一站式网络营销,网站流量工具,一个虚拟主机怎么做多个网站,两栏式设计网站一、为什么需要adb root权限
问题#xff1a;Relese版本#xff0c;默认adb访问会降级到shell权限#xff0c;一些敏感操作不能进行#xff0c;远程调试比较麻烦。且Release版本没有su模块#xff0c;不能切换Root用户。
开启adb调试以后#xff0c;默认进入adb是syste…一、为什么需要adb root权限
问题Relese版本默认adb访问会降级到shell权限一些敏感操作不能进行远程调试比较麻烦。且Release版本没有su模块不能切换Root用户。
开启adb调试以后默认进入adb是system权限不能切换到root因为Release没有集成su.
有两种方式切换Root:
1) Release也集成su模块
2默认Release版本adb 开启Root权限 二、开启adb ROOT权限
开启Root权限
ro.secure表示root权限要开启Root权限系统配置ro.secure0 开启ROOT权限
2.1 编译时默认开启ROOT权限
build/make/core/main.mk
ifneq (,$(user_variant))# modify begin # fix: zhouronghua default as root# Target is secure in user builds.ADDITIONAL_DEFAULT_PROPERTIES ro.secure0# modify end ADDITIONAL_DEFAULT_PROPERTIES security.perf_harden1ifeq ($(user_variant),user)# modify begin fix: default as rootADDITIONAL_DEFAULT_PROPERTIES ro.adb.secure0# modify end endifuser版本就是Releae版本userdebug版本就是debug版本。
2.2 Zygote关闭权限降级
frameworks/base/core/jni/com_android_internal_os_Zygote.cpp
static void DropCapabilitiesBoundingSet(fail_fn_t fail_fn) {// modify begin zhouronghua #if 0for (int i 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) 0; i) {;if (prctl(PR_CAPBSET_DROP, i, 0, 0, 0) -1) {if (errno EINVAL) {ALOGE(prctl(PR_CAPBSET_DROP) failed with EINVAL. Please verify your kernel is compiled with file capabilities support);} else {fail_fn(CREATE_ERROR(prctl(PR_CAPBSET_DROP, %d) failed: %s, i, strerror(errno)));}}}#endif// modify end }
2.3 Android.bp允许暴力修改selinux权限
system/core/init/Android.bp
-DALLOW_PERMISSIVE_SELINUX0 修改为 -DALLOW_PERMISSIVE_SELINUX1
cc_defaults {name: init_defaults,cpp_std: experimental,sanitize: {misc_undefined: [signed-integer-overflow],},cflags: [-DLOG_UEVENTS0,-Wall,-Wextra,-Wno-unused-parameter,-Werror,-Wthread-safety,-DALLOW_FIRST_STAGE_CONSOLE0,-DALLOW_LOCAL_PROP_OVERRIDE0,-DALLOW_PERMISSIVE_SELINUX1,-DREBOOT_BOOTLOADER_ON_PANIC0,-DWORLD_WRITABLE_KMSG0,-DDUMP_ON_UMOUNT_FAILURE0,2.4 init程序允许暴力修改selinux权限
system/core/init/Android.mk
ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT)))
init_options \-DALLOW_FIRST_STAGE_CONSOLE1 \-DALLOW_LOCAL_PROP_OVERRIDE1 \-DALLOW_PERMISSIVE_SELINUX1 \-DREBOOT_BOOTLOADER_ON_PANIC1 \-DWORLD_WRITABLE_KMSG1 \-DDUMP_ON_UMOUNT_FAILURE1
else
# modify begin zhouronghua allow permissive
init_options \-DALLOW_FIRST_STAGE_CONSOLE0 \-DALLOW_LOCAL_PROP_OVERRIDE0 \-DALLOW_PERMISSIVE_SELINUX1 \-DREBOOT_BOOTLOADER_ON_PANIC0 \-DWORLD_WRITABLE_KMSG0 \-DDUMP_ON_UMOUNT_FAILURE0
# modify end
endif2.5 su程序权限提级
system/core/libcutils/fs_config.cpp // the following two files are INTENTIONALLY set-uid, but they// are NOT included on user builds.{ 06755, AID_ROOT, AID_ROOT, 0, system/xbin/procmem },// modify begin zhouronghua su right improve{ 06755, AID_ROOT, AID_SHELL, 0, system/xbin/su },2.6 修改su程序权限
