android10.0(Q) user版本打开root权限
2023-10-22 本文已影响0人
龙之叶
前言
个人玩家建议采用 magisk 方式直接修补 boot.img 实现 root 即可, 然后搭载 RE 文件管理器可操作 system 相关分区
源码玩家可直接修改 aosp 源码后自己编译 rom 直刷。
文件清单
aosp10\build\core\main.mk
aosp10\system\sepolicy\definitions.mk
aosp10\system\sepolicy\Android.mk
aosp10\system\core\fs_mgr\Android.bp
aosp10\system\core\adb\daemon\main.cpp
aosp10\system\core\adb\Android.bp
aosp10\system\core\init\selinux.cpp
aosp10\system\core\init\Android.mk
aosp10\system\core\init\Android.bp
aosp10\device\google\marlin\xxx\BoardConfig.mk
1、 让进程名称在 AS Logcat 中可见, 通过修改 ro.adb.secure 和 ro.secure
ps: 这步不是必须的, 目的只是在 logcat 中可见进程 pid 和包名, 而且打开 USB 调试时默认授权, 不再弹授权框
build/make/core/main.mk
tags_to_install :=
ifneq (,$(user_variant))
# Target is secure in user builds.
- ADDITIONAL_DEFAULT_PROPERTIES += ro.secure=1
+ # ADDITIONAL_DEFAULT_PROPERTIES += ro.secure=1
+ ADDITIONAL_DEFAULT_PROPERTIES += ro.secure=0
ADDITIONAL_DEFAULT_PROPERTIES += security.perf_harden=1
ifeq ($(user_variant),user)
- ADDITIONAL_DEFAULT_PROPERTIES += ro.adb.secure=1
+ # ADDITIONAL_DEFAULT_PROPERTIES += ro.adb.secure=1
+ ADDITIONAL_DEFAULT_PROPERTIES += ro.adb.secure=0
endif
ifeq ($(user_variant),userdebug)
@@ -251,7 +253,7 @@ ifneq (,$(user_variant))
tags_to_install += debug
else
# Disable debugging in plain user builds.
- enable_target_debugging :=
+ # enable_target_debugging :=
endif
# Disallow mock locations by default for user builds
2、 修改 SELinux权限为 Permissive
找到对应文件 BoardConfig.mk 增加 androidboot.selinux=permissive
device/google/marlin/xxx/BoardConfig.mk
BOARD_KERNEL_CMDLINE += console=ttyHSL0,115200,n8 androidboot.console=ttyHSL0 androidboot.hardware=xxx
继续修改如下三个文件
ALLOW_PERMISSIVE_SELINUX=1
system/core/init/Android.bp
cc_defaults {
name: "init_defaults",
cpp_std: "experimental",
sanitize: {
misc_undefined: ["signed-integer-overflow"],
},
cflags: [
"-DLOG_UEVENTS=0",
"-Wall",
"-Wextra",
"-Wno-unused-parameter",
"-Werror",
"-DALLOW_LOCAL_PROP_OVERRIDE=1",
"-DALLOW_PERMISSIVE_SELINUX=1",
"-DREBOOT_BOOTLOADER_ON_PANIC=1",
"-DWORLD_WRITABLE_KMSG=1",
"-DDUMP_ON_UMOUNT_FAILURE=1",
"-DSHUTDOWN_ZERO_TIMEOUT=0",
] ,
system/core/init/Android.mk
ifneq (,$(filter user userdebug eng,$(TARGET_BUILD_VARIANT)))
init_options += \
-DALLOW_LOCAL_PROP_OVERRIDE=1 \
-DALLOW_PERMISSIVE_SELINUX=1 \
-DREBOOT_BOOTLOADER_ON_PANIC=1 \
-DWORLD_WRITABLE_KMSG=1 \
-DDUMP_ON_UMOUNT_FAILURE=1
else
init_options += \
-DALLOW_LOCAL_PROP_OVERRIDE=0 \
-DALLOW_PERMISSIVE_SELINUX=0 \
-DREBOOT_BOOTLOADER_ON_PANIC=0 \
-DWORLD_WRITABLE_KMSG=0 \
-DDUMP_ON_UMOUNT_FAILURE=0
endif
system/core/init/selinux.cpp
bool IsEnforcing() {
return false;
if (ALLOW_PERMISSIVE_SELINUX) {
return StatusFromCmdline() == SELINUX_ENFORCING;
}
return true;
3、 允许 adb 关闭 verity
system/core/adb/Android.bp
@@ -24,7 +24,7 @@ cc_defaults {
"-Wno-missing-field-initializers",
"-Wthread-safety",
"-Wvla",
"-DADB_HOST=1",
- "-DALLOW_ADBD_ROOT=0",
+ "-DALLOW_ADBD_ROOT=1",
],
cpp_std: "experimental",
@@ -76,7 +76,14 @@ cc_defaults {
cc_defaults {
name: "adbd_defaults",
defaults: ["adb_defaults"],
//cflags: ["-UADB_HOST", "-DADB_HOST=0"],
cflags: [
"-UADB_HOST",
"-DADB_HOST=0",
"-UALLOW_ADBD_ROOT",
"-DALLOW_ADBD_ROOT=1",
"-DALLOW_ADBD_DISABLE_VERITY",
"-DALLOW_ADBD_NO_AUTH",
],
product_variables: {
debuggable: {
cflags: [
"-UALLOW_ADBD_ROOT",
"-DALLOW_ADBD_ROOT=1",
"-DALLOW_ADBD_DISABLE_VERITY",
"-DALLOW_ADBD_NO_AUTH",
],
},
},
} @
@ -403,6 +410,8 @@ cc_library {
required: ["remount",],
product_variables: {
debuggable: {
required: [
"remount",
],
},
},
system/core/adb/daemon/main.cpp
static bool should_drop_capabilities_bounding_set() {
return false;
if (ALLOW_ADBD_ROOT || is_device_unlocked()) {
if (__android_log_is_debuggable()) {
return false;
}
}
return true;
}
static bool should_drop_privileges() {
return false;
// "adb root" not allowed, always drop privileges.
