众所周知,Android在大版本更新上对权限要求越来越严格,AndroidR上user版本包含remount权限也需要进行比较大的修改,如果只需要有root 权限,只需要如下修改即可:
修改源码
system/core/adb/daemon/main.cpp
bool adb_root = (prop == "1");
bool adb_unroot = (prop == "0");
if (ro_debuggable && adb_root) {
drop = false;
}
// ... and "adb unroot" lets you explicitly drop privileges.
if (adb_unroot) {
drop = true;
}
-- return drop;
++ return false;
}
system/core/init/selinux.cpp
bool IsEnforcing() {
++ return false;
{
int fd(open("/mboot/selinux", O_RDONLY | O_CLOEXEC | O_BINARY));
如果需要remount权限,则需要新增如下修改:
diff --git a/adb/Android.bp b/adb/Android.bp
index dee48bf..604d1dd 100644
--- a/adb/Android.bp
+++ b/adb/Android.bp
@@ -594,6 +594,11 @@
],
}
},
+ required: [
+ "libadbd_auth",
+ "libadbd_fs",
+ "remount",
+ ],
}
phony {
diff --git a/adb/daemon/main.cpp b/adb/daemon/main.cpp
index 658e244..28c4f92 100644
--- a/adb/daemon/main.cpp
+++ b/adb/daemon/main.cpp
@@ -91,7 +91,7 @@
drop = true;
}
- return drop;
+ return false;
}
static void drop_privileges(int server_port) {
@@ -210,9 +210,9 @@
#if defined(__ANDROID__)
// If we're on userdebug/eng or the device is unlocked, permit no-authentication.
- bool device_unlocked = "orange" == android::base::GetProperty("ro.boot.verifiedbootstate", "");
+ bool device_unlocked = true;
if (__android_log_is_debuggable() || device_unlocked) {
- auth_required = android::base::GetBoolProperty("ro.adb.secure", false);
+ auth_required = false;
}
#endif
diff --git a/fs_mgr/Android.bp b/fs_mgr/Android.bp
index ac784b2..5abcecd 100644
--- a/fs_mgr/Android.bp
+++ b/fs_mgr/Android.bp
@@ -79,16 +79,9 @@
"libfstab",
],
cppflags: [
- "-DALLOW_ADBD_DISABLE_VERITY=0",
+ "-UALLOW_ADBD_DISABLE_VERITY",
+ "-DALLOW_ADBD_DISABLE_VERITY=1",
],
- product_variables: {
- debuggable: {
- cppflags: [
- "-UALLOW_ADBD_DISABLE_VERITY",
- "-DALLOW_ADBD_DISABLE_VERITY=1",
- ],
- },
- },
header_libs: [
"libfiemap_headers",
"libstorage_literals_headers",
@@ -193,16 +186,9 @@
"fs_mgr_remount.cpp",
],
cppflags: [
- "-DALLOW_ADBD_DISABLE_VERITY=0",
+ "-UALLOW_ADBD_DISABLE_VERITY",
+ "-DALLOW_ADBD_DISABLE_VERITY=1",
],
- product_variables: {
- debuggable: {
- cppflags: [
- "-UALLOW_ADBD_DISABLE_VERITY",
- "-DALLOW_ADBD_DISABLE_VERITY=1",
- ],
- },
- },
required: [
"clean_scratch_files",
],
diff --git a/fs_mgr/fs_mgr_remount.cpp b/fs_mgr/fs_mgr_remount.cpp
index def1c21..4e4113d 100644
--- a/fs_mgr/fs_mgr_remount.cpp
+++ b/fs_mgr/fs_mgr_remount.cpp
@@ -144,7 +144,7 @@
// If somehow this executable is delivered on a "user" build, it can
// not function, so providing a clear message to the caller rather than
// letting if fall through and provide a lot of confusing failure messages.