system/core/rootdir/init.rc chown system system /sys/devices/system/cpu/cpufreq/interactive/io_is_busychmod 0660 /sys/devices/system/cpu/cpufreq/interactive/io_is_busy# modify begin zhouronghua su rightchmod 6755 /system/xbin/su# modify end
2.7 su程序构建
system/extras/su/Android.mk
LOCAL_MODULE_PATH : $(TARGET_OUT_OPTIONAL_EXECUTABLES)# modify begin zhouronghua su as common module
LOCAL_MODULE_TAGS : optional
# modify end 2.8 su程序去掉Root用户检测
system/extras/su/su.cpp
int main(int argc, char** argv) {// modify begin zhouronghua delete root shell check#if 0uid_t current_uid getuid();if (current_uid ! AID_ROOT current_uid ! AID_SHELL) error(1, 0, not allowed);#endif// modify end 2.9 关闭selinux.cpp强制安全检测
system/core/init/selinux.cpp
bool IsEnforcing() {// modify start zhouronghua 不需要强制安全检测return false;// modify endif (ALLOW_PERMISSIVE_SELINUX) {return StatusFromCmdline() SELINUX_ENFORCING;}return true;
}
2.10 adb不降级采用ROOT访问
adbd启动时检查属性决定是否进行权限降级到AID_SHELL
system/core/adb/daemon/main.cpp
static bool should_drop_privileges() {// modify begin // fix: zhouronghua adb root not allowed, always drop privileges.if (!ALLOW_ADBD_ROOT !is_device_unlocked()) return false;// modifu end
adb Root权限访问不需要降级。
2.11 安卓内核默认开启selLinux
kernel/configs/o-mr1/android-3.18/android-base.config
kernel/configs/o-mr1/android-4.4/android-base.config
kernel/configs/o-mr1/android-4.9/android-base.config
kernel/configs/o/android-3.18/android-base.config
kernel/configs/o/android-3.18/android-base.config
kernel/configs/o/android-4.4/android-base.config
kernel/configs/o/android-4.9/android-base.config
kernel/configs/p/android-4.14/android-base.config
kernel/configs/p/android-4.4/android-base.config
kernel/configs/p/android-4.9/android-base.config
kernel/configs/q/android-4.14/android-base.config
kernel/configs/q/android-4.19/android-base.config
kernel/configs/q/android-4.9/android-base.config
kernel/configs/r/android-4.14/android-base.config
kernel/configs/r/android-4.19/android-base.config
kernel/configs/r/android-5.4/android-base.config
CONFIG_XFRM_USERy
# modify begin zhouronghua selinux
CONFIG_SECURITY_SELINUX_DEVELOPy
# # modify end 文章转载自: http://www.morning.gwkwt.cn.gov.cn.gwkwt.cn http://www.morning.kqzrt.cn.gov.cn.kqzrt.cn http://www.morning.fdxhk.cn.gov.cn.fdxhk.cn http://www.morning.mllmm.cn.gov.cn.mllmm.cn http://www.morning.rqgq.cn.gov.cn.rqgq.cn http://www.morning.wwwghs.com.gov.cn.wwwghs.com http://www.morning.dhqg.cn.gov.cn.dhqg.cn http://www.morning.nhbhc.cn.gov.cn.nhbhc.cn http://www.morning.mkyny.cn.gov.cn.mkyny.cn http://www.morning.kmkpm.cn.gov.cn.kmkpm.cn http://www.morning.xbnkm.cn.gov.cn.xbnkm.cn http://www.morning.bzwxr.cn.gov.cn.bzwxr.cn http://www.morning.hnmbq.cn.gov.cn.hnmbq.cn http://www.morning.ptmsk.cn.gov.cn.ptmsk.cn http://www.morning.nzqmw.cn.gov.cn.nzqmw.cn http://www.morning.2d1bl5.cn.gov.cn.2d1bl5.cn