Android 让adb以root的身份来运行

1. 首先安装自己手机对应的root的image, 如twrp.img

    //上传supersu 到
   adb push SuperSU-v2.79-20161211114519.zip  /mnt/sdcard/supersu.zip

   adb reboot fastboot
   //等重启好
   fastboot  flash recovery twrp-3.3.1-0-shamu.img
   

  fastboot  flash recovery twrp-3.3.1-0-shamu.img

   进入twrp的菜单，安装SuperSU-v2.79-20161211114519.zip

2. 这样可以通过su命令来取得root权限 ， 但是不能adb root这样,

以下命令会提示出错，

adb root
adbd cannot run as root in production builds

adb remount
Not running as root. Try "adb root" first.

需要再替换一下adbd, 安装个termux

  找个修改版的adbd,如adbd.21.png ，

adb push adbd.21.png /mnt/sdcard/

 

su

stop adbd
mount -o rw,remount / /
cat /sbin/adbd > /sbin/adbd.original
chown 0.0 /sbin/adbd.original
chmod 644 /sbin/adbd.original
rm /sbin/adbd
cat /sdcard/adbd.21.png >  /sbin/adbd
chown 0.0  /sbin/adbd
chmod 0750 /sbin/adbd

cat /system/bin/sh > /sbin/adbsh
chown 0.0 /sbin/adbdsh
chmod 0750 /sbin/adbdsh

supolicy --live "permissive init_shell" \
"allow adbd adbd process setcurrent" \
"allow adbd init process dyntransition" \
"allow servicemanager { init_shell zygote } dir search" \
"allow servicemanager { init_shell zygote } file { read open }" \
"allow servicemanager { init_shell zygote } process getattr" \
"allow system_server init_shell binder { transfer call }" \
"allow zygote { servicemanager system_server } binder call" 


start adbd

成功之后：

shamu:/ # whoami                                                               
root
shamu:/ # ps  | grep adbd
root      9296  1     8628   224   poll_sched 000204f4 S /sbin/adbd

$ adb root
adbd is already running as root
$ adb remount
remount succeeded

发现重启之后不行，于是写了一个脚本adbroot放到/system/bin下面，每次重启之后在termux里执行一下:

shamu:/ # cat /system/bin/adbroot                                              
stop adbd
mount -o rw,remount /
rm /sbin/adbd
ln -s /data/local/adbd.21.png /sbin/adbd
supolicy --live "permissive init_shell" \
"allow adbd adbd process setcurrent" \
"allow adbd init process dyntransition" \
"allow servicemanager { init_shell zygote } dir search" \
"allow servicemanager { init_shell zygote } file { read open }" \
"allow servicemanager { init_shell zygote } process getattr" \
"allow system_server init_shell binder { transfer call }" \
"allow zygote { servicemanager system_server } binder call" 
start adbd

在termux每次重启后执行：

su 

adbroot