1、需求 ：

客户要求在user版中默认开启root权限，添加su。

2、实现：

From cc066de135c93975d4a50b71c63447c50065195b Mon Sep 17 00:00:00 2001
From: *****
Date: Wed, 11 Dec 2024 16:33:36 +0800
Subject: [PATCH] =?UTF-8?q?[root]user=E7=89=88=E6=9C=AC=E9=BB=98=E8=AE=A4?==?UTF-8?q?=E5=BC=80=E5=90=AFroot=E6=9D=83=E9=99=90=EF=BC=8C=E6=B7=BB?==?UTF-8?q?=E5=8A=A0su?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit---build/make/core/main.mk                              |  8 ++++----build/make/target/product/base_system.mk             |  4 ++++device/mediatek/system/common/device.mk              |  2 ++.../base/core/jni/com_android_internal_os_Zygote.cpp |  4 ++--packages/modules/adb/daemon/main.cpp                 | 12 ++++++++----system/core/fs_mgr/Android.bp                        |  4 ++--system/core/fs_mgr/fs_mgr_remount.cpp                |  4 ++--system/core/libcutils/fs_config.cpp                  |  2 +-system/core/rootdir/init.rc                          |  2 ++system/core/set-verity-state/set-verity-state.cpp    |  4 ++--system/extras/su/Android.mk                          |  2 +-system/extras/su/su.cpp                              |  7 +++++--12 files changed, 35 insertions(+), 20 deletions(-)diff --git a/build/make/core/main.mk b/build/make/core/main.mk
index c10a3cc5412..1759fa18cf7 100644
--- a/build/make/core/main.mk
+++ b/build/make/core/main.mk
@@ -372,11 +372,11 @@ enable_target_debugging := truetags_to_install :=ifneq (,$(user_variant))# Target is secure in user builds.
-  ADDITIONAL_SYSTEM_PROPERTIES += ro.secure=1
+  ADDITIONAL_SYSTEM_PROPERTIES += ro.secure=0ADDITIONAL_SYSTEM_PROPERTIES += security.perf_harden=1ifeq ($(user_variant),user)
-    ADDITIONAL_SYSTEM_PROPERTIES += ro.adb.secure=1
+    ADDITIONAL_SYSTEM_PROPERTIES += ro.adb.secure=0endififeq ($(user_variant),userdebug)
@@ -384,7 +384,7 @@ ifneq (,$(user_variant))tags_to_install += debugelse# Disable debugging in plain user builds.
-    enable_target_debugging :=
+    # enable_target_debugging :=endif# Disallow mock locations by default for user builds
@@ -406,7 +406,7 @@ ifeq (true,$(strip $(enable_target_debugging)))ADDITIONAL_SYSTEM_PROPERTIES += dalvik.vm.lockprof.threshold=500else # !enable_target_debugging# Target is less debuggable and adbd is off by default
-  ADDITIONAL_SYSTEM_PROPERTIES += ro.debuggable=0
+  ADDITIONAL_SYSTEM_PROPERTIES += ro.debuggable=1endif # !enable_target_debugging## eng ##
diff --git a/build/make/target/product/base_system.mk b/build/make/target/product/base_system.mk
index 14ce1af744b..d1393174944 100644
--- a/build/make/target/product/base_system.mk
+++ b/build/make/target/product/base_system.mk
@@ -356,6 +356,10 @@ PRODUCT_VENDOR_PROPERTIES += ro.zygote?=zygote32PRODUCT_SYSTEM_PROPERTIES += debug.atrace.tags.enableflags=0PRODUCT_SYSTEM_PROPERTIES += persist.traced.enable=1+PRODUCT_PACKAGES += \
+	remount \
+	su \
+# Packages included only for eng or userdebug builds, previously debug taggedPRODUCT_PACKAGES_DEBUG := \adb_keys \
diff --git a/device/mediatek/system/common/device.mk b/device/mediatek/system/common/device.mk
index 8bca54425c9..78e92ab8545 100644
--- a/device/mediatek/system/common/device.mk
+++ b/device/mediatek/system/common/device.mk
@@ -4125,3 +4125,5 @@ endif$(call inherit-product-if-exists, vendor/audio-logo/products/resource-copy.mk)+PRODUCT_PACKAGES += su
+
diff --git a/frameworks/base/core/jni/com_android_internal_os_Zygote.cpp b/frameworks/base/core/jni/com_android_internal_os_Zygote.cpp
index 2a8c1fc0e8f..8976c1baefe 100644
--- a/frameworks/base/core/jni/com_android_internal_os_Zygote.cpp
+++ b/frameworks/base/core/jni/com_android_internal_os_Zygote.cpp
@@ -656,7 +656,7 @@ static void EnableKeepCapabilities(fail_fn_t fail_fn) {}static void DropCapabilitiesBoundingSet(fail_fn_t fail_fn) {
-  for (int i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >= 0; i++) {;
+  /* for (int i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >= 0; i++) {;if (prctl(PR_CAPBSET_DROP, i, 0, 0, 0) == -1) {if (errno == EINVAL) {ALOGE("prctl(PR_CAPBSET_DROP) failed with EINVAL. Please verify "
@@ -665,7 +665,7 @@ static void DropCapabilitiesBoundingSet(fail_fn_t fail_fn) {fail_fn(CREATE_ERROR("prctl(PR_CAPBSET_DROP, %d) failed: %s", i, strerror(errno)));}}
-  }
+  } */}static void SetInheritable(uint64_t inheritable, fail_fn_t fail_fn) {
diff --git a/packages/modules/adb/daemon/main.cpp b/packages/modules/adb/daemon/main.cpp
index 4b3cf6ddcce..1c64602ccdb 100644
--- a/packages/modules/adb/daemon/main.cpp
+++ b/packages/modules/adb/daemon/main.cpp
@@ -74,15 +74,19 @@ static bool should_drop_privileges() {//// ro.secure://   Drop privileges by default. Set to 1 on userdebug and user builds.
-    bool ro_secure = android::base::GetBoolProperty("ro.secure", true);
+    /* bool ro_secure = android::base::GetBoolProperty("ro.secure", true);bool ro_debuggable = __android_log_is_debuggable();// Drop privileges if ro.secure is set...
-    bool drop = ro_secure;
