root rk3399 android 7.1app获取root权限的方法,app获取rk3399超级用户权限的修改记录
rk3399 user获取root权限修改
应用获取root权限, android 7.1 root权限获取修改内容
rk3399 root权限修改,app获取root权限,android 7root开放root权限,root权限开放给adb和用户
O》rk3399 android 7.1开放root权限给用户app
- 1、system/extras/su, 修改su.c
- 2、system/core/libcutils/fs_config.c
- 3、frameworks/base/cmds/app_process/app_main.cpp
- 4、修改frameworks/base/core/jni/com_android_internal_os_Zygote.cpp
- 5、修改 system/core/adb/deamon/main.cpp
- 6、修改alps/system/core/init/init.cpp,关掉selinux
- 7. system/core/init/Android.mk
- 8. 在devic/rockchip/rk3399/inti.rk3399.rc中添加服务,开机root 直接使用su:
- 9.修改system/core/adb/Android.mk,取消adb校验
- 10. 最后,重新清理,再重新编译android系统。
最近在搞rk3399,我的应用需要获取android root权限,android版本7.1, 折腾了一下,重要网上集合了方法,修改root权限的记录,让app获取root权限,修改方法如下:
1、system/extras/su, 修改su.c
int main(int argc, char** argv) {
//屏蔽下面这段话
//uid_t current_uid = getuid();
//if (current_uid != AID_ROOT && current_uid != AID_SHELL) error(1, 0, "not allowed");
2、system/core/libcutils/fs_config.c
//rk3399 root权限的获取,这个是修改fs_config.c
{ 06755, AID_ROOT, AID_SHELL, 0, "system/xbin/su" },//修改这里,rk3399的是用这个su,所以修改权限成6755,这个权限,可以用su
{ 06755, AID_ROOT, AID_ROOT, 0, "system/xbin/librank" },
{ 06755, AID_ROOT, AID_ROOT, 0, "system/xbin/procrank" },
{ 06755, AID_ROOT, AID_ROOT, 0, "system/xbin/procmem" },
{ 04770, AID_ROOT, AID_RADIO, 0, "system/bin/pppd-ril" },
/* the following files have enhanced capabilities and ARE included in user builds. */
{ 00750, AID_ROOT, AID_SHELL, (1ULL << CAP_SETUID) | (1ULL << CAP_SETGID), "system/bin/run-as" },
{ 00700, AID_SYSTEM, AID_SHELL, (1ULL << CAP_BLOCK_SUSPEND), "system/bin/inputflinger" },
{ 00750, AID_ROOT, AID_ROOT, 0, "system/bin/uncrypt" },
{ 00750, AID_ROOT, AID_ROOT, 0, "system/bin/install-recovery.sh" },
#ifdef CUSTOM_ROOT
{ 06755, AID_ROOT, AID_ROOT, 0, "system/bin/su" },//还要添加这里,这个看情况,有些系统可能没有用这个/system/bin/su
#endif
{ 00755, AID_ROOT, AID_SHELL, 0, "system/bin/*" },
{ 00755, AID_ROOT, AID_ROOT, 0, "system/lib/valgrind/*" },
3、frameworks/base/cmds/app_process/app_main.cpp
int main(int argc, char* const argv[])
{
//屏蔽下面判断, 把前面判断的一部分代码屏蔽,android_7.1 root权限获取root权限,亲测android 7.1可以用
/**
if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) < 0) {
// Older kernels don't understand PR_SET_NO_NEW_PRIVS and return
// EINVAL. Don't die on such kernels.
if (errno != EINVAL) {
LOG_ALWAYS_FATAL("PR_SET_NO_NEW_PRIVS failed: %s", strerror(errno));
return 12;
}
}
**/
4、修改frameworks/base/core/jni/com_android_internal_os_Zygote.cpp
static void DropCapabilitiesBoundingSet(JNIEnv* env){
#ifndef CUSTOM_ROOT
/**屏蔽. 整个函数注释掉,留下空函数,实测可用,android 7.1权限android root权限获取,app获取android权限
for (int i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >= 0; i++) {
int rc = prctl(PR_CAPBSET_DROP, i, 0, 0, 0);
if (rc == -1) {
if (errno == EINVAL) {
ALOGE("prctl(PR_CAPBSET_DROP) failed with EINVAL. Please verify "
"your kernel is compiled with file capabilities support");
} else {
ALOGE("prctl(PR_CAPBSET_DROP) failed");
RuntimeAbort(env);
}
}
}//work
**/
#endif
}
5、修改 system/core/adb/deamon/main.cpp
static bool should_drop_privileges() {
return false;//修改这里,直接返回false,不丢弃特权!
6、修改alps/system/core/init/init.cpp,关掉selinux
static bool selinux_is_enforcing(void)
{
return false;//关掉selinux
if (ALLOW_DISABLE_SELINUX) {
return selinux_status_from_cmdline() == SELINUX_ENFORCING;
}
return true;
}
其次,还可修改这里:
static bool selinux_is_disabled(void)
{
if (ALLOW_DISABLE_SELINUX) {
if (access("/sys/fs/selinux", F_OK) != 0) {
// SELinux is not compiled into the kernel, or has been disabled
// via the kernel command line "selinux=0".
return true;
}
//return selinux_status_from_cmdline() == SELINUX_DISABLED;//add for test, modified by lin
return true;//修改的地方,返回true,SELinux没启动了
}
return false;
}
7. system/core/init/Android.mk
ifneq (,$(filter userdebug eng user,$(TARGET_BUILD_VARIANT)))
init_options += -DALLOW_LOCAL_PROP_OVERRIDE=1 -DALLOW_DISABLE_SELINUX=1
else
init_options += -DALLOW_LOCAL_PROP_OVERRIDE=0 -DALLOW_DISABLE_SELINUX=1
endif
##add for test, modified by lin
## init_options += -DALLOW_LOCAL_PROP_OVERRIDE=0 -DALLOW_DISABLE_SELINUX=1
8. 在devic/rockchip/rk3399/inti.rk3399.rc中添加服务,开机root 直接使用su:
service superuser /system/xbin/su --daemon
class super-user
user root
oneshot
on property:superuser.start=on
class_start super-user
9.修改system/core/adb/Android.mk,取消adb校验
-ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT)))//去掉宏定义限制,直接允许ADBD_DISABLE_VERITY 和 adb root
LOCAL_CFLAGS += -DALLOW_ADBD_DISABLE_VERITY=1
LOCAL_CFLAGS += -DALLOW_ADBD_ROOT=1
-endif//去掉宏定义限制,直接允许ADBD_DISABLE_VERITY 和 adb root
10. 最后,重新清理,再重新编译android系统。
make clean -j8
make -j8