允许所有用户申请root权限

最新推荐文章于 2022-10-22 14:29:50 发布

FE421504975

最新推荐文章于 2022-10-22 14:29:50 发布

阅读量1.5k

点赞数

分类专栏： android

本文链接：https://blog.csdn.net/FE421504975/article/details/8446728

版权

android 专栏收录该内容

61 篇文章 2 订阅

订阅专栏

源码如下：

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <dirent.h>
#include <errno.h>
#include <sys/stat.h>

#include <unistd.h>
#include <time.h>

#include <pwd.h>

#include <sqlite3.h>
#define LOG_TAG   "su-binary"
#define LOG_NDEBUG 0
#include <cutils/log.h>

#define DBPATH "/data/data/com.koushikdutta.superuser/databases/superuser.sqlite"

static int g_puid;

static void printRow(int argc, char** argv, char** azColName)
{
	int i;
	for (i = 0; i < argc; i++)
	{
		printf("%s: %s\n", azColName[i], argv[i]);
	}
}

typedef struct whitelistCallInfo whitelistCallInfo;
struct whitelistCallInfo
{
	sqlite3* db;
	int count;
};

static int whitelistCallback(void *data, int argc, char **argv, char **azColName)
{	
	whitelistCallInfo* callInfo = (whitelistCallInfo*)data;
	// note the count
	int count = atoi(argv[2]);
	callInfo->count = count;
	// remove whitelist entries that are expired
	if (count - 1 <= 0)
	{
		char remove[1024];
		sprintf(remove, "delete from whitelist where _id='%s';", argv[0]);
		sqlite3_exec(callInfo->db, remove, NULL, NULL, NULL);
		return 0;
	}

	char update[1024];
	sprintf(update, "update whitelist set count=%d where _id='%s';", count, argv[0]);
	sqlite3_exec(callInfo->db, update, NULL, NULL, NULL);
	return 0;
}

static int checkWhitelist()
{
	sqlite3 *db;
	int rc = sqlite3_open_v2(DBPATH, &db, SQLITE_OPEN_READWRITE, NULL);
	if (!rc)
	{
		char *errorMessage;
		char query[1024];
		sprintf(query, "select * from whitelist where _id=%d limit 1;", g_puid);
		struct whitelistCallInfo callInfo;
		callInfo.count = 0;
		callInfo.db = db;
		rc = sqlite3_exec(db, query, whitelistCallback, &callInfo, &errorMessage);
		if (rc != SQLITE_OK)
		{
			sqlite3_close(db);
			return 0;
		}
		sqlite3_close(db);
		return callInfo.count;
	}
	sqlite3_close(db);
	return 0;
}

static int executionFailure(char *context)
{
	ALOGV("su: %s. Error:%s\n", context, strerror(errno));
	return -errno;
}

static int permissionDenied()
{
	// the superuser activity couldn't be started
	ALOGV("su: permission denied\n");
	return 1;
}

int main(int argc, char **argv)
{
	struct stat stats;
	struct passwd *pw;
	int uid = 0;
	int gid = 0;

	int ppid = getppid();
	char szppid[256];
	sprintf(szppid, "/proc/%d", ppid);
	stat(szppid, &stats);
	g_puid = stats.st_uid;

	ALOGE("----su-----");
	if(setgid(gid) || setuid(uid)) 
		return permissionDenied();

	char *exec_args[argc + 1];
	exec_args[argc] = NULL;
	exec_args[0] = "sh";
	int i;
	for (i = 1; i < argc; i++)
	{
		ALOGV("argv[%d]=%s", i, argv[i]);
		exec_args[i] = argv[i];
	}
	execv("/system/bin/sh", exec_args);
	return executionFailure("sh");
}

添加一个Android.mk

#ifeq ($(BOARD_USES_ROOT_SU),true)

LOCAL_PATH:= $(call my-dir)
include $(CLEAR_VARS)

LOCAL_SRC_FILES:= su.c

LOCAL_MODULE:= su

LOCAL_STATIC_LIBRARIES := libc 

LOCAL_MODULE_PATH := $(TARGET_OUT_OPTIONAL_EXECUTABLES)
LOCAL_MODULE_TAGS := debug tests

LOCAL_C_INCLUDES += \
	$(LOCAL_PATH)/../../../external/sqlite/dist \
	$(LOCAL_PATH)/../../../external/sqlite/android 

LOCAL_SHARED_LIBRARIES := \
	libsqlite \
	libcutils
	
include $(BUILD_EXECUTABLE)

#endif

编译生产su可执行文件，拷贝到system/xbin/目录下，并修改权限

chown root root /system/xbin/su
chmod 6755 /system/xbin/su

到此，所有用户就可以申请root权限了

FE421504975

关注

0
点赞
踩
2

收藏

觉得还不错? 一键收藏
0
评论
允许所有用户申请root权限

源码如下：#include #include #include #include #include #include #include #include #include #include #include #define LOG_TAG "su-binary"#define LOG_NDEBUG 0#include #define DBPATH "/d
复制链接

扫一扫