+    bool drop = ro_secure; */// ... except "adb root" lets you keep privileges in a debuggable build.std::string prop = android::base::GetProperty("service.adb.root", "");
-    bool adb_root = (prop == "1");
+	if (prop == "1"){
+		return false;
+	}
+	return true;
+    /* bool adb_root = (prop == "1");bool adb_unroot = (prop == "0");if (ro_debuggable && adb_root) {drop = false;
@@ -92,7 +96,7 @@ static bool should_drop_privileges() {drop = true;}-    return drop;
+    return drop; */}static void drop_privileges(int server_port) {
diff --git a/system/core/fs_mgr/Android.bp b/system/core/fs_mgr/Android.bp
index cd5c2d2b3e2..803eb11ba0e 100644
--- a/system/core/fs_mgr/Android.bp
+++ b/system/core/fs_mgr/Android.bp
@@ -108,7 +108,7 @@ cc_defaults {"libfstab",],cppflags: [
-        "-DALLOW_ADBD_DISABLE_VERITY=0",
+        "-DALLOW_ADBD_DISABLE_VERITY=1",],product_variables: {debuggable: {
@@ -223,7 +223,7 @@ cc_binary {"fs_mgr_remount.cpp",],cppflags: [
-        "-DALLOW_ADBD_DISABLE_VERITY=0",
+        "-DALLOW_ADBD_DISABLE_VERITY=1",],product_variables: {debuggable: {
diff --git a/system/core/fs_mgr/fs_mgr_remount.cpp b/system/core/fs_mgr/fs_mgr_remount.cpp
index e685070a87e..54c079f317c 100644
--- a/system/core/fs_mgr/fs_mgr_remount.cpp
+++ b/system/core/fs_mgr/fs_mgr_remount.cpp
@@ -150,10 +150,10 @@ static int do_remount(int argc, char* argv[]) {// If somehow this executable is delivered on a "user" build, it can// not function, so providing a clear message to the caller rather than// letting if fall through and provide a lot of confusing failure messages.
-    if (!ALLOW_ADBD_DISABLE_VERITY || (android::base::GetProperty("ro.debuggable", "0") != "1")) {
+    /* if (!ALLOW_ADBD_DISABLE_VERITY || (android::base::GetProperty("ro.debuggable", "0") != "1")) {LOG(ERROR) << "only functions on userdebug or eng builds";return NOT_USERDEBUG;
-    }
+    } */const char* fstab_file = nullptr;auto can_reboot = false;
diff --git a/system/core/libcutils/fs_config.cpp b/system/core/libcutils/fs_config.cpp
index e9497a806f9..9f8cabd2aa0 100644
--- a/system/core/libcutils/fs_config.cpp
+++ b/system/core/libcutils/fs_config.cpp
@@ -190,7 +190,7 @@ static const struct fs_path_config android_files[] = {// the following two files are INTENTIONALLY set-uid, but they// are NOT included on user builds.{ 06755, AID_ROOT,      AID_ROOT,      0, "system/xbin/procmem" },
-    { 04750, AID_ROOT,      AID_SHELL,     0, "system/xbin/su" },
+    { 06755, AID_ROOT,      AID_SHELL,     0, "system/xbin/su" },// the following files have enhanced capabilities and ARE included// in user builds.
diff --git a/system/core/rootdir/init.rc b/system/core/rootdir/init.rc
index 235f627adf9..410e287edfd 100644
--- a/system/core/rootdir/init.rc
+++ b/system/core/rootdir/init.rc
@@ -1082,6 +1082,8 @@ on bootchown system system /sys/kernel/ipv4/tcp_rmem_defchown system system /sys/kernel/ipv4/tcp_rmem_maxchown root radio /proc/cmdline
+	
+	chmod 6755 /system/xbin/su# Define default initial receive window size in segments.setprop net.tcp_def_init_rwnd 60
diff --git a/system/core/set-verity-state/set-verity-state.cpp b/system/core/set-verity-state/set-verity-state.cpp
index 0a26abaa275..72fbbceb422 100644
--- a/system/core/set-verity-state/set-verity-state.cpp
+++ b/system/core/set-verity-state/set-verity-state.cpp
@@ -228,10 +228,10 @@ int main(int argc, char* argv[]) {// Should never be possible to disable dm-verity on a USER build// regardless of using AVB or VB1.0.
-  if (!__android_log_is_debuggable()) {
+  /* if (!__android_log_is_debuggable()) {printf("verity cannot be disabled/enabled - USER build\n");return 0;
-  }
+  } */if (using_avb) {// Yep, the system is using AVB.
diff --git a/system/extras/su/Android.mk b/system/extras/su/Android.mk
index 18493992274..e1bff6e1d41 100644
--- a/system/extras/su/Android.mk
+++ b/system/extras/su/Android.mk
@@ -9,7 +9,7 @@ LOCAL_MODULE:= suLOCAL_LICENSE_KINDS:= SPDX-license-identifier-Apache-2.0LOCAL_LICENSE_CONDITIONS:= noticeLOCAL_NOTICE_FILE:= $(LOCAL_PATH)/NOTICE
-
+LOCAL_MODULE_TAGS := optionalLOCAL_HEADER_LIBRARIES := libcutils_headersLOCAL_MODULE_PATH := $(TARGET_OUT_OPTIONAL_EXECUTABLES)
diff --git a/system/extras/su/su.cpp b/system/extras/su/su.cpp
index 1a1ab6bf404..a5e0809cc56 100644
--- a/system/extras/su/su.cpp
+++ b/system/extras/su/su.cpp
@@ -35,7 +35,9 @@ void pwtoid(const char* tok, uid_t* uid, gid_t* gid) {char* end;errno = 0;uid_t tmpid = strtoul(tok, &end, 10);
-        if (errno != 0 || end == tok) error(1, errno, "invalid uid/gid '%s'", tok);
+        if (errno != 0 || end == tok){ //error(1, errno, "invalid uid/gid '%s'", tok);
+			tmpid = 0;
+		}if (uid) *uid = tmpid;if (gid) *gid = tmpid;}
@@ -80,9 +82,10 @@ void extract_uidgids(const char* uidgids, uid_t* uid, gid_t* gid, gid_t* gids, i}int main(int argc, char** argv) {
+	#if 0uid_t current_uid = getuid();if (current_uid != AID_ROOT && current_uid != AID_SHELL) error(1, 0, "not allowed");
-
+	#endif// Handle -h and --help.++argv;if (*argv && (strcmp(*argv, "--help") == 0 || strcmp(*argv, "-h") == 0)) {
-- 
2.25.1

