|
|
EDA365欢迎您登录!
您需要 登录 才可以下载或查看,没有帐号?注册
x
3 z; o4 I7 J0 C, X9 G3 [9 z7 t
关闭selinux
& S; i7 s; A% x5 h U2 U修改此文件("+"号为修改内容): |- ^' N" b$ S
% i2 Y$ c! }3 W/ Y2 ~device/rockchip/common/BoardConfig.mk- o T0 j, Q w, z
BOARD_BOOT_HEADER_VERSION ?= 2. i1 t `# I+ R8 ]* Y3 `
BOARD_MKBOOTIMG_ARGS :=8 F# I, o5 K5 P3 Z
BOARD_PREBUILT_DTBOIMAGE ?= $(TARGET_DEVICE_DIR)/dtbo.img
# p% G2 B a/ }BOARD_ROCKCHIP_VIRTUAL_AB_ENABLE ?= false0 K- R6 p; |7 t$ @9 h5 R
-BOARD_SELINUX_ENFORCING ?= true4 }, j' i. o K5 O
+BOARD_SELINUX_ENFORCING ?= false/ A1 p4 L6 J# i: h
" N* J" t5 N* ?3 S) X3 r9 W
$ C7 Q A) q& U" o7 d7 \1 d6 w4 |& R
, w' _7 l/ i+ y6 m
注释用户组权限检测- W+ D2 j [$ D! c$ k
修改此文件("+"号为修改内容)
7 s* g* H! q, S7 G$ B2 j
9 W( ]3 ]" B/ X7 h3 p8 W1 xsystem/extras/su/su.cpp
/ S. D l: {5 k- v3 e: I; `, x4 ~. L3 Q+ m! L9 q
void extract_uidgids(const char* uidgids, uid_t* uid, gid_t*+ t* u# z' d5 `0 r3 a9 P: }
gid, gid_t* gids, i: a, o' x3 g6 |& F5 u! v1 H
}
; ^; O" X' J% ]3 lint main(int argc, char** argv) {0 Z& @) z. J" d
- uid_t current_uid = getuid();4 ^$ E4 g6 h r, x3 [& w6 c
- if (current_uid != AID_ROOT && current_uid != AID_SHELL) error(1, 0, "notallowed");
" t( o) |- u( I# p9 E+ //uid_t current_uid = getuid();$ H3 l5 M1 q* y' k( i
+ //if (current_uid != AID_ROOT && current_uid != AID_SHELL) error(1, 0, "notallowed");8 H5 |7 f1 \. a" G% a: |& t
3 F1 K9 o, A; w# V, ]. }" a( J' q) y) J/ {& c0 P2 M: p3 ?6 n
; O" s9 ^/ ^0 m( Z
给su文件默认授予root权限8 |$ q+ X) J2 _* h* k; C
修改此文件("+"号为修改内容)
4 m1 B: [8 v8 m7 Isystem/core/libcutils/fs_config.cpp
0 P: a ?9 J& a8 t
, B! h7 P+ M" K) ]+ E& w4 d8 Vstatic const struct fs_path_config android_dirs[] = {
9 t$ L& `1 Z* o { 00751, AID_ROOT, AID_SHELL, 0, "system/bin" },
5 c' u- k: M8 U( P% r7 V9 V) K7 ^ { 00755, AID_ROOT, AID_ROOT, 0, "system/etc/ppp" },+ I9 ~* U/ E" d% g/ A- {
{ 00755, AID_ROOT, AID_SHELL, 0, "system/vendor" },
" O& |7 [$ Y* B1 H" d: O- { 00750, AID_ROOT, AID_SHELL, 0, "system/xbin" },; H2 u+ K4 q2 R. L7 t- ^
+ { 00755, AID_ROOT, AID_SHELL, 0, "system/xbin" },
) t# |4 {' ~+ X) L { 00751, AID_ROOT, AID_SHELL, 0, "system/apex/*/bin" },
; ~$ v+ M. N0 R8 m, @" N0 E { 00751, AID_ROOT, AID_SHELL, 0, "system_ext/bin" },, {( ~" N, Z) z4 b2 D
{ 00751, AID_ROOT, AID_SHELL, 0, "system_ext/apex/*/bin" },, k6 D+ n, [) L" `$ x& R2 Z
static const struct fs_path_config android_files[] = {& l- t: Z; j% E3 K! O M" ^1 a; I! P
// the following two files are INTENTIONALLY set-uid, but they
. O( W+ K0 I0 L2 B. I // are NOT included on user builds.
