RK3562编译Android13 ROOT固件教程

深圳触觉科技

关闭selinux
修改此文件（"+"号为修改内容）
# R, G+ F; H! m
! l) t2 I$ _) Q9 U* \device/rockchip/common/BoardConfig.mk
5 z- W8 x3 P# I6 v% ]BOARD_BOOT_HEADER_VERSION ?= 2
+ T) z3 ^' ?; D' a% LBOARD_MKBOOTIMG_ARGS :=
) t6 P4 U: T; L. ~3 Y2 zBOARD_PREBUILT_DTBOIMAGE ?= $(TARGET_DEVICE_DIR)/dtbo.img
BOARD_ROCKCHIP_VIRTUAL_AB_ENABLE ?= false
4 e2 X: x4 A# v, E6 I-BOARD_SELINUX_ENFORCING ?= true
' Z! P2 _* ?+ X; v; @  I+BOARD_SELINUX_ENFORCING ?= false
1 y4 t2 C& P' q: p6 u  O3 i


/ V; q$ ]3 g$ R1 k( Y注释用户组权限检测
4 F9 o. p3 n7 w3 D修改此文件（"+"号为修改内容）
/ t' m8 C  z% N1 x9 b+ W; {9 N
system/extras/su/su.cpp
% [! I+ j$ w: s) e0 U! X
void extract_uidgids(const char* uidgids, uid_t* uid, gid_t*
% {: |+ Z; y$ X4 [+ r/ b, Dgid, gid_t* gids, i
}
int main(int argc, char** argv) {
- uid_t current_uid = getuid();
7 k, S. A" o  \/ F6 S! D! w- if (current_uid != AID_ROOT && current_uid != AID_SHELL) error(1, 0, "notallowed");
+ //uid_t current_uid = getuid();
4 Z: }+ A4 J$ l% W2 v6 O# `+ //if (current_uid != AID_ROOT && current_uid != AID_SHELL) error(1, 0, "notallowed");
6 F+ t$ \- c# B4 k0 f0 @( O
, h, n" t  u- ~/ _6 u" Y3 N

给su文件默认授予root权限
: G# }3 K& l) ]# X4 N- v修改此文件（"+"号为修改内容）
system/core/libcutils/fs_config.cpp
2 U5 ]6 S  b. m6 U5 C, D7 `6 H
static const struct fs_path_config android_dirs[] = {
8 x# m1 }4 p( s; k5 E/ l     { 00751, AID_ROOT,         AID_SHELL,        0, "system/bin" },
! }* m, R4 G% S6 ?" w     { 00755, AID_ROOT,         AID_ROOT,         0, "system/etc/ppp" },
2 V# c5 v  ]' b7 X     { 00755, AID_ROOT,         AID_SHELL,        0, "system/vendor" },
) w, n3 u/ o- Q: H-    { 00750, AID_ROOT,         AID_SHELL,        0, "system/xbin" },
6 A) a) G* L0 W/ e+ o. ~+    { 00755, AID_ROOT,         AID_SHELL,        0, "system/xbin" },
7 [! m8 N$ c, k. n( f7 ^     { 00751, AID_ROOT,         AID_SHELL,        0, "system/apex/*/bin" },
9 Q9 l- Z; J6 \% d! t     { 00751, AID_ROOT,         AID_SHELL,        0, "system_ext/bin" },
     { 00751, AID_ROOT,         AID_SHELL,        0, "system_ext/apex/*/bin" },
static const struct fs_path_config android_files[] = {
     // the following two files are INTENTIONALLY set-uid, but they
     // are NOT included on user builds.
& I- g, g7 M" G9 c6 }% I' B0 H     { 06755, AID_ROOT,      AID_ROOT,      0, "system/xbin/procmem" },
-    { 04750, AID_ROOT,      AID_SHELL,     0, "system/xbin/su" },
& N$ m1 P* v! {& P( }+    { 06755, AID_ROOT,      AID_SHELL,     0, "system/xbin/su" },
然后修改此文件（"+"号为修改内容）
frameworks/base/core/jni/com_android_internal_os_Zygote.cpp
' d: E$ ]3 c# W1 m) d  s3 Ustatic void DropCapabilitiesBoundingSet(fail_fn_t fail_fn) {
+/*
  for (int i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >= 0; i++) {;
, f1 W7 H' y8 y  R3 k! J    if (prctl(PR_CAPBSET_DROP, i, 0, 0, 0) == -1) {
      if (errno == EINVAL) {
, q' K9 }! [5 v. t7 E6 Z+ |        ALOGE("prctl(PR_CAPBSET_DROP) failed with EINVAL. Please verify "
              "your kernel is compiled with file capabilities support");
      } else {
        fail_fn(CREATE_ERROR("prctl(PR_CAPBSET_DROP, %d) failed: %s", i, strerror(errno)));
      }
! x9 N- ?  u7 D+ r, Q    }
! t( E2 `4 B9 x, c9 x+ i4 Z7 _; U  }
+ */
}
最后修改此文件（"+"号为修改内容）
% Z- D: `7 l% |/ o! X! D# O1 _. Kkernel-5.10/security/commoncap.c
int cap_task_setnice(struct task_struct *p, int nice)
7 d. p$ X# L. Y0 j: C& @' hstatic int cap_prctl_drop(unsigned long cap)
{
    struct cred *new;
+/*
    if (!ns_capable(current_user_ns(), CAP_SETPCAP))
5 q" L* i5 ?# O- X2 j    return -EPERM;
    if (!cap_valid(cap))
    return -EINVAL;
" J# V: ~+ }2 ?& @! `6 I7 V-
2 {9 u/ N7 u9 X; \9 |+ @+*/
new = prepare_creds();
$ G1 b/ r/ o9 _3 Q7 H6 N( @
- V4 ~$ p% f3 a  ^! x5 t
5 h' X1 X. F; N4 X# I+ e, M
! A) b7 ^6 U1 q9 ]- P) @源码编译并验证固件是否ROOT
修改完上面三个步骤的文件后，重新编译内核和安卓源码，执行以下命令：
# make -j4
5 Q; |' _6 l! m6 M下载RootChecker测试APK软件包（自行下载）,可通过ADB命令或者U盘安装,安装后按照提示点击按钮检查root。
; l( s6 P+ D5 N* E$ B1 F% n# v

root成功如图：

# \! j. d  K2 E  c

ybing12

程序写的很规范