第一次在沙滩写博客,写的不好欢迎大佬指正,此方案是在mtk平台验证过的,其他平台暂时没有试(主要是也没其他平台的机器),大佬有更好的方法欢迎交流。
adb root
diff --git a/alps_mssi/build/make/core/main.mk b/alps_mssi/build/make/core/main.mk
old mode 100644
new mode 100755
index c63c6dfde9e..6c8884ca62f
--- a/alps_mssi/build/make/core/main.mk
+++ b/alps_mssi/build/make/core/main.mk
@@ -365,11 +365,11 @@ enable_target_debugging := true
tags_to_install :=
ifneq (,$(user_variant))
# Target is secure in user builds.
- ADDITIONAL_SYSTEM_PROPERTIES += ro.secure=1
+ ADDITIONAL_SYSTEM_PROPERTIES += ro.secure=0
ADDITIONAL_SYSTEM_PROPERTIES += security.perf_harden=1
ifeq ($(user_variant),user)
- ADDITIONAL_SYSTEM_PROPERTIES += ro.adb.secure=1
+ ADDITIONAL_SYSTEM_PROPERTIES += ro.adb.secure=0
endif
ifeq ($(user_variant),userdebug)
@@ -377,7 +377,7 @@ ifneq (,$(user_variant))
tags_to_install += debug
else
# Disable debugging in plain user builds.
- enable_target_debugging :=
+ #enable_target_debugging :=
endif
# Disallow mock locations by default for user builds
adb root是通过改变ro.secure和ro.adb.secure这两个属性值控制开关的,0是打开,这两个属性值改成0即可。按理说只需改两个属性值就可以实现adb root,但是不关闭selinux,开发者模式是进不去的,因此还要关闭selinux,关闭selinux有两种方法,但是原理都是一样的,如下: 第一种:
diff --git a/alps_mssi/system/core/init/selinux.cpp b/alps_mssi/system/core/init/selinux.cpp
old mode 100644
new mode 100755
index 4d77d339592..74d8552dec7
--- a/alps_mssi/system/core/init/selinux.cpp
+++ b/alps_mssi/system/core/init/selinux.cpp
@@ -716,6 +716,7 @@ void ReadPolicy(std::string* policy) {
void SelinuxSetEnforcement() {
bool kernel_enforcing = (security_getenforce() == 1);
bool is_enforcing = IsEnforcing();
+ is_enforcing = false;
if (kernel_enforcing != is_enforcing) {
if (security_setenforce(is_enforcing)) {
PLOG(FATAL) << "security_setenforce(" << (is_enforcing ? "true" : "false")
第二种:
bool IsEnforcing() {
+ return false;
if (ALLOW_PERMISSIVE_SELINUX) {
return StatusFromProperty() == SELINUX_ENFORCING;
}
return true;
}
这两种方法的原理都是一样的,使is_enforcing为false即可,user版本关闭selinux会导致开不了机以及还会弹出一个“您的设备存在内部问题,有关详细信息,请联系您的制造商”的提示,下面解决关闭selinux开不了机的问题:
diff --git a/alps_ap/device/mediateksample/tb8321p3_bsp/vnd_tb8321p3_bsp.mk b/alps_ap/device/mediateksample/tb8321p3_bsp/vnd_tb8321p3_bsp.mk
old mode 100644
new mode 100755
index bc0b54c1d5c..166bcd74670
--- a/alps_ap/device/mediateksample/tb8321p3_bsp/vnd_tb8321p3_bsp.mk
+++ b/alps_ap/device/mediateksample/tb8321p3_bsp/vnd_tb8321p3_bsp.mk
@@ -28,7 +28,7 @@ ifeq ($(TARGET_BUILD_VARIANT), eng)
KERNEL_DEFCONFIG ?= tb8321p3_bsp_debug_defconfig
endif
ifeq ($(TARGET_BUILD_VARIANT), user)
-KERNEL_DEFCONFIG ?= tb8321p3_bsp_defconfig
+KERNEL_DEFCONFIG ?= tb8321p3_bsp_defconfig userdebug.config
endif
ifeq ($(TARGET_BUILD_VARIANT), userdebug)
KERNEL_DEFCONFIG ?= tb8321p3_bsp_defconfig userdebug.config
关于提示问题根据字符串找到ActivityTaskManagerService.java这个类里面的d.setMessage(mUiContext.getText(R.string.system_error_manufacturer));这行代码用到了,把下面的显示给注释掉即可:
