EDA365电子论坛网

标题: RK3562编译Android13 ROOT固件教程 [打印本页]
作者: 深圳触觉科技    时间: 2025-1-8 00:15
标题: RK3562编译Android13 ROOT固件教程

& ]. G; r8 y+ P. m5 _关闭selinux
$ W2 L3 ^3 L0 ]/ j* e修改此文件("+"号为修改内容)
2 F$ T; ^! p( r7 f3 v
& N4 R4 J" M& d/ \' pdevice/rockchip/common/BoardConfig.mk( H5 A& i, `6 Q& S
BOARD_BOOT_HEADER_VERSION ?= 2
: \- I, N* g+ h; ~- t4 `' Y+ WBOARD_MKBOOTIMG_ARGS :=+ E& B' j* \% n3 I3 Q
BOARD_PREBUILT_DTBOIMAGE ?= $(TARGET_DEVICE_DIR)/dtbo.img
$ ]% Y0 f- K" mBOARD_ROCKCHIP_VIRTUAL_AB_ENABLE ?= false: W  G  T. w1 x3 C4 ?' @
-BOARD_SELINUX_ENFORCING ?= true2 Y( P0 i4 A6 a, m, s5 a: @+ V) \1 \
+BOARD_SELINUX_ENFORCING ?= false
5 o3 q+ F" Q2 }! a8 c- l4 l6 j' D$ J* B" n

$ a% Y. I$ Z0 W6 X3 x9 ?/ u% u2 \& b
: ?" T+ [2 O, m2 P注释用户组权限检测3 v9 W5 V/ c. X. g; r# T+ o
修改此文件("+"号为修改内容)9 i- E: w( t) x% P
3 n% }7 g4 q5 o  E( {
system/extras/su/su.cpp: d+ g5 S8 L* m  v
0 U" _0 a5 F7 a0 P" S+ q
void extract_uidgids(const char* uidgids, uid_t* uid, gid_t*
- ]* @: T% H3 Egid, gid_t* gids, i
9 o5 @$ w* L. S) N0 e}1 u1 Q" c5 o- v& M
int main(int argc, char** argv) {
# s" [7 R: J2 b' Q' {- uid_t current_uid = getuid();$ k  [/ R& }- I; j- x0 A
- if (current_uid != AID_ROOT && current_uid != AID_SHELL) error(1, 0, "notallowed");5 N' I' g% Z) w" M
+ //uid_t current_uid = getuid();5 Q1 R& @0 W* o7 K6 e) g& I5 s
+ //if (current_uid != AID_ROOT && current_uid != AID_SHELL) error(1, 0, "notallowed");
& U$ @, J7 C5 ~" `: u: `+ C* ~7 u

* }% O) d. h& r/ S* U0 |4 M8 e8 h
7 R' H4 U; R0 H给su文件默认授予root权限
' L! f9 |' ^6 ]修改此文件("+"号为修改内容)
/ X, `( R2 r8 [0 k1 i. L6 b& fsystem/core/libcutils/fs_config.cpp$ }% b- p% H1 h- t( o6 G

