android10.0(Q) root QCOM-SM6125 user版本打开root权限

推荐两个性能优化学习地址:
Blog

androidperformance

MTK 6735/6739/6755/6763 android8.1 user版本打开root权限(adb root权限和 apk root权限)

MTK 6765/6739/6755/6761/6763 android9.0 user版本打开root权限(adb root权限和 apk root权限)

android10.0(Q) root MTK 6765 user版本打开root权限(adb root权限和 apk root权限)

修改方案
总共修改 12 个文件

modified:device/qcom/qssi/BoardConfig.mk
modified:device/qcom/trinket/BoardConfig.mk
modified:system/core/init/Android.bp
modified:system/core/init/Android.mk
modified:system/core/init/selinux.cpp
modified:system/core/fs_mgr/Android.bp
modified:system/core/adb/Android.bp
modified:system/core/adb/daemon/main.cpp
modified:system/sepolicy/Android.mk
modified:build/core/main.mk
modified:system/sepolicy/definitions.mk
modified:device/qcom/sepolicy/Android.mk

由于sm6125 找的是qssi 和trinket,所以找到qssi 和trinket 下面的BoardConfig.mk修改BOARD_KERNEL_CMDLINE
1、BOARD_KERNEL_CMDLINE默认添加androidboot.selinux=permissive

  device/qcom/qssi/BoardConfig.mk

diff --git a/BoardConfig.mk b/BoardConfig.mk
index 3fbc788..03a8e16 100644
--- a/BoardConfig.mk
+++ b/BoardConfig.mk
@@ -98,7 +98,7 @@ endif
 TARGET_USES_ION := true
 TARGET_USES_NEW_ION_API :=true
 TARGET_USES_QCOM_BSP := false
-BOARD_KERNEL_CMDLINE := console=ttyMSM0,115200n8 earlycon=msm_geni_serial,0xa90000 androidboot.hardware=qcom androidboot.console=ttyMSM0 androidboot.memcg=1 lpm_levels.sleep_disabled=1 video=vfb:640x400,bpp=32,memsize=3072000 msm_rtb.filter=0x237 service_locator.enable=1 swiotlb=2048 loop.max_part=7 androidboot.usbcontroller=a600000.dwc3
+BOARD_KERNEL_CMDLINE := console=ttyMSM0,115200n8 earlycon=msm_geni_serial,0xa90000 androidboot.hardware=qcom androidboot.console=ttyMSM0 androidboot.memcg=1 lpm_levels.sleep_disabled=1 video=vfb:640x400,bpp=32,memsize=3072000 msm_rtb.filter=0x237 service_locator.enable=1 swiotlb=2048 loop.max_part=7 androidboot.usbcontroller=a600000.dwc3 androidboot.selinux=permissive
 
 BOARD_EGL_CFG := device/qcom/$(TARGET_BOARD_PLATFORM)/egl.cfg

2、BOARD_KERNEL_CMDLINE默认添加androidboot.selinux=permissive

  device/qcom/trinket/BoardConfig.mk

diff --git a/BoardConfig.mk b/BoardConfig.mk
index e041c85..76b76a4 100644
--- a/BoardConfig.mk
+++ b/BoardConfig.mk
@@ -223,9 +223,9 @@ ifeq (FACTORY, $(LCT_BUILD_TYPE))
 else
 
  ifeq (user, $(TARGET_BUILD_VARIANT))
-  BOARD_KERNEL_CMDLINE := console=ttyMSM0,115200n8 androidboot.hardware=qcom androidboot.console=ttyMSM0 androidboot.memcg=1 lpm_levels.sleep_disabled=1 video=vfb:640x400,bpp=32,memsize=3072000 msm_rtb.filter=0x237 service_locator.enable=1 swiotlb=1 earlycon=msm_geni_serial,0x4a90000 loop.max_part=7 cgroup.memory=nokmem,nosocket
+  BOARD_KERNEL_CMDLINE := console=ttyMSM0,115200n8 androidboot.hardware=qcom androidboot.console=ttyMSM0 androidboot.memcg=1 lpm_levels.sleep_disabled=1 video=vfb:640x400,bpp=32,memsize=3072000 msm_rtb.filter=0x237 service_locator.enable=1 swiotlb=1 earlycon=msm_geni_serial,0x4a90000 loop.max_part=7 cgroup.memory=nokmem,nosocket androidboot.selinux=permissive
  else
-  BOARD_KERNEL_CMDLINE := console=ttyMSM0,115200n8 androidboot.hardware=qcom androidboot.console=ttyMSM0 androidboot.memcg=1 lpm_levels.sleep_disabled=1 video=vfb:640x400,printk.devkmsg=on,bpp=32,memsize=3072000 msm_rtb.filter=0x237 service_locator.enable=1 swiotlb=1 earlycon=msm_geni_serial,0x4a90000 loop.max_part=7 cgroup.memory=nokmem,nosocket
+  BOARD_KERNEL_CMDLINE := console=ttyMSM0,115200n8 androidboot.hardware=qcom androidboot.console=ttyMSM0 androidboot.memcg=1 lpm_levels.sleep_disabled=1 video=vfb:640x400,printk.devkmsg=on,bpp=32,memsize=3072000 msm_rtb.filter=0x237 service_locator.enable=1 swiotlb=1 earlycon=msm_geni_serial,0x4a90000 loop.max_part=7 cgroup.memory=nokmem,nosocket androidboot.selinux=permissive
 
