网站开发前景好吗,海南创想,wordpress图片点击放大,有哪些做相册视频剪辑的网站背景 由于项目#xff08;MTK平台#xff09;上要实现userroot的版本#xff0c;供特殊用户使用。Android T上的方案无效#xff0c;经历了各种搜索查看资料#xff0c;和bsp大佬一起通宵奋战#xff0c;整出了方案。梳理记录下#xff0c;有需要的同学可以参考。
Root… 背景 由于项目MTK平台上要实现userroot的版本供特殊用户使用。Android T上的方案无效经历了各种搜索查看资料和bsp大佬一起通宵奋战整出了方案。梳理记录下有需要的同学可以参考。
Root代码实现原理 系统判断是否有root权限的地方在system/packages/modules/adb/daemon/main.cpp里面
should_drop_privileges()函数返回false表明可以root。
auth_required 是否需要adb鉴权adb弹框确认false时默认授权adb鉴权权限不需要弹框确认。
userdebug 版本可以root是因为ro.secure 0,代码路径build/core/main.mk 在should_drop_privileges()里面有判断
else # !user_variant# Turn on checkjni for non-user builds.ADDITIONAL_SYSTEM_PROPERTIES ro.kernel.android.checkjni1# Set device insecure for non-user builds.ADDITIONAL_SYSTEM_PROPERTIES ro.secure0
static bool should_drop_privileges() {// The properties that affect adb root and adb unroot are ro.secure and// ro.debuggable. In this context the names dont make the expected behavior// particularly obvious.//// ro.debuggable:// Allowed to become root, but not necessarily the default. Set to 1 on// eng and userdebug builds.//// ro.secure:// Drop privileges by default. Set to 1 on userdebug and user builds.bool ro_secure android::base::GetBoolProperty(ro.secure, true);bool ro_debuggable __android_log_is_debuggable();// Drop privileges if ro.secure is set...bool drop ro_secure;// ... except adb root lets you keep privileges in a debuggable build.std::string prop android::base::GetProperty(service.adb.root, );bool adb_root (prop 1);bool adb_unroot (prop 0);if (ro_debuggable adb_root) {drop false;}// ... and adb unroot lets you explicitly drop privileges.if (adb_unroot) {drop true;}return drop;
}
实现中遇到的问题 1selinux问题主要解决问题 2缺少su 和remount执行的bin文件
具体实现方案和步骤 1特殊版本标识CUSTOM_ROOT_VERSIONyes编译版本时需要export下该环境变量 2添加flag路径build/core/soong_config.mk
--- a/core/soong_config.mkb/core/soong_config.mk-58,6 58,9 $(call add_json_bool, Debuggable, $(filter userdebug eng,$(TARGET_BUILD_VARIANT)))$(call add_json_bool, Eng, $(filter eng,$(TARGET_BUILD_VARIANT)))
$(call add_json_bool, ROOTVersion, $(filter yes,$(CUSTOM_ROOT_VERSION)))$(call add_json_str, DeviceName, $(TARGET_DEVICE)) 3),添加root版本的数据声明设置root相关的flag需要
--- a/android/variable.gob/android/variable.go-151,6 151,14 }} ROOTVersion struct {Cflags []stringCppflags []stringInit_rc []string}Pdk struct {Enabled *bool android:arch_variant} android:arch_variant-315,6 323,9 UseRBED8 *bool json:,omitemptyDebuggable *bool json:,omitemptyEng *bool json:,omitemptyROOTVersion *bool json:,omitemptyTreble_linker_namespaces *bool json:,omitempty
4),添加su 和 remount 模块在产品的mk文件中添加
PRODUCT_PACKAGES remount
PRODUCT_PACKAGES su
5)在文件系统模块fs_mgr中添加ROOTVersion相应的flagproperty_service中设置ro.secure和ro.debuggable的值
--- a/fs_mgr/Android.bpb/fs_mgr/Android.bp-118,6 118,14 -DALLOW_ADBD_DISABLE_VERITY1,],},ROOTVersion: {cppflags: [-UALLOW_ADBD_DISABLE_VERITY,-DALLOW_ADBD_DISABLE_VERITY1,],},},header_libs: [libfiemap_headers,-248,6 256,17 clean_scratch_files.rc,],},ROOTVersion: {cppflags: [-UALLOW_ADBD_DISABLE_VERITY,-DALLOW_ADBD_DISABLE_VERITY1,],init_rc: [clean_scratch_files.rc,],},},symlinks: [clean_scratch_files,--- a/init/Android.bpb/init/Android.bp-149,6 149,13 -DSHUTDOWN_ZERO_TIMEOUT1,],},ROOTVersion: {cppflags: [-DROOT_VERSION,],},uml: {cppflags: [-DUSER_MODE_LINUX],},--- a/init/property_service.cppb/init/property_service.cpp-1328,6 1328,19 }} bool adbAuthorized false;
#ifdef ROOT_VERSIONadbAuthorized true;
#endifif (adbAuthorized) {InitPropertySet(ro.adb.secure, 0);InitPropertySet(ro.debuggable, 1);}
for (const auto [name, value] : properties) {
6adb模块添加权限的判断和5中设置属性的值有重复此处是为了确保生效。有时间的同学可以验证下去掉这一步看是否生效。
should_drop_privileges()函数最后添加
#ifdef CUSTON_ROOT_VERSIONreturn false;
#endif
drop_privileges()函数最后添加
#ifdef CUSTON_ROOT_VERSIONauth_requiredfalse;
#endif
7),最重要的一步更换sepolicy文件为debug版本的
(1)添加sepolicysrc文件是debug版本的修改路径system/sepolicy/android.bp
--- a/Android.bpb/Android.bp},}se_policy_cil {name: userdebug_plat_sepolicy_debug.cil,src: :userdebug_plat_sepolicy.conf,additional_cil_files: [:sepolicy_technical_debt{.plat_private}],dist: {targets: [droidcore],},
}
// A copy of the userdebug_plat_policy in GSI.
(2),同路径下mk文件加入编译
--- a/Android.mkb/Android.mkLOCAL_REQUIRED_MODULES \userdebug_plat_sepolicy.cil \ifeq ($(strip $(CUSTOM_ROOT_VERSION)),yes)
LOCAL_REQUIRED_MODULES \userdebug_plat_sepolicy_root.cil
endif
(3)代码中加载sepolicy地方GetUserdebugPlatformPolicyFile()也使用上面生成的sepolicy文件代码路径system/core/init/selinux.cpp std::optionalconst char* GetUserdebugPlatformPolicyFile() {
#ifdef DF_VERSIONreturn /system/etc/selinux/userdebug_plat_sepolicy_root.cil;
#endif
至此Android U版本userrootremount方案修改完成。
