RK源码文档中已经提供了 root相关补丁,具体描述如下,
apk root 功能:
rootservice function:
若产品集成的apk需要单独的root权限或者需要执行su生效,可以打开此功能。
For some app want to get root permission,or need to execute "su" commond.
如何打开:
How to open;
1.参考补丁包中源码目录,打上对应目录下的patch文件,若打不上,可以手动对比或拷贝补丁包中修改后文件;
2.在产品BoardConfig.mk中将宏BOARD_ALLOW_ROOTSERVICE设置为true。
3.重新编译系统
提示:
Tips:
可以在sdk的RKDocs/rk33328/PATCHES下找到rootservice功能的补丁包,使用其中的rootchecker应用测试是否可以root成功。
注意:
1.由于rootservice采用的是SupportSU方案,集成后开机机器root服务启动,中间会有remount操作,故会影响system的ota差异包升级,
具体原因是ota差异包会检测系统是否remount过(就算没实际修改system文件),所以打开rootservice后无法进行ota差异包升级,
若客户产品需要进行差异包升级,建议不采用此root方案;
2.此方案暂不支持user版本下使用.
但是官方的它不香啊,看到最后那行 此方案暂不支持user版本下使用 了嘛。所以我胡汉三又来了,不断突破寄几个。
修改文件清单
modified: build/make/core/main.mk
modified: system/core/adb/Android.bp
modified: system/core/adb/daemon/main.cpp
modified: system/core/fs_mgr/Android.bp
modified: system/core/init/selinux.cpp
modified: system/sepolicy/Android.mk
modified: system/sepolicy/definitions.mk
一个修改7个文件
1、让进程名称在 AS Logcat 中可见,通过修改 ro.adb.secure 和 ro.secure
build/make/core/main.mk
tags_to_install :=
ifneq (,$(user_variant))
# Target is secure in user builds.
- ADDITIONAL_DEFAULT_PROPERTIES += ro.secure=1
+ # ADDITIONAL_DEFAULT_PROPERTIES += ro.secure=1
+ ADDITIONAL_DEFAULT_PROPERTIES += ro.secure=0
ADDITIONAL_DEFAULT_PROPERTIES += security.perf_harden=1
ifeq ($(user_variant),user)
- ADDITIONAL_DEFAULT_PROPERTIES += ro.adb.secure=1
+ # ADDITIONAL_DEFAULT_PROPERTIES += ro.adb.secure=1
+ ADDITIONAL_DEFAULT_PROPERTIES += ro.adb.secure=0
endif
ifeq ($(user_variant),userdebug)
@@ -251,7 +253,7 @@ ifneq (,$(user_variant))
tags_to_install += debug
else
# Disable debugging in plain user builds.
- enable_target_debugging :=
+ # enable_target_debugging :=
endif
# Disallow mock locations by default for user builds
2、修改 SELinux权限为 Permissive
SELinux 常用状态有两个 Permissive 和 Enforcing,通过 adb shell getenforce 可查看当前所处模式
10.0 改到了 selinux.cpp 中
system/core/init/selinux.cpp
bool IsEnforcing() {
+ return false;
if (ALLOW_PERMISSIVE_SELINUX) {
return StatusFromCmdline() == SELINUX_ENFORCING;
}
3、修改 sepolicy 编译规则为 eng
system/sepolicy/Android.mk
+++ b/system/sepolicy/Android.mk
@@ -309,7 +309,7 @@ LOCAL_REQUIRED_MODULES += \
endif
-ifneq ($(TARGET_BUILD_VARIANT), user)
+ifneq ($(TARGET_BUILD_VARIANT), eng)
LOCAL_REQUIRED_MODULES += \
selinux_denial_metadata \
@@ -1104,7 +1104,7 @@ endif
ifneq ($(filter address,$(SANITIZE_TARGET)),)
local_fc_files += $(wildcard $(addsuffix /file_contexts_asan, $(PLAT_PRIVATE_POLICY)))
endif
-ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT)))