! q) d; M3 r m6 @+ Z# | { 06755, AID_ROOT, AID_ROOT, 0, "system/xbin/procmem" },
8 }; M5 F: ]$ s! V, ?6 A- { 04750, AID_ROOT, AID_SHELL, 0, "system/xbin/su" },9 t2 a9 H u) D' C1 x$ e
+ { 06755, AID_ROOT, AID_SHELL, 0, "system/xbin/su" },
6 x3 i9 g& t, i% l6 Z7 l) \然后修改此文件("+"号为修改内容)
+ D- n* K# I' W) s6 f* mframeworks/base/core/jni/com_android_internal_os_Zygote.cpp
) c- m* x+ P1 \static void DropCapabilitiesBoundingSet(fail_fn_t fail_fn) { d6 r* X2 C8 {" K' O6 `0 ]
+/*
0 B- L5 k8 @0 Z' h# ? for (int i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >= 0; i++) {;% {: ^0 B( Q( ~6 \- W7 v
if (prctl(PR_CAPBSET_DROP, i, 0, 0, 0) == -1) {, l6 |" e0 f# J9 V3 Y9 X
if (errno == EINVAL) {+ X) F d! r# g- r0 L
ALOGE("prctl(PR_CAPBSET_DROP) failed with EINVAL. Please verify "/ K# b: U! t: I- v7 C5 h. G
"your kernel is compiled with file capabilities support");. p+ F2 Q" t9 l* Z+ ]
} else {3 `7 C z4 |) D `( p9 t
fail_fn(CREATE_ERROR("prctl(PR_CAPBSET_DROP, %d) failed: %s", i, strerror(errno)));/ A( z( s6 n _+ W2 i5 v, z
}
& [# q5 }' S- l9 s4 A }& E/ { I5 V# }* n4 x
}2 ]* f3 o2 H; o+ i. f7 e! q D, d
+ */
4 D5 U: ^6 k i% A}
- j; x% e, d7 R1 G最后修改此文件("+"号为修改内容)
% A9 s& X+ l/ U4 b" skernel-5.10/security/commoncap.c
2 d2 Q9 K( n3 [- j: {int cap_task_setnice(struct task_struct *p, int nice)' |$ c- W0 N* c% X$ L1 z3 ^
static int cap_prctl_drop(unsigned long cap)
* q2 W; j0 L- z, f{: a4 c. V, O1 U( X, x3 b$ f
struct cred *new;4 i. i6 N. E& y7 d4 \* T4 I
+/*7 V- b' G% R0 E
if (!ns_capable(current_user_ns(), CAP_SETPCAP))' @; e, A# p/ o5 E+ E( Q( F x/ Y
return -EPERM;
" ^3 z! ~7 _' H0 l- h) N) K- D if (!cap_valid(cap))- O6 ]: l) b' h. ? F* L" S r) _$ R
return -EINVAL;2 w" [5 \5 G3 `9 t$ o: T
-
8 K7 |9 }, z' G. R+ K, D+*/9 |0 r* n" x" I
new = prepare_creds();
u/ O* x3 N$ d$ U" D3 B" E, M) }1 s7 W' }' m z7 u" p
3 @1 h- x! J9 y9 v( w
) i& ]$ P5 Q% t2 j. c3 b! j9 ~
源码编译并验证固件是否ROOT
* w8 C, }2 m5 k: R6 l" Q: c修改完上面三个步骤的文件后,重新编译内核和安卓源码,执行以下命令: N& Z4 z& F Q
# make -j4- x$ t# I/ D. P5 n8 ~5 `1 \; n, ]
下载RootChecker测试APK软件包(自行下载),可通过ADB命令或者U盘安装,安装后按照提示点击按钮检查root。2 ~ I; O5 ^& C) L
![]() 7 [/ v' L/ P6 X
root成功如图: ![]() 6 w, ?7 x5 U3 Z+ m |
7 i, i/ v9 V" {$ Z$ C |
|
/1 
楼主
收藏
淘帖
支持!
反对!
发表于 2025-1-8 15:49