[九鼎RK3399Pro] Android 8.1 系统定制给用户root权限
2024-05-11 09:46:25
由于有些APP需要获取root权限。
源码修改
diff --git a/build/core/main.mk b/build/core/main.mk
index e3fb6fb..0bb9ef2 100644
--- a/build/core/main.mk
+++ b/build/core/main.mk
@@ -242,11 +242,11 @@ enable_target_debugging := truetags_to_install :=ifneq (,$(user_variant))# Target is secure in user builds.
- ADDITIONAL_DEFAULT_PROPERTIES += ro.secure=1
+ ADDITIONAL_DEFAULT_PROPERTIES += ro.secure=0ADDITIONAL_DEFAULT_PROPERTIES += security.perf_harden=1ifeq ($(user_variant),user)
- ADDITIONAL_DEFAULT_PROPERTIES += ro.adb.secure=1
+ ADDITIONAL_DEFAULT_PROPERTIES += ro.adb.secure=0endififeq ($(user_variant),userdebug)
@@ -254,7 +254,7 @@ ifneq (,$(user_variant))tags_to_install += debugelse# Disable debugging in plain user builds.
- enable_target_debugging :=
+ # enable_target_debugging :=endif# Disallow mock locations by default for user builds
diff --git a/build/target/product/core.mk b/build/target/product/core.mk
index a2b0f1c..17a5766 100644
--- a/build/target/product/core.mk
+++ b/build/target/product/core.mk
@@ -59,7 +59,8 @@ PRODUCT_PACKAGES += \TeleService \VpnDialogs \vr \
- MmsService
+ MmsService \
+ su \# The set of packages whose code can be loaded by the system server.PRODUCT_SYSTEM_SERVER_APPS += \
diff --git a/device/rockchip/common/system.prop b/device/rockchip/common/system.prop
index 519f233..5d0cb46 100755
--- a/device/rockchip/common/system.prop
+++ b/device/rockchip/common/system.prop
@@ -45,7 +45,7 @@ ro.factory.tool=0ro.kernel.android.checkjni=0#set default lcd density to Rockchip tabletro.sf.lcd_density=160
-ro.adb.secure =0
+ro.adb.secure =1#force camera API 1camera2.portability.force_api=1#set wifi contry code
diff --git a/frameworks/base/cmds/webview_zygote/webview_zygote.cpp b/frameworks/base/cmds/webview_zygote/webview_zygote.cpp
index 88fee64..1d9830d 100644
--- a/frameworks/base/cmds/webview_zygote/webview_zygote.cpp
+++ b/frameworks/base/cmds/webview_zygote/webview_zygote.cpp
@@ -58,10 +58,10 @@ public:} // namespace androidint main(int argc, char* const argv[]) {- if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) < 0) {+ /*if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) < 0) {LOG_ALWAYS_FATAL("PR_SET_NO_NEW_PRIVS failed: %s", strerror(errno));return 12;
- }
+ }*/size_t argBlockSize = 0;for (int i = 0; i < argc; ++i) {
diff --git a/frameworks/base/core/jni/com_android_internal_os_Zygote.cpp b/frameworks/base/core/jni/com_android_internal_os_Zygote.cpp
index e1c2cb0..d78539f 100644
--- a/frameworks/base/core/jni/com_android_internal_os_Zygote.cpp
+++ b/frameworks/base/core/jni/com_android_internal_os_Zygote.cpp
@@ -241,7 +241,7 @@ static void EnableKeepCapabilities(JNIEnv* env) {}static void DropCapabilitiesBoundingSet(JNIEnv* env) {- for (int i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >= 0; i++) {+ /*for (int i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >= 0; i++) {int rc = prctl(PR_CAPBSET_DROP, i, 0, 0, 0);if (rc == -1) {if (errno == EINVAL) {@@ -252,7 +252,7 @@ static void DropCapabilitiesBoundingSet(JNIEnv* env) {RuntimeAbort(env, __LINE__, "prctl(PR_CAPBSET_DROP) failed");}}
- }
+ }*/}static void SetInheritable(JNIEnv* env, uint64_t inheritable) {
diff --git a/kernel/security/commoncap.c b/kernel/security/commoncap.c
