EDA365电子论坛网

标题: RK3562编译Android13 ROOT固件教程 [打印本页]
作者: 深圳触觉科技    时间: 2025-1-8 00:15
标题: RK3562编译Android13 ROOT固件教程
$ k) v! P. f& _: _: P3 r
关闭selinux
# f$ ^0 L- }$ v: c+ U+ Y  s修改此文件("+"号为修改内容)( _, |. p: E. V. @7 f+ o
) [; q+ |1 b  u. g, z# O
device/rockchip/common/BoardConfig.mk
9 x7 H  V+ `6 u  OBOARD_BOOT_HEADER_VERSION ?= 21 H( w: e, @2 W1 R; M
BOARD_MKBOOTIMG_ARGS :=+ d' f' P: ?# C) k0 Z/ _. \
BOARD_PREBUILT_DTBOIMAGE ?= $(TARGET_DEVICE_DIR)/dtbo.img
! Y; v  b$ ^5 l/ {: q: q5 |" V, H& PBOARD_ROCKCHIP_VIRTUAL_AB_ENABLE ?= false) d) r6 \- E2 V1 Q
-BOARD_SELINUX_ENFORCING ?= true3 o6 @7 Z! W, Z7 O
+BOARD_SELINUX_ENFORCING ?= false# u: R" F+ e- S5 s$ Z
5 ^  c2 _4 C+ t
3 ?7 K  d0 W( c# t
- y4 L3 z+ M0 c5 E2 V# D
注释用户组权限检测
/ a+ g5 C: X! I8 s修改此文件("+"号为修改内容)5 \6 |2 f* J6 y
3 E, t& B' X" I
system/extras/su/su.cpp0 V# M' m* X* r+ Z& |1 @! h

; E! O( d2 ^# w" d) Hvoid extract_uidgids(const char* uidgids, uid_t* uid, gid_t*: L% A: Y8 C7 s' Y; M/ b
gid, gid_t* gids, i
4 s7 l5 }' ?# i+ U}/ P; `+ E8 R9 G  p- W
int main(int argc, char** argv) {7 ~' @0 c. |) k$ z
- uid_t current_uid = getuid();
/ _( l4 G+ X* a  s- if (current_uid != AID_ROOT && current_uid != AID_SHELL) error(1, 0, "notallowed");
) C0 K( K+ \$ x( F( X+ //uid_t current_uid = getuid();( I; n' E8 i6 z% P( }$ j
+ //if (current_uid != AID_ROOT && current_uid != AID_SHELL) error(1, 0, "notallowed");
4 {) z/ t. \( `6 T; n( t1 O3 ]) z  I& T/ ^# ?; B

