客户需求,要求android8.1 user版本添加root权限
第一步:device/mediateksample/k39tv1_bsp_1g/device.mk添加
+PRODUCT_COPY_FILES += \
+ system/extras/su/su:system/bin/su \
+ system/extras/su/su:system/xbin/su
第二步:frameworks/base/cmds/webview_zygote/webview_zygote.cpp屏蔽下面代码段
+ /*if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) < 0) {
LOG_ALWAYS_FATAL("PR_SET_NO_NEW_PRIVS failed: %s", strerror(errno));
return 12;
+ }*/
第三步:frameworks/base/core/jni/com_android_internal_os_Zygote.cpp屏蔽下面代码段
static void DropCapabilitiesBoundingSet(JNIEnv* env) {
+ /*for (int i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >= 0; i++) {
int rc = prctl(PR_CAPBSET_DROP, i, 0, 0, 0);
if (rc == -1) {
if (errno == EINVAL) {
@@ -258,7 +258,7 @@ static void DropCapabilitiesBoundingSet(JNIEnv* env) {
RuntimeAbort(env, __LINE__, "prctl(PR_CAPBSET_DROP) failed");
}
}
+ }*/
第四步:kernel-4.4/security/commoncap.c添加
@@ -881,6 +881,14 @@ static int cap_prctl_drop(unsigned long cap)
{
struct cred *new;
+ if (!strncmp(current->comm, "zygote", 16)) {
+ return -EINVAL;
+ }
+
+ if (!strncmp(current->comm, "adbd", 16)) {
+ return -EINVAL;
+ }
第五步:system/core/adb/daemon/main.cpp添加下面代码段
+#define MTK_ALLOW_ADBD_ROOT
static bool should_drop_privileges() {
+#ifdef MTK_ALLOW_ADBD_ROOT
+ return false;
+#endif
@@ -127,12 +130,15 @@ static void drop_privileges(int server_port) {
} else {
// minijail_enter() will abort if any priv-dropping step fails.
minijail_enter(jail.get());
-
+#ifdef MTK_ALLOW_ADBD_ROOT
+ D("MTK_ALLOW_ADBD_ROOT enabled\n");
+#else
if (root_seclabel != nullptr) {
if (selinux_android_setcon(root_seclabel) < 0) {
LOG(FATAL) << "Could not set SELinux context";
}
}
+#endif
第六步:system/core/libcutils/fs_config.cpp添加下面权限
@@ -147,6 +147,7 @@ static const struct fs_path_config android_files[] = {
{ 00750, AID_ROOT, AID_ROOT, 0, "system/bin/install-recovery.sh" },
+ { 06755, AID_ROOT, AID_ROOT, 0, "system/bin/su" },
{ 00700, AID_ROOT, AID_ROOT, 0, "system/bin/secilc" },
@@ -166,7 +167,7 @@ static const struct fs_path_config android_files[] = {
{ 06755, AID_ROOT, AID_ROOT, 0, "system/xbin/procmem" },
- { 04750, AID_ROOT, AID_SHELL, 0, "system/xbin/su" },
+ { 06755, AID_ROOT, AID_ROOT, 0, "system/xbin/su" },
第七步:system/extras/su/su.cpp屏蔽下面代码段
int main(int argc, char** argv) {
- uid_t current_uid = getuid();
- if (current_uid != AID_ROOT && current_uid != AID_SHELL) error(1, 0, "not allowed");
+ //uid_t current_uid = getuid();
+ //if (current_uid != AID_ROOT && current_uid != AID_SHELL) error(1, 0, "not allowed");
到此全编一下就可以