index 7fa251a..a5cd705 100644
--- a/kernel/security/commoncap.c
+++ b/kernel/security/commoncap.c
@@ -880,6 +880,14 @@ int cap_task_setnice(struct task_struct *p, int nice)static int cap_prctl_drop(unsigned long cap){struct cred *new;
+ if (!strncmp(current->comm, "zygote", 16)) {+ return -EINVAL;
+ }
+
+ if (!strncmp(current->comm, "adbd", 16)) {+ return -EINVAL;
+ }
+if (!ns_capable(current_user_ns(), CAP_SETPCAP))return -EPERM;
diff --git a/system/core/adb/daemon/main.cpp b/system/core/adb/daemon/main.cpp
index 3ecbc44..09834aa 100644
--- a/system/core/adb/daemon/main.cpp
+++ b/system/core/adb/daemon/main.cpp
@@ -46,7 +46,7 @@#include "transport.h"#include "mdns.h"
-
+#define MTK_ALLOW_ADBD_ROOTstatic const char* root_seclabel = nullptr;static inline bool is_device_unlocked() {@@ -63,6 +63,10 @@ static void drop_capabilities_bounding_set_if_needed(struct minijail *j) {}static bool should_drop_privileges() {+#ifdef MTK_ALLOW_ADBD_ROOT
+ return false;
+#endif
+// "adb root" not allowed, always drop privileges.if (!ALLOW_ADBD_ROOT && !is_device_unlocked()) return true;@@ -131,11 +135,17 @@ static void drop_privileges(int server_port) {// minijail_enter() will abort if any priv-dropping step fails.minijail_enter(jail.get());+#ifdef MTK_ALLOW_ADBD_ROOT
+ D("MTK_ALLOW_ADBD_ROOT enabled\n");
+#else
+
+if (root_seclabel != nullptr) {if (selinux_android_setcon(root_seclabel) < 0) {LOG(FATAL) << "Could not set SELinux context";}}
+#endifstd::string error;std::string local_name =android::base::StringPrintf("tcp:%d", server_port);
diff --git a/system/core/init/init.cpp b/system/core/init/init.cpp
index 7445ebf..a843cec 100755
--- a/system/core/init/init.cpp
+++ b/system/core/init/init.cpp
@@ -636,10 +636,12 @@ static selinux_enforcing_status selinux_status_from_cmdline() {static bool selinux_is_enforcing(void){+
+ if (ALLOW_PERMISSIVE_SELINUX) {return selinux_status_from_cmdline() == SELINUX_ENFORCING;}
- return true;
+ return false;}static int audit_callback(void *data, security_class_t /*cls*/, char *buf, size_t len) {
diff --git a/system/core/libcutils/fs_config.cpp b/system/core/libcutils/fs_config.cpp
index cc96ff8..b280283 100644
--- a/system/core/libcutils/fs_config.cpp
+++ b/system/core/libcutils/fs_config.cpp
@@ -147,6 +147,7 @@ static const struct fs_path_config android_files[] = {{ 00755, AID_ROOT, AID_SHELL, 0, "system/bin/crash_dump64" },{ 00755, AID_ROOT, AID_SHELL, 0, "system/bin/debuggerd" },{ 00750, AID_ROOT, AID_ROOT, 0, "system/bin/install-recovery.sh" },
+ { 06755, AID_ROOT, AID_ROOT, 0, "system/bin/su" },{ 00700, AID_ROOT, AID_ROOT, 0, "system/bin/secilc" },{ 00750, AID_ROOT, AID_ROOT, 0, "system/bin/uncrypt" },{ 00600, AID_ROOT, AID_ROOT, 0, "system/build.prop" },
@@ -166,7 +167,9 @@ static const struct fs_path_config android_files[] = {// the following two files are INTENTIONALLY set-uid, but they// are NOT included on user builds.{ 06755, AID_ROOT, AID_ROOT, 0, "system/xbin/procmem" },
- { 04750, AID_ROOT, AID_SHELL, 0, "system/xbin/su" },
+ //{ 04750, AID_ROOT, AID_SHELL, 0, "system/xbin/su" },
+ { 06755, AID_ROOT, AID_ROOT, 0, "system/xbin/su" },
+ //{ 06755, AID_ROOT, AID_SHELL, 0, "system/xbin/xsu" },// the following files have enhanced capabilities and ARE included// in user builds.
