diff --git a/frameworks/base/cmds/app_process/app_main.cpp b/frameworks/base/cmds/app_process/app_main.cpp
old mode 100644
new mode 100755
index 2e023825a2..150fc0a93a
--- a/frameworks/base/cmds/app_process/app_main.cpp
+++ b/frameworks/base/cmds/app_process/app_main.cpp
@@ -185,14 +185,14 @@ static const char ZYGOTE_NICE_NAME[] = "zygote";
int main(int argc, char* const argv[])
{
- if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) < 0) {
+ /*if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) < 0) {
// Older kernels don't understand PR_SET_NO_NEW_PRIVS and return
// EINVAL. Don't die on such kernels.
if (errno != EINVAL) {
LOG_ALWAYS_FATAL("PR_SET_NO_NEW_PRIVS failed: %s", strerror(errno));
return 12;
}
- }
+ }*/
AppRuntime runtime(argv[0], computeArgBlockSize(argc, argv));
// Process command line arguments
diff --git a/frameworks/base/core/jni/com_android_internal_os_Zygote.cpp b/frameworks/base/core/jni/com_android_internal_os_Zygote.cpp
old mode 100644
new mode 100755
index b431a3f487..e754f571b7
--- a/frameworks/base/core/jni/com_android_internal_os_Zygote.cpp
+++ b/frameworks/base/core/jni/com_android_internal_os_Zygote.cpp
@@ -222,7 +222,7 @@ static void EnableKeepCapabilities(JNIEnv* env) {
}
static void DropCapabilitiesBoundingSet(JNIEnv* env) {
- for (int i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >= 0; i++) {
+ /* for (int i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >= 0; i++) {
int rc = prctl(PR_CAPBSET_DROP, i, 0, 0, 0);
if (rc == -1) {
if (errno == EINVAL) {
@@ -233,7 +233,7 @@ static void DropCapabilitiesBoundingSet(JNIEnv* env) {
RuntimeAbort(env);
}
}
- }
+ }*/
}
static void SetCapabilities(JNIEnv* env, int64_t permitted, int64_t effective) {
diff --git a/system/core/libcutils/fs_config.c b/system/core/libcutils/fs_config.c
old mode 100644
new mode 100755
index 9a1ad19253..71fe384f76
--- a/system/core/libcutils/fs_config.c
+++ b/system/core/libcutils/fs_config.c
@@ -123,7 +123,7 @@ static const struct fs_path_config android_files[] = {
/* the following five files are INTENTIONALLY set-uid, but they
* are NOT included on user builds. */
- { 04750, AID_ROOT, AID_SHELL, 0, "system/xbin/su" },
+ { 06755, AID_ROOT, AID_SHELL, 0, "system/xbin/su" },
{ 06755, AID_ROOT, AID_ROOT, 0, "system/xbin/librank" },
{ 06755, AID_ROOT, AID_ROOT, 0, "system/xbin/procrank" },
{ 06755, AID_ROOT, AID_ROOT, 0, "system/xbin/procmem" },
diff --git a/system/extras/su/su.c b/system/extras/su/su.c
old mode 100644
new mode 100755
index d932c1babd..2cf5381c96
--- a/system/extras/su/su.c
+++ b/system/extras/su/su.c
@@ -82,7 +82,7 @@ void extract_uidgids(const char* uidgids, uid_t* uid, gid_t* gid, gid_t* gids, i
int main(int argc, char** argv) {
uid_t current_uid = getuid();
- if (current_uid != AID_ROOT && current_uid != AID_SHELL) error(1, 0, "not allowed");
+ //if (current_uid != AID_ROOT && current_uid != AID_SHELL) error(1, 0, "not allowed");
// Handle -h and --help.
++argv;
如果代码里还是不能调用可以看下selinux权限是不是严格模式
30|root@rk312x:/ # getenforce
Permissive
这样是宽容模式 网络上很多讲selinux 这里不多赘述,只需修改烧录时的parameter.txt
里面androidboot.selinux=permissive