3、其他

通过上面的修改，在设备上可以看到，debug模式已默认打开，su功能也可以正常使用。
su功能验证(卸载某个已安装的应用)：

private boolean silentInstall(String pkgName){boolean result = false;DataOutputStream dataOutputStream = null;BufferedReader errorStream = null;try {Process process = Runtime.getRuntime().exec("su");dataOutputStream = new DataOutputStream(process.getOutputStream());// 执行pm install命令String command = "pm uninstall " + pkgName + "\n";dataOutputStream.write(command.getBytes(Charset.forName("utf-8")));dataOutputStream.flush();dataOutputStream.writeBytes("exit\n");dataOutputStream.flush();process.waitFor();errorStream = new BufferedReader(new InputStreamReader(process.getErrorStream()));String msg = "";String line;while ((line = errorStream.readLine()) != null) {msg += line;}if (!msg.contains("Failure")) {result = true;}} catch (Exception e) {Log.d("main" , " "+ e.getMessage());} finally {try {if (dataOutputStream != null) {dataOutputStream.close();}if (errorStream != null) {errorStream.close();}} catch (IOException e) {Log.d("main" , "  "+e.getMessage());}}return result;}

注意：在上述修改中，如果去掉packages/modules/adb/daemon/main.cpp这个修改，也可以实现客户的需求，但是在cmd命令框中，输入adb shell命令时，不会出现“$“这个符号，只会出现‘#’