  endif
 endif

3、修改 SELinux权限为 Permissive
      SELinux 常用状态有两个 Permissive 和 Enforcing,通过 adb shell getenforce 可查看当前所处模式
     10.0 改到了 selinux.cpp 中
  3.1 system/core/init/Android.bp

diff --git a/init/Android.bp b/init/Android.bp
index 6be7290..189ddd6 100644
--- a/init/Android.bp
+++ b/init/Android.bp
@@ -26,11 +26,11 @@ cc_defaults {
         "-Wextra",
         "-Wno-unused-parameter",
         "-Werror",
-        "-DALLOW_LOCAL_PROP_OVERRIDE=0",
-        "-DALLOW_PERMISSIVE_SELINUX=0",
-        "-DREBOOT_BOOTLOADER_ON_PANIC=0",
-        "-DWORLD_WRITABLE_KMSG=0",
-        "-DDUMP_ON_UMOUNT_FAILURE=0",
+        "-DALLOW_LOCAL_PROP_OVERRIDE=1",
+        "-DALLOW_PERMISSIVE_SELINUX=1",
+        "-DREBOOT_BOOTLOADER_ON_PANIC=1",
+        "-DWORLD_WRITABLE_KMSG=1",
+        "-DDUMP_ON_UMOUNT_FAILURE=1",
         "-DSHUTDOWN_ZERO_TIMEOUT=0",
     ],
     product_variables: {

  3.2 system/core/init/Android.mk

diff --git a/init/Android.mk b/init/Android.mk
index cca57a9..494c654 100644
--- a/init/Android.mk
+++ b/init/Android.mk
@@ -6,7 +6,7 @@ LOCAL_PATH:= $(call my-dir)
 
 # --
 
-ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT)))
+ifneq (,$(filter user userdebug eng,$(TARGET_BUILD_VARIANT)))
 init_options += \
     -DALLOW_LOCAL_PROP_OVERRIDE=1 \
     -DALLOW_PERMISSIVE_SELINUX=1 \

  3.3 system/core/init/selinux.cpp

diff --git a/init/selinux.cpp b/init/selinux.cpp
index 86238b4..9cd3f1e 100644
--- a/init/selinux.cpp
+++ b/init/selinux.cpp
@@ -97,10 +97,12 @@ EnforcingStatus StatusFromCmdline() {
 }
 
 bool IsEnforcing() {
+    return false;
     if (ALLOW_PERMISSIVE_SELINUX) {
         return StatusFromCmdline() == SELINUX_ENFORCING;
     }
     return true;
+    
 }
 

4、解锁 fastboot,并关闭 verity 按需操作

   4.1 system/core/adb/Android.bp

diff --git a/adb/Android.bp b/adb/Android.bp
index 01e00dd..b6b117c 100644
--- a/adb/Android.bp
+++ b/adb/Android.bp
@@ -24,7 +24,7 @@ cc_defaults {
         "-Wno-missing-field-initializers",
         "-Wthread-safety",
         "-Wvla",
         "-DADB_HOST=1",         // overridden by adbd_defaults
-        "-DALLOW_ADBD_ROOT=0",  // overridden by adbd_defaults
+        "-DALLOW_ADBD_ROOT=1",  // overridden by adbd_defaults
     ],
     cpp_std: "experimental",
@@ -76,7 +76,14 @@ cc_defaults {
     name: "adbd_defaults",
     defaults: ["adb_defaults"],
 
