一、user开启root
一些平台可以通过单刷eng版本的boot.imag来root user版本,如果无法通过单刷bootimage来root,可以通过修改代码,使默认开启root。
1.1 system/core/adb/ Android.mk修改如下:
//LOCAL_CFLAGS +=-DALLOW_ADBD_ROOT=$(if $(filter userdebug eng,$(TARGET_BUILD_VARIANT)),1,0)
LOCAL_CFLAGS += -DALLOW_ADBD_ROOT=$(if $(filter user userdebug eng,$(TARGET_BUILD_VARIANT)),1,0)
LOCAL_CFLAGS += -DALLOW_ADBD_NO_AUTH=$(if $(filter userdebug eng,$(TARGET_BUILD_VARIANT)),1,0)10.0平台使用 system/core/adb/ Android.bp修改如下
cflags: [
"-Wall",
"-Wextra",
"-Werror",
"-Wexit-time-destructors",
"-Wno-unused-parameter",
"-Wno-missing-field-initializers",
"-Wthread-safety",
"-Wvla",
"-DADB_HOST=1", // overridden by adbd_defaults
"-DALLOW_ADBD_ROOT=1", // overridden by adbd_defaults
"-DALLOW_ADBD_DISABLE_VERITY=1",
],
cc_defaults {
name: "adbd_defaults",
defaults: ["adb_defaults"],
cflags: ["-UADB_HOST", "-DADB_HOST=0"],
product_variables: {
debuggable: {
cflags: [
"-UALLOW_ADBD_ROOT",
"-DALLOW_ADBD_ROOT=1",
"-DALLOW_ADBD_DISABLE_VERITY=1",
"-DALLOW_ADBD_NO_AUTH",
],
},
},
}
1.2 system/core/adb/ services.cpp修改如下:
void restart_root_service(int fd, void *cookie) {
if (getuid() == 0) {
WriteFdExactly(fd, "adbd is already running as root\n");
adb_close(fd);
} else {
// 注释掉以下判断,默认允许root
/*if (!__android_log_is_debuggable()) {
WriteFdExactly(fd, "adbd cannot run as root in production builds\n");
adb_close(fd);
return;
}*/
android::base::SetProperty("service.adb.root", "1");
WriteFdExactly(fd, "restarting adbd as root\n");
adb_close(fd);
}
}10.0平台相关修改移到 system/core/adb/daemon/restart_service.cpp
void restart_root_service(unique_fd fd) {
if (getuid() == 0) {
WriteFdExactly(fd.get(), "adbd is already running as root\n");
return;
}
/* if (!__android_log_is_debuggable()) {
WriteFdExactly(fd.get(), "adbd cannot run as root in production builds\n");
return;
}*/
LOG(INFO) << "adbd restarting as root";
android::base::SetProperty("service.adb.root", "1");
WriteFdExactly(fd.get(), "restarting adbd as root\n");
}
1.3 关闭SeLinux ,system/core/init/init.cpp 修改如下:
enum selinux_enforcing_status { SELINUX_PERMISSIVE, SELINUX_ENFORCING };
static selinux_enforcing_status selinux_status_from_cmdline() {
selinux_enforcing_status status = SELINUX_ENFORCING;
import_kernel_cmdline(false, [&](const std::string& key, const std::string& value, bool in_qemu) {
if (key == "androidboot.selinux" && value == "permissive") {
status = SELINUX_PERMISSIVE;
}
});
//return status;
return SELINUX_PERMISSIVE;
}
static bool selinux_is_enforcing(void)
{
if (ALLOW_PERMISSIVE_SELINUX) {
return selinux_status_from_cmdline() == SELINUX_ENFORCING;
}
//return true;
return false;
}9.0以后平台相关修改移到 system/core/init/selinux.cpp 文件
enum EnforcingStatus { SELINUX_PERMISSIVE, SELINUX_ENFORCING };
EnforcingStatus StatusFromCmdline() {
EnforcingStatus status = SELINUX_ENFORCING;
… …
//return status;
return SELINUX_PERMISSIVE;
}
bool IsEnforcing() {
if (ALLOW_PERMISSIVE_SELINUX) {
return StatusFromCmdline() == SELINUX_ENFORCING;
}
//return true;
return false;
}1.4 system/core/adb/daemon/main.cpp 修改如下:
static bool should_drop_capabilities_bounding_set() {
If (ALLOW_ADBD_ROOT || is_device_unlocked()) {
if (__android_log_is_debuggable()) {
return false;
}
}
//return true;
return false;
}1.5 system/core/liblog/properties.c 修改如下:
LIBLOG_ABI_PUBLIC int __android_log_is_debuggable() {
… …
unlock();
}
//return ret;
return 1;
}
二、user版本开启串口log
kernel/msm-4.9/arch/arm64/configs/*product*-perf_defconfig 添加如下
CONFIG_SERIAL_MSM=y
CONFIG_SERIAL_MSM_CONSOLE=y
三、user版本获取dmesg 方法
3.1 在/device/qcom/sepolicy/vendor/common/shell.te修改如下:
diff --git a/vendor/common/shell.te b/vendor/common/shell.te
index 901b56c..13f7b20 100644
--- a/vendor/common/shell.te
+++ b/vendor/common/shell.te
@@ -35,3 +35,4 @@ r_dir_file(shell, qti_logkit_pub_data_file)
# allow shell permissions to perf
get_prop(shell, vendor_mpctl_prop);
+allow shell kernel:system { syslog_read };
3.2 解决se冲突,在system/sepolicy/下修改如下:
diff --git a/prebuilts/api/28.0/public/app.te b/prebuilts/api/28.0/public/app.te
index 439c1f8..3b664ce 100644
--- a/prebuilts/api/28.0/public/app.te
+++ b/prebuilts/api/28.0/public/app.te
@@ -509,7 +509,7 @@ neverallow appdomain
proc:dir_file_class_set write;
# Access to syslog(2) or /proc/kmsg.
-neverallow appdomain kernel:system { syslog_read syslog_mod syslog_console };
+neverallow { appdomain -shell } kernel:system { syslog_read syslog_mod syslog_console };
# SELinux is not an API for apps to use
neverallow { appdomain -shell } *:security { compute_av check_context };
diff --git a/public/app.te b/public/app.te
index 439c1f8..3b664ce 100644
--- a/public/app.te
+++ b/public/app.te
@@ -509,7 +509,7 @@ neverallow appdomain
proc:dir_file_class_set write;
# Access to syslog(2) or /proc/kmsg.
-neverallow appdomain kernel:system { syslog_read syslog_mod syslog_console };
+neverallow { appdomain -shell } kernel:system { syslog_read syslog_mod syslog_console };
# SELinux is not an API for apps to use
neverallow { appdomain -shell } *:security { compute_av check_context };
本文地址:https://blog.csdn.net/tq501501/article/details/114312093
黄山市民网:https://www.huangshanshimin.com/
