RK源碼文檔中已經提供了 root相關補丁,具體描述如下,
apk root 功能:
rootservice function:
若產品集成的apk需要單獨的root權限或者需要執行su生效,可以打開此功能。
For some app want to get root permission,or need to execute "su" commond.
如何打開:
How to open;
1.參考補丁包中源碼目錄,打上對應目錄下的patch文件,若打不上,可以手動對比或拷貝補丁包中修改後文件;
2.在產品BoardConfig.mk中將宏BOARD_ALLOW_ROOTSERVICE設置爲true。
3.重新編譯系統
提示:
Tips:
可以在sdk的RKDocs/rk33328/PATCHES下找到rootservice功能的補丁包,使用其中的rootchecker應用測試是否可以root成功。
注意:
1.由於rootservice採用的是SupportSU方案,集成後開機機器root服務啓動,中間會有remount操作,故會影響system的ota差異包升級,
具體原因是ota差異包會檢測系統是否remount過(就算沒實際修改system文件),所以打開rootservice後無法進行ota差異包升級,
若客戶產品需要進行差異包升級,建議不採用此root方案;
2.此方案暫不支持user版本下使用.
但是官方的它不香啊,看到最後那行 此方案暫不支持user版本下使用 了嘛。所以我胡漢三又來了,不斷突破寄幾個。
修改文件清單
modified: build/make/core/main.mk
modified: system/core/adb/Android.bp
modified: system/core/adb/daemon/main.cpp
modified: system/core/fs_mgr/Android.bp
modified: system/core/init/selinux.cpp
modified: system/sepolicy/Android.mk
modified: system/sepolicy/definitions.mk
一個修改7個文件
1、讓進程名稱在 AS Logcat 中可見,通過修改 ro.adb.secure 和 ro.secure
build/make/core/main.mk
tags_to_install :=
ifneq (,$(user_variant))
# Target is secure in user builds.
- ADDITIONAL_DEFAULT_PROPERTIES += ro.secure=1
+ # ADDITIONAL_DEFAULT_PROPERTIES += ro.secure=1
+ ADDITIONAL_DEFAULT_PROPERTIES += ro.secure=0
ADDITIONAL_DEFAULT_PROPERTIES += security.perf_harden=1
ifeq ($(user_variant),user)
- ADDITIONAL_DEFAULT_PROPERTIES += ro.adb.secure=1
+ # ADDITIONAL_DEFAULT_PROPERTIES += ro.adb.secure=1
+ ADDITIONAL_DEFAULT_PROPERTIES += ro.adb.secure=0
endif
ifeq ($(user_variant),userdebug)
@@ -251,7 +253,7 @@ ifneq (,$(user_variant))
tags_to_install += debug
else
# Disable debugging in plain user builds.
- enable_target_debugging :=
+ # enable_target_debugging :=
endif
# Disallow mock locations by default for user builds
2、修改 SELinux權限爲 Permissive
SELinux 常用狀態有兩個 Permissive 和 Enforcing,通過 adb shell getenforce 可查看當前所處模式
10.0 改到了 selinux.cpp 中
system/core/init/selinux.cpp
bool IsEnforcing() {
+ return false;
if (ALLOW_PERMISSIVE_SELINUX) {
return StatusFromCmdline() == SELINUX_ENFORCING;
}
3、修改 sepolicy 編譯規則爲 eng
system/sepolicy/Android.mk
+++ b/system/sepolicy/Android.mk
@@ -309,7 +309,7 @@ LOCAL_REQUIRED_MODULES += \
endif
-ifneq ($(TARGET_BUILD_VARIANT), user)
+ifneq ($(TARGET_BUILD_VARIANT), eng)
LOCAL_REQUIRED_MODULES += \
selinux_denial_metadata \
@@ -1104,7 +1104,7 @@ endif
ifneq ($(filter address,$(SANITIZE_TARGET)),)
local_fc_files += $(wildcard $(addsuffix /file_contexts_asan, $(PLAT_PRIVATE_POLICY)))
endif
-ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT)))
