1.在debug模式下更换三个刷机软件就能打开root权限
2.在root权限下更换reboot命令名称
mv /system/bin/reboot /system/bin/reboot_
3.再执行以下命令发现不生效了,说明起作用的是reboot命令
adb reboot recovery
4.找reboot命令的位置
find system/ -name Android.* | xargs -t -i grep reboot {}
5.执行以上命令在获取到的多个结果中筛选到以下结果:
6.加log
--- a/alps/system/core/reboot/reboot.c
+++ b/alps/system/core/reboot/reboot.c
@@ -21,7 +21,11 @@
#include <cutils/android_reboot.h>
#include <unistd.h>
+#include <android/log.h>
+#define LOGD(...) __android_log_print(ANDROID_LOG_DEBUG,"Test",__VA_ARGS__)
+
int main(int argc, char* argv[]) {
+ LOGD("[reboot] main...%s",argv[0]);
int ret;
size_t prop_len;
char property_val[PROPERTY_VALUE_MAX];
@@ -58,12 +62,12 @@ int main(int argc, char* argv[]) {
optarg = argv[optind];
if (!optarg || !optarg[0]) optarg = "shell";
- prop_len = snprintf(property_val, sizeof(property_val), "%s,%s", cmd, optarg);
+ prop_len = snprintf(property_val, sizeof(property_val), "%s", cmd);//最终修改点
if (prop_len >= sizeof(property_val)) {
fprintf(stderr, "%s command too long: %s\n", cmd, optarg);
exit(EXIT_FAILURE);
}
-
+ LOGD("[reboot] main...ANDROID_RB_PROPERTY=%s,property_val=%s",ANDROID_RB_PROPERTY,p
roperty_val);
ret = property_set(ANDROID_RB_PROPERTY, property_val);
--- a/alps/system/core/reboot/Android.bp
+++ b/alps/system/core/reboot/Android.bp
@@ -3,7 +3,7 @@
cc_binary {
name: "reboot",
srcs: ["reboot.c"],
- shared_libs: ["libcutils"],
+ shared_libs: ["libcutils","liblog"], //非常重要,不加则include <android/log.h>无法导入
cflags: ["-Werror"],
recovery_available: true,
}
7.log结果