+ifneq (,$(filter user userdebug eng,$(TARGET_BUILD_VARIANT)))
local_fc_files += $(wildcard $(addsuffix /file_contexts_overlayfs, $(PLAT_PRIVATE_POLICY)))
endif
ifeq ($(TARGET_FLATTEN_APEX),true)
@@ -1166,7 +1166,7 @@ file_contexts.device.tmp :=
file_contexts.local.tmp :=
##################################
-ifneq ($(TARGET_BUILD_VARIANT), user)
+ifneq ($(TARGET_BUILD_VARIANT), eng)
include $(CLEAR_VARS)
LOCAL_MODULE := selinux_denial_metadata
system/sepolicy/definitions.mk
+++ b/alps/system/sepolicy/definitions.mk
@@ -1,10 +1,11 @@
# Command to turn collection of policy files into a policy.conf file to be
# processed by checkpolicy
define transform-policy-to-conf
@mkdir -p $(dir $@)
$(hide) m4 --fatal-warnings $(PRIVATE_ADDITIONAL_M4DEFS) \
-D mls_num_sens=$(PRIVATE_MLS_SENS) -D mls_num_cats=$(PRIVATE_MLS_CATS) \
- -D target_build_variant=$(PRIVATE_TARGET_BUILD_VARIANT) \
+ -D target_build_variant=eng \
-D target_with_dexpreopt=$(WITH_DEXPREOPT) \
-D target_arch=$(PRIVATE_TGT_ARCH) \
4、修改 adb root/remount 权限, 走 fs_mgr
system/core/adb/Android.bp
+++ b/system/core/adb/Android.bp
@@ -76,7 +76,15 @@ cc_defaults {
name: "adbd_defaults",
defaults: ["adb_defaults"],
- cflags: ["-UADB_HOST", "-DADB_HOST=0"],
+ //cflags: ["-UADB_HOST", "-DADB_HOST=0"],
+ cflags: [
+ "-UADB_HOST",
+ "-DADB_HOST=0",
+ "-UALLOW_ADBD_ROOT",
+ "-DALLOW_ADBD_ROOT=1",
+ "-DALLOW_ADBD_DISABLE_VERITY",
+ "-DALLOW_ADBD_NO_AUTH",
+ ],
product_variables: {
debuggable: {
cflags: [
@@ -403,7 +411,7 @@ cc_library {
"libcutils",
"liblog",
],
-
+ required: [ "remount",],
product_variables: {
debuggable: {
required: [
system/core/adb/daemon/main.cpp
@@ -63,12 +63,13 @@ static inline bool is_device_unlocked() {
}
static bool should_drop_capabilities_bounding_set() {
- if (ALLOW_ADBD_ROOT || is_device_unlocked()) {
+ /*if (ALLOW_ADBD_ROOT || is_device_unlocked()) {
if (__android_log_is_debuggable()) {
return false;
}
}
- return true;
+ return true;*/
+ return false;
}
static bool should_drop_privileges() {
system/core/fs_mgr/Android.bp
+++ b/alps/system/core/fs_mgr/Android.bp
@@ -76,7 +76,8 @@ cc_library {
"libfstab",
],
cppflags: [
- "-DALLOW_ADBD_DISABLE_VERITY=0",
+ "-UALLOW_ADBD_DISABLE_VERITY",
+ "-DALLOW_ADBD_DISABLE_VERITY=1",
],
product_variables: {
debuggable: {
@@ -133,7 +134,8 @@ cc_binary {
"fs_mgr_remount.cpp",
],
cppflags: [
- "-DALLOW_ADBD_DISABLE_VERITY=0",
+ "-UALLOW_ADBD_DISABLE_VERITY",
+ "-DALLOW_ADBD_DISABLE_VERITY=1",
],
product_variables: {
debuggable: {
C:>adb root
C:>adb remount
remount succeeded
好了,大功告成,一时 root 一时爽,一直 root 一直爽