当前位置：首页 > news >正文

A133 Android10 root修改

news 2025/7/15 19:31:03

1.前言

客户应用需求root相关的权限，我们需要修改系统的权限才可以满足客户需求

2.修改方法

frameworks层：注释掉

diff --git a/frameworks/base/core/jni/com_android_internal_os_Zygote.cpp b/frameworks/base/core/jni/com_android_internal_os_Zygote.cpp
index c64f40770f..234de0a96d 100644
--- a/frameworks/base/core/jni/com_android_internal_os_Zygote.cpp
+++ b/frameworks/base/core/jni/com_android_internal_os_Zygote.cpp
@@ -654,6 +654,7 @@ static void EnableKeepCapabilities(fail_fn_t fail_fn) {}static void DropCapabilitiesBoundingSet(fail_fn_t fail_fn) {
+/*for (int i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >= 0; i++) {;if (prctl(PR_CAPBSET_DROP, i, 0, 0, 0) == -1) {if (errno == EINVAL) {
@@ -664,6 +665,7 @@ static void DropCapabilitiesBoundingSet(fail_fn_t fail_fn) {}}}
+*/    }static void SetInheritable(uint64_t inheritable, fail_fn_t fail_fn) {

diff --git a/system/core/libcutils/fs_config.cpp b/system/core/libcutils/fs_config.cpp
index a6835fc70c..e2684ee38e 100644
--- a/system/core/libcutils/fs_config.cpp
+++ b/system/core/libcutils/fs_config.cpp
@@ -86,7 +86,8 @@ static const struct fs_path_config android_dirs[] = {{ 00751, AID_ROOT,         AID_SHELL,        0, "system/bin" },{ 00755, AID_ROOT,         AID_ROOT,         0, "system/etc/ppp" },{ 00755, AID_ROOT,         AID_SHELL,        0, "system/vendor" },
-    { 00750, AID_ROOT,         AID_SHELL,        0, "system/xbin" },
+    { 00755, AID_ROOT,         AID_SHELL,        0, "system/xbin" },{ 00751, AID_ROOT,         AID_SHELL,        0, "system/apex/*/bin" },{ 00751, AID_ROOT,         AID_SHELL,        0, "system_ext/bin" },{ 00751, AID_ROOT,         AID_SHELL,        0, "system_ext/apex/*/bin" },
@@ -190,8 +191,10 @@ static const struct fs_path_config android_files[] = {// the following two files are INTENTIONALLY set-uid, but they// are NOT included on user builds.{ 06755, AID_ROOT,      AID_ROOT,      0, "system/xbin/procmem" },
-    { 04750, AID_ROOT,      AID_SHELL,     0, "system/xbin/su" },
-
+    { 06755, AID_ROOT,      AID_SHELL,     0, "system/xbin/su" },
+    { 06755, AID_ROOT,      AID_SHELL,     0, "system/xbin/testsu" },// the following files have enhanced capabilities and ARE included// in user builds.{ 00700, AID_SYSTEM,    AID_SHELL,     CAP_MASK_LONG(CAP_BLOCK_SUSPEND),

禁用selinux

diff --git a/system/core/init/selinux.cpp b/system/core/init/selinux.cpp
index 29c0ff3baa..66f0b6fb6c 100644
--- a/system/core/init/selinux.cpp
+++ b/system/core/init/selinux.cpp
@@ -114,6 +114,7 @@ EnforcingStatus StatusFromProperty() {}bool IsEnforcing() {
+    return false;if (ALLOW_PERMISSIVE_SELINUX) {return StatusFromProperty() == SELINUX_ENFORCING;}

内核部分

index 09b402c88f..9f91febd00 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -1164,12 +1164,12 @@ int cap_task_setnice(struct task_struct *p, int nice)static int cap_prctl_drop(unsigned long cap){struct cred *new;
-
+/*if (!ns_capable(current_user_ns(), CAP_SETPCAP))return -EPERM;if (!cap_valid(cap))return -EINVAL;
-
+*/new = prepare_creds();if (!new)return -ENOMEM;

到此重新编译整个系统就可以正常编译出带root的固件了。

查看全文

http://www.lryc.cn/news/397707.html