android su文件,Android su开放root权限

一.SU相关的源码

1)su.c

** Licensed under the Apache License, Version 2.0 (the "License");

** you may not use this file except in compliance with the License.

** You may obtain a copy of the License at

** http://www.apache.org/licenses/LICENSE-2.0

** Unless required by applicable law or agreed to in writing, software

** distributed under the License is distributed on an "AS IS" BASIS,

** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

** See the License for the specific language governing permissions and

** limitations under the License.

#define LOG_TAG "su"

#include

void pwtoid(const char *tok, uid_t *uid, gid_t *gid)

{

struct passwd *pw;

pw = getpwnam(tok);

if (pw) {

if (uid) *uid = pw->pw_uid;

if (gid) *gid = pw->pw_gid;

} else {

uid_t tmpid = atoi(tok);

if (uid) *uid = tmpid;

if (gid) *gid = tmpid;

}

void extract_uidgids(const char *uidgids, uid_t *uid, gid_t *gid, gid_t *gids,

int *gids_count)

{

char *clobberablegids;

char *nexttok;

char *tok;

int gids_found;

if (!uidgids || !*uidgids) {

*gid = *uid = 0;

*gids_count = 0;

return;

}

clobberablegids = strdup(uidgids);

strcpy(clobberablegids, uidgids);

nexttok = clobberablegids;

tok = strsep(&nexttok, ",");

pwtoid(tok, uid, gid);

tok = strsep(&nexttok, ",");

if (!tok) {

/* gid is already set above */

*gids_count = 0;

free(clobberablegids);

return;

}

pwtoid(tok, NULL, gid);

gids_found = 0;

while ((gids_found < *gids_count) && (tok = strsep(&nexttok, ","))) {

pwtoid(tok, NULL, gids);

gids_found++;

gids++;

}

if (nexttok && gids_found == *gids_count) {

fprintf(stderr, "too many group ids\n");

}

*gids_count = gids_found;

free(clobberablegids);

}

* SU can be given a specific command to exec. UID _must_ be

* specified for this (ie argc => 3).

* Usage:

* su 1000

* su 1000 ls -l

* or

* su [uid[,gid[,group1]...] [cmd]]

* E.g.

* su 1000,shell,net_bw_acct,net_bw_stats id

* will return

* uid=1000(system) gid=2000(shell) groups=3006(net_bw_stats),3007(net_bw_acct)

int main(int argc, char **argv)

{

struct passwd *pw;

uid_t uid, myuid;

gid_t gid, gids[10];

/* Until we have something better, only root and the shell can use su. */

myuid = getuid();

if (myuid != AID_ROOT && myuid != AID_SHELL) {

fprintf(stderr,"su: uid %d not allowed to su\n", myuid);

return 1;

}

if(argc < 2) {

uid = gid = 0;

} else {

int gids_count = sizeof(gids)/sizeof(gids[0]);

extract_uidgids(argv[1], &uid, &gid, gids, &gids_count);

if(gids_count) {

if(setgroups(gids_count, gids)) {

fprintf(stderr, "su: failed to set groups\n");

return 1;

}

if(setgid(gid) || setuid(uid)) {

fprintf(stderr,"su: permission denied\n");

return 1;

}

/* User specified command for exec. */

if (argc == 3 ) {

if (execlp(argv[2], argv[2], NULL) < 0) {

int saved_errno = errno;

fprintf(stderr, "su: exec failed for %s Error:%s\n", argv[2],

strerror(errno));

return -saved_errno;

}

} else if (argc > 3) {

/* Copy the rest of the args from main. */

char *exec_args[argc - 1];

memset(exec_args, 0, sizeof(exec_args));

memcpy(exec_args, &argv[2], sizeof(exec_args));

if (execvp(argv[2], exec_args) < 0) {

int saved_errno = errno;

fprintf(stderr, "su: exec failed for %s Error:%s\n", argv[2],

strerror(errno));

return -saved_errno;

}

/* Default exec shell. */

execlp("/system/bin/sh", "sh", NULL);

fprintf(stderr, "su: exec failed\n");

return 1;

