当前位置：首页 > news >正文

RK3588 添加ROOT权限

news 2025/7/19 0:37:16

一.ROOT简介

ROOT权限是Linux和Unix系统中的超级管理员用户帐户，该帐户拥有整个系统的最高权利，可以执行几乎所有操作。ROOT就是获取安卓系统中的'最高用户权限，以便执行一些需要高权限才能执行的操作(包括卸载系统自带程序、刷机、备份、还原等)。

二.android root 原理

android root原理说明：获取Root权限你就能控制系统的一切，甚至还可以执行rm -rf /，一般情况下如何切换到Root用户呢，在大多数的Linux发行版中，在终端输入su就可以进入Root用户，当然如果Root用户有密码，你必须输入密码才能切换过去。

三.添加ROOT权限

需要编译userdebug版本

关闭selinux：

修改：
diff --git a/init/selinux.cpp b/init/selinux.cpp
index 86238b430..8532dfa3c 100644
--- a/init/selinux.cpp
+++ b/init/selinux.cpp
@@ -97,6 +97,7 @@ EnforcingStatus StatusFromCmdline() {}bool IsEnforcing() {
+    return false;if (ALLOW_PERMISSIVE_SELINUX) {return StatusFromCmdline() == SELINUX_ENFORCING;}

修改su.cpp，注释用户组权限检测


修改：
diff --git a/su/su.cpp b/su/su.cpp
index 1a1ab6bf..c2a30c84 100644
--- a/su/su.cpp
+++ b/su/su.cpp
@@ -80,8 +80,8 @@ void extract_uidgids(const char* uidgids, uid_t* uid, gid_t* gid, gid_t* gids, i}int main(int argc, char** argv) {
-    uid_t current_uid = getuid();
-    if (current_uid != AID_ROOT && current_uid != AID_SHELL) error(1, 0, "not allowed");
+//    uid_t current_uid = getuid();
+//    if (current_uid != AID_ROOT && current_uid != AID_SHELL) error(1, 0, "not allowed");// Handle -h and --help.++argv;

修改su文件默认权限


修改：
diff --git a/libcutils/fs_config.cpp b/libcutils/fs_config.cpp
index a5f4f0e55..a44845ff7 100644
--- a/libcutils/fs_config.cpp
+++ b/libcutils/fs_config.cpp
@@ -197,7 +197,7 @@ static const struct fs_path_config android_files[] = {// the following two files are INTENTIONALLY set-uid, but they// are NOT included on user builds.{ 06755, AID_ROOT,      AID_ROOT,      0, "system/xbin/procmem" },
-    { 04750, AID_ROOT,      AID_SHELL,     0, "system/xbin/su" },
+    { 06755, AID_ROOT,      AID_SHELL,     0, "system/xbin/su" },// the following files have enhanced capabilities and ARE included// in user builds.


修改：
diff --git a/core/jni/com_android_internal_os_Zygote.cpp b/core/jni/com_android_internal_os_Zygote.cpp
index 82c27f02ba8..8dadfada5f8 100644
--- a/core/jni/com_android_internal_os_Zygote.cpp
+++ b/core/jni/com_android_internal_os_Zygote.cpp
@@ -540,6 +540,7 @@ static void EnableKeepCapabilities(fail_fn_t fail_fn) {}static void DropCapabilitiesBoundingSet(fail_fn_t fail_fn) {
+/*     for (int i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >= 0; i++) {;if (prctl(PR_CAPBSET_DROP, i, 0, 0, 0) == -1) {if (errno == EINVAL) {
@@ -550,6 +551,7 @@ static void DropCapabilitiesBoundingSet(fail_fn_t fail_fn) {}}}
+  */}


修改：
diff --git a/security/commoncap.c b/security/commoncap.c
index 3023b4ad38a7..66acff91756d 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -1146,12 +1146,12 @@ int cap_task_setnice(struct task_struct *p, int nice)static int cap_prctl_drop(unsigned long cap){struct cred *new;
-
+/*if (!ns_capable(current_user_ns(), CAP_SETPCAP))return -EPERM;if (!cap_valid(cap))return -EINVAL;
-
+*/new = prepare_creds();if (!new)return -ENOMEM;

查看全文

http://www.lryc.cn/news/170533.html