5 l3 B3 d( G' @$ e0 `1 M% c5 G
8 `  t% O  m# K给su文件默认授予root权限
: i* n/ t! R. R) Z. U7 q! U7 c" e修改此文件("+"号为修改内容)
" B& }) I) P/ }; Zsystem/core/libcutils/fs_config.cpp
' V7 |4 k, V$ h8 W4 u8 F2 _( W, x4 |# x, ^% G0 N. U, U
static const struct fs_path_config android_dirs[] = {0 `# I/ C0 S& x0 R# b$ p
     { 00751, AID_ROOT,         AID_SHELL,        0, "system/bin" },
+ X- }3 t5 |0 c. T8 S) O* m9 T     { 00755, AID_ROOT,         AID_ROOT,         0, "system/etc/ppp" },
2 X# p7 ~3 V( j$ ]     { 00755, AID_ROOT,         AID_SHELL,        0, "system/vendor" },
9 z1 P8 c' M% ]# s- U. C6 z-    { 00750, AID_ROOT,         AID_SHELL,        0, "system/xbin" },3 H8 p4 n' n5 {6 f3 N
+    { 00755, AID_ROOT,         AID_SHELL,        0, "system/xbin" },
8 N2 T8 S+ O: y2 V, \& O     { 00751, AID_ROOT,         AID_SHELL,        0, "system/apex/*/bin" },
% Z* G& q) h' Z     { 00751, AID_ROOT,         AID_SHELL,        0, "system_ext/bin" },9 P. p) h% m5 F' F! h' K# Z% ?
     { 00751, AID_ROOT,         AID_SHELL,        0, "system_ext/apex/*/bin" },
( a9 |' b+ S% c, j( Wstatic const struct fs_path_config android_files[] = {2 m" [: \  t/ H, _3 D, W# V
     // the following two files are INTENTIONALLY set-uid, but they
& a! d' _4 M' m9 O- y6 ~, x5 K9 J     // are NOT included on user builds.. y* @3 t$ E* Z* k
     { 06755, AID_ROOT,      AID_ROOT,      0, "system/xbin/procmem" },
% A- ]$ T/ L; S5 i$ \-    { 04750, AID_ROOT,      AID_SHELL,     0, "system/xbin/su" },
) u2 d" a% L! o- B  K+    { 06755, AID_ROOT,      AID_SHELL,     0, "system/xbin/su" },
$ b- x4 x+ G( q0 F. h/ C! m然后修改此文件("+"号为修改内容)
6 c2 \8 V! @) v7 ?4 L3 c8 l( Fframeworks/base/core/jni/com_android_internal_os_Zygote.cpp! R% W' j: a! f8 I
static void DropCapabilitiesBoundingSet(fail_fn_t fail_fn) {
  s; v$ v" n0 p8 u: S" @( M2 Y1 o: h+/*
! N! J3 V! y9 V% [  for (int i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >= 0; i++) {;
0 M! k6 O1 i% _* ?1 b    if (prctl(PR_CAPBSET_DROP, i, 0, 0, 0) == -1) {( }7 ]" m  W# Z3 B' W3 r
      if (errno == EINVAL) {
2 V: M2 ^! `8 ]& g* P        ALOGE("prctl(PR_CAPBSET_DROP) failed with EINVAL. Please verify "
# `0 n5 O* J# u8 F5 O) c              "your kernel is compiled with file capabilities support");
( Z4 ?5 c% \) W3 t0 w& p7 i  P, G/ B      } else {
5 H& D! s0 V; z9 j        fail_fn(CREATE_ERROR("prctl(PR_CAPBSET_DROP, %d) failed: %s", i, strerror(errno)));3 F7 S3 n% Q0 d5 F' f5 r% x
      }7 q) X* P* Y7 q6 q: j
    }
% g9 |4 x2 X1 X; X  Z4 L( H  }/ M; z, S# Y4 u4 `# }* c
+ */
% K7 I1 _4 ]. u' Z8 d  d}" a- K) T/ o% w% [. r
最后修改此文件("+"号为修改内容)& B( `; }1 a' y' d! ?2 G9 W) B2 y6 k
kernel-5.10/security/commoncap.c
% J- m6 A7 [, W1 Y1 A! _int cap_task_setnice(struct task_struct *p, int nice)
) S) ~2 u/ g4 G' S& g, M7 kstatic int cap_prctl_drop(unsigned long cap)
5 }, B" P3 k2 I' l{" h+ e' q3 [9 D. A3 ?) s  m% \
    struct cred *new;
" T5 I5 B$ r- ~# e+/*/ B9 k6 f* g$ |) V! U+ U
    if (!ns_capable(current_user_ns(), CAP_SETPCAP))5 Z" ~3 H& a6 W9 d
    return -EPERM;1 i: c* B" D& S2 T+ I
    if (!cap_valid(cap))# v0 a* d9 r- G6 h, H1 P5 X
    return -EINVAL;$ ^' i, l& t! c) W9 o/ d3 R# m) n
-
* I  y1 f6 n& B4 U5 ~+*/
0 f( |9 a; E- K' K  p: f: ^, C' Tnew = prepare_creds();! `  n: D: b+ Z- h4 E: \
# U* K4 u& D' G) n* j

1 B# p- T0 V; S; l% E- W0 P) @$ g$ m# [1 N1 r8 K! x$ z
源码编译并验证固件是否ROOT& c% ?9 u8 e' [+ T) g* k
修改完上面三个步骤的文件后,重新编译内核和安卓源码,执行以下命令:
; P3 e* {. ]% C" J' C# make -j4
1 [7 M1 p9 N6 ?3 R下载RootChecker测试APK软件包(自行下载),可通过ADB命令或者U盘安装,安装后按照提示点击按钮检查root。: ?6 D$ c9 c2 ^- K( h7 H" V: a6 _, {4 ~9 X

+ ~0 n" b3 |" h! V, U1 O5 p" g
root成功如图:
3 ~, z' I; I' o1 D" S
" K4 d! I+ u& a- O
作者: ybing12    时间: 2025-1-8 15:49
程序写的很规范



欢迎光临 EDA365电子论坛网 (https://bbs.eda365.com/) Powered by Discuz! X3.2