1.下载Android6.0源码
https://www.jianshu.com/p/3cc70d7c73f4
源码目录新建kernel目录
cd ~/aosp/android-6.0.1_r62_MTC20F
mkdir kernel
下载内核源码
内核源码位置参考
https://source.android.com/source/building-kernels.html
由于我的设备是angler(Nexus 6P)所以使用下面地址进行下载
cd kernel
git clone https://aosp.tuna.tsinghua.edu.cn/kernel/msm.git
查看内核版本
adb devices
adb shell
cat /proc/version
image.png
检出分支
git checkout 909746b
修改 msm/fs/proc/base.c 函数 proc_pid_wchan
static int proc_pid_wchan(struct task_struct *task, char *buffer)
{
unsigned long wchan;
char symname[KSYM_NAME_LEN];
wchan = get_wchan(task);
if (lookup_symbol_name(wchan, symname) < 0)
if (!ptrace_may_access(task, PTRACE_MODE_READ))
return 0;
else
return sprintf(buffer, "%lu", wchan);
else{
// 新增开始
if (strstr(symname, "trace")) {
return sprintf(buffer, "%s", "sys_epoll_wait");
}
// 新增结束
return sprintf(buffer, "%s", symname);
}
}
修改 msm/fs/proc/array.c 函数 proc_pid_wchan
/*
* The task state array is a strange "bitmap" of
* reasons to sleep. Thus "running" is zero, and
* you can test for combinations of others with
* simple bit tests.
*/
static const char * const task_state_array[] = {
"R (running)", /* 0 */
"S (sleeping)", /* 1 */
"D (disk sleep)", /* 2 */
"S (sleeping)", /* 4 修改*/
"S (sleeping)", /* 8 修改*/
"Z (zombie)", /* 16 */
"X (dead)", /* 32 */
"x (dead)", /* 64 */
"K (wakekill)", /* 128 */
"W (waking)", /* 256 */
"P (parked)", /* 512 */
};
修改 msm/fs/proc/array.c 函数 task_state
static inline void task_state(struct seq_file *m, struct pid_namespace *ns,
struct pid *pid, struct task_struct *p)
{
struct user_namespace *user_ns = seq_user_ns(m);
struct group_info *group_info;
int g;
struct fdtable *fdt = NULL;
const struct cred *cred;
pid_t ppid, tpid;
rcu_read_lock();
ppid = pid_alive(p) ?
task_tgid_nr_ns(rcu_dereference(p->real_parent), ns) : 0;
tpid = 0;
if (pid_alive(p)) {
struct task_struct *tracer = ptrace_parent(p);
if (tracer)
tpid = task_pid_nr_ns(tracer, ns);
}
cred = get_task_cred(p);
seq_printf(m,
"State:\t%s\n"
"Tgid:\t%d\n"
"Pid:\t%d\n"
"PPid:\t%d\n"
"TracerPid:\t%d\n"
"Uid:\t%d\t%d\t%d\t%d\n"
"Gid:\t%d\t%d\t%d\t%d\n",
get_task_state(p),
task_tgid_nr_ns(p, ns),
pid_nr_ns(pid, ns),
ppid, /*tpid修改*/0,
from_kuid_munged(user_ns, cred->uid),
from_kuid_munged(user_ns, cred->euid),
from_kuid_munged(user_ns, cred->suid),
from_kuid_munged(user_ns, cred->fsuid),
from_kgid_munged(user_ns, cred->gid),
from_kgid_munged(user_ns, cred->egid),
from_kgid_munged(user_ns, cred->sgid),
from_kgid_munged(user_ns, cred->fsgid));
task_lock(p);
if (p->files)
fdt = files_fdtable(p->files);
seq_printf(m,
"FDSize:\t%d\n"
"Groups:\t",
fdt ? fdt->max_fds : 0);
rcu_read_unlock();
group_info = cred->group_info;
task_unlock(p);
for (g = 0; g < group_info->ngroups; g++)
seq_printf(m, "%d ",
from_kgid_munged(user_ns, GROUP_AT(group_info, g)));
put_cred(cred);
seq_putc(m, '\n');
}
编译内核
// 查看CPU信息
adb shell
cat /proc/cpuinfo
image.png
export ANDROID_AARCH64=~/aosp/android-6.0.1_r62_MTC20F/prebuilts/gcc/linux-x86/aarch64/aarch64-linux-android-4.9/bin
export ARCH=arm64 // 指明目标体系架构,arm、x86、arm64、
export SUBARCH=arm64
export PATH=$PATH:$ANDROID_AARCH64
export CROSS_COMPILE=aarch64-linux-android- //指定使用的交叉编译器的前缀
make angler_defconfig
make
注意1、ANDROID_AARCH64可以用你Android源码编译套件里面的,
注意2、export PATH=ANDROID_AARCH64这条命令一定是在export ANDROID_AARCH64以后执行,如果执行顺序错误就会报如下异常
编译成功目录msm/arch/arm64/boot
image.png
我们要的是Image.gz-dtb这个文件,它才是替换boot.img中kernel的。
然后设置编译好的内核文件环境变量
export TARGET_PREBUILT_KERNEL=/tmp/aosp/android-6.0.1_r62_MTC20F/kernel/msm/arch/arm64/boot/Image.gz-dtb
进入安卓系统源码目录重新编译
cd ~/aosp/android-6.0.1_r62_MTC20F/
编译前的设置
export USER=$(whoami)
source build/envsetup.sh
prebuilts/misc/linux-x86/ccache/ccache -M 50G
lunch
先编译内核
make bootimage -j8
然后再编译除内核外的其他源码
make -j8
开始刷机
刷机步骤:https://www.jianshu.com/p/3cc70d7c73f4