上篇博客中分析过adb root pc到adbd的流程,这篇博客我们再来讲下adb root是adbd重启并且获取root的流程。我们再来回顾之前的函数:
void restart_root_service(int fd, void *cookie) {
if (getuid() == 0) {//uid为0,说明已经是root了
WriteFdExactly(fd, "adbd is already running as root\n");
adb_close(fd);
} else {
char value[PROPERTY_VALUE_MAX];
property_get("ro.debuggable", value, "");
if (strcmp(value, "1") != 0) {//不是1,不允许adb root
WriteFdExactly(fd, "adbd cannot run as root in production builds\n");
adb_close(fd);
return;
}
property_set("service.adb.root", "1");//设置该属性
WriteFdExactly(fd, "restarting adbd as root\n");
adb_close(fd);
}
}
这个函数最终是设置了service.adb.root这个属性,我们再从init.rc中看下:
on property:service.adb.root=1