- if (!ALLOW_ADBD_DISABLE_VERITY || (android::base::GetProperty("ro.debuggable", "0") != "1")) {
+ if (!ALLOW_ADBD_DISABLE_VERITY) {
LOG(ERROR) << "only functions on userdebug or eng builds";
return NOT_USERDEBUG;
}
diff --git a/init/property_service.cpp b/init/property_service.cpp
index a89504e..8191db7 100644
--- a/init/property_service.cpp
+++ b/init/property_service.cpp
@@ -743,7 +743,7 @@
// So we need to apply the same rule of build/make/tools/post_process_props.py
// on runtime.
static void update_sys_usb_config() {
- bool is_debuggable = android::base::GetBoolProperty("ro.debuggable", false);
+ bool is_debuggable = true;
std::string config = android::base::GetProperty("persist.sys.usb.config", "");
// b/150130503, add (config == "none") condition here to prevent appending
// ",adb" if "none" is explicitly defined in default prop.
diff --git a/init/selinux.cpp b/init/selinux.cpp
index 6baada4..4b79ddb 100644
--- a/init/selinux.cpp
+++ b/init/selinux.cpp
@@ -104,7 +104,8 @@
}
bool IsEnforcing() {
- {
+ return false;
+ {
int fd(open("/mboot/selinux", O_RDONLY | O_CLOEXEC | O_BINARY));
if (fd != -1) {
char v = 0xff;
diff --git a/set-verity-state/set-verity-state.cpp b/set-verity-state/set-verity-state.cpp
index 0a26aba..478e2bb 100644
--- a/set-verity-state/set-verity-state.cpp
+++ b/set-verity-state/set-verity-state.cpp
@@ -130,16 +130,17 @@
static bool overlayfs_setup(bool enable) {
auto change = false;
- errno = 0;
- if (enable ? fs_mgr_overlayfs_teardown(nullptr, &change)
- : fs_mgr_overlayfs_setup(nullptr, nullptr, &change)) {
- if (change) {
- printf("%s overlayfs\n", enable ? "disabling" : "using");
- }
- } else if (errno) {
- printf("Overlayfs %s failed with error %s\n", enable ? "teardown" : "setup", strerror(errno));
- suggest_run_adb_root();
- }
+// errno = 0;
+// if (enable ? fs_mgr_overlayfs_teardown(nullptr, &change)
+// : fs_mgr_overlayfs_setup(nullptr, nullptr, &change)) {
+// if (change) {
+// printf("%s overlayfs\n", enable ? "disabling" : "using");
+// }
+// } else if (errno) {
+// printf("Overlayfs %s failed with error %s\n", enable ? "teardown" : "setup", strerror(errno));
+// suggest_run_adb_root();
+// }
+ printf("overlayfs_setup %d\n", enable);
return change;
}
对于非Go版本,即使用Google mainline的adb,需要删掉mainline的adb,并关闭编译期ssi检查:
禁用ssi:
vendor/sprd/feature_configs/vendorsetup.sh
# lunch if needed, if --unisoc_fc_device xx , will lunch xx otherwise, do nothing
if [ -n "$feature_device" ] ; then
_wrap_dry_run $dry_run lunch $feature_device
fi
export PRODUCT_SET_CARRIERS=$revision_keys
++ export SKIP_SSI_AUDIT=true
删除mainline adb:
diff --git a/AdbdPrebuilt/Android.bp b/AdbdPrebuilt/Android.bp
deleted file mode 100644
index d3cb4f5..0000000
--- a/AdbdPrebuilt/Android.bp
+++ /dev/null
@@ -1,21 +0,0 @@
-//
-// Copyright (C) 2020 The Android Open Source Project
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-//
-apex_set {
- name: "com.google.android.adbd",
- owner: "google",
- overrides: ["com.android.adbd"],
- set: "com.google.android.adbd.apks",
-}
diff --git a/build/mainline_modules_r.mk b/build/mainline_modules_r.mk
index 77c132f..89f4f6f 100644
--- a/build/mainline_modules_r.mk
+++ b/build/mainline_modules_r.mk
@@ -47,7 +47,6 @@
# Mainline modules - APEX type
PRODUCT_PACKAGES += \
- com.google.android.adbd \
com.google.android.conscrypt \
com.google.android.permission \
com.google.android.ipsec \