Android 11编译第三弹 ADB开启ROOT权限

一、为什么需要adb root权限

问题：Relese版本，默认adb访问会降级到shell权限，一些敏感操作不能进行，远程调试比较麻烦。且Release版本没有su模块，不能切换Root用户。

开启adb调试以后，默认进入adb是system权限，不能切换到root（因为Release没有集成su）.

有两种方式切换Root:

1) Release也集成su模块

2）默认Release版本adb 开启Root权限

二、开启adb ROOT权限

开启Root权限

ro.secure表示root权限，要开启Root权限，系统配置ro.secure=0 开启ROOT权限

2.1 编译时默认开启ROOT权限

build/make/core/main.mk

ifneq (,$(user_variant))# ==== modify begin ====# fix: zhouronghua default as root# Target is secure in user builds.ADDITIONAL_DEFAULT_PROPERTIES += ro.secure=0# ==== modify end ====ADDITIONAL_DEFAULT_PROPERTIES += security.perf_harden=1ifeq ($(user_variant),user)# ==== modify begin ==== fix: default as rootADDITIONAL_DEFAULT_PROPERTIES += ro.adb.secure=0# ==== modify end ====endif

user版本就是Releae版本，userdebug版本就是debug版本。

2.2 Zygote关闭权限降级

frameworks/base/core/jni/com_android_internal_os_Zygote.cpp

static void DropCapabilitiesBoundingSet(fail_fn_t fail_fn) {// ==== modify begin ==== zhouronghua #if 0for (int i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >= 0; i++) {;if (prctl(PR_CAPBSET_DROP, i, 0, 0, 0) == -1) {if (errno == EINVAL) {ALOGE("prctl(PR_CAPBSET_DROP) failed with EINVAL. Please verify ""your kernel is compiled with file capabilities support");} else {fail_fn(CREATE_ERROR("prctl(PR_CAPBSET_DROP, %d) failed: %s", i, strerror(errno)));}}}#endif// ==== modify end ====}

2.3 Android.bp允许暴力修改selinux权限

system/core/init/Android.bp

-DALLOW_PERMISSIVE_SELINUX=0 修改为 -DALLOW_PERMISSIVE_SELINUX=1

cc_defaults {name: "init_defaults",cpp_std: "experimental",sanitize: {misc_undefined: ["signed-integer-overflow"],},cflags: ["-DLOG_UEVENTS=0","-Wall","-Wextra","-Wno-unused-parameter","-Werror","-Wthread-safety","-DALLOW_FIRST_STAGE_CONSOLE=0","-DALLOW_LOCAL_PROP_OVERRIDE=0","-DALLOW_PERMISSIVE_SELINUX=1","-DREBOOT_BOOTLOADER_ON_PANIC=0","-DWORLD_WRITABLE_KMSG=0","-DDUMP_ON_UMOUNT_FAILURE=0",

2.4 init程序允许暴力修改selinux权限

system/core/init/Android.mk

ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT)))
init_options += \-DALLOW_FIRST_STAGE_CONSOLE=1 \-DALLOW_LOCAL_PROP_OVERRIDE=1 \-DALLOW_PERMISSIVE_SELINUX=1 \-DREBOOT_BOOTLOADER_ON_PANIC=1 \-DWORLD_WRITABLE_KMSG=1 \-DDUMP_ON_UMOUNT_FAILURE=1
else
# ==== modify begin ==== zhouronghua allow permissive
init_options += \-DALLOW_FIRST_STAGE_CONSOLE=0 \-DALLOW_LOCAL_PROP_OVERRIDE=0 \-DALLOW_PERMISSIVE_SELINUX=1 \-DREBOOT_BOOTLOADER_ON_PANIC=0 \-DWORLD_WRITABLE_KMSG=0 \-DDUMP_ON_UMOUNT_FAILURE=0
# ==== modify end ====
endif

2.5 su程序权限提级

system/core/libcutils/fs_config.cpp

    // the following two files are INTENTIONALLY set-uid, but they// are NOT included on user builds.{ 06755, AID_ROOT,      AID_ROOT,      0, "system/xbin/procmem" },// ==== modify begin ==== zhouronghua su right improve{ 06755, AID_ROOT,      AID_SHELL,     0, "system/xbin/su" },

2.6 修改su程序权限

system/core/rootdir/init.rc

    chown system system /sys/devices/system/cpu/cpufreq/interactive/io_is_busychmod 0660 /sys/devices/system/cpu/cpufreq/interactive/io_is_busy# ==== modify begin ==== zhouronghua su rightchmod 6755 /system/xbin/su# ==== modify end ====

2.7 su程序构建

system/extras/su/Android.mk

LOCAL_MODULE_PATH := $(TARGET_OUT_OPTIONAL_EXECUTABLES)# ==== modify begin ==== zhouronghua su as common module
LOCAL_MODULE_TAGS := optional
# ==== modify end ====

2.8 su程序去掉Root用户检测

system/extras/su/su.cpp

int main(int argc, char** argv) {// ==== modify begin ==== zhouronghua delete root shell check#if 0uid_t current_uid = getuid();if (current_uid != AID_ROOT && current_uid != AID_SHELL) error(1, 0, "not allowed");#endif// ==== modify end ====

2.9 关闭selinux.cpp强制安全检测

system/core/init/selinux.cpp

bool IsEnforcing() {// ==== modify start ==== zhouronghua 不需要强制安全检测return false;// ==== modify endif (ALLOW_PERMISSIVE_SELINUX) {return StatusFromCmdline() == SELINUX_ENFORCING;}return true;
}

2.10 adb不降级采用ROOT访问

adbd启动时检查属性，决定是否进行权限降级到AID_SHELL

system/core/adb/daemon/main.cpp

static bool should_drop_privileges() {// ==== modify begin ====// fix: zhouronghua "adb root" not allowed, always drop privileges.if (!ALLOW_ADBD_ROOT && !is_device_unlocked()) return false;// ==== modifu end ====

adb Root权限访问不需要降级。

2.11 安卓内核默认开启selLinux

kernel/configs/o-mr1/android-3.18/android-base.config

kernel/configs/o-mr1/android-4.4/android-base.config

kernel/configs/o-mr1/android-4.9/android-base.config

kernel/configs/o/android-3.18/android-base.config

kernel/configs/o/android-4.4/android-base.config

kernel/configs/o/android-4.9/android-base.config

kernel/configs/p/android-4.14/android-base.config

kernel/configs/p/android-4.4/android-base.config

kernel/configs/p/android-4.9/android-base.config

kernel/configs/q/android-4.14/android-base.config

kernel/configs/q/android-4.19/android-base.config

kernel/configs/q/android-4.9/android-base.config

kernel/configs/r/android-4.14/android-base.config

kernel/configs/r/android-4.19/android-base.config

kernel/configs/r/android-5.4/android-base.config

CONFIG_XFRM_USER=y
# ==== modify begin ==== zhouronghua selinux
CONFIG_SECURITY_SELINUX_DEVELOP=y
# # ==== modify end ====

本文来自互联网用户投稿，该文观点仅代表作者本人，不代表本站立场。本站仅提供信息存储空间服务，不拥有所有权，不承担相关法律责任。如若转载，请注明出处：http://www.mzph.cn/news/65447.shtml

如若内容造成侵权/违法违规/事实不符，请联系多彩编程网进行投诉反馈email:809451989@qq.com，一经查实，立即删除！