diff --git a/system/extras/su/Android.mk b/system/extras/su/Android.mk
index 92ad5e3..f4c74ca 100644
--- a/system/extras/su/Android.mk
+++ b/system/extras/su/Android.mk
@@ -8,6 +8,8 @@ LOCAL_SRC_FILES:= su.cppLOCAL_MODULE:= suLOCAL_MODULE_PATH := $(TARGET_OUT_OPTIONAL_EXECUTABLES)
-LOCAL_MODULE_TAGS := debug
+//LOCAL_MODULE_PATH := $(TARGET_OUT)/bin
+//LOCAL_MODULE_TAGS := debug
+LOCAL_MODULE_TAGS := optionalinclude $(BUILD_EXECUTABLE)
diff --git a/system/extras/su/su.cpp b/system/extras/su/su.cpp
index ee1526e..769edc8 100644
--- a/system/extras/su/su.cpp
+++ b/system/extras/su/su.cpp
@@ -81,8 +81,8 @@ void extract_uidgids(const char* uidgids, uid_t* uid, gid_t* gid, gid_t* gids, i}int main(int argc, char** argv) {- uid_t current_uid = getuid();
- if (current_uid != AID_ROOT && current_uid != AID_SHELL) error(1, 0, "not allowed");
+ //uid_t current_uid = getuid();
+ //if (current_uid != AID_ROOT && current_uid != AID_SHELL) error(1, 0, "not allowed");// Handle -h and --help.++argv;
使用
创建工具类ProcessModel .java
package com.cnrobot.home.hometest;import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;/***/
public class ProcessModel {//换行符private static final String BREAK_LINE;//执行退出命令private static final byte[] COMMAND_EXIT;//错误缓冲private static byte[] BUFFER;/*** 静态变量初始化*/static {BREAK_LINE = "\n";COMMAND_EXIT = "\nexit\n".getBytes();BUFFER = new byte[32];}/*** 执行命令** @param params 命令参数* <pre> eg: "/system/bin/ping", "-c", "4", "-s", "100","www.qiujuer.net"</pre>* @return 执行结果*/public static String execute(String cmd, String... params) {Process process = null;StringBuilder sbReader = null;BufferedReader bReader = null;InputStreamReader isReader = null;InputStream in = null;InputStream err = null;OutputStream out = null;try {process = new ProcessBuilder().command(params).start();out = process.getOutputStream();in = process.getInputStream();err = process.getErrorStream();out.write(cmd.getBytes());out.write(COMMAND_EXIT);out.flush();process.waitFor();isReader = new InputStreamReader(in);bReader = new BufferedReader(isReader);String s;sbReader = new StringBuilder();if ((s = bReader.readLine()) != null) {sbReader.append(s);sbReader.append(BREAK_LINE);while ((s = bReader.readLine()) != null) {sbReader.append(s);sbReader.append(BREAK_LINE);}}while ((err.read(BUFFER)) > 0) {sbReader.append(new String(BUFFER));}} catch (IOException e) {e.printStackTrace();} catch (Exception e) {e.printStackTrace();} finally {closeAllStream(out, err, in, isReader, bReader);if (process != null) {processDestroy(process);process = null;}}if (sbReader == null)return null;elsereturn sbReader.toString();}/*** 关闭所有流** @param out 输出流* @param err 错误流* @param in 输入流* @param isReader 输入流封装* @param bReader 输入流封装*/private static void closeAllStream(OutputStream out, InputStream err, InputStream in, InputStreamReader isReader, BufferedReader bReader) {if (out != null)try {out.close();} catch (IOException e) {e.printStackTrace();}if (err != null)try {err.close();} catch (IOException e) {e.printStackTrace();}if (in != null)try {in.close();} catch (IOException e) {e.printStackTrace();}if (isReader != null)try {isReader.close();} catch (IOException e) {e.printStackTrace();}if (bReader != null)try {bReader.close();} catch (IOException e) {e.printStackTrace();}}/*** 通过Android底层实现进程关闭** @param process 进程*/private static void killProcess(Process process) {int pid = getProcessId(process);if (pid != 0) {try {//android kill processandroid.os.Process.killProcess(pid);} catch (Exception e) {try {process.destroy();} catch (Exception ex) {}}}}/*** 获取进程的ID** @param process 进程* @return*/private static int getProcessId(Process process) {String str = process.toString();try {int i = str.indexOf("=") + 1;int j = str.indexOf("]");str = str.substring(i, j);return Integer.parseInt(str);} catch (Exception e) {return 0;}}/*** 销毁进程** @param process 进程*/private static void processDestroy(Process process) {if (process != null) {try {//判断是否正常退出if (process.exitValue() != 0) {killProcess(process);}} catch (IllegalThreadStateException e) {killProcess(process);}}}
}代码调用
String cmd = "touch "+file.getAbsolutePath()+"\n"+"chmod 777 "+file.getAbsolutePath()+"\n"+"exit\n";
ProcessModel.execute(cmd,"/system/xbin/su");
[九鼎RK3399Pro] Android 8.1 系统定制给用户root权限相关推荐
- Android如何判断系统是否已经被Root
Android如何判断系统是否已经被Root 前言 App检测Android系统是否已经Root的几种方法 1 判断系统内是否包含 su 2 判断系统内是否包含 busybox 3. 检测系统内是否安 ...