+ifneq (,$(filter user userdebug eng,$(TARGET_BUILD_VARIANT)))
local_fc_files += $(wildcard $(addsuffix /file_contexts_overlayfs, $(PLAT_PRIVATE_POLICY)))
endif
ifeq ($(TARGET_FLATTEN_APEX),true)
@@ -1166,7 +1166,7 @@ file_contexts.device.tmp :=
file_contexts.local.tmp :=
##################################
-ifneq ($(TARGET_BUILD_VARIANT), user)
+ifneq ($(TARGET_BUILD_VARIANT), eng)
include $(CLEAR_VARS)
LOCAL_MODULE := selinux_denial_metadata
system/sepolicy/definitions.mk
+++ b/alps/system/sepolicy/definitions.mk
@@ -1,10 +1,11 @@
# Command to turn collection of policy files into a policy.conf file to be
# processed by checkpolicy
define transform-policy-to-conf
@mkdir -p $(dir $@)
$(hide) m4 --fatal-warnings $(PRIVATE_ADDITIONAL_M4DEFS) \
-D mls_num_sens=$(PRIVATE_MLS_SENS) -D mls_num_cats=$(PRIVATE_MLS_CATS) \
- -D target_build_variant=$(PRIVATE_TARGET_BUILD_VARIANT) \
+ -D target_build_variant=eng \
-D target_with_dexpreopt=$(WITH_DEXPREOPT) \
-D target_arch=$(PRIVATE_TGT_ARCH) \
4、修改 adb root/remount 權限, 走 fs_mgr
system/core/adb/Android.bp
+++ b/system/core/adb/Android.bp
@@ -76,7 +76,15 @@ cc_defaults {
name: "adbd_defaults",
defaults: ["adb_defaults"],
- cflags: ["-UADB_HOST", "-DADB_HOST=0"],
+ //cflags: ["-UADB_HOST", "-DADB_HOST=0"],
+ cflags: [
+ "-UADB_HOST",
+ "-DADB_HOST=0",
+ "-UALLOW_ADBD_ROOT",
+ "-DALLOW_ADBD_ROOT=1",
+ "-DALLOW_ADBD_DISABLE_VERITY",
+ "-DALLOW_ADBD_NO_AUTH",
+ ],
product_variables: {
debuggable: {
cflags: [
@@ -403,7 +411,7 @@ cc_library {
"libcutils",
"liblog",
],
-
+ required: [ "remount",],
product_variables: {
debuggable: {
required: [
system/core/adb/daemon/main.cpp
@@ -63,12 +63,13 @@ static inline bool is_device_unlocked() {
}
static bool should_drop_capabilities_bounding_set() {
- if (ALLOW_ADBD_ROOT || is_device_unlocked()) {
+ /*if (ALLOW_ADBD_ROOT || is_device_unlocked()) {
if (__android_log_is_debuggable()) {
return false;
}
}
- return true;
+ return true;*/
+ return false;
}
static bool should_drop_privileges() {
system/core/fs_mgr/Android.bp
+++ b/alps/system/core/fs_mgr/Android.bp
@@ -76,7 +76,8 @@ cc_library {
"libfstab",
],
cppflags: [
- "-DALLOW_ADBD_DISABLE_VERITY=0",
+ "-UALLOW_ADBD_DISABLE_VERITY",
+ "-DALLOW_ADBD_DISABLE_VERITY=1",
],
product_variables: {
debuggable: {
@@ -133,7 +134,8 @@ cc_binary {
"fs_mgr_remount.cpp",
],
cppflags: [
- "-DALLOW_ADBD_DISABLE_VERITY=0",
+ "-UALLOW_ADBD_DISABLE_VERITY",
+ "-DALLOW_ADBD_DISABLE_VERITY=1",
],
product_variables: {
debuggable: {
C:>adb root
C:>adb remount
remount succeeded
好了,大功告成,一時 root 一時爽,一直 root 一直爽