|
|
EDA365欢迎您登录!
您需要 登录 才可以下载或查看,没有帐号?注册
x
& E/ D% k8 v% A; o: h9 d9 @4 [% B& e关闭selinux
! ^' [4 P) U9 u' c9 y; @$ x修改此文件("+"号为修改内容); G9 a4 V. t2 G$ D
! A# ]- L; _! l3 f9 I G* x, bdevice/rockchip/common/BoardConfig.mk, z! z: T0 d% y3 K/ W9 k
BOARD_BOOT_HEADER_VERSION ?= 2
7 n W6 C# M+ [* m( P9 o- J9 G# dBOARD_MKBOOTIMG_ARGS :=2 J# m! p1 S( W% P( e1 o
BOARD_PREBUILT_DTBOIMAGE ?= $(TARGET_DEVICE_DIR)/dtbo.img
8 [' q; H9 ]& _) mBOARD_ROCKCHIP_VIRTUAL_AB_ENABLE ?= false
: X7 x) o% g! g, E" U* b% k-BOARD_SELINUX_ENFORCING ?= true" M' v5 T& o$ r. e2 U) o
+BOARD_SELINUX_ENFORCING ?= false* i) l( t& j, Q) t+ Q
; w6 ^- h( w' M8 [! I
: S- d/ w1 A4 y
0 g% a) P. `" R. @% Q# f注释用户组权限检测 I$ Y5 X3 F* R: N8 w/ t& A
修改此文件("+"号为修改内容)9 h- m* Z% Z& q! P5 k/ |7 q
- B+ ?8 w9 z! @2 N4 ~8 r* R% Lsystem/extras/su/su.cpp; T# R, d3 T. m/ N
9 \/ y8 v6 m4 R& l' Dvoid extract_uidgids(const char* uidgids, uid_t* uid, gid_t*
( p, L2 T) N( T, r$ }' u8 Xgid, gid_t* gids, i
+ {, x4 u6 ~, o5 F. M0 b- `+ d}
9 T" X5 s- T& T( @9 Mint main(int argc, char** argv) {, _& m0 U6 h, |$ i w4 ~! c j+ Z5 Z
- uid_t current_uid = getuid();* w+ ?2 t6 n- g$ N9 g8 B
- if (current_uid != AID_ROOT && current_uid != AID_SHELL) error(1, 0, "notallowed");& X, u. |* n: n1 r( ]$ a
+ //uid_t current_uid = getuid();
" l/ B" J) b5 m- S) t, Q4 q' d- j+ [+ //if (current_uid != AID_ROOT && current_uid != AID_SHELL) error(1, 0, "notallowed");2 m1 g) o* v% E0 k; l% _4 F
2 z7 ^' X2 E; E% }+ d0 v
$ A) k; X# F* K0 ]# f" f
# e) ?, k, F1 X, r. I2 g$ N5 Q( |: ~给su文件默认授予root权限( _: w* M9 Q8 ~
修改此文件("+"号为修改内容)$ k8 @( c# p1 J& [2 q9 X
system/core/libcutils/fs_config.cpp9 ?+ C& P: ~ U3 j% q h1 @! f
3 I5 [+ e i, p" Y) Rstatic const struct fs_path_config android_dirs[] = {
0 U4 L; F7 V& V: c/ O { 00751, AID_ROOT, AID_SHELL, 0, "system/bin" },
, o7 i9 J; w( E7 Z- f { 00755, AID_ROOT, AID_ROOT, 0, "system/etc/ppp" },! l5 R7 N- ?1 f9 z3 {6 j: f" d% c
{ 00755, AID_ROOT, AID_SHELL, 0, "system/vendor" },
$ G7 s; _7 W/ _& \- { 00750, AID_ROOT, AID_SHELL, 0, "system/xbin" },
& G5 s# {. Q2 v2 \& x' l+ { 00755, AID_ROOT, AID_SHELL, 0, "system/xbin" },6 W; d5 y3 o3 H% o/ ^- m1 K
{ 00751, AID_ROOT, AID_SHELL, 0, "system/apex/*/bin" },
7 {: S/ U8 ~& F3 m/ k" U$ \ { 00751, AID_ROOT, AID_SHELL, 0, "system_ext/bin" },. N; |0 G, Z0 \% k
{ 00751, AID_ROOT, AID_SHELL, 0, "system_ext/apex/*/bin" },
$ B/ |- Y5 i/ I+ ]4 Q& i: {8 tstatic const struct fs_path_config android_files[] = {
) i [2 t" \) `( M8 J1 {3 n // the following two files are INTENTIONALLY set-uid, but they0 k% _+ ]9 H" l- l f
// are NOT included on user builds.
