设为首页收藏本站
开启辅助访问

android 9.x/8.x/7.x 源码修改su ,获取root权限

 您所在的位置:网站首页 安卓系统如何root权限获取权限密码 android 9.x/8.x/7.x 源码修改su ,获取root权限

android 9.x/8.x/7.x 源码修改su ,获取root权限

2023-12-26 20:05| 来源: 网络整理| 查看: 265

1、位置:

system\extras\su\su.cpp android 7.1 system\extras\su\su.c int main(int argc, char** argv) { -//uid_t current_uid = getuid(); -//if (current_uid != AID_ROOT && current_uid != AID_SHELL) error(1, 0, "not allowed");

3、这一步不改不知道行不行,还没时间测试

android9\system\core\libcutils\fs_config.cpp // the following two files are INTENTIONALLY set-uid, but they // are NOT included on user builds. { 06755, AID_ROOT, AID_ROOT, 0, "system/xbin/procmem" }, - //{ 04750, AID_ROOT, AID_SHELL, 0, "system/xbin/su" }, + { 06755, AID_ROOT, AID_SHELL, 0, "system/xbin/su" },

4、可能需要修改,frameworks\base\core\jni\com_android_internal_os_Zygote.cpp

 

static void DropCapabilitiesBoundingSet(JNIEnv* env) { +/* for (int i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >= 0; i++) { int rc = prctl(PR_CAPBSET_DROP, i, 0, 0, 0); if (rc == -1) { if (errno == EINVAL) { ALOGE("prctl(PR_CAPBSET_DROP) failed with EINVAL. Please verify " "your kernel is compiled with file capabilities support"); } else { ALOGE("prctl(PR_CAPBSET_DROP) failed"); RuntimeAbort(env); } } } +*/ }

5、system\core\init\ selinux.cpp

bool IsEnforcing() { + return false; if (ALLOW_PERMISSIVE_SELINUX) { return StatusFromCmdline() == SELINUX_ENFORCING; } return true; }

android 8.0 / 7.1

 

system\core\init\init.cpp static bool selinux_is_enforcing(void) { return false; if (ALLOW_PERMISSIVE_SELINUX) { return selinux_status_from_cmdline() == SELINUX_ENFORCING; } return true; }

android 7.1 (有的系统需要改)

frameworks\base\cmds\app_process\app_main.cpp 

int main(int argc, char* const argv[]) { +/* if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) < 0) { // Older kernels don't understand PR_SET_NO_NEW_PRIVS and return // EINVAL. Don't die on such kernels. if (errno != EINVAL) { LOG_ALWAYS_FATAL("PR_SET_NO_NEW_PRIVS failed: %s", strerror(errno)); return 12; } } +*/ AppRuntime runtime(argv[0], computeArgBlockSize(argc, argv)); // Process command line arguments // ignore argv[0] argc--; argv++;

2、路径  (这个好像不用改,如果改下面文件的话)

android9\out\target\product\evk_8mm\obj\KERNEL_OBJ\source\security\commoncap.c for (;;) { /* Do we have the necessary capabilities? */ if (ns == cred->user_ns) -//return cap_raised(cred->cap_effective, cap) ? 0 : -EPERM; +return 0;

参考:

https://blog.csdn.net/liuhongbin2011net/article/details/83536367



【本文地址】


今日新闻

推荐新闻

CopyRight 2018-2019 办公设备维修网 版权所有 豫ICP备15022753号-3