-    cflags: ["-UADB_HOST", "-DADB_HOST=0"],
+    cflags: [
+           "-UADB_HOST", 
+           "-DADB_HOST=0"
+               "-UALLOW_ADBD_ROOT",
+        "-DALLOW_ADBD_ROOT=1",
+        "-DALLOW_ADBD_DISABLE_VERITY",
+        "-DALLOW_ADBD_NO_AUTH",
+       ],
     product_variables: {
         debuggable: {
             cflags: [
@@ -403,6 +410,8 @@ cc_library {
         "libcutils",
         "liblog",
     ],
+       
+    required: [ "remount",],
 
     product_variables: {
         debuggable: {

 4.2 system/core/adb/daemon/main.cpp

diff --git a/adb/daemon/main.cpp b/adb/daemon/main.cpp
index e5a4917..5f8de1b 100644
--- a/adb/daemon/main.cpp
+++ b/adb/daemon/main.cpp
@@ -63,6 +63,7 @@ static inline bool is_device_unlocked() {
 }
 
 static bool should_drop_capabilities_bounding_set() {
+       return false;
     if (ALLOW_ADBD_ROOT || is_device_unlocked()) {
         if (__android_log_is_debuggable()) {
             return false;
@@ -73,6 +74,7 @@ static bool should_drop_capabilities_bounding_set() {
 
 static bool should_drop_privileges() {
     // "adb root" not allowed, always drop privileges.
+       return false;
     if (!ALLOW_ADBD_ROOT && !is_device_unlocked()) return true;
 
     // The properties that affect `adb root` and `adb unroot` are ro.secure and

5、修改 adb root 权限,user 和 userdebug 区别在于 remount 时走的地方不一样,userdebug remount 时打印的日志来自 system\core\fs_mgr\fs_mgr_remount.cpp

diff --git a/fs_mgr/Android.bp b/fs_mgr/Android.bp
index 4ee9624..ebaa390 100644
--- a/fs_mgr/Android.bp
+++ b/fs_mgr/Android.bp
@@ -75,7 +75,8 @@ cc_library {
         "libfstab",
     ],
     cppflags: [
-        "-DALLOW_ADBD_DISABLE_VERITY=0",
+        "-UALLOW_ADBD_DISABLE_VERITY",
+        "-DALLOW_ADBD_DISABLE_VERITY=1",
     ],
     product_variables: {
         debuggable: {
@@ -132,7 +133,8 @@ cc_binary {
         "fs_mgr_remount.cpp",
     ],
     cppflags: [
-        "-DALLOW_ADBD_DISABLE_VERITY=0",
+        "-UALLOW_ADBD_DISABLE_VERITY",
+        "-DALLOW_ADBD_DISABLE_VERITY=1",
     ],
     product_variables: {
         debuggable: {

6、user 版本启用 overlayfs 来装载 remount 对应分区 user 版本不允许 permissive domains

system/sepolicy/Android.mk

diff --git a/Android.mk b/Android.mk
index dadd7b0..24278d5 100644
--- a/Android.mk
+++ b/Android.mk
@@ -309,7 +309,7 @@ LOCAL_REQUIRED_MODULES += \
 
 endif
 
-ifneq ($(TARGET_BUILD_VARIANT), user)
+ifneq ($(TARGET_BUILD_VARIANT), eng)
 LOCAL_REQUIRED_MODULES += \
     selinux_denial_metadata \
 
@@ -978,7 +978,7 @@ $(built_sepolicy_neverallows)
        @mkdir -p $(dir $@)
        $(hide) $< -m -M true -G -c $(POLICYVERS) $(PRIVATE_NEVERALLOW_ARG) $(PRIVATE_CIL_FILES) -o [email protected] -f /dev/null
        $(hide) $(HOST_OUT_EXECUTABLES)/sepolicy-analyze [email protected] permissive > [email protected]
-       $(hide) if [ "$(TARGET_BUILD_VARIANT)" = "user" -a -s [email protected] ]; then \
+       $(hide) if [ "eng" = "user" -a -s [email protected] ]; then \
                echo "==========" 1>&2; \
                echo "ERROR: permissive domains not allowed in user builds" 1>&2; \
                echo "List of invalid domains:" 1>&2; \
@@ -1032,7 +1032,7 @@ $(LOCAL_BUILT_MODULE): $(sepolicy.recovery.conf) $(HOST_OUT_EXECUTABLES)/checkpo
        $(hide) $(CHECKPOLICY_ASAN_OPTIONS) $(HOST_OUT_EXECUTABLES)/checkpolicy -M -c \
                $(POLICYVERS) -o [email protected] $<
        $(hide) $(HOST_OUT_EXECUTABLES)/sepolicy-analyze [email protected] permissive > [email protected]
-       $(hide) if [ "$(TARGET_BUILD_VARIANT)" = "user" -a -s [email protected] ]; then \
+       $(hide) if [ "eng" = "user" -a -s [email protected] ]; then \
                echo "==========" 1>&2; \
                echo "ERROR: permissive domains not allowed in user builds" 1>&2; \
                echo "List of invalid domains:" 1>&2; \
@@ -1104,7 +1104,7 @@ endif
 ifneq ($(filter address,$(SANITIZE_TARGET)),)
   local_fc_files += $(wildcard $(addsuffix /file_contexts_asan, $(PLAT_PRIVATE_POLICY)))
 endif
-ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT)))
+ifneq (,$(filter user userdebug eng,$(TARGET_BUILD_VARIANT)))
   local_fc_files += $(wildcard $(addsuffix /file_contexts_overlayfs, $(PLAT_PRIVATE_POLICY)))
 endif
 ifeq ($(TARGET_FLATTEN_APEX),true)
@@ -1166,7 +1166,7 @@ file_contexts.device.tmp :=
 file_contexts.local.tmp :=
 
