff --git a/device/qcom/sepolicy/Android.mk b/device/qcom/sepolicy/Android.mk
index c490fba..873b15b 100644
--- a/device/qcom/sepolicy/Android.mk
+++ b/device/qcom/sepolicy/Android.mk
@@ -45,7 +45,7 @@BOARD_SEPOLICY_DIRS += $(LOCAL_PATH)/qva/vendor/$(TARGET_SEPOLICY_DIR)endif-    ifneq (,$(filter userdebug eng, $(TARGET_BUILD_VARIANT)))
+    ifneq (,$(filter user userdebug eng, $(TARGET_BUILD_VARIANT)))BOARD_SEPOLICY_DIRS += $(LOCAL_PATH)/generic/vendor/testBOARD_SEPOLICY_DIRS += $(LOCAL_PATH)/qva/vendor/testendif
@@ -65,7 +65,7 @@elseBOARD_SEPOLICY_DIRS += $(LOCAL_PATH)/legacy/vendor/$(TARGET_SEPOLICY_DIR)endif
-    ifneq (,$(filter userdebug eng, $(TARGET_BUILD_VARIANT)))
+    ifneq (,$(filter user userdebug eng, $(TARGET_BUILD_VARIANT)))BOARD_SEPOLICY_DIRS += $(LOCAL_PATH)/legacy/vendor/testendifendif

android10.0(Q) root QCOM-SM6125 user版本打开root权限相关推荐

  1. android10.0(Q) root MTK 6765 user版本打开root权限(adb root权限和 apk root权限)

    前言 everybody,好久不见,我胡汉三又回来了,android10.0 root 安排!!! 相比较 Android8.1.9.0 而言,Q 版本 的 root变得相当麻烦,10.0 中引入了动 ...

  2. Android 8.0 开机动画,RK3326 android10.0(Q) 开机logo+开关机动画替换

    RK3326 android10.0(Q) 开机logo+开关机动画替换 2020年08月14日 | 萬仟网移动技术 | 我要评论 开机logouboot和kernel阶段的logo分别为开机显示的第 ...

  3. android10.0(Q) android11(R) 时区相关问题

    一.默认关闭自动更新时区 将自动更新时区开关 def_auto_time_zone 的值设置为 false. 文件路径:platform/frameworks/base/packages/Settin ...

  4. android10.0(Q) AOSP 增加应用锁功能

    前言 应用锁的功能可以说是很普遍了,大致就是在 startActivity 对应代码处进行拦截就行. 最开始在网上找了点资料,没有能合适直接用的,就自己搞了下,这里简单做个笔记. Android应用锁 ...

  5. Android10.0(Q) 实现通话中播放音乐/通话背景音(答录机/魔音功能)

    前言 这个功能大体意思类似机器人交互的效果,一般多应用到客服接听场景中,电话接通自动播放一段录音给 对方听,根据选项操作录音解析等完成一整个流程.这里面电话接通播放声音给对方听普通应用是做不到的, 因 ...

  6. RK3326 android10.0(Q) 系统精简瘦身

    删除无用APk 系统备份.cts测试相关.系统壁纸备份 build/make/target/product/base_system.mk @@ -41,7 +41,6 @@ PRODUCT_PACKA ...

  7. android10.0(Q) Settings 添加设置项——动态方式

    为什么要这样做? 上一篇通过静态方式添加配置项,应用场景太局限. 所以继续研究加载原理,终于发现了动态加载的奥秘. 效果图 文件清单 frameworks\base\packages\Settings ...

  8. android10.0(Q) Launcher3 去掉抽屉

    效果图 修改思路 1.增加变量 launcher3.is_full_app,用来动态切换 2.增加两套布局,对应有抽屉和无抽屉 3.去除 allAppsButton 4.将 AllAppsContai ...

  9. Android10.0(Q) 默认应用设置(电话、短信、浏览器、主屏幕应用)

    有些时候系统里预装了两个电话.桌面这样的应用,开机启动后系统会弹框让你选择使用那一个. 在系统设置中应用和通知里发现有默认应用选项,点进去发现是在 PermissionController 中 默认列 ...

最新文章

  1. 【Qt】Qt发布可执行程序(打包依赖库)
  2. AI人才报告 | AI稳超互联网平均薪资,哪些细分领域最受追捧?
  3. openfiler setup一,安装
  4. (六)Amazon Lightsail 部署LAMP应用程序之升级到Amazon EC2
  5. c/c++在windows下获取时间和计算时间差的几种方法总结
  6. k8s Service的类型和实现流程图解
  7. t3 修改服务器配置,t3如何修改服务器地址
  8. FIO测试磁盘的iops
  9. 云+X案例展 | 电商零售类:WakeData助力叁拾加数字化变革
  10. 世界上最伟大的推销员--2
  11. 2021-10-25 Vue异步操作
  12. Python基础import导包问题
  13. 笔记︱决策树族——梯度提升树(GBDT)
  14. 王思聪花了100万的组装的电脑,网速到底有多快?
  15. chrome谷歌浏览器历史版本
  16. web逻辑思维题目_逻辑思维训练500题
  17. USGS批量下载影像(Sentinel2/哨兵2/Landsat)数据、bda程序安装-(史上最全讲解)
  18. Labelme直接生成灰度图
  19. windows系统c++/VS2019编译gRPC
  20. C++ Primer Plus 学习笔记(十一)

热门文章

  1. 二层交换与MAC地址
  2. OpenWrt之配置无线中继(基于新三mt7621)
  3. java实现动态规划算法解决存钱罐问题(piggy bank)
  4. 启动三个线程,线程1打印1-5,线程2打印6-10,线程3打印11-15,接着线程1打印16-20……依此类推,打印到72.
  5. 看Salesforce的“云计算”平台
  6. 违反唯一性约束的两种可能:唯一约束or唯一索引
  7. Leetcode 种花问题
  8. ios 渐变透明背景_在PS中用橡皮擦工具擦除背景并合成背景
  9. 2021-05-26
  10. java判断春夏秋冬,让大家一个java非常简单的编程:根据输入1到12之间的数字,判断是春夏秋冬哪个季节...