8 J6 b$ v1 F/ Z' Q( \/ q @ { 06755, AID_ROOT, AID_ROOT, 0, "system/xbin/procmem" },
2 r8 H0 ]( C8 ^$ Y, Y: ?: A- { 04750, AID_ROOT, AID_SHELL, 0, "system/xbin/su" },
- C5 o3 L+ X7 i5 U4 q( h' `6 F* ?+ { 06755, AID_ROOT, AID_SHELL, 0, "system/xbin/su" },) }0 c+ O+ d1 c3 F* g5 K
然后修改此文件("+"号为修改内容)5 M" a" L3 ~ V4 g: ?
frameworks/base/core/jni/com_android_internal_os_Zygote.cpp3 q3 [# v/ e! y, H: e+ A
static void DropCapabilitiesBoundingSet(fail_fn_t fail_fn) {( `8 d" G4 S4 r4 S Y& T4 k% g0 x
+/*: d, h2 v$ L: u. ]) F* i
for (int i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >= 0; i++) {;2 H4 K% u. M* x2 _
if (prctl(PR_CAPBSET_DROP, i, 0, 0, 0) == -1) { h, m$ o7 D1 N E
if (errno == EINVAL) {
; {' z% D' w) A" k7 Q E- u ALOGE("prctl(PR_CAPBSET_DROP) failed with EINVAL. Please verify "
) Y' w- w! J/ E+ G* k, M$ ?, P "your kernel is compiled with file capabilities support");, p# A7 @% V8 d8 q& Y4 z- E
} else {
7 @& d; {+ M6 w7 _5 P fail_fn(CREATE_ERROR("prctl(PR_CAPBSET_DROP, %d) failed: %s", i, strerror(errno)));
& {* i' t# N1 Y }
0 j4 ~# d6 r9 ?6 N }3 l0 v3 R' W) e- s
}& r! N( G/ S; \4 V
+ */7 O: j6 G/ T7 ^& q5 \2 u& M
}$ z, R- V \' t% L7 ~2 F
最后修改此文件("+"号为修改内容)
& k! |" |( D1 \+ d) Skernel-5.10/security/commoncap.c* h, {) j! l4 O+ I# {
int cap_task_setnice(struct task_struct *p, int nice)& m2 V- j; f$ b
static int cap_prctl_drop(unsigned long cap)6 g+ e2 W# @7 W$ u/ I0 m
{5 g& I- V; _. h# w% T6 b
struct cred *new;
3 u; b! q4 Z+ o. o8 I7 _' S+/*
5 R' I7 J5 k9 a! c r if (!ns_capable(current_user_ns(), CAP_SETPCAP))! u* j: Z1 q* j9 u2 ^5 U G# _7 R
return -EPERM;
# x3 l. K. C2 u7 I6 j3 A6 @ if (!cap_valid(cap))
p0 M }& N4 O% S2 n" T return -EINVAL;
7 l5 t1 u% G6 J5 X* {9 s# O9 F; x-
5 p K9 X1 ^8 ?: X+*/
2 ]9 U- V. U3 Z1 [7 ~new = prepare_creds();$ v1 ]5 C6 H6 N3 b
6 [ b r& a+ k- F5 y% F1 P7 q- i5 F. w- k" Z; B* ^- b
3 v' D2 @3 Y1 H: R/ N8 N, A' j源码编译并验证固件是否ROOT2 ~' S1 T$ c5 F* d' I. p" Q6 z
修改完上面三个步骤的文件后,重新编译内核和安卓源码,执行以下命令:
6 g/ P( s* [8 }- ]" d$ g# make -j4; F8 j; N- ~6 x- M6 b! }
下载RootChecker测试APK软件包(自行下载),可通过ADB命令或者U盘安装,安装后按照提示点击按钮检查root。6 @, R$ T! E7 i
![]() / g/ K5 b r4 ^6 b2 {
root成功如图: ![]() - V& w7 t" \0 {. |! e! H
* x* o) B, v' n! C! ^( j% V. u |
|
/1 
楼主
收藏
淘帖
支持!
反对!
发表于 2025-1-8 15:49