1.修改ro.adb.secure属性
/code/1-Android7.0/build$ git diff
diff --git a/core/main.mk b/core/main.mk
index 713467b..6f2fefc 100644
--- a/core/main.mk
+++ b/core/main.mk
@@ -394,7 +394,7 @@ ifneq (,$(user_variant))
ADDITIONAL_DEFAULT_PROPERTIES += security.perf_harden=1
ifeq ($(user_variant),user)
- ADDITIONAL_DEFAULT_PROPERTIES += ro.adb.secure=1
+ #ADDITIONAL_DEFAULT_PROPERTIES += ro.adb.secure=0
endif
ifeq ($(user_variant),userdebug)
@@ -402,7 +402,7 @@ ifneq (,$(user_variant))
tags_to_install += debug
else
# Disable debugging in plain user builds.
- enable_target_debugging :=
+ #enable_target_debugging :=
endif
# Disallow mock locations by default for user builds
2.修改sepolicy
/code/1-Android7.0/system/sepolicy$ git diff
diff --git a/Android.mk b/Android.mk
index 0bfa54d..0d55e99 100644
--- a/Android.mk
+++ b/Android.mk
@@ -94,7 +94,7 @@ $(sepolicy_policy.conf): $(call build_policy, $(sepolicy_build_files))
@mkdir -p $(dir $@)
$(hide) m4 $(PRIVATE_ADDITIONAL_M4DEFS) \
-D mls_num_sens=$(PRIVATE_MLS_SENS) -D mls_num_cats=$(PRIVATE_MLS_CATS) \
- -D target_build_variant=$(TARGET_BUILD_VARIANT) \
+ -D target_build_variant=eng \
-s $^ > $@
$(hide) sed '/dontaudit/d' $@ > $@.dontaudit
@@ -103,7 +103,7 @@ $(LOCAL_BUILT_MODULE): $(sepolicy_policy.conf) $(HOST_OUT_EXECUTABLES)/checkpoli
$(hide) $(HOST_OUT_EXECUTABLES)/checkpolicy -M -c $(POLICYVERS) -o $@.tmp $<
$(hide) $(HOST_OUT_EXECUTABLES)/checkpolicy -M -c $(POLICYVERS) -o $(dir $<)/$(notdir $@).dontaudit $<
$(hide) $(HOST_OUT_EXECUTABLES)/sepolicy-analyze $@.tmp permissive > $@.permissivedomains
- $(hide) if [ "$(TARGET_BUILD_VARIANT)" = "user" -a -s $@.permissivedomains ]; then \
+ $(hide) if [ "$(TARGET_BUILD_VARIANT)" = "" -a -s $@.permissivedomains ]; then \
echo "==========" 1>&2; \
echo "ERROR: permissive domains not allowed in user builds" 1>&2; \
echo "List of invalid domains:" 1>&2; \
3.修改adb模块的Android.mk文件
/code/1-Android7.0/system/core$ git diff
diff --git a/adb/Android.mk b/adb/Android.mk
index f1d3bee..f6b36e9 100644
--- a/adb/Android.mk
+++ b/adb/Android.mk
@@ -319,9 +319,9 @@ LOCAL_CFLAGS := \
-D_GNU_SOURCE \
-Wno-deprecated-declarations \
-LOCAL_CFLAGS += -DALLOW_ADBD_NO_AUTH=$(if $(filter userdebug eng,$(TARGET_BUILD_VARIANT)),1,0)
+LOCAL_CFLAGS += -DALLOW_ADBD_NO_AUTH=$(if $(filter user userdebug eng,$(TARGET_BUILD_VARIANT)),1,0)
-ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT)))
+ifneq (,$(filter user userdebug eng,$(TARGET_BUILD_VARIANT)))
LOCAL_CFLAGS += -DALLOW_ADBD_DISABLE_VERITY=1
LOCAL_CFLAGS += -DALLOW_ADBD_ROOT=1
endif
4.如果在不输入adb root情况下,默认就是root权限。需要对如上第一点做如下修改:
/code/1-Android7.0/build$ git diff
diff --git a/core/main.mk b/core/main.mk
index 713467b..d422aa1 100644
--- a/core/main.mk
+++ b/core/main.mk
@@ -390,11 +390,11 @@ enable_target_debugging := true
tags_to_install :=
ifneq (,$(user_variant))
# Target is secure in user builds.
- ADDITIONAL_DEFAULT_PROPERTIES += ro.secure=1
+ ADDITIONAL_DEFAULT_PROPERTIES += ro.secure=0
ADDITIONAL_DEFAULT_PROPERTIES += security.perf_harden=1
ifeq ($(user_variant),user)
- ADDITIONAL_DEFAULT_PROPERTIES += ro.adb.secure=1
+ ADDITIONAL_DEFAULT_PROPERTIES += ro.adb.secure= 0
endif
ifeq ($(user_variant),userdebug)
@@ -402,7 +402,7 @@ ifneq (,$(user_variant))
tags_to_install += debug
else
# Disable debugging in plain user builds.
- enable_target_debugging :=
+ #enable_target_debugging :=
endif
#Disallow mock locations by default for user builds