 ##################################
-ifneq ($(TARGET_BUILD_VARIANT), user)
+ifneq ($(TARGET_BUILD_VARIANT), eng)
 include $(CLEAR_VARS)
 
 LOCAL_MODULE := selinux_denial_metadata

system/sepolicy/definitions.mk

diff --git a/definitions.mk b/definitions.mk
index 16c8bd6..d64ea4c 100644
--- a/definitions.mk
+++ b/definitions.mk
@@ -4,7 +4,7 @@ define transform-policy-to-conf
 @mkdir -p $(dir $@)
 $(hide) m4 --fatal-warnings $(PRIVATE_ADDITIONAL_M4DEFS) \
        -D mls_num_sens=$(PRIVATE_MLS_SENS) -D mls_num_cats=$(PRIVATE_MLS_CATS) \
-       -D target_build_variant=$(PRIVATE_TARGET_BUILD_VARIANT) \
+       -D target_build_variant=eng \
        -D target_with_dexpreopt=$(WITH_DEXPREOPT) \
        -D target_arch=$(PRIVATE_TGT_ARCH) \
        -D target_with_asan=$(PRIVATE_TGT_WITH_ASAN) \

7、打开 USB 调试时默认授权,不再弹授权框  打开deug

build/core/main.mk

diff --git a/core/main.mk b/core/main.mk
index c2206db..bc2996d 100644
--- a/core/main.mk
+++ b/core/main.mk
@@ -293,7 +293,7 @@ ifneq (,$(user_variant))
   ifeq (FACTORY, $(LCT_BUILD_TYPE))
     ADDITIONAL_DEFAULT_PROPERTIES += ro.secure=0
   else
-    ADDITIONAL_DEFAULT_PROPERTIES += ro.secure=1
+    ADDITIONAL_DEFAULT_PROPERTIES += ro.secure=0
   endif
    #add NHK-M528-A01-137 -factory open root default modify by mafei 20191021-end
   ADDITIONAL_DEFAULT_PROPERTIES += security.perf_harden=1
@@ -304,7 +304,7 @@ ifneq (,$(user_variant))
     ifeq (FACTORY, $(LCT_BUILD_TYPE))
       ADDITIONAL_DEFAULT_PROPERTIES += ro.adb.secure=0
     else
-      ADDITIONAL_DEFAULT_PROPERTIES += ro.adb.secure=1
+      ADDITIONAL_DEFAULT_PROPERTIES += ro.adb.secure=0
     endif
     #add NHK-M528-A01-137 -factory open root default modify by mafei 20191021-end
   endif
@@ -341,7 +341,7 @@ else # !enable_target_debugging
   ifeq (FACTORY, $(LCT_BUILD_TYPE))
     ADDITIONAL_DEFAULT_PROPERTIES += ro.debuggable=1
   else
-    ADDITIONAL_DEFAULT_PROPERTIES += ro.debuggable=0
+    ADDITIONAL_DEFAULT_PROPERTIES += ro.debuggable=1
   endif 
   #add NHK-M528-A01-137 -factory open root default modify by mafei 20191021-end
 endif # !enable_target_debugging

7、修改导致selinux报错问题

device/qcom/sepolicy/Android.mk

diff --git a/Android.mk b/Android.mk
index c490fba..873b15b 100644
--- a/Android.mk
+++ b/Android.mk
@@ -45,7 +45,7 @@ ifeq (,$(filter sdm845 sdm710, $(TARGET_BOARD_PLATFORM)))
       BOARD_SEPOLICY_DIRS += $(LOCAL_PATH)/qva/vendor/$(TARGET_SEPOLICY_DIR)
     endif
 
