本文原博客:http://hubingforever.blog.163.com/blog/static/171040579201372915716149/
在Android源码的system\extras(比如Android4.0\system\extras)下新建一个目录,比如su_robin目录
在su_robin目录下包含以三个文件:
su.h文件
#ifndef SU_h#define SU_h 1#ifdef LOG_TAG#undef LOG_TAG#endif#define LOG_TAG "robin"#define REQUESTOR "com.noshufou.android.su"#define REQUESTOR_DATA_PATH "/data/data/" REQUESTOR#define REQUESTOR_CACHE_PATH "/dev/" REQUESTOR#define REQUESTOR_DATABASES_PATH REQUESTOR_DATA_PATH "/databases"#define REQUESTOR_DATABASE_PATH REQUESTOR_DATABASES_PATH "/permissions.sqlite"/* intent actions */#define ACTION_REQUEST REQUESTOR ".REQUEST"#define ACTION_RESULT REQUESTOR ".RESULT"#define DEFAULT_SHELL "/system/bin/sh"#ifdef SU_LEGACY_BUILD#define VERSION_EXTRA "l"#else#define VERSION_EXTRA ""#endif#define VERSION "3.1.1" VERSION_EXTRA#define VERSION_CODE 17#define DATABASE_VERSION 6#define PROTO_VERSION 0struct su_initiator {pid_t pid ;unsigned uid ;char bin [ PATH_MAX ];char args [ 4096 ];};struct su_request {unsigned uid ;int login ;int keepenv ;char * shell ;char * command ;char ** argv ;int argc ;int optind ;};struct su_context {struct su_initiator from ;struct su_request to ;mode_t umask ;};enum {DB_INTERACTIVE ,DB_DENY ,DB_ALLOW};#endif
注意,这里的很多东西是多余。
su.c文件
#include <sys/types.h>#include <sys/socket.h>#include <sys/un.h>#include <sys/wait.h>#include <sys/select.h>#include <sys/time.h>#include <unistd.h>#include <limits.h>#include <fcntl.h>#include <errno.h>#include <endian.h>#include <stdio.h>#include <stdlib.h>#include <string.h>#include <getopt.h>#include <stdint.h>#include <pwd.h>#include <private/android_filesystem_config.h>#include <cutils/properties.h>#include <cutils/log.h>#include "su.h"int main ( int argc , char * argv []){LOGI ( "hello !robin-su begin %d !" , getuid ());printf ( "hello !robin-su begin" );int uid = 0 ;int gid = 0 ;if ( setgid ( gid ) || setuid ( uid )) {LOGI ( "robin su: permission denied\n" );fprintf ( stderr , "su: permission denied\n" );return 1 ;}char command [ 1024 ];LOGI("hello !robin-su end %d !",getuid());printf ( "hello !robin-su end" );/* Default exec shell. */execlp ( "/system/bin/sh" , "sh" , NULL );fprintf ( stderr , "su: exec failed\n" );return 1 ;}
LOCAL_PATH := $ ( call my - dir )include $ ( CLEAR_VARS )LOCAL_MODULE := surLOCAL_SRC_FILES := su . cLOCAL_STATIC_LIBRARIES := \liblog \libc \LOCAL_MODULE_PATH := $ ( TARGET_OUT_OPTIONAL_EXECUTABLES )LOCAL_MODULE_TAGS := eng debugLOCAL_FORCE_STATIC_EXECUTABLE := trueinclude $ ( BUILD_EXECUTABLE )
编译Android源码,生成rom
如果你还不知道如何编译Android源码,请参照
在out\target\product\generic\system\xbin目录下找到生成的可执行文件
sur,就是我们自己制作的su文件
通过adb push命令将其推送到手机上的
system\xbin目录,
通过执行系统原来自己带的su切换到root用户,对手机上sur文件执行
chmod
6
777 sur命令。
使文件属性变为
rwsrwsrwx,如下所示
rw
s
rwsrwx root root 58960 2013-08-29 11:31
sur
然后你可以
通过执行系统原来自己带的sur切换到root用户
结束!
6613
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
