客户的apk运行报错Cannot run program "su": error=13, Permission denied
,查看报错日志,发现是客户apk想使用su命令提权,但是没有权限!
系统这边做修改,让su权限下放到三方应用.
userdebug版本,
adb shell getenforce 为Permissive(宽容模式)
修改之前:/ $ ls -al system/xbin/su
-rwsr-x--- 1 root shell 11192 2024-08-07 01:31 system/xbin/su
修改之后:/ $ ls -al system/xbin/su
-rwsr-sr-x 1 root shell 11632 2024-08-02 08:48 system/xbin/su
r 只读
w 只写
x 只执行
RK Android 11:关闭selinux
+++ b/device/rockchip/common/BoardConfig.mk
@@ -59,7 +59,7 @@ BOARD_BOOT_HEADER_VERSION ?= 2
BOARD_MKBOOTIMG_ARGS :=
-BOARD_SELINUX_ENFORCING ?= true
+BOARD_SELINUX_ENFORCING ?= false
Android 13:关闭selinux
bool IsEnforcing() {
return false;
// if (ALLOW_PERMISSIVE_SELINUX) {
// return StatusFromProperty() == SELINUX_ENFORCING;
// }
// return true;
}
Android 13 diff
+++ b/system/core/libcutils/fs_config.cpp
@@ -86,7 +86,7 @@ static const struct fs_path_config android_dirs[] = {
{ 00751, AID_ROOT, AID_SHELL, 0, "system/bin" },
{ 00755, AID_ROOT, AID_ROOT, 0, "system/etc/ppp" },
{ 00755, AID_ROOT, AID_SHELL, 0, "system/vendor" },
- { 00750, AID_ROOT, AID_SHELL, 0, "system/xbin" },
+ { 00751, AID_ROOT, AID_SHELL, 0, "system/xbin" },//update text
{ 00751, AID_ROOT, AID_SHELL, 0, "system/apex/*/bin" },
{ 00751, AID_ROOT, AID_SHELL, 0, "system_ext/bin" },
{ 00751, AID_ROOT, AID_SHELL, 0, "system_ext/apex/*/bin" },
@@ -190,7 +190,7 @@ static const struct fs_path_config android_files[] = {
// the following two files are INTENTIONALLY set-uid, but they
// are NOT included on user builds.
{ 06755, AID_ROOT, AID_ROOT, 0, "system/xbin/procmem" },
- { 04750, AID_ROOT, AID_SHELL, 0, "system/xbin/su" },
+ { 06755, AID_ROOT, AID_SHELL, 0, "system/xbin/su" },//update text
SELinux,全称Security-Enhanced Linux,是一种基于Linux内核的安全机制。它通过强制访问控制(MAC)来增强Linux系统的安全性,
对于保护系统资源和防止未经授权访问非常有帮助!
如果不禁用SELinux,完成下面的修改可能会导致设备进入Recovery界面!(这是关键!)
Android14之禁掉Selinux的两种方式(一百七十四)
Android 13 aosp 默认关闭SELinux
修改文件清单
frameworks/base/core/jni/com_android_internal_os_Zygote.cpp
kernel/security/commoncap.c
system/core/libcutils/fs_config.cpp
system/extras/su/su.cpp
diff
+++ b/frameworks/base/core/jni/com_android_internal_os_Zygote.cpp
@@ -658,7 +658,7 @@ static void EnableKeepCapabilities(fail_fn_t fail_fn) {
}
static void DropCapabilitiesBoundingSet(fail_fn_t fail_fn) {
- for (int i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >= 0; i++) {;
+ /*for (int i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >= 0; i++) {;
if (prctl(PR_CAPBSET_DROP, i, 0, 0, 0) == -1) {
if (errno == EINVAL) {
ALOGE("prctl(PR_CAPBSET_DROP) failed with EINVAL. Please verify "
@@ -667,7 +667,7 @@ static void DropCapabilitiesBoundingSet(fail_fn_t fail_fn) {
fail_fn(CREATE_ERROR("prctl(PR_CAPBSET_DROP, %d) failed: %s", i, strerror(errno)));
}
}
- }
+ }*/
}
+++ b/system/core/libcutils/fs_config.cpp
@@ -190,7 +190,7 @@ static const struct fs_path_config android_files[] = {
// the following two files are INTENTIONALLY set-uid, but they
// are NOT included on user builds.
{ 06755, AID_ROOT, AID_ROOT, 0, "system/xbin/procmem" },
- { 04750, AID_ROOT, AID_SHELL, 0, "system/xbin/su" },
+ { 06755, AID_ROOT, AID_SHELL, 0, "system/xbin/su" },
// the following files have enhanced capabilities and ARE included
// in user builds.
+++ b/kernel/security/commoncap.c
static int cap_prctl_drop(unsigned long cap)
{
struct cred *new;
+/*
if (!ns_capable(current_user_ns(), CAP_SETPCAP))
return -EPERM;
if (!cap_valid(cap))
return -EINVAL;
+*/
new = prepare_creds();
if (!new)
return -ENOMEM;
//对当前进程的uid 做一个鉴权,当不是 ROOT 或 SHELL 用户的时候直接抛异常,注释掉
+++ b/system/extras/su/su.cpp
@@ -80,8 +80,8 @@ void extract_uidgids(const char* uidgids, uid_t* uid, gid_t* gid, gid_t* gids, i
}
int main(int argc, char** argv) {
- uid_t current_uid = getuid();
- if (current_uid != AID_ROOT && current_uid != AID_SHELL) error(1, 0, "not allowed");
+ //uid_t current_uid = getuid();
+ //if (current_uid != AID_ROOT && current_uid != AID_SHELL) error(1, 0, "not allowed");
// Handle -h and --help.
++argv;
Android11、12 修改系统获取root权限(su权限)
Android11编译第六弹:user版本增加su+内置root用户