Android Root权限静默安装

为什么80%的码农都做不了架构师？>>>   

说明：用于简单记录。

1. 请求root权限，root权限静默安装

请求root

1 // 请求root权限，用这个请求root权限，等待授权管理返回 2 public static boolean upgradeRootPermission2(String pkgCodePath) { 3 String cmd = " chmod 777 " + pkgCodePath; 4 Process process = null ; 5 DataOutputStream os = null ; 6 BufferedReader br = null ; 7 StringBuilder sb = null ; 8 try { 9 process = Runtime.getRuntime().exec( " su " ); 10 os = new DataOutputStream(process.getOutputStream()); 11 os.writeBytes(cmd + " \n " ); 12 os.writeBytes( " echo return\n " ); 13 os.writeBytes( " exit\n " ); 14 br = new BufferedReader( new InputStreamReader( 15 process.getInputStream())); 16 17 sb = new StringBuilder(); 18 String temp = null ; 19 while ((temp = br.readLine()) != null ) { 20 sb.append(temp + " \n " ); 21 CLog.e( " TMS " , " temp== " + temp); 22 if ( " return " .equalsIgnoreCase(temp)) { 23 CLog.e( " TMS " , " ---------- " + sb.toString()); 24 return true ; 25 } 26 } 27 process.waitFor(); 28 } catch (Exception e) { 29 CLog.e( " TMS " , " 异常： " + e.getMessage()); 30 } finally { 31 try { 32 if (os != null ) { 33 os.flush(); 34 os.close(); 35 } 36 if (br != null ) { 37 br.close(); 38 } 39 process.destroy(); 40 } catch (Exception e) { 41 return false ; 42 } 43 } 44 return false ; 45 }

root安装

1 /** 2 * 请求ROOT权限后执行命令（最好开启一个线程） 3 * @param cmd (pm install -r *.apk) 4 * @return 5 */ 6 public static boolean installApkInRoot(File path, Context context) { 7 String cmd = " pm install -r " + path + " \n " ; 8 Process process = null ; 9 DataOutputStream os = null ; 10 BufferedReader br = null ; 11 StringBuilder sb = null ; 12 try { 13 process = Runtime.getRuntime().exec( " su " ); 14 os = new DataOutputStream(process.getOutputStream()); 15 os.writeBytes(cmd + " \n " ); 16 os.writeBytes( " exit\n " ); 17 br = new BufferedReader( new InputStreamReader( 18 process.getInputStream())); 19 20 sb = new StringBuilder(); 21 String temp = null ; 22 while ((temp = br.readLine()) != null ) { 23 sb.append(temp + " \n " ); 24 CLog.e( " TMS " , " temp== " + temp); 25 if ( " Success " .equalsIgnoreCase(temp)) { 26 CLog.e( " TMS " , " ---------- " + sb.toString()); 27 return true ; 28 } 29 } 30 process.waitFor(); 31 } catch (Exception e) { 32 CLog.e( " TMS " , " 异常： " + e.getMessage()); 33 } finally { 34 try { 35 if (os != null ) { 36 os.flush(); 37 os.close(); 38 } 39 if (br != null ) { 40 br.close(); 41 } 42 process.destroy(); 43 } catch (Exception e) { 44 return false ; 45 } 46 } 47 return false ; 48 }

 

