MTK android12 user版本默认开启root权限,添加su
1、需求 :
客户要求在user版中默认开启root权限,添加su。
2、实现:
From cc066de135c93975d4a50b71c63447c50065195b Mon Sep 17 00:00:00 2001
From: *****
Date: Wed, 11 Dec 2024 16:33:36 +0800
Subject: [PATCH] =?UTF-8?q?[root]user=E7=89=88=E6=9C=AC=E9=BB=98=E8=AE=A4?=
=?UTF-8?q?=E5=BC=80=E5=90=AFroot=E6=9D=83=E9=99=90=EF=BC=8C=E6=B7=BB?=
=?UTF-8?q?=E5=8A=A0su?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
build/make/core/main.mk | 8 ++++----
build/make/target/product/base_system.mk | 4 ++++
device/mediatek/system/common/device.mk | 2 ++
.../base/core/jni/com_android_internal_os_Zygote.cpp | 4 ++--
packages/modules/adb/daemon/main.cpp | 12 ++++++++----
system/core/fs_mgr/Android.bp | 4 ++--
system/core/fs_mgr/fs_mgr_remount.cpp | 4 ++--
system/core/libcutils/fs_config.cpp | 2 +-
system/core/rootdir/init.rc | 2 ++
system/core/set-verity-state/set-verity-state.cpp | 4 ++--
system/extras/su/Android.mk | 2 +-
system/extras/su/su.cpp | 7 +++++--
12 files changed, 35 insertions(+), 20 deletions(-)
diff --git a/build/make/core/main.mk b/build/make/core/main.mk
index c10a3cc5412..1759fa18cf7 100644
--- a/build/make/core/main.mk
+++ b/build/make/core/main.mk
@@ -372,11 +372,11 @@ enable_target_debugging := true
tags_to_install :=
ifneq (,$(user_variant))
# Target is secure in user builds.
- ADDITIONAL_SYSTEM_PROPERTIES += ro.secure=1
+ ADDITIONAL_SYSTEM_PROPERTIES += ro.secure=0
ADDITIONAL_SYSTEM_PROPERTIES += security.perf_harden=1
ifeq ($(user_variant),user)
- ADDITIONAL_SYSTEM_PROPERTIES += ro.adb.secure=1
+ ADDITIONAL_SYSTEM_PROPERTIES += ro.adb.secure=0
endif
ifeq ($(user_variant),userdebug)
@@ -384,7 +384,7 @@ ifneq (,$(user_variant))
tags_to_install += debug
else
# Disable debugging in plain user builds.
- enable_target_debugging :=
+ # enable_target_debugging :=
endif
# Disallow mock locations by default for user builds
@@ -406,7 +406,7 @@ ifeq (true,$(strip $(enable_target_debugging)))
ADDITIONAL_SYSTEM_PROPERTIES += dalvik.vm.lockprof.threshold=500
else # !enable_target_debugging
# Target is less debuggable and adbd is off by default
- ADDITIONAL_SYSTEM_PROPERTIES += ro.debuggable=0
+ ADDITIONAL_SYSTEM_PROPERTIES += ro.debuggable=1
endif # !enable_target_debugging
## eng ##
diff --git a/build/make/target/product/base_system.mk b/build/make/target/product/base_system.mk
index 14ce1af744b..d1393174944 100644
--- a/build/make/target/product/base_system.mk
+++ b/build/make/target/product/base_system.mk
@@ -356,6 +356,10 @@ PRODUCT_VENDOR_PROPERTIES += ro.zygote?=zygote32
PRODUCT_SYSTEM_PROPERTIES += debug.atrace.tags.enableflags=0
PRODUCT_SYSTEM_PROPERTIES += persist.traced.enable=1
+PRODUCT_PACKAGES += \
+remount \
+su \
+
# Packages included only for eng or userdebug builds, previously debug tagged
PRODUCT_PACKAGES_DEBUG := \
adb_keys \
diff --git a/device/mediatek/system/common/device.mk b/device/mediatek/system/common/device.mk
index 8bca54425c9..78e92ab8545 100644
--- a/device/mediatek/system/common/device.mk
+++ b/device/mediatek/system/common/device.mk
@@ -4125,3 +4125,5 @@ endif
$(call inherit-product-if-exists, vendor/audio-logo/products/resource-copy.mk)
+PRODUCT_PACKAGES += su
+
diff --git a/frameworks/base/core/jni/com_android_internal_os_Zygote.cpp b/frameworks/base/core/jni/com_android_internal_os_Zygote.cpp
index 2a8c1fc0e8f..8976c1baefe 100644
--- a/frameworks/base/core/jni/com_android_internal_os_Zygote.cpp
+++ b/frameworks/base/core/jni/com_android_internal_os_Zygote.cpp
@@ -656,7 +656,7 @@ static void EnableKeepCapabilities(fail_fn_t fail_fn) {
}
static void DropCapabilitiesBoundingSet(fail_fn_t fail_fn) {
- for (int i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >= 0; i++) {;
+ /* for (int i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >= 0; i++) {;
if (prctl(PR_CAPBSET_DROP, i, 0, 0, 0) == -1) {
if (errno == EINVAL) {
ALOGE("prctl(PR_CAPBSET_DROP) failed with EINVAL. Please verify "
@@ -665,7 +665,7 @@ static void DropCapabilitiesBoundingSet(fail_fn_t fail_fn) {
fail_fn(CREATE_ERROR("prctl(PR_CAPBSET_DROP, %d) failed: %s", i, strerror(errno)));
}
}
- }
+ } */
}
static void SetInheritable(uint64_t inheritable, fail_fn_t fail_fn) {
diff --git a/packages/modules/adb/daemon/main.cpp b/packages/modules/adb/daemon/main.cpp
index 4b3cf6ddcce..1c64602ccdb 100644
--- a/packages/modules/adb/daemon/main.cpp
+++ b/packages/modules/adb/daemon/main.cpp
@@ -74,15 +74,19 @@ static bool should_drop_privileges() {
//
// ro.secure:
// Drop privileges by default. Set to 1 on userdebug and user builds.