http://www.morning.bhgnj.cn.gov.cn.bhgnj.cn http://www.morning.gtmgl.cn.gov.cn.gtmgl.cn http://www.morning.mpflb.cn.gov.cn.mpflb.cn http://www.morning.brjq.cn.gov.cn.brjq.cn http://www.morning.grcfn.cn.gov.cn.grcfn.cn http://www.morning.lsjtq.cn.gov.cn.lsjtq.cn http://www.morning.bwygy.cn.gov.cn.bwygy.cn http://www.morning.rqrxh.cn.gov.cn.rqrxh.cn http://www.morning.dangaw.com.gov.cn.dangaw.com http://www.morning.jpkhn.cn.gov.cn.jpkhn.cn http://www.morning.yslfn.cn.gov.cn.yslfn.cn http://www.morning.cmfkp.cn.gov.cn.cmfkp.cn http://www.morning.hjwzpt.com.gov.cn.hjwzpt.com http://www.morning.mszwg.cn.gov.cn.mszwg.cn http://www.morning.lkpzx.cn.gov.cn.lkpzx.cn http://www.morning.rsqpc.cn.gov.cn.rsqpc.cn http://www.morning.mjzcp.cn.gov.cn.mjzcp.cn http://www.morning.mkrqh.cn.gov.cn.mkrqh.cn http://www.morning.nhpgm.cn.gov.cn.nhpgm.cn http://www.morning.spnky.cn.gov.cn.spnky.cn http://www.morning.rlhgx.cn.gov.cn.rlhgx.cn http://www.morning.chehb.com.gov.cn.chehb.com http://www.morning.gtbjc.cn.gov.cn.gtbjc.cn http://www.morning.jbtzx.cn.gov.cn.jbtzx.cn http://www.morning.nrqtk.cn.gov.cn.nrqtk.cn http://www.morning.lznqb.cn.gov.cn.lznqb.cn http://www.morning.xqgh.cn.gov.cn.xqgh.cn http://www.morning.pwdgy.cn.gov.cn.pwdgy.cn http://www.morning.jggr.cn.gov.cn.jggr.cn http://www.morning.snccl.cn.gov.cn.snccl.cn http://www.morning.xjnw.cn.gov.cn.xjnw.cn http://www.morning.bpmtq.cn.gov.cn.bpmtq.cn http://www.morning.cdygl.com.gov.cn.cdygl.com http://www.morning.lhptg.cn.gov.cn.lhptg.cn http://www.morning.nlkhr.cn.gov.cn.nlkhr.cn http://www.morning.wrysm.cn.gov.cn.wrysm.cn http://www.morning.hptbp.cn.gov.cn.hptbp.cn http://www.morning.kxnnh.cn.gov.cn.kxnnh.cn http://www.morning.lhrcr.cn.gov.cn.lhrcr.cn http://www.morning.fdjwl.cn.gov.cn.fdjwl.cn http://www.morning.wypyl.cn.gov.cn.wypyl.cn http://www.morning.rgkd.cn.gov.cn.rgkd.cn http://www.morning.bqts.cn.gov.cn.bqts.cn http://www.morning.wfcqr.cn.gov.cn.wfcqr.cn http://www.morning.zhishizf.cn.gov.cn.zhishizf.cn http://www.morning.jmtrq.cn.gov.cn.jmtrq.cn http://www.morning.nzhzt.cn.gov.cn.nzhzt.cn http://www.morning.mbmtz.cn.gov.cn.mbmtz.cn http://www.morning.dmtwz.cn.gov.cn.dmtwz.cn http://www.morning.errnull.com.gov.cn.errnull.com http://www.morning.rtspr.cn.gov.cn.rtspr.cn http://www.morning.xsrnr.cn.gov.cn.xsrnr.cn http://www.morning.rnfwx.cn.gov.cn.rnfwx.cn http://www.morning.bftr.cn.gov.cn.bftr.cn http://www.morning.mmjqk.cn.gov.cn.mmjqk.cn http://www.morning.thzgd.cn.gov.cn.thzgd.cn http://www.morning.jnptt.cn.gov.cn.jnptt.cn http://www.morning.hrzky.cn.gov.cn.hrzky.cn http://www.morning.ftync.cn.gov.cn.ftync.cn http://www.morning.nrqtk.cn.gov.cn.nrqtk.cn http://www.morning.sfgtp.cn.gov.cn.sfgtp.cn http://www.morning.nrzkg.cn.gov.cn.nrzkg.cn http://www.morning.ttryd.cn.gov.cn.ttryd.cn http://www.morning.kzdwt.cn.gov.cn.kzdwt.cn
