Android6.0 修改原始碼使app獲取root許可權
Android 6.0
1、 alps\system\extras\su, 修改su.c
int main(int argc, char** argv) { uid_t current_uid = getuid(); #ifndef CUSTOM_ROOT if (current_uid != AID_ROOT && current_uid != AID_SHELL) error(1, 0, "not allowed");//kang #endif |
2、alps\system\core\libcutils,修改fs_config.c(老版本修改\alps\system\core\include\private\android_filesystem_config.h)
#ifdef CUSTOM_ROOT { 06755, AID_ROOT, AID_SHELL, 0, "system/xbin/su" }, #else { 04750, AID_ROOT, AID_SHELL, 0, "system/xbin/su" }, #endif { 06755, AID_ROOT, AID_ROOT, 0, "system/xbin/librank" }, { 06755, AID_ROOT, AID_ROOT, 0, "system/xbin/procrank" }, { 06755, AID_ROOT, AID_ROOT, 0, "system/xbin/procmem" }, { 04770, AID_ROOT, AID_RADIO, 0, "system/bin/pppd-ril" }, /* the following files have enhanced capabilities and ARE included in user builds. */ { 00750, AID_ROOT, AID_SHELL, (1ULL << CAP_SETUID) | (1ULL << CAP_SETGID), "system/bin/run-as" }, { 00700, AID_SYSTEM, AID_SHELL, (1ULL << CAP_BLOCK_SUSPEND), "system/bin/inputflinger" }, { 00750, AID_ROOT, AID_ROOT, 0, "system/bin/uncrypt" }, { 00750, AID_ROOT, AID_ROOT, 0, "system/bin/install-recovery.sh" }, #ifdef CUSTOM_ROOT { 06755, AID_ROOT, AID_ROOT, 0, "system/bin/su" },//kang #endif { 00755, AID_ROOT, AID_SHELL, 0, "system/bin/*" }, { 00755, AID_ROOT, AID_ROOT, 0, "system/lib/valgrind/*" }, |
3、修改alps\frameworks\base\cmds\app_process\app_main.cpp
int main(int argc, char* const argv[]) { #ifndef CUSTOM_ROOT if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) < 0) { // Older kernels don't understand PR_SET_NO_NEW_PRIVS and return // EINVAL. Don't die on such kernels. if (errno != EINVAL) { LOG_ALWAYS_FATAL("PR_SET_NO_NEW_PRIVS failed: %s", strerror(errno)); return 12; } }//kang #endif |
4、修改alps\frameworks\base\core\jni\com_android_internal_os_Zygote.cpp
static void DropCapabilitiesBoundingSet(JNIEnv* env) { #ifndef CUSTOM_ROOT for (int i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >= 0; i++) { int rc = prctl(PR_CAPBSET_DROP, i, 0, 0, 0); if (rc == -1) { if (errno == EINVAL) { ALOGE("prctl(PR_CAPBSET_DROP) failed with EINVAL. Please verify " "your kernel is compiled with file capabilities support"); } else { ALOGE("prctl(PR_CAPBSET_DROP) failed"); RuntimeAbort(env); } } }//kang #endif } |
5、修改alps\system\core\adb\adb_main.cpp
static bool should_drop_privileges() { #ifdef CUSTOM_ROOT return false;//kang #endif #ifdef MTK_ALLOW_ADBD_ROOT return false; #endif |
6、修改alps\system\core\init\init.cpp,關掉selinux
static bool selinux_is_enforcing(void) { #ifdef CUSTOM_ROOT return false; #endif//kang if (ALLOW_DISABLE_SELINUX) { return selinux_status_from_cmdline() == SELINUX_ENFORCING; } return true; } |
7、注意在所用相關檔案的Android.mk中新增入巨集,
include $(CLEAR_VARS) #kang ifeq ($(TARGET_BUILD_VARIANT),userdebug) LOCAL_DEX_PREOPT:=false LOCAL_CFLAGS += -DCUSTOM_ROOT endif 轉:http://blog.csdn.net/q1183345443/article/details/77711643 |