+ o$ R, A& _* k( {  vstatic const struct fs_path_config android_dirs[] = {
. E5 e* G% z7 z3 `. W3 d2 l     { 00751, AID_ROOT,         AID_SHELL,        0, "system/bin" },
* J9 [" h( w: ^% W& T3 @     { 00755, AID_ROOT,         AID_ROOT,         0, "system/etc/ppp" },
- E, j: w& F' U     { 00755, AID_ROOT,         AID_SHELL,        0, "system/vendor" },1 A$ K0 o* z4 k( F& H& Q! W
-    { 00750, AID_ROOT,         AID_SHELL,        0, "system/xbin" },, t' q# _2 q6 d3 D/ H
+    { 00755, AID_ROOT,         AID_SHELL,        0, "system/xbin" },/ `. e3 x" z# Q' n" X& ?$ ?$ A5 m
     { 00751, AID_ROOT,         AID_SHELL,        0, "system/apex/*/bin" },
5 \  j0 M. ?: K' A$ b     { 00751, AID_ROOT,         AID_SHELL,        0, "system_ext/bin" },
! V7 E; M/ S' _6 J( ~7 `* |8 ~: s! [     { 00751, AID_ROOT,         AID_SHELL,        0, "system_ext/apex/*/bin" },
+ i' Q& s$ r8 ]. H& [/ s% wstatic const struct fs_path_config android_files[] = {8 D0 Y& I" [3 I* [/ x$ k
     // the following two files are INTENTIONALLY set-uid, but they, _  \9 W- q1 T
     // are NOT included on user builds.
' ?- B) N. j( @9 ?# S     { 06755, AID_ROOT,      AID_ROOT,      0, "system/xbin/procmem" },
0 H* x) ^2 f( n; P-    { 04750, AID_ROOT,      AID_SHELL,     0, "system/xbin/su" },
& g$ r9 [, v+ ~! ]+    { 06755, AID_ROOT,      AID_SHELL,     0, "system/xbin/su" },
# s8 M' \9 c; O7 Z7 M' F5 x$ c然后修改此文件("+"号为修改内容)
* [* p$ Y. u# P: y3 Aframeworks/base/core/jni/com_android_internal_os_Zygote.cpp
( ^: z5 |$ z8 i) P! Q) t2 Mstatic void DropCapabilitiesBoundingSet(fail_fn_t fail_fn) {
, m: _8 P5 e# m+/*3 l7 }: X7 P3 D6 F- D
  for (int i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >= 0; i++) {;, K" |% |8 @) U0 H+ G) f5 ?) ^
    if (prctl(PR_CAPBSET_DROP, i, 0, 0, 0) == -1) {
. m: ]- A" \5 ~  F      if (errno == EINVAL) {
  E/ S6 U' r$ R. W        ALOGE("prctl(PR_CAPBSET_DROP) failed with EINVAL. Please verify "
, M6 A9 _# M: {( ~3 ^" N# e: _% A              "your kernel is compiled with file capabilities support");; v5 Y5 y! ^4 l  |* |
      } else {
$ \' [& A6 N7 n8 E% n$ u* i" x        fail_fn(CREATE_ERROR("prctl(PR_CAPBSET_DROP, %d) failed: %s", i, strerror(errno)));
5 H6 D% J& s0 [" w      }) o& R; a8 |5 G! }
    }
2 ?5 z  `! c% c" j- e  }
6 z' x5 _; O$ R7 j' b0 v+ */
( {/ @! }: O; Y}
# A1 W, c$ y+ \, a3 h% |最后修改此文件("+"号为修改内容)
  C! \/ r# u/ T4 K4 v& i5 ]3 l5 tkernel-5.10/security/commoncap.c$ d5 b1 v/ @8 f: D; M
int cap_task_setnice(struct task_struct *p, int nice)$ }: g( z0 P4 E. {
static int cap_prctl_drop(unsigned long cap)5 c% C" t# c$ n. E+ |
{
9 G0 U, }$ F6 P, u1 V+ l    struct cred *new;3 T5 i. q1 D9 l& W
+/*$ Q# ^0 r9 y  @# m
    if (!ns_capable(current_user_ns(), CAP_SETPCAP))7 g0 X; b% X, F% X
    return -EPERM;
3 U. A4 _1 w2 g& {2 U    if (!cap_valid(cap))% i3 k  n5 R# a: }" n3 P6 ]
    return -EINVAL;' ]: n9 ^- C5 X4 N! X! x% ^
-
: K, o# ^2 s0 g) N9 Q9 o4 a7 x& q+*/4 E: X; V2 A1 w  H( v
new = prepare_creds();2 X1 R5 v- o, p* i0 `4 v
% P( R9 S2 k- P' i" p7 S1 l* _

" _. x. w. [2 D8 \% l- t( y8 R$ L% P3 K) o
源码编译并验证固件是否ROOT( \# Z- i$ M( I: v
修改完上面三个步骤的文件后,重新编译内核和安卓源码,执行以下命令:- O3 O9 P1 B% X! Q
# make -j40 ?9 A) V! ?6 X5 n: x9 ^! j6 F
下载RootChecker测试APK软件包(自行下载),可通过ADB命令或者U盘安装,安装后按照提示点击按钮检查root。5 t0 z+ K9 p) u! f; v6 Q2 v0 h6 v

% F. n7 r8 ^4 m1 J
root成功如图:
: @; F" U& s2 _* l

4 R/ P7 l/ l! \+ a* I4 y
作者: ybing12    时间: 2025-1-8 15:49
程序写的很规范



欢迎光临 EDA365电子论坛网 (https://bbs.eda365.com/) Powered by Discuz! X3.2