-    ifneq (,$(filter userdebug eng, $(TARGET_BUILD_VARIANT)))
+    ifneq (,$(filter user userdebug eng, $(TARGET_BUILD_VARIANT)))
     BOARD_SEPOLICY_DIRS += $(LOCAL_PATH)/generic/vendor/test
     BOARD_SEPOLICY_DIRS += $(LOCAL_PATH)/qva/vendor/test
     endif
@@ -65,7 +65,7 @@ ifneq (,$(filter sdm845 sdm710, $(TARGET_BOARD_PLATFORM)))
     else
       BOARD_SEPOLICY_DIRS += $(LOCAL_PATH)/legacy/vendor/$(TARGET_SEPOLICY_DIR)
     endif
-    ifneq (,$(filter userdebug eng, $(TARGET_BUILD_VARIANT)))
+    ifneq (,$(filter user userdebug eng, $(TARGET_BUILD_VARIANT)))
     BOARD_SEPOLICY_DIRS += $(LOCAL_PATH)/legacy/vendor/test
     endif
 endif

patch汇总
 

一、device/qcom/trinket/
diff --git a/device/qcom/trinket/BoardConfig.mk b/device/qcom/trinket/BoardConfig.mk
index e041c85..76b76a4 100644
--- a/device/qcom/trinket/BoardConfig.mk
+++ b/device/qcom/trinket/BoardConfig.mk
@@ -223,9 +223,9 @@
 else
 
  ifeq (user, $(TARGET_BUILD_VARIANT))
-  BOARD_KERNEL_CMDLINE := console=ttyMSM0,115200n8 androidboot.hardware=qcom androidboot.console=ttyMSM0 androidboot.memcg=1 lpm_levels.sleep_disabled=1 video=vfb:640x400,bpp=32,memsize=3072000 msm_rtb.filter=0x237 service_locator.enable=1 swiotlb=1 earlycon=msm_geni_serial,0x4a90000 loop.max_part=7 cgroup.memory=nokmem,nosocket
+  BOARD_KERNEL_CMDLINE := console=ttyMSM0,115200n8 androidboot.hardware=qcom androidboot.console=ttyMSM0 androidboot.memcg=1 lpm_levels.sleep_disabled=1 video=vfb:640x400,bpp=32,memsize=3072000 msm_rtb.filter=0x237 service_locator.enable=1 swiotlb=1 earlycon=msm_geni_serial,0x4a90000 loop.max_part=7 cgroup.memory=nokmem,nosocket androidboot.selinux=permissive
  else
-  BOARD_KERNEL_CMDLINE := console=ttyMSM0,115200n8 androidboot.hardware=qcom androidboot.console=ttyMSM0 androidboot.memcg=1 lpm_levels.sleep_disabled=1 video=vfb:640x400,printk.devkmsg=on,bpp=32,memsize=3072000 msm_rtb.filter=0x237 service_locator.enable=1 swiotlb=1 earlycon=msm_geni_serial,0x4a90000 loop.max_part=7 cgroup.memory=nokmem,nosocket
+  BOARD_KERNEL_CMDLINE := console=ttyMSM0,115200n8 androidboot.hardware=qcom androidboot.console=ttyMSM0 androidboot.memcg=1 lpm_levels.sleep_disabled=1 video=vfb:640x400,printk.devkmsg=on,bpp=32,memsize=3072000 msm_rtb.filter=0x237 service_locator.enable=1 swiotlb=1 earlycon=msm_geni_serial,0x4a90000 loop.max_part=7 cgroup.memory=nokmem,nosocket androidboot.selinux=permissive
 
  endif
 endif
 
 
 