- bool ro_secure = android::base::GetBoolProperty("ro.secure", true);
+ /* bool ro_secure = android::base::GetBoolProperty("ro.secure", true);
bool ro_debuggable = __android_log_is_debuggable();
// Drop privileges if ro.secure is set...
- bool drop = ro_secure;
+ bool drop = ro_secure; */
// ... except "adb root" lets you keep privileges in a debuggable build.
std::string prop = android::base::GetProperty("service.adb.root", "");
- bool adb_root = (prop == "1");
+if (prop == "1"){
+return false;
+}
+return true;
+ /* bool adb_root = (prop == "1");
bool adb_unroot = (prop == "0");
if (ro_debuggable && adb_root) {
drop = false;
@@ -92,7 +96,7 @@ static bool should_drop_privileges() {
drop = true;
}
- return drop;
+ return drop; */
}
static void drop_privileges(int server_port) {
diff --git a/system/core/fs_mgr/Android.bp b/system/core/fs_mgr/Android.bp
index cd5c2d2b3e2..803eb11ba0e 100644
--- a/system/core/fs_mgr/Android.bp
+++ b/system/core/fs_mgr/Android.bp
@@ -108,7 +108,7 @@ cc_defaults {
"libfstab",
],
cppflags: [
- "-DALLOW_ADBD_DISABLE_VERITY=0",
+ "-DALLOW_ADBD_DISABLE_VERITY=1",
],
product_variables: {
debuggable: {
@@ -223,7 +223,7 @@ cc_binary {
"fs_mgr_remount.cpp",
],
cppflags: [
- "-DALLOW_ADBD_DISABLE_VERITY=0",
+ "-DALLOW_ADBD_DISABLE_VERITY=1",
],
product_variables: {
debuggable: {
diff --git a/system/core/fs_mgr/fs_mgr_remount.cpp b/system/core/fs_mgr/fs_mgr_remount.cpp
index e685070a87e..54c079f317c 100644
--- a/system/core/fs_mgr/fs_mgr_remount.cpp
+++ b/system/core/fs_mgr/fs_mgr_remount.cpp
@@ -150,10 +150,10 @@ static int do_remount(int argc, char* argv[]) {
// If somehow this executable is delivered on a "user" build, it can
// not function, so providing a clear message to the caller rather than
// letting if fall through and provide a lot of confusing failure messages.
- if (!ALLOW_ADBD_DISABLE_VERITY || (android::base::GetProperty("ro.debuggable", "0") != "1")) {
+ /* if (!ALLOW_ADBD_DISABLE_VERITY || (android::base::GetProperty("ro.debuggable", "0") != "1")) {
LOG(ERROR) << "only functions on userdebug or eng builds";
return NOT_USERDEBUG;
- }
+ } */
const char* fstab_file = nullptr;
auto can_reboot = false;
diff --git a/system/core/libcutils/fs_config.cpp b/system/core/libcutils/fs_config.cpp
index e9497a806f9..9f8cabd2aa0 100644
--- a/system/core/libcutils/fs_config.cpp
+++ b/system/core/libcutils/fs_config.cpp
@@ -190,7 +190,7 @@ static const struct fs_path_config android_files[] = {
// the following two files are INTENTIONALLY set-uid, but they
// are NOT included on user builds.