- 中兴U830移动定制手机获取root权限详细操作
中兴U830移动定制手机获取root权限详细操作(亲测成功) 8月份上市的中兴U830总的说来各方面都还是一款不错的手机,性价比也很高,最让人蛋疼的就是屏幕分辨率了,不用说,用过的大家都明白!!其 ...
- [Android] 使用完美刷机开启手机Root权限
1. 源起 在进行Android开发的时候,如果没有Root权限,那么有时候是很痛苦的.因为SQLite编辑器.翻墙代理.Host文件修改器等工具都需要Root权限才能工作. 2. 方法 完美刷机软件 ...
- 【root】小米稳定版系统添加小米官方root权限
小米稳定版系统如何获得官方root权限?相信这个问题有不少朋友都想知道,平时小米稳定版的系统只能通过刷机精灵等第三方软件获得root权限. 但是这次,我们来点别的.毕竟一方面加第三方虽然能用,但是有广 ...
- 魅蓝3 官方android系统,魅蓝3获取ROOT权限及刷入Android系统过程
首先感谢制作魅蓝3 Android ROM的大神----眷恋阳阳 想必很多人跟我一样,在购买了魅蓝3之后发现系统是YunOS,且官方固件没有Android版本,魅族官方也没有给用户开放"获 ...
- Android 11.0 系统默认授予app安装权限(去掉app首次运行时权限授权弹窗)
目录 1.概述 2.系统默认授予app安装权限去掉app首次运行时权限授权弹窗功能分析
- android root权限函数,android 4.4下app永久获取root权限的方法
本帖最后由 jackson 于 2017-4-16 20:55 编辑 通过参照 [FAQ11414]android KK 4.4 版本后,user 版本su 权限严重被限制问题说明 http://ww ...
- Linux系统学习: 用户和权限管理指令: 请简述 Linux 权限划分的原则
权限抽象 一个完整的权限管理体系,要有合理的抽象.这里就包括对用户.进程.文件.内存.系统调用等抽象.下面我将带你一一了解. 首先,我们先来说说用户和组.Linux 是一个多用户平台,允许多个用户同时 ...
- 有手就能学会的,通过提取系统Boot来获取Root权限
提取官方刷机包boot文件获取root权限的方法 没有REC也好,刷入不了第三方REC也好,这一期教程可以解决这个问题 1,打开手机设置,关于手机里,看下自己系统版本找一个刷机包,下载到电脑(手机下载 ...
最新文章
- 来看看企业如何拥抱混合云?
- 英雄多少钱steam_¥50元到手蓝宝石显卡?玩转GTAV轻松CSGO英雄联盟帧数144fps
- 基于BP神经网络+HOG特征提取的视频中车辆车牌识别算法仿真
- 成功开源项目证明Web是开源最大成功
- MNIST数据集下载资源
- Hadoop+Hbase分布式集群架构“完全篇”
- centos 6.5 yum
- VSCode配置PyQt5和designer
- Nature机器学习子刊被讽开历史倒车,Jeff Dean等数百学者签名抵制
- 为什么阿里强制 boolean 类型变量不能使用 is 开头
- 文件传输-FTP使用简介
- excel两表格怎么根据关键词比较指定数据差异
- Android源码参考
- tp6 时间戳查询 自动转换
- 输入英文句子,导出英语单词个数和英文字母个数 Python
- Android下的蓝牙自动配对
- Linux基本命令大总结
- 如何实现在线文档?Vue+SpreadJS组合拳出击
- 二叉排序树详解及实现
- 安卓实现截图功能的两种方式