电子说
前言
为了让应用程序可以直接调用su执行系统命令和获取root权限,本文基于Purple Pi OH主板的Android SDK,介绍如果修改和编译一个root版本的Android11系统,以下为sdk源码修改方法。
Purple Pi OH作为一款兼容树莓派的开源主板,采用瑞芯微RK3566 (Cortex-A55) 四核64位超强CPU,主频最高达1.8 GHz,算力高达1Tops,支持INT8/INT16,支持TensorFlow/MXNet/PyTorch/Caffe框架,多路视频输出和输入,支持4K、H.265/H.264视频解码,接口丰富。
玩法丰富,支持OpenHarmony、Ubuntu、Debian、Android等多种系统,提供丰富开源资料。
产品规格书:Purple Pi OH 产品手册
关闭selinux
device/rockchip/common/BoardConfig.mk
diff --git a/device/rockchip/common/BoardConfig.mk b/device/rockchip/common/BoardConfig.mk index e03c54f6a0..4fc6dc9868 100755 --- a/device/rockchip/common/BoardConfig.mk +++ b/device/rockchip/common/BoardConfig.mk @@ -59,7 +59,7 @@ BOARD_BOOT_HEADER_VERSION ?= 2 BOARD_MKBOOTIMG_ARGS := BOARD_PREBUILT_DTBOIMAGE ?= $(TARGET_DEVICE_DIR)/dtbo.img BOARD_ROCKCHIP_VIRTUAL_AB_ENABLE ?= false -BOARD_SELINUX_ENFORCING ?= true +BOARD_SELINUX_ENFORCING ?= false # Use the non-open-source parts, if they're present
注释用户组权限检测
system/extras/su/su.cpp
diff --git a/system/extras/su/su.cpp b/system/extras/su/su.cpp index 1a1ab6bf40..af3d2a68c7 100644 --- a/system/extras/su/su.cpp +++ b/system/extras/su/su.cpp @@ -80,8 +80,8 @@ void extract_uidgids(const char* uidgids, uid_t* uid, gid_t* gid, gid_t* gids, i } int main(int argc, char** argv) { - uid_t current_uid = getuid(); - if (current_uid != AID_ROOT && current_uid != AID_SHELL) error(1, 0, "not allowed"); + //uid_t current_uid = getuid(); + //if (current_uid != AID_ROOT && current_uid != AID_SHELL) error(1, 0, "not allowed"); // Handle -h and --help. ++argv;给su文件默认授予root权限
system/core/libcutils/fs_config.cpp
diff --git a/system/core/libcutils/fs_config.cpp b/system/core/libcutils/fs_config.cpp index 5805a4d19b..92e93e76ff 100644 --- a/system/core/libcutils/fs_config.cpp +++ b/system/core/libcutils/fs_config.cpp @@ -188,7 +188,7 @@ static const struct fs_path_config android_files[] = { // the following two files are INTENTIONALLY set-uid, but they // are NOT included on user builds. { 06755, AID_ROOT, AID_ROOT, 0, "system/xbin/procmem" }, - { 04750, AID_ROOT, AID_SHELL, 0, "system/xbin/su" }, + { 06755, AID_ROOT, AID_SHELL, 0, "system/xbin/su" }, // the following files have enhanced capabilities and ARE included // in user builds.
frameworks/base/core/jni/com_android_internal_os_Zygote.cpp
diff --git a/frameworks/base/core/jni/com_android_internal_os_Zygote.cpp b/frameworks/base/core/jni/com_android_internal_os_Zygote.cpp index 9eede83e21..d161e6fad3 100644 --- a/frameworks/base/core/jni/com_android_internal_os_Zygote.cpp +++ b/frameworks/base/core/jni/com_android_internal_os_Zygote.cpp @@ -656,7 +656,7 @@ static void EnableKeepCapabilities(fail_fn_t fail_fn) { } static void DropCapabilitiesBoundingSet(fail_fn_t fail_fn) { - for (int i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >= 0; i++) {; +/* for (int i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >= 0; i++) {; if (prctl(PR_CAPBSET_DROP, i, 0, 0, 0) == -1) { if (errno == EINVAL) { ALOGE("prctl(PR_CAPBSET_DROP) failed with EINVAL. Please verify " @@ -665,7 +665,7 @@ static void DropCapabilitiesBoundingSet(fail_fn_t fail_fn) { fail_fn(CREATE_ERROR("prctl(PR_CAPBSET_DROP, %d) failed: %s", i, strerror(errno))); } } - } + }*/ }
kernel/security/commoncap.c
diff --git a/kernel/security/commoncap.c b/kernel/security/commoncap.c index 876cfe01d9..ce87b1b780 100644 --- a/kernel/security/commoncap.c +++ b/kernel/security/commoncap.c @@ -1166,12 +1166,12 @@ int cap_task_setnice(struct task_struct *p, int nice) static int cap_prctl_drop(unsigned long cap) { struct cred *new; - +/* if (!ns_capable(current_user_ns(), CAP_SETPCAP)) return -EPERM; if (!cap_valid(cap)) return -EINVAL; - +*/ new = prepare_creds(); if (!new) return -ENOMEM;编译镜像
修改后需要重新编译内核和AOSP,Android编译需要选择rk3566_r-userdebug版本
source build/envsetup.sh lunch rk3566_r-userdebug检测验证root是否成功
可在应用程序中调用 /system/xbin/su来测试系统是否root成功
public static void RootCommand() { Process process = null; try { process = Runtime.getRuntime().exec("/system/xbin/su"); process.waitFor(); } catch (IOException | InterruptedException e) { e.printStackTrace(); } finally { if (process != null) { process.destroy(); } } }
root的系统可正常执行,而非root的系统会提示没有权限
java.io.IOException: Cannot run program "/system/xbin/su": error=13, Permission denied
审核编辑:汤梓红
全部0条评论
快来发表一下你的评论吧 !