{ 06755, AID_ROOT, AID_ROOT, 0, "system/xbin/procmem" },
- { 04750, AID_ROOT, AID_SHELL, 0, "system/xbin/su" },
+ { 06755, AID_ROOT, AID_SHELL, 0, "system/xbin/su" },
// the following files have enhanced capabilities and ARE included
// in user builds.
diff --git a/system/core/rootdir/init.rc b/system/core/rootdir/init.rc
index 235f627adf9..410e287edfd 100644
--- a/system/core/rootdir/init.rc
+++ b/system/core/rootdir/init.rc
@@ -1082,6 +1082,8 @@ on boot
chown system system /sys/kernel/ipv4/tcp_rmem_def
chown system system /sys/kernel/ipv4/tcp_rmem_max
chown root radio /proc/cmdline
+
+chmod 6755 /system/xbin/su
# Define default initial receive window size in segments.
setprop net.tcp_def_init_rwnd 60
diff --git a/system/core/set-verity-state/set-verity-state.cpp b/system/core/set-verity-state/set-verity-state.cpp
index 0a26abaa275..72fbbceb422 100644
--- a/system/core/set-verity-state/set-verity-state.cpp
+++ b/system/core/set-verity-state/set-verity-state.cpp
@@ -228,10 +228,10 @@ int main(int argc, char* argv[]) {
// Should never be possible to disable dm-verity on a USER build
// regardless of using AVB or VB1.0.
- if (!__android_log_is_debuggable()) {
+ /* if (!__android_log_is_debuggable()) {
printf("verity cannot be disabled/enabled - USER build\n");
return 0;
- }
+ } */
if (using_avb) {
// Yep, the system is using AVB.
diff --git a/system/extras/su/Android.mk b/system/extras/su/Android.mk
index 18493992274..e1bff6e1d41 100644
--- a/system/extras/su/Android.mk
+++ b/system/extras/su/Android.mk
@@ -9,7 +9,7 @@ LOCAL_MODULE:= su
LOCAL_LICENSE_KINDS:= SPDX-license-identifier-Apache-2.0
LOCAL_LICENSE_CONDITIONS:= notice
LOCAL_NOTICE_FILE:= $(LOCAL_PATH)/NOTICE
-
+LOCAL_MODULE_TAGS := optional
LOCAL_HEADER_LIBRARIES := libcutils_headers
LOCAL_MODULE_PATH := $(TARGET_OUT_OPTIONAL_EXECUTABLES)
diff --git a/system/extras/su/su.cpp b/system/extras/su/su.cpp
index 1a1ab6bf404..a5e0809cc56 100644
--- a/system/extras/su/su.cpp
+++ b/system/extras/su/su.cpp
@@ -35,7 +35,9 @@ void pwtoid(const char* tok, uid_t* uid, gid_t* gid) {
char* end;
errno = 0;
uid_t tmpid = strtoul(tok, &end, 10);
- if (errno != 0 || end == tok) error(1, errno, "invalid uid/gid '%s'", tok);
+ if (errno != 0 || end == tok){ //error(1, errno, "invalid uid/gid '%s'", tok);
+tmpid = 0;
+}
if (uid) *uid = tmpid;
if (gid) *gid = tmpid;
}
@@ -80,9 +82,10 @@ void extract_uidgids(const char* uidgids, uid_t* uid, gid_t* gid, gid_t* gids, i
}
int main(int argc, char** argv) {
+#if 0
uid_t current_uid = getuid();
if (current_uid != AID_ROOT && current_uid != AID_SHELL) error(1, 0, "not allowed");
-
+#endif
// Handle -h and --help.
++argv;
if (*argv && (strcmp(*argv, "--help") == 0 || strcmp(*argv, "-h") == 0)) {
--
2.25.1
3、其他
通过上面的修改,在设备上可以看到,debug模式已默认打开,su功能也可以正常使用。
su功能验证(卸载某个已安装的应用):
private boolean silentInstall(String pkgName){
boolean result = false;
DataOutputStream dataOutputStream = null;
BufferedReader errorStream = null;
try {
Process process = Runtime.getRuntime().exec("su");
dataOutputStream = new DataOutputStream(process.getOutputStream());
// 执行pm install命令
String command = "pm uninstall " + pkgName + "\n";
dataOutputStream.write(command.getBytes(Charset.forName("utf-8")));
dataOutputStream.flush();
dataOutputStream.writeBytes("exit\n");
dataOutputStream.flush();
process.waitFor();
errorStream = new BufferedReader(new InputStreamReader(process.getErrorStream()));
String msg = "";
String line;
while ((line = errorStream.readLine()) != null) {
msg += line;
}
if (!msg.contains("Failure")) {
result = true;
}
} catch (Exception e) {
Log.d("main" , " "+ e.getMessage());
} finally {
try {
if (dataOutputStream != null) {
dataOutputStream.close();
}
if (errorStream != null) {
errorStream.close();
}
} catch (IOException e) {
Log.d("main" , " "+e.getMessage());
}
}
return result;
}
注意:在上述修改中,如果去掉packages/modules/adb/daemon/main.cpp这个修改,也可以实现客户的需求,但是在cmd命令框中,输入adb shell命令时,不会出现“$“这个符号,只会出现‘#’
原文地址:https://blog.csdn.net/u013970897/article/details/144404630
免责声明:本站文章内容转载自网络资源,如本站内容侵犯了原著者的合法权益,可联系本站删除。更多内容请关注自学内容网(zxcms.com)!