diff --git a/alps_mssi/frameworks/base/services/core/java/com/android/server/wm/ActivityTaskManagerService.java b/alps_mssi/frameworks/base/services/core/java/com/android/server/wm/ActivityTaskManagerService.java
old mode 100644
new mode 100755
index 165f25d89ce..881143304a2
--- a/alps_mssi/frameworks/base/services/core/java/com/android/server/wm/ActivityTaskManagerService.java
+++ b/alps_mssi/frameworks/base/services/core/java/com/android/server/wm/ActivityTaskManagerService.java
@@ -5717,7 +5716,7 @@ public class ActivityTaskManagerService extends IActivityTaskManager.Stub {
d.setButton(DialogInterface.BUTTON_POSITIVE,
mUiContext.getText(R.string.ok),
mUiHandler.obtainMessage(DISMISS_DIALOG_UI_MSG, d));
- d.show();
+ //d.show();
}
});
}
apk root
首先是关闭selinux,方法同上,然后是修改su源码:
diff --git a/alps_mssi/build/make/target/product/base_system.mk b/alps_mssi/build/make/target/product/base_system.mk
old mode 100644
new mode 100755
index c919ac462b6..a5ae04484c1
--- a/alps_mssi/build/make/target/product/base_system.mk
+++ b/alps_mssi/build/make/target/product/base_system.mk
@@ -292,6 +292,11 @@ PRODUCT_PACKAGES += \
PRODUCT_PACKAGES += \
system_manifest.xml \
system_compatibility_matrix.xml \
+
+# swl add
+PRODUCT_PACKAGES += \
+ su \
+# end
diff --git a/alps_mssi/system/extras/su/su.cpp b/alps_mssi/system/extras/su/su.cpp
old mode 100644
new mode 100755
index 1a1ab6bf404..af3d2a68c76
--- a/alps_mssi/system/extras/su/su.cpp
+++ b/alps_mssi/system/extras/su/su.cpp
@@ -80,8 +80,8 @@ void extract_uidgids(const char* uidgids, uid_t* uid, gid_t* gid, gid_t* gids, i
}
int main(int argc, char** argv) {
- uid_t current_uid = getuid();
- if (current_uid != AID_ROOT && current_uid != AID_SHELL) error(1, 0, "not allowed");
+ //uid_t current_uid = getuid();
+ //if (current_uid != AID_ROOT && current_uid != AID_SHELL) error(1, 0, "not allowed");
// Handle -h and --help.
++argv;
--
然后给su文件默认root权限:
diff --git a/alps_mssi/system/core/libcutils/fs_config.cpp b/alps_mssi/system/core/libcutils/fs_config.cpp
old mode 100644
new mode 100755
index a6835fc70c1..e6b67f333be
--- a/alps_mssi/system/core/libcutils/fs_config.cpp
+++ b/alps_mssi/system/core/libcutils/fs_config.cpp
@@ -83,10 +83,10 @@ static const struct fs_path_config android_dirs[] = {
{ 00751, AID_ROOT, AID_SHELL, 0, "product/apex/*/bin" },
{ 00777, AID_ROOT, AID_ROOT, 0, "sdcard" },
{ 00751, AID_ROOT, AID_SDCARD_R, 0, "storage" },
- { 00751, AID_ROOT, AID_SHELL, 0, "system/bin" },
+ { 04755, AID_ROOT, AID_SHELL, 0, "system/bin" },
{ 00755, AID_ROOT, AID_ROOT, 0, "system/etc/ppp" },
{ 00755, AID_ROOT, AID_SHELL, 0, "system/vendor" },
- { 00750, AID_ROOT, AID_SHELL, 0, "system/xbin" },
+ { 04755, AID_ROOT, AID_SHELL, 0, "system/xbin" },
{ 00751, AID_ROOT, AID_SHELL, 0, "system/apex/*/bin" },
{ 00751, AID_ROOT, AID_SHELL, 0, "system_ext/bin" },
{ 00751, AID_ROOT, AID_SHELL, 0, "system_ext/apex/*/bin" },
@@ -190,7 +190,8 @@ static const struct fs_path_config android_files[] = {
// the following two files are INTENTIONALLY set-uid, but they
// are NOT included on user builds.
