Modify the file:
system/extras/su/su.c
system/core/include/private/android_filesystem_config.h
system/core/libcutils/fs_config.c
frameworks/base/core/jni/com_android_internal_os_Zygote.cpp
frameworks/base/cmds/app_process/app_main.cpp
device/qcom/msm8909/BoardConfig.mk
Purpose: In order to obtain root permissions by calling su in the application layer App, and then execute some commands.
system/extras/su/su.c
In the "main" function, comment out the verification condition of uid:
//uid_t current_uid = getuid();
//if (current_uid != AID_ROOT && current_uid != AID_SHELL) error(1, 0, "not allowed");
system/core/libcutils/fs_config.c
Modify the permission configuration related content of the su program:
/* the following two files are INTENTIONALLY set-uid, but they
* are NOT included on user builds. */
{ 06755, AID_ROOT, AID_SHELL, 0, "system/xbin/su" },
frameworks/base/core/jni/com_android_internal_os_Zygote.cpp
Comment out the following:
static void DropCapabilitiesBoundingSet(JNIEnv* env) {
/*
for (int i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >= 0; i++) {
int rc = prctl(PR_CAPBSET_DROP, i, 0, 0, 0);
if (rc == -1) {
if (errno == EINVAL) {
ALOGE("prctl(PR_CAPBSET_DROP) failed with EINVAL. Please verify "
"your kernel is compiled with file capabilities support");
} else {
RuntimeAbort(env, __LINE__, "prctl(PR_CAPBSET_DROP) failed");
}
}
}
*/
}
frameworks/base/cmds/app_process/app_main.cpp
Comment out the following in the "main" function:
/*
if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) < 0) {
// Older kernels don't understand PR_SET_NO_NEW_PRIVS and return
// EINVAL. Don't die on such kernels.
if (errno != EINVAL) {
LOG_ALWAYS_FATAL("PR_SET_NO_NEW_PRIVS failed: %s", strerror(errno));
return 12;
}
}
*/
device/qcom/msm8909/BoardConfig.mk
Add the SELinux setting "androidboot.selinux=permissive" to the startup parameter "BOARD_KERNEL_CMDLINE" to relax permissions:
BOARD_KERNEL_CMDLINE := console=ttyHSL0,115200,n8 androidboot.selinux=permissive androidboot.console=ttyHSL0 androidboot.hardware=qcom msm_rtb.filter=0x237 ehci-hcd.park=3 androidboot.bootdevice=7824900.sdhci lpm_levels.sleep_disabled=1 earlyprintk
or
BOARD_KERNEL_CMDLINE := androidboot.selinux=permissive