Android R user root + remount 修改方案

2023-07-18 06:42| 来源: 网络整理| 查看: 265

众所周知，Android在大版本更新上对权限要求越来越严格，AndroidR上user版本包含remount权限也需要进行比较大的修改，如果只需要有root 权限，只需要如下修改即可：修改源码 system/core/adb/daemon/main.cpp

bool adb_root = (prop == "1"); bool adb_unroot = (prop == "0"); if (ro_debuggable && adb_root) { drop = false; } // ... and "adb unroot" lets you explicitly drop privileges. if (adb_unroot) { drop = true; } -- return drop; ++ return false; }

system/core/init/selinux.cpp

bool IsEnforcing() { ++ return false; { int fd(open("/mboot/selinux", O_RDONLY | O_CLOEXEC | O_BINARY));

如果需要remount权限，则需要新增如下修改：

diff --git a/adb/Android.bp b/adb/Android.bp index dee48bf..604d1dd 100644 --- a/adb/Android.bp +++ b/adb/Android.bp @@ -594,6 +594,11 @@ ], } }, + required: [ + "libadbd_auth", + "libadbd_fs", + "remount", + ], } phony { diff --git a/adb/daemon/main.cpp b/adb/daemon/main.cpp index 658e244..28c4f92 100644 --- a/adb/daemon/main.cpp +++ b/adb/daemon/main.cpp @@ -91,7 +91,7 @@ drop = true; } - return drop; + return false; } static void drop_privileges(int server_port) { @@ -210,9 +210,9 @@ #if defined(__ANDROID__) // If we're on userdebug/eng or the device is unlocked, permit no-authentication. - bool device_unlocked = "orange" == android::base::GetProperty("ro.boot.verifiedbootstate", ""); + bool device_unlocked = true; if (__android_log_is_debuggable() || device_unlocked) { - auth_required = android::base::GetBoolProperty("ro.adb.secure", false); + auth_required = false; } #endif diff --git a/fs_mgr/Android.bp b/fs_mgr/Android.bp index ac784b2..5abcecd 100644 --- a/fs_mgr/Android.bp +++ b/fs_mgr/Android.bp @@ -79,16 +79,9 @@ "libfstab", ], cppflags: [ - "-DALLOW_ADBD_DISABLE_VERITY=0", + "-UALLOW_ADBD_DISABLE_VERITY", + "-DALLOW_ADBD_DISABLE_VERITY=1", ], - product_variables: { - debuggable: { - cppflags: [ - "-UALLOW_ADBD_DISABLE_VERITY", - "-DALLOW_ADBD_DISABLE_VERITY=1", - ], - }, - }, header_libs: [ "libfiemap_headers", "libstorage_literals_headers", @@ -193,16 +186,9 @@ "fs_mgr_remount.cpp", ], cppflags: [ - "-DALLOW_ADBD_DISABLE_VERITY=0", + "-UALLOW_ADBD_DISABLE_VERITY", + "-DALLOW_ADBD_DISABLE_VERITY=1", ], - product_variables: { - debuggable: { - cppflags: [ - "-UALLOW_ADBD_DISABLE_VERITY", - "-DALLOW_ADBD_DISABLE_VERITY=1", - ], - }, - }, required: [ "clean_scratch_files", ], diff --git a/fs_mgr/fs_mgr_remount.cpp b/fs_mgr/fs_mgr_remount.cpp index def1c21..4e4113d 100644 --- a/fs_mgr/fs_mgr_remount.cpp +++ b/fs_mgr/fs_mgr_remount.cpp @@ -144,7 +144,7 @@ // If somehow this executable is delivered on a "user" build, it can // not function, so providing a clear message to the caller rather than // letting if fall through and provide a lot of confusing failure messages. - if (!ALLOW_ADBD_DISABLE_VERITY || (android::base::GetProperty("ro.debuggable", "0") != "1")) { + if (!ALLOW_ADBD_DISABLE_VERITY) { LOG(ERROR) - { + return false; + { int fd(open("/mboot/selinux", O_RDONLY | O_CLOEXEC | O_BINARY)); if (fd != -1) { char v = 0xff; diff --git a/set-verity-state/set-verity-state.cpp b/set-verity-state/set-verity-state.cpp index 0a26aba..478e2bb 100644 --- a/set-verity-state/set-verity-state.cpp +++ b/set-verity-state/set-verity-state.cpp @@ -130,16 +130,17 @@ static bool overlayfs_setup(bool enable) { auto change = false; - errno = 0; - if (enable ? fs_mgr_overlayfs_teardown(nullptr, &change) - : fs_mgr_overlayfs_setup(nullptr, nullptr, &change)) { - if (change) { - printf("%s overlayfs\n", enable ? "disabling" : "using"); - } - } else if (errno) { - printf("Overlayfs %s failed with error %s\n", enable ? "teardown" : "setup", strerror(errno)); - suggest_run_adb_root(); - } +// errno = 0; +// if (enable ? fs_mgr_overlayfs_teardown(nullptr, &change) +// : fs_mgr_overlayfs_setup(nullptr, nullptr, &change)) { +// if (change) { +// printf("%s overlayfs\n", enable ? "disabling" : "using"); +// } +// } else if (errno) { +// printf("Overlayfs %s failed with error %s\n", enable ? "teardown" : "setup", strerror(errno)); +// suggest_run_adb_root(); +// } + printf("overlayfs_setup %d\n", enable); return change; }

对于非Go版本，即使用Google mainline的adb，需要删掉mainline的adb，并关闭编译期ssi检查：禁用ssi: vendor/sprd/feature_configs/vendorsetup.sh

# lunch if needed, if --unisoc_fc_device xx , will lunch xx otherwise, do nothing if [ -n "$feature_device" ] ; then _wrap_dry_run $dry_run lunch $feature_device fi export PRODUCT_SET_CARRIERS=$revision_keys ++ export SKIP_SSI_AUDIT=true

删除mainline adb:

diff --git a/AdbdPrebuilt/Android.bp b/AdbdPrebuilt/Android.bp deleted file mode 100644 index d3cb4f5..0000000 --- a/AdbdPrebuilt/Android.bp +++ /dev/null @@ -1,21 +0,0 @@ -// -// Copyright (C) 2020 The Android Open Source Project -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// -apex_set { - name: "com.google.android.adbd", - owner: "google", - overrides: ["com.android.adbd"], - set: "com.google.android.adbd.apks", -} diff --git a/build/mainline_modules_r.mk b/build/mainline_modules_r.mk index 77c132f..89f4f6f 100644 --- a/build/mainline_modules_r.mk +++ b/build/mainline_modules_r.mk @@ -47,7 +47,6 @@ # Mainline modules - APEX type PRODUCT_PACKAGES += \ - com.google.android.adbd \ com.google.android.conscrypt \ com.google.android.permission \ com.google.android.ipsec \

【本文地址】

公司简介

联系我们