{ 06755, AID_ROOT, AID_ROOT, 0, "system/xbin/procmem" },
- { 04750, AID_ROOT, AID_SHELL, 0, "system/xbin/su" },
+ { 06755, AID_ROOT, AID_SHELL, 0, "system/xbin/su" },
+ { 06755, AID_ROOT, AID_SHELL, 0, "system/bin/su" },
// the following files have enhanced capabilities and ARE included
// in user builds.
com_android_internal_os_Zygote.cpp和commoncap.c保证apk可以设置UID和GID等操作的权限功能:
diff --git a/alps_mssi/frameworks/base/core/jni/com_android_internal_os_Zygote.cpp b/alps_mssi/frameworks/base/core/jni/com_android_internal_os_Zygote.cpp
old mode 100644
new mode 100755
index 5e50fb01c7f..980427e5b13
--- a/alps_mssi/frameworks/base/core/jni/com_android_internal_os_Zygote.cpp
+++ b/alps_mssi/frameworks/base/core/jni/com_android_internal_os_Zygote.cpp
@@ -658,7 +658,7 @@ static void EnableKeepCapabilities(fail_fn_t fail_fn) {
}
static void DropCapabilitiesBoundingSet(fail_fn_t fail_fn) {
- for (int i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >= 0; i++) {;
+ /*for (int i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >= 0; i++) {;
if (prctl(PR_CAPBSET_DROP, i, 0, 0, 0) == -1) {
if (errno == EINVAL) {
ALOGE("prctl(PR_CAPBSET_DROP) failed with EINVAL. Please verify "
@@ -667,7 +667,7 @@ static void DropCapabilitiesBoundingSet(fail_fn_t fail_fn) {
fail_fn(CREATE_ERROR("prctl(PR_CAPBSET_DROP, %d) failed: %s", i, strerror(errno)));
}
}
- }
+ }*/
}
static void SetInheritable(uint64_t inheritable, fail_fn_t fail_fn) {
这里的kernel内核型号根据自己机器所使用的为准:
diff --git a/alps_ap/kernel-4.19-lc/security/commoncap.c b/alps_ap/kernel-4.19-lc/security/commoncap.c
old mode 100644
new mode 100755
index 876cfe01d93..57899687999
--- a/alps_ap/kernel-4.19-lc/security/commoncap.c
+++ b/alps_ap/kernel-4.19-lc/security/commoncap.c
@@ -1167,10 +1167,10 @@ static int cap_prctl_drop(unsigned long cap)
{
struct cred *new;
- if (!ns_capable(current_user_ns(), CAP_SETPCAP))
+ /*if (!ns_capable(current_user_ns(), CAP_SETPCAP))
return -EPERM;
if (!cap_valid(cap))
- return -EINVAL;
+ return -EINVAL;*/
new = prepare_creds();
if (!new)
支持adb remount和disable-verity:
diff --git a/alps_ap/system/core/fs_mgr/Android.bp b/alps_ap/system/core/fs_mgr/Android.bp
old mode 100644
new mode 100755
index cd5c2d2b3e2..0698dcf66f0
--- a/alps_ap/system/core/fs_mgr/Android.bp
+++ b/alps_ap/system/core/fs_mgr/Android.bp
@@ -108,7 +108,9 @@ cc_defaults {
"libfstab",
],
cppflags: [
- "-DALLOW_ADBD_DISABLE_VERITY=0",
+ "-UALLOW_ADBD_DISABLE_VERITY",
+ "-DALLOW_ADBD_DISABLE_VERITY=1",
+
],
product_variables: {
debuggable: {
@@ -223,7 +225,9 @@ cc_binary {
"fs_mgr_remount.cpp",
],
cppflags: [
- "-DALLOW_ADBD_DISABLE_VERITY=0",
+ "-UALLOW_ADBD_DISABLE_VERITY",
+ "-DALLOW_ADBD_DISABLE_VERITY=1",
+
],
product_variables: {
debuggable: {
关闭DM-verity:
diff --git a/alps_ap/vendor/mediatek/proprietary/bootable/bootloader/preloader/custom/tb8321p3_bsp/tb8321p3_bsp.mk b/alps_ap/vendor/mediatek/proprietary/bootable/bootloader/preloader/custom/tb8321p3_bsp/tb8321p3_bsp.mk
index 868016abcb8..c21215647cd 100755
--- a/alps_ap/vendor/mediatek/proprietary/bootable/bootloader/preloader/custom/tb8321p3_bsp/tb8321p3_bsp.mk
+++ b/alps_ap/vendor/mediatek/proprietary/bootable/bootloader/preloader/custom/tb8321p3_bsp/tb8321p3_bsp.mk
@@ -2,8 +2,8 @@
TARGET=tb8321p3_bsp
MTK_PLATFORM=MT6580
MTK_SEC_CHIP_SUPPORT=yes
-MTK_SEC_USBDL=ATTR_SUSBDL_ENABLE
-MTK_SEC_BOOT=ATTR_SBOOT_ENABLE
+MTK_SEC_USBDL=ATTR_SUSBDL_DISABLE
+MTK_SEC_BOOT=ATTR_SBOOT_DISABLE
MTK_SEC_MODEM_AUTH=no
MTK_SEC_SECRO_AC_SUPPORT=yes
# Platform