MTK android8.1添加root权限

客户需求,要求android8.1 user版本添加root权限 

第一步:device/mediateksample/k39tv1_bsp_1g/device.mk添加

+PRODUCT_COPY_FILES += \
+	system/extras/su/su:system/bin/su \
+	system/extras/su/su:system/xbin/su

第二步:frameworks/base/cmds/webview_zygote/webview_zygote.cpp屏蔽下面代码段


+    /*if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) < 0) {
         LOG_ALWAYS_FATAL("PR_SET_NO_NEW_PRIVS failed: %s", strerror(errno));
         return 12;
+    }*/

第三步:frameworks/base/core/jni/com_android_internal_os_Zygote.cpp屏蔽下面代码段

static void DropCapabilitiesBoundingSet(JNIEnv* env) {
+  /*for (int i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >= 0; i++) {
     int rc = prctl(PR_CAPBSET_DROP, i, 0, 0, 0);
     if (rc == -1) {
       if (errno == EINVAL) {
@@ -258,7 +258,7 @@ static void DropCapabilitiesBoundingSet(JNIEnv* env) {
         RuntimeAbort(env, __LINE__, "prctl(PR_CAPBSET_DROP) failed");
       }
     }
+  }*/

第四步:kernel-4.4/security/commoncap.c添加

@@ -881,6 +881,14 @@ static int cap_prctl_drop(unsigned long cap)
 {
 	struct cred *new;
 
+	if (!strncmp(current->comm, "zygote", 16)) {
+		return -EINVAL;
+	}
+
+	if (!strncmp(current->comm, "adbd", 16)) {
+		return -EINVAL;
+	}

第五步:system/core/adb/daemon/main.cpp添加下面代码段

+#define MTK_ALLOW_ADBD_ROOT

static bool should_drop_privileges() {
+#ifdef MTK_ALLOW_ADBD_ROOT
+    return false;
+#endif

@@ -127,12 +130,15 @@ static void drop_privileges(int server_port) {
     } else {
         // minijail_enter() will abort if any priv-dropping step fails.
         minijail_enter(jail.get());
-
+#ifdef MTK_ALLOW_ADBD_ROOT
+        D("MTK_ALLOW_ADBD_ROOT enabled\n");
+#else
         if (root_seclabel != nullptr) {
             if (selinux_android_setcon(root_seclabel) < 0) {
                 LOG(FATAL) << "Could not set SELinux context";
             }
         }
+#endif



第六步:system/core/libcutils/fs_config.cpp添加下面权限

@@ -147,6 +147,7 @@ static const struct fs_path_config android_files[] = {

     { 00750, AID_ROOT,      AID_ROOT,      0, "system/bin/install-recovery.sh" },
+	 { 06755, AID_ROOT,      AID_ROOT,      0, "system/bin/su" },
     { 00700, AID_ROOT,      AID_ROOT,      0, "system/bin/secilc" },

@@ -166,7 +167,7 @@ static const struct fs_path_config android_files[] = {
     { 06755, AID_ROOT,      AID_ROOT,      0, "system/xbin/procmem" },
-    { 04750, AID_ROOT,      AID_SHELL,     0, "system/xbin/su" },
+    { 06755, AID_ROOT,      AID_ROOT,      0, "system/xbin/su" },

第七步:system/extras/su/su.cpp屏蔽下面代码段

 int main(int argc, char** argv) {
-    uid_t current_uid = getuid();
-    if (current_uid != AID_ROOT && current_uid != AID_SHELL) error(1, 0, "not allowed");
+    //uid_t current_uid = getuid();
+    //if (current_uid != AID_ROOT && current_uid != AID_SHELL) error(1, 0, "not allowed");

到此全编一下就可以

你可能感兴趣的:(MTK,Android)