完善资料让更多小伙伴认识你,还能领取20积分哦, 立即完善>
1. 本文采用方法是rk给的文档修改后实测验证。
2. 只测试了userdebug版本,未测试user版本。 3. 关闭selinux 目录: ~/rk3399_android10/system/core$ 修改: diff --git a/init/selinux.cpp b/init/selinux.cpp index 86238b430..8532dfa3c 100644 --- a/init/selinux.cpp +++ b/init/selinux.cpp @@ -97,6 +97,7 @@ EnforcingStatus StatusFromCmdline() { } bool IsEnforcing() { + return false; if (ALLOW_PERMISSIVE_SELINUX) { return StatusFromCmdline() == SELINUX_ENFORCING; } 4. 修改su.cpp,注释用户组权限检测 目录: ~/rk3399_android10/system/extras/su$ 修改: diff --git a/su/su.cpp b/su/su.cpp index 1a1ab6bf..c2a30c84 100644 --- a/su/su.cpp +++ b/su/su.cpp @@ -80,8 +80,8 @@ void extract_uidgids(const char* uidgids, uid_t* uid, gid_t* gid, gid_t* gids, i } int main(int argc, char** argv) { - uid_t current_uid = getuid(); - if (current_uid != AID_ROOT && current_uid != AID_SHELL) error(1, 0, "not allowed"); +// uid_t current_uid = getuid(); +// if (current_uid != AID_ROOT && current_uid != AID_SHELL) error(1, 0, "not allowed"); // Handle -h and --help. ++argv; 5. 修改su文件默认权限 目录: ~/rk3399_android10/system/core$ 修改: diff --git a/libcutils/fs_config.cpp b/libcutils/fs_config.cpp index a5f4f0e55..a44845ff7 100644 --- a/libcutils/fs_config.cpp +++ b/libcutils/fs_config.cpp @@ -197,7 +197,7 @@ static const struct fs_path_config android_files[] = { // the following two files are INTENTIONALLY set-uid, but they // are NOT included on user builds. { 06755, AID_ROOT, AID_ROOT, 0, "system/xbin/procmem" }, - { 04750, AID_ROOT, AID_SHELL, 0, "system/xbin/su" }, + { 06755, AID_ROOT, AID_SHELL, 0, "system/xbin/su" }, // the following files have enhanced capabilities and ARE included // in user builds. 目录: ~/rk3399_android10/frameworks/base/core/jni$ 修改: diff --git a/core/jni/com_android_internal_os_Zygote.cpp b/core/jni/com_android_internal_os_Zygote.cpp index 82c27f02ba8..8dadfada5f8 100644 --- a/core/jni/com_android_internal_os_Zygote.cpp +++ b/core/jni/com_android_internal_os_Zygote.cpp @@ -540,6 +540,7 @@ static void EnableKeepCapabilities(fail_fn_t fail_fn) { } static void DropCapabilitiesBoundingSet(fail_fn_t fail_fn) { +/* for (int i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >= 0; i++) {; if (prctl(PR_CAPBSET_DROP, i, 0, 0, 0) == -1) { if (errno == EINVAL) { @@ -550,6 +551,7 @@ static void DropCapabilitiesBoundingSet(fail_fn_t fail_fn) { } } } + */ } 目录: ~/rk3399_android10/kernel$ 修改: diff --git a/security/commoncap.c b/security/commoncap.c index 3023b4ad38a7..66acff91756d 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -1146,12 +1146,12 @@ int cap_task_setnice(struct task_struct *p, int nice) static int cap_prctl_drop(unsigned long cap) { struct cred *new; - +/* if (!ns_capable(current_user_ns(), CAP_SETPCAP)) return -EPERM; if (!cap_valid(cap)) return -EINVAL; - +*/ new = prepare_creds(); if (!new) return -ENOMEM; 6. user编译su到系统(userdebug默认编译,所以未验证) build/make/target/product/base_system.mk diff --git a/target/product/base_system.mk b/target/product/base_system.mk index 4569bceff9..5c8eaaa87c 100644 --- a/target/product/base_system.mk +++ b/target/product/base_system.mk @@ -273,6 +273,7 @@ PRODUCT_PACKAGES += wificond wifi.rc wm + su # VINTF data for system image PRODUCT_PACKAGES += @@ -378,7 +379,6 @@ PRODUCT_PACKAGES_DEBUG := ss start_with_lockagent strace - su sanitizer-status tracepath tracepath6 |
|
|
|
你正在撰写答案
如果你是对答案或其他答案精选点评或询问,请使用“评论”功能。
基于米尔瑞芯微RK3576核心板/开发板的人脸疲劳检测应用方案
1760 浏览 0 评论
2096 浏览 1 评论
1771 浏览 1 评论
3106 浏览 1 评论
4025 浏览 1 评论
小黑屋| 手机版| Archiver| 电子发烧友 ( 湘ICP备2023018690号 )
GMT+8, 2025-1-11 19:27 , Processed in 0.366395 second(s), Total 41, Slave 34 queries .
Powered by 电子发烧友网
© 2015 bbs.elecfans.com
关注我们的微信
下载发烧友APP
电子发烧友观察
版权所有 © 湖南华秋数字科技有限公司
电子发烧友 (电路图) 湘公网安备 43011202000918 号 电信与信息服务业务经营许可证:合字B2-20210191 工商网监 湘ICP备2023018690号