 
二、device/qcom/qssi/
diff --git a/device/qcom/qssi/BoardConfig.mk b/device/qcom/qssi/BoardConfig.mk
index 3fbc788..03a8e16 100644
--- a/device/qcom/qssi/BoardConfig.mk
+++ b/device/qcom/qssi/BoardConfig.mk
@@ -98,7 +98,7 @@
 TARGET_USES_ION := true
 TARGET_USES_NEW_ION_API :=true
 TARGET_USES_QCOM_BSP := false
-BOARD_KERNEL_CMDLINE := console=ttyMSM0,115200n8 earlycon=msm_geni_serial,0xa90000 androidboot.hardware=qcom androidboot.console=ttyMSM0 androidboot.memcg=1 lpm_levels.sleep_disabled=1 video=vfb:640x400,bpp=32,memsize=3072000 msm_rtb.filter=0x237 service_locator.enable=1 swiotlb=2048 loop.max_part=7 androidboot.usbcontroller=a600000.dwc3
+BOARD_KERNEL_CMDLINE := console=ttyMSM0,115200n8 earlycon=msm_geni_serial,0xa90000 androidboot.hardware=qcom androidboot.console=ttyMSM0 androidboot.memcg=1 lpm_levels.sleep_disabled=1 video=vfb:640x400,bpp=32,memsize=3072000 msm_rtb.filter=0x237 service_locator.enable=1 swiotlb=2048 loop.max_part=7 androidboot.usbcontroller=a600000.dwc3 androidboot.selinux=permissive
 
 BOARD_EGL_CFG := device/qcom/$(TARGET_BOARD_PLATFORM)/egl.cfg




 
三、system/core/
diff --git a/system/core/init/Android.bp b/system/core/init/Android.bp
index 6be7290..189ddd6 100644
--- a/system/core/init/Android.bp
+++ b/system/core/init/Android.bp
@@ -26,11 +26,11 @@
         "-Wextra",
         "-Wno-unused-parameter",
         "-Werror",
-        "-DALLOW_LOCAL_PROP_OVERRIDE=0",
-        "-DALLOW_PERMISSIVE_SELINUX=0",
-        "-DREBOOT_BOOTLOADER_ON_PANIC=0",
-        "-DWORLD_WRITABLE_KMSG=0",
-        "-DDUMP_ON_UMOUNT_FAILURE=0",
+        "-DALLOW_LOCAL_PROP_OVERRIDE=1",
+        "-DALLOW_PERMISSIVE_SELINUX=1",
+        "-DREBOOT_BOOTLOADER_ON_PANIC=1",
+        "-DWORLD_WRITABLE_KMSG=1",
+        "-DDUMP_ON_UMOUNT_FAILURE=1",
         "-DSHUTDOWN_ZERO_TIMEOUT=0",
     ],
     product_variables: {
	 
diff --git a/system/core/init/Android.mk b/system/core/init/Android.mk
index cca57a9..494c654 100644
--- a/system/core/init/Android.mk
+++ b/system/core/init/Android.mk
@@ -6,7 +6,7 @@
 
 # --
 
-ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT)))
+ifneq (,$(filter user userdebug eng,$(TARGET_BUILD_VARIANT)))
 init_options += \
     -DALLOW_LOCAL_PROP_OVERRIDE=1 \
     -DALLOW_PERMISSIVE_SELINUX=1 \
diff --git a/system/core/init/selinux.cpp b/system/core/init/selinux.cpp
index 86238b4..9cd3f1e 100644
--- a/init/selinux.cpp
+++ b/init/selinux.cpp
@@ -97,10 +97,12 @@
 }
 
 bool IsEnforcing() {
+    return false;
     if (ALLOW_PERMISSIVE_SELINUX) {
         return StatusFromCmdline() == SELINUX_ENFORCING;
     }
     return true;
+    
 }
 
 // Forks, executes the provided program in the child, and waits for the completion in the parent.
 
 

diff --git a/system/core/adb/Android.bp b/system/core/adb/Android.bp
index 01e00dd..0854dd1 100644
--- a/system/core/adb/Android.bp
+++ b/system/core/adb/Android.bp
@@ -25,7 +25,7 @@
         "-Wthread-safety",
         "-Wvla",
         "-DADB_HOST=1",         // overridden by adbd_defaults
-        "-DALLOW_ADBD_ROOT=0",  // overridden by adbd_defaults
+        "-DALLOW_ADBD_ROOT=1",  // overridden by adbd_defaults
     ],
     cpp_std: "experimental",
 
@@ -76,7 +76,14 @@
     name: "adbd_defaults",
     defaults: ["adb_defaults"],
 
-    cflags: ["-UADB_HOST", "-DADB_HOST=0"],
+    cflags: [
+             "-UADB_HOST", 
+             "-DADB_HOST=0",
+             "-UALLOW_ADBD_ROOT",
+             "-DALLOW_ADBD_ROOT=1",
+             "-DALLOW_ADBD_DISABLE_VERITY",
+             "-DALLOW_ADBD_NO_AUTH",
+             ],
     product_variables: {
         debuggable: {
             cflags: [
@@ -404,6 +411,8 @@
         "liblog",
     ],
 
