2. 技术
    3. 将Android10编译成真正的具有root权限的系统

    将Android10编译成真正的具有root权限的系统

    技术2022-07-11  99
    修改su命令的源码

    位置:system/extras/su/su.cpp

    注释main函数的开始两行:

    //uid_t current_uid = getuid(); //if (current_uid != AID_ROOT && current_uid != AID_SHELL) error(1, 0, "not allowed"); 为其他用户添加su命令的可执行权限

    位置:system/core/libcutils/fs_config.cpp

    文件中搜索修改为如下内容。

    { 06755, AID_ROOT,      AID_SHELL,     0, "system/xbin/su" }, 关闭selinux

    位置:sytem/core/init/selinux.cpp

    直接返回false,关闭selinux

    bool IsEnforcing() {     return false;     if (ALLOW_PERMISSIVE_SELINUX) {         return StatusFromCmdline() == SELINUX_ENFORCING;     }     return true; } 修改?(不确定需不需要修改)

    位置:framework/base/core/jni/com_android_internal_os_Zygote.cpp

    不知道是什么内容,需不需要修改,待确定。

    static void DropCapabilitiesBoundingSet(fail_fn_t fail_fn) {   /*for (int i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >= 0; i++) {;     if (prctl(PR_CAPBSET_DROP, i, 0, 0, 0) == -1) {       if (errno == EINVAL) {         ALOGE("prctl(PR_CAPBSET_DROP) failed with EINVAL. Please verify "               "your kernel is compiled with file capabilities support");       } else {         fail_fn(CREATE_ERROR("prctl(PR_CAPBSET_DROP, %d) failed: %s", i, strerror(errno)));       }     }   }*/ } 修改adb及相关的内容

    位置:build/make/core/main.mk

    ifneq (,$(user_variant))   # Target is secure in user builds.   ADDITIONAL_DEFAULT_PROPERTIES += ro.secure=0   ADDITIONAL_DEFAULT_PROPERTIES += security.perf_harden=0   ifeq ($(user_variant),user)     ADDITIONAL_DEFAULT_PROPERTIES += ro.adb.secure=0   endif   ifeq ($(user_variant),userdebug)     # Pick up some extra useful tools     tags_to_install += debug   else     # Disable debugging in plain user builds.     enable_target_debugging :=   endif   # Disallow mock locations by default for user builds   ADDITIONAL_DEFAULT_PROPERTIES += ro.allow.mock.location=1 else # !user_variant   # Turn on checkjni for non-user builds.   ADDITIONAL_BUILD_PROPERTIES += ro.kernel.android.checkjni=1   # Set device insecure for non-user builds.   ADDITIONAL_DEFAULT_PROPERTIES += ro.secure=0   # Allow mock locations by default for non user builds   ADDITIONAL_DEFAULT_PROPERTIES += ro.allow.mock.location=1 endif # !user_variant ifeq (true,$(strip $(enable_target_debugging)))   # Target is more debuggable and adbd is on by default   ADDITIONAL_DEFAULT_PROPERTIES += ro.debuggable=1   # Enable Dalvik lock contention logging.   ADDITIONAL_BUILD_PROPERTIES += dalvik.vm.lockprof.threshold=500 else # !enable_target_debugging   # Target is less debuggable and adbd is off by default   ADDITIONAL_DEFAULT_PROPERTIES += ro.debuggable=1 endif # !enable_target_debugging

    修改后,就可以让apk执行su命令之后,具有了root权限。  

     

    Processed: 0.012, SQL: 9