2. 永久获取root权限

实现原理是第一次请求root权限时，将自己编译的su 拷贝到system/bin目录，后续在进行root权限操作时，调用自己的su。

91手机助手类似如此，一次请求，永久取得root权限。

1 /** 2 * 调用su获取root权限再把zlsu写到system/bin目录下 3 * 以便永久获取root权限（一旦获取成功，下次不再调用su） 4 * 5 * @param ctx 6 */ 7 public static void preparezlsu(Context ctx) { 8 try { 9 File zlsu = new File( " /system/bin/ " + Constants.ROOT_SU); 10 // if (!zlsu.exists()) 11 // { 12 // Toast toast = Toast.makeText(ctx, 13 // "Unable to find /system/bin/zlsu.", Toast.LENGTH_LONG); 14 // toast.show(); 15 // return; 16 // } 17 18 InputStream suStream = ctx.getResources().openRawResource( 19 R.raw.zlsu); 20 /** 21 * 如果zlsu存在，则和raw目录下的zlsu比较大小，大小相同则不替换 22 */ 23 if (zlsu.exists()) { 24 if (zlsu.length() == suStream.available()) { 25 suStream.close(); 26 return ; 27 } 28 } 29 30 // File superuser = new File("/system/bin/superuser"); 31 // 32 // if (superuser.exists()) 33 // { 34 // // return device to original state 35 // Process process = Runtime.getRuntime().exec("superuser"); 36 // DataOutputStream os = new 37 // DataOutputStream(process.getOutputStream()); 38 // 39 // os.writeBytes("mount -oremount,rw /dev/block/mtdblock3 /system\n"); 40 // os.writeBytes("busybox cp /system/bin/superuser /system/bin/su\n"); 41 // os.writeBytes("busybox chown 0:0 /system/bin/su\n"); 42 // os.writeBytes("chmod 4755 /system/bin/su\n"); 43 // os.writeBytes("rm /system/bin/superuser\n"); 44 // os.writeBytes("exit\n"); 45 // os.flush(); 46 // } 47 48 /** 49 * 先把zlsu 写到/data/data/com.zl.movepkgdemo中 然后再调用 su 权限 写到 50 * /system/bin目录下 51 */ 52 byte [] bytes = new byte [suStream.available()]; 53 DataInputStream dis = new DataInputStream(suStream); 54 dis.readFully(bytes); 55 String pkgPath = ctx.getApplicationContext() 56 .getPackageName(); 57 // "/data/data/com.zl.movepkgdemo/zlsu" 58 String zlsuPath = " /data/data/ " + pkgPath + File.separator + Constants.ROOT_SU; 59 File zlsuFileInData = new File(zlsuPath); 60 if ( ! zlsuFileInData.exists()){ 61 System.out.println(zlsuPath + " not exist! " ); 62 try { 63 System.out.println( " creating " + zlsuPath + " ...... " ); 64 zlsuFileInData.createNewFile(); 65 } catch (IOException e){ 66 System.out.println( " create " + zlsuPath + " failed ! " ); 67 } 68 System.out.println( " create " + zlsuPath + " successfully ! " ); 69 } 70 FileOutputStream suOutStream = new FileOutputStream(zlsuPath); 71 suOutStream.write(bytes); 72 suOutStream.close(); 73 74 Process process = Runtime.getRuntime().exec( " su " ); 75 DataOutputStream os = new DataOutputStream( 76 process.getOutputStream()); 77 os.writeBytes( " mount -oremount,rw /dev/block/mtdblock3 /system\n " ); 78 // "busybox cp /data/data/com.zl.movepkgdemo/zlsu /system/bin/zlsu \n" 79 os.writeBytes( " busybox cp " + zlsuPath + " /system/bin/ " 80 + Constants.ROOT_SU + " \n " ); 81 // "busybox chown 0:0 /system/bin/zlsu \n" 82 os.writeBytes( " busybox chown 0:0 /system/bin/ " + Constants.ROOT_SU 83 + " \n " ); 84 // "chmod 4755 /system/bin/zlsu \n" 85 os.writeBytes( " chmod 4755 /system/bin/ " + Constants.ROOT_SU + " \n " ); 86 os.writeBytes( " exit\n " ); 87 os.flush(); 88 } catch (Exception e) { 89 // Toast toast = Toast 90 // .makeText(ctx, e.getMessage(), Toast.LENGTH_LONG); 91 // toast.show(); 92 System.out.println( " RootUtil preparezlsu: error " ); 93 e.printStackTrace(); 94 } 95 }

 

而后move apk，使用自己的su。

1 private int movepkg(String pkgName) { 2 int result = - 100 ; 3 PackageInfo info; 4 String minePkgName = "" ; // 锟斤拷锟斤拷锟斤拷锟斤拷锟? 5 try { 6 minePkgName = getPackageName(); 7 info = getPackageManager().getPackageInfo(pkgName, 0 ); 8 int moveFlag = (info.applicationInfo.flags & ApplicationInfo.FLAG_EXTERNAL_STORAGE) == 0 ? PackageManager.MOVE_EXTERNAL_MEDIA 9 : PackageManager.MOVE_INTERNAL; 10 // 锟斤拷前应锟矫筹拷锟斤拷 Movepkgdemo 锟斤拷 apk锟侥硷拷 锟侥达拷锟铰凤拷锟? 11 String classpath = getPackageManager().getPackageInfo(minePkgName, 12 0 ).applicationInfo.publicSourceDir; 13 System.out.println( " classPath: " + classpath); 14 String cmd = " movedemo -c 'export CLASSPATH= " 15 + classpath 16 + " && export LD_LIBRARY_PATH=/vendor/lib:/system/lib && exec app_process /data/app " 17 + minePkgName + " /MoveUtil " // /system/bin 18 + pkgName + " " + moveFlag + " ' " ; 19 String[] progArray = new String[] { 20 Constants.ROOT_SU, 21 " -c " , 22 " export CLASSPATH= " 23 + classpath 24 + " && export LD_LIBRARY_PATH=/vendor/lib:/system/lib && exec app_process /data/app " 25 + minePkgName + " /util/MoveUtil " // /system/bin 26 + pkgName + " " + moveFlag }; 27 // zlsu -c export CLASSPATH=/data/app/com.zl.movepkgdemo-1.apk && export LD_LIBRARY_PATH=/vendor/lib:/system/lib 28 // && exec app_process /data/app com.zl.movepkgdemo/util/MoveUtil com.zl.hw moveFlag 29 String returnCode = "" ; 30 returnCode = RootUtil.exeCmd(progArray, 31 Constants.RETURNCODE_MOVE_PACKAGE); 32 try { 33 System.out.println( " result: " + returnCode); 34 result = Integer.parseInt(returnCode); 35 } catch (NumberFormatException e) { 36 return result; 37 } 38 39 } catch (NameNotFoundException e) { 40 System.out.println( " MainActivity: movepkg : " + pkgName 41 + " not found " ); 42 e.printStackTrace(); 43 } 44 return result; 45 46 }

 

参考资料：

Android应用程序永久获取root权限方法

转载于:https://my.oschina.net/mstian/blog/190005