+    required: [ "remount",],
+    
     product_variables: {
         debuggable: {
             required: [
diff --git a/system/core/adb/daemon/main.cpp b/system/core/adb/daemon/main.cpp
index e5a4917..5f8de1b 100644
--- a/system/core/adb/daemon/main.cpp
+++ b/system/core/adb/daemon/main.cpp
@@ -63,6 +63,7 @@
 }
 
 static bool should_drop_capabilities_bounding_set() {
+	return false;
     if (ALLOW_ADBD_ROOT || is_device_unlocked()) {
         if (__android_log_is_debuggable()) {
             return false;
@@ -73,6 +74,7 @@
 
 static bool should_drop_privileges() {
     // "adb root" not allowed, always drop privileges.
+	return false;
     if (!ALLOW_ADBD_ROOT && !is_device_unlocked()) return true;
 
     // The properties that affect `adb root` and `adb unroot` are ro.secure and 
	 


diff --git a/system/core/fs_mgr/Android.bp b/system/core/fs_mgr/Android.bp
index 4ee9624..ebaa390 100644
--- a/system/core/fs_mgr/Android.bp
+++ b/system/core/fs_mgr/Android.bp
@@ -75,7 +75,8 @@
         "libfstab",
     ],
     cppflags: [
-        "-DALLOW_ADBD_DISABLE_VERITY=0",
+        "-UALLOW_ADBD_DISABLE_VERITY",
+        "-DALLOW_ADBD_DISABLE_VERITY=1",
     ],
     product_variables: {
         debuggable: {
@@ -132,7 +133,8 @@
         "fs_mgr_remount.cpp",
     ],
     cppflags: [
-        "-DALLOW_ADBD_DISABLE_VERITY=0",
+        "-UALLOW_ADBD_DISABLE_VERITY",
+        "-DALLOW_ADBD_DISABLE_VERITY=1",
     ],
     product_variables: {
         debuggable: {
		 
		 
四、system/sepolicy
diff --git a/system/sepolicy/Android.mk b/system/sepolicy/Android.mk
index dadd7b0..24278d5 100644
--- a/system/sepolicy/Android.mk
+++ b/system/sepolicy/Android.mk
@@ -309,7 +309,7 @@
 
 endif
 
-ifneq ($(TARGET_BUILD_VARIANT), user)
+ifneq ($(TARGET_BUILD_VARIANT), eng)
 LOCAL_REQUIRED_MODULES += \
     selinux_denial_metadata \
 
@@ -978,7 +978,7 @@
 	@mkdir -p $(dir $@)
 	$(hide) $< -m -M true -G -c $(POLICYVERS) $(PRIVATE_NEVERALLOW_ARG) $(PRIVATE_CIL_FILES) -o [email protected] -f /dev/null
 	$(hide) $(HOST_OUT_EXECUTABLES)/sepolicy-analyze [email protected] permissive > [email protected]
-	$(hide) if [ "$(TARGET_BUILD_VARIANT)" = "user" -a -s [email protected] ]; then \
+	$(hide) if [ "eng" = "user" -a -s [email protected] ]; then \
 		echo "==========" 1>&2; \
 		echo "ERROR: permissive domains not allowed in user builds" 1>&2; \
 		echo "List of invalid domains:" 1>&2; \
@@ -1032,7 +1032,7 @@
 	$(hide) $(CHECKPOLICY_ASAN_OPTIONS) $(HOST_OUT_EXECUTABLES)/checkpolicy -M -c \
 		$(POLICYVERS) -o [email protected] $<
 	$(hide) $(HOST_OUT_EXECUTABLES)/sepolicy-analyze [email protected] permissive > [email protected]
-	$(hide) if [ "$(TARGET_BUILD_VARIANT)" = "user" -a -s [email protected] ]; then \
+	$(hide) if [ "eng" = "user" -a -s [email protected] ]; then \
 		echo "==========" 1>&2; \
 		echo "ERROR: permissive domains not allowed in user builds" 1>&2; \
 		echo "List of invalid domains:" 1>&2; \
@@ -1104,7 +1104,7 @@
 ifneq ($(filter address,$(SANITIZE_TARGET)),)
   local_fc_files += $(wildcard $(addsuffix /file_contexts_asan, $(PLAT_PRIVATE_POLICY)))
 endif
-ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT)))
+ifneq (,$(filter user userdebug eng,$(TARGET_BUILD_VARIANT)))
   local_fc_files += $(wildcard $(addsuffix /file_contexts_overlayfs, $(PLAT_PRIVATE_POLICY)))
 endif
 ifeq ($(TARGET_FLATTEN_APEX),true)
@@ -1166,7 +1166,7 @@
 file_contexts.local.tmp :=
 
