bool IsEnforcing() {
- return false;
if (ALLOW_PERMISSIVE_SELINUX) {
return StatusFromCmdline() == SELINUX_ENFORCING;
}
修改su.cpp,注释用户组权限检测
修改:
diff --git a/su/su.cpp b/su/su.cpp
index 1a1ab6bf…c2a30c84 100644
— a/su/su.cpp
+++ b/su/su.cpp
@@ -80,8 +80,8 @@ void extract_uidgids(const char* uidgids, uid_t* uid, gid_t* gid, gid_t* gids, i
}
int main(int argc, char** argv) {
-
uid_t current_uid = getuid();
-
if (current_uid != AID_ROOT && current_uid != AID_SHELL) error(1, 0, “not allowed”);
+// uid_t current_uid = getuid();
+// if (current_uid != AID_ROOT && current_uid != AID_SHELL) error(1, 0, “not allowed”);// Handle -h and --help.
++argv;
修改su文件默认权限
修改:
diff --git a/libcutils/fs_config.cpp b/libcutils/fs_config.cpp
index a5f4f0e55…a44845ff7 100644
— a/libcutils/fs_config.cpp
+++ b/libcutils/fs_config.cpp
@@ -197,7 +197,7 @@ static const struct fs_path_config android_files[] = {
// the following two files are INTENTIONALLY set-uid, but they
// are NOT included on user builds.
{ 06755, AID_ROOT, AID_ROOT, 0, “system/xbin/procmem” },
- { 04750, AID_ROOT, AID_SHELL, 0, “system/xbin/su” },
-
{ 06755, AID_ROOT, AID_SHELL, 0, “system/xbin/su” },
// the following files have enhanced capabilities and ARE included
// in user builds.
修改:
diff --git a/core/jni/com_android_internal_os_Zygote.cpp b/core/jni/com_android_internal_os_Zygote.cpp
index 82c27f02ba8…8dadfada5f8 100644
— a/core/jni/com_android_internal_os_Zygote.cpp
+++ b/core/jni/com_android_internal_os_Zygote.cpp
@@ -540,6 +540,7 @@ static void EnableKeepCapabilities(fail_fn_t fail_fn) {
}
static void DropCapabilitiesBoundingSet(fail_fn_t fail_fn) {
+/*
for (int i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >= 0; i++) {;
if (prctl(PR_CAPBSET_DROP, i, 0, 0, 0) == -1) {
if (errno == EINVAL) {
@@ -550,6 +551,7 @@ static void DropCapabilitiesBoundingSet(fail_fn_t fail_fn) {
}
}
}
- */
}
修改:
diff --git a/security/commoncap.c b/security/commoncap.c
index 3023b4ad38a7…66acff91756d 100644
— a/security/commoncap.c
+++ b/security/commoncap.c
@@ -1146,12 +1146,12 @@ int cap_task_setnice(struct task_struct *p, int nice)
static int cap_prctl_drop(unsigned long cap)
{
struct cred *new;
最后
自我介绍一下,小编13年上海交大毕业,曾经在小公司待过,也去过华为、OPPO等大厂,18年进入阿里一直到现在。
深知大多数Java工程师,想要提升技能,往往是自己摸索成长,自己不成体系的自学效果低效漫长且无助。
因此收集整理了一份《2024年嵌入式&物联网开发全套学习资料》,初衷也很简单,就是希望能够帮助到想自学提升又不知道该从何学起的朋友,同时减轻大家的负担。
既有适合小白学习的零基础资料,也有适合3年以上经验的小伙伴深入学习提升的进阶课程,基本涵盖了95%以上嵌入式&物联网开发知识点,真正体系化!
如果你觉得这些内容对你有帮助,需要这份全套学习资料的朋友可以戳我获取!!
由于文件比较大,这里只是将部分目录大纲截图出来,每个节点里面都包含大厂面经、学习笔记、源码讲义、实战项目、讲解视频,并且后续会持续更新!!
](https://bbs.csdn.net/topics/618654289)
由于文件比较大,这里只是将部分目录大纲截图出来,每个节点里面都包含大厂面经、学习笔记、源码讲义、实战项目、讲解视频,并且后续会持续更新!!