}

2)Android.mk文件

LOCAL_PATH:= $(call my-dir)

include $(CLEAR_VARS)

LOCAL_SRC_FILES:= su.c

LOCAL_MODULE:= su

LOCAL_FORCE_STATIC_EXECUTABLE := true

LOCAL_STATIC_LIBRARIES := libc

LOCAL_MODULE_PATH := $(TARGET_OUT_OPTIONAL_EXECUTABLES)

LOCAL_MODULE_TAGS := debug

include $(BUILD_EXECUTABLE)

将这两个文件放到/system/extras/su/文件夹下，mm编译后生成的最终文件为：

二：添加权限

在system/core/rootdir/init.rc中添加语句 chmod 4755 /system/xbin/su

三：如果涉及到/data目录而非/data/data//的修改，则修改system/core/rootdir/init.rc

四：Java App进行验证

package cn.zlonglove.su;

import java.io.DataOutputStream;

import java.io.IOException;

import android.app.Activity;

import android.os.Bundle;

import android.util.Log;

public class SuActivity extends Activity {

/** Called when the activity is first created. */

@Override

public void onCreate(Bundle savedInstanceState) {

super.onCreate(savedInstanceState);

setContentView(R.layout.main);

try {

Process process = Runtime.getRuntime().exec("su");//(这里执行是系统已经开放了root权限，而不是说通过执行这句来获得root权限)

DataOutputStream os = new DataOutputStream(process.getOutputStream());

os.writeBytes("ifconfig eth0 192.168.1.10\n");

os.writeBytes("exit\n");

os.flush();

} catch (IOException e) {

e.printStackTrace();

}

android su文件,Android su开放root权限相关推荐

【干货】Android系统定制基础篇：第十三部分(开放root权限、禁止应用旋转、隐藏状态栏和导航栏)
一.Android开放root权限 Android 5.1 1.修改 su 源码(system\extras\su\su.c),注释下面代码: int main(int argc, char **ar ...
android apk 永久root,Android 实现永久性开启adb 的root权限
adb 的root 权限是在system/core/adb/adb.c 中控制.主要根据ro.secure 以及 ro.debuggable 等system property 来控制. 默认即档ro. ...
adb为Android的root方法,Android 实现永久性开启adb 的root权限
adb 的root 权限是在system/core/adb/adb.c 中控制.主要根据ro.secure 以及 ro.debuggable 等system property 来控制. 默认即档ro. ...
Android逆向第一步之开启root权限
Android逆向第一步之开启root权限前言最近看了一些Frida相关的文章,自己也想实际手动来几个逆向操作_. 恰巧手头有一款小米8的Android手机(PS:听说是最容易能拿到Root权限的 ...
Android Studio 自带模拟器获取root权限
前期工作下载supersu-2-82.apk和SuperSU-v2.82-201705271822.zip 下载网址如下:https://supersuroot.org/ 以可写方式启动模拟器查看 ...
linux vsftp root,linux vsftp 开放root权限
linux版本为引用 [root@mcprod share]# more /etc/redhat-release CentOS release 5 (Final) 内核为引用 [root@mcpr ...
Android官方模拟器root,Android Studio 自带模拟器获取root权限
准备工作 http://www.supersu.com/download 从这里下载SuperSU.apk和SuperSU-v2.82-201705271822.zip 我下载的是2.8.2版本. 一 ...
华为+android+root权限获取root,[Android]如何获取华为手机的root权限
手机根具有许多优点. 在Android系统中,root是系统的唯一超级用户. 植根Android手机后,您可以随意卸载系统随附的许多程序,并且可以自由更改手机的命令以使手机更适合自己使用. 习惯. A ...
linux利用su -从普通用户切换root权限
linux系统下, 普通用户输入su -可以切换root权限, 需要输入密码. 此操作可在某些特殊情况下无法登陆root可以登录普通用户的时候使用

android su文件,Android su开放root权限

android su文件,Android su开放root权限相关推荐

最新文章

热门文章