 ##################################
-ifneq ($(TARGET_BUILD_VARIANT), user)
+ifneq ($(TARGET_BUILD_VARIANT), eng)
 include $(CLEAR_VARS)
 
 LOCAL_MODULE := selinux_denial_metadata
 
diff --git a/system/sepolicy/definitions.mk b/system/sepolicy/definitions.mk
index 16c8bd6..d64ea4c 100644
--- a/system/sepolicy/definitions.mk
+++ b/system/sepolicy/definitions.mk
@@ -4,7 +4,7 @@
 @mkdir -p $(dir $@)
 $(hide) m4 --fatal-warnings $(PRIVATE_ADDITIONAL_M4DEFS) \
 	-D mls_num_sens=$(PRIVATE_MLS_SENS) -D mls_num_cats=$(PRIVATE_MLS_CATS) \
-	-D target_build_variant=$(PRIVATE_TARGET_BUILD_VARIANT) \
+	-D target_build_variant=eng \
 	-D target_with_dexpreopt=$(WITH_DEXPREOPT) \
 	-D target_arch=$(PRIVATE_TGT_ARCH) \
 	-D target_with_asan=$(PRIVATE_TGT_WITH_ASAN) \

 
五、/build
diff --git a/build/core/main.mk b/build/core/main.mk
index c2206db..bc2996d 100644
--- a/build/core/main.mk
+++ b/build/core/main.mk
@@ -293,7 +293,7 @@
   ifeq (FACTORY, $(LCT_BUILD_TYPE))
     ADDITIONAL_DEFAULT_PROPERTIES += ro.secure=0
   else
-    ADDITIONAL_DEFAULT_PROPERTIES += ro.secure=1
+    ADDITIONAL_DEFAULT_PROPERTIES += ro.secure=0
   endif
    #add NHK-M528-A01-137 -factory open root default modify by mafei 20191021-end
   ADDITIONAL_DEFAULT_PROPERTIES += security.perf_harden=1
@@ -304,7 +304,7 @@
     ifeq (FACTORY, $(LCT_BUILD_TYPE))
       ADDITIONAL_DEFAULT_PROPERTIES += ro.adb.secure=0
     else
-      ADDITIONAL_DEFAULT_PROPERTIES += ro.adb.secure=1
+      ADDITIONAL_DEFAULT_PROPERTIES += ro.adb.secure=0
     endif
     #add NHK-M528-A01-137 -factory open root default modify by mafei 20191021-end
   endif
@@ -341,7 +341,7 @@
   ifeq (FACTORY, $(LCT_BUILD_TYPE))
     ADDITIONAL_DEFAULT_PROPERTIES += ro.debuggable=1
   else
-    ADDITIONAL_DEFAULT_PROPERTIES += ro.debuggable=0
+    ADDITIONAL_DEFAULT_PROPERTIES += ro.debuggable=1
   endif 
   #add NHK-M528-A01-137 -factory open root default modify by mafei 20191021-end
 endif # !enable_target_debugging
 

六、/device/qcom/sepolicy
diff --git a/device/qcom/sepolicy/Android.mk b/device/qcom/sepolicy/Android.mk
index c490fba..873b15b 100644
--- a/device/qcom/sepolicy/Android.mk
+++ b/device/qcom/sepolicy/Android.mk
@@ -45,7 +45,7 @@
       BOARD_SEPOLICY_DIRS += $(LOCAL_PATH)/qva/vendor/$(TARGET_SEPOLICY_DIR)
     endif
 
-    ifneq (,$(filter userdebug eng, $(TARGET_BUILD_VARIANT)))
+    ifneq (,$(filter user userdebug eng, $(TARGET_BUILD_VARIANT)))
     BOARD_SEPOLICY_DIRS += $(LOCAL_PATH)/generic/vendor/test
     BOARD_SEPOLICY_DIRS += $(LOCAL_PATH)/qva/vendor/test
     endif
@@ -65,7 +65,7 @@
     else
       BOARD_SEPOLICY_DIRS += $(LOCAL_PATH)/legacy/vendor/$(TARGET_SEPOLICY_DIR)
     endif
-    ifneq (,$(filter userdebug eng, $(TARGET_BUILD_VARIANT)))
+    ifneq (,$(filter user userdebug eng, $(TARGET_BUILD_VARIANT)))
     BOARD_SEPOLICY_DIRS += $(LOCAL_PATH)/legacy/vendor/test
     endif
 endif

 

你可能感兴趣的:(Android)