Android6.0 修改源码使app获取root权限

Android 6.0

1、  alps\system\extras\su, 修改su.c

int main(int argc, char** argv) {

   uid_t current_uid = getuid();

#ifndef CUSTOM_ROOT

         if (current_uid != AID_ROOT && current_uid != AID_SHELL) error(1, 0, "not allowed");//kang

#endif

 

2、alps\system\core\libcutils,修改fs_config.c(老版本修改\alps\system\core\include\private\android_filesystem_config.h)

#ifdef CUSTOM_ROOT

         { 06755, AID_ROOT,      AID_SHELL,     0, "system/xbin/su" },

#else

    { 04750, AID_ROOT,      AID_SHELL,     0, "system/xbin/su" },

#endif

    { 06755, AID_ROOT,      AID_ROOT,      0, "system/xbin/librank" },

    { 06755, AID_ROOT,      AID_ROOT,      0, "system/xbin/procrank" },

    { 06755, AID_ROOT,      AID_ROOT,      0, "system/xbin/procmem" },

    { 04770, AID_ROOT,      AID_RADIO,     0, "system/bin/pppd-ril" },

 

    /* the following files have enhanced capabilities and ARE included in user builds. */

    { 00750, AID_ROOT,      AID_SHELL,     (1ULL << CAP_SETUID) | (1ULL << CAP_SETGID), "system/bin/run-as" },

    { 00700, AID_SYSTEM,    AID_SHELL,     (1ULL << CAP_BLOCK_SUSPEND), "system/bin/inputflinger" },

 

    { 00750, AID_ROOT,      AID_ROOT,      0, "system/bin/uncrypt" },

    { 00750, AID_ROOT,      AID_ROOT,      0, "system/bin/install-recovery.sh" },

#ifdef CUSTOM_ROOT

         { 06755, AID_ROOT,      AID_ROOT,      0, "system/bin/su" },//kang

#endif

    { 00755, AID_ROOT,      AID_SHELL,     0, "system/bin/*" },

    { 00755, AID_ROOT,      AID_ROOT,      0, "system/lib/valgrind/*" },

 

3、修改alps\frameworks\base\cmds\app_process\app_main.cpp

int main(int argc, char* const argv[])

{

#ifndef CUSTOM_ROOT

    if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) < 0) {

        // Older kernels don't understand PR_SET_NO_NEW_PRIVS and return

        // EINVAL. Don't die on such kernels.

        if (errno != EINVAL) {

            LOG_ALWAYS_FATAL("PR_SET_NO_NEW_PRIVS failed: %s", strerror(errno));

            return 12;

        }

    }//kang

#endif

4、修改alps\frameworks\base\core\jni\com_android_internal_os_Zygote.cpp

static void DropCapabilitiesBoundingSet(JNIEnv* env) {

#ifndef CUSTOM_ROOT 

    for (int i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >= 0; i++) {

        int rc = prctl(PR_CAPBSET_DROP, i, 0, 0, 0);

        if (rc == -1) {

          if (errno == EINVAL) {

            ALOGE("prctl(PR_CAPBSET_DROP) failed with EINVAL. Please verify "

                  "your kernel is compiled with file capabilities support");

          } else {

            ALOGE("prctl(PR_CAPBSET_DROP) failed");

            RuntimeAbort(env);

          }

        }

    }//kang

#endif

}

5、修改alps\system\core\adb\adb_main.cpp

static bool should_drop_privileges() {

#ifdef CUSTOM_ROOT

         return false;//kang

#endif

#ifdef MTK_ALLOW_ADBD_ROOT

    return false;

#endif

 

6、修改alps\system\core\init\init.cpp,关掉selinux

static bool selinux_is_enforcing(void)

{

#ifdef CUSTOM_ROOT

    return false;

#endif//kang

 

    if (ALLOW_DISABLE_SELINUX) {

        return selinux_status_from_cmdline() == SELINUX_ENFORCING;

    }

    return true;

}

 

7、注意在所用相关文件的Android.mk中添加入宏,

include $(CLEAR_VARS)

 

#kang

ifeq ($(TARGET_BUILD_VARIANT),userdebug)

         LOCAL_DEX_PREOPT:=false

         LOCAL_CFLAGS += -DCUSTOM_ROOT

endif




转:http://blog.csdn.net/q1183345443/article/details/77711643

展开阅读全文

没有更多推荐了,返回首页