if (!ALLOW_ADBD_ROOT && !is_device_unlocked()) return true;
4、 修改 adb root 权限
system/core/fs_mgr/Android.bp
whole_static_libs: [
"liblogwrap",
"libdm",
"libfstab",
],
cppflags: [
"-UALLOW_ADBD_DISABLE_VERITY",
"-DALLOW_ADBD_DISABLE_VERITY=1",
],
product_variables: {
debuggable: {
cppflags: [
"-UALLOW_ADBD_DISABLE_VERITY",
"-DALLOW_ADBD_DISABLE_VERITY=1",
],
},
},
srcs: [
"fs_mgr_remount.cpp",
],
cppflags: [
"-UALLOW_ADBD_DISABLE_VERITY",
"-DALLOW_ADBD_DISABLE_VERITY=1",
],
product_variables: {
debuggable: {
cppflags: [
"-UALLOW_ADBD_DISABLE_VERITY",
"-DALLOW_ADBD_DISABLE_VERITY=1",
],
},
},
user 版本启用 overlayfs 来装载 remount 对应分区 user 版本不允许 permissive domains
system/sepolicy/Android.mk
ifneq ($(TARGET_BUILD_VARIANT), eng)
LOCAL_REQUIRED_MODULES += \
selinux_denial_metadata \
@@ -978,7 +978,7 @@ $(built_sepolicy_neverallows)
@mkdir -p $(dir $@)
$(hide) $< -m -M true -G -c $(POLICYVERS) $(PRIVATE_NEVERALLOW_ARG) $(PRIVATE_CIL_FILES) -o $@.tmp
$(hide) $(HOST_OUT_EXECUTABLES)/sepolicy-analyze $@.tmp permissive > $@.permissivedomains
- $(hide) if [ "$(TARGET_BUILD_VARIANT)" = "user" -a -s $@.permissivedomains ]; then \
+ $(hide) if [ "eng" = "user" -a -s $@.permissivedomains ]; then \
echo "==========" 1>&2; \
echo "ERROR: permissive domains not allowed in user builds" 1>&2; \
e cho "List of invalid domains:" 1>&2; \
@@ -1032,7 +1032,7 @@ $(LOCAL_BUILT_MODULE): $(sepolicy.recovery.conf) $(HOST_OUT_EXECUTABLES)/checkpo
$(hide) $(CHECKPOLICY_ASAN_OPTIONS) $(HOST_OUT_EXECUTABLES)/checkpolicy -M -c \
$(POLICYVERS) -o $@.tmp $<
$(hide) $(HOST_OUT_EXECUTABLES)/sepolicy-analyze $@.tmp permissive > $@.permissivedomains
- $(hide) if [ "$(TARGET_BUILD_VARIANT)" = "user" -a -s $@.permissivedomains ]; then \
+ $(hide) if [ "eng" = "user" -a -s $@.permissivedomains ]; then \
echo "==========" 1>&2; \
echo "ERROR: permissive domains not allowed in user builds" 1>&2; \
echo "List of invalid domains:" 1>&2; \
ifneq ($(filter address,$(SANITIZE_TARGET)),)
local_fc_files += $(wildcard $(addsuffix /file_contexts_asan, $(PLAT_PRIVATE_POLICY)))
endif
ifneq (,$(filter user userdebug eng,$(TARGET_BUILD_VARIANT)))
local_fc_files += $(wildcard $(addsuffix /file_contexts_overlayfs, $(PLAT_PRIVATE_POLICY)))
endif
ifneq ($(TARGET_BUILD_VARIANT), eng)
include $(CLEAR_VARS)
LOCAL_MODULE := selinux_denial_metadata
LOCAL_MODULE_CLASS := ETC
LOCAL_MODULE_PATH := $(TARGET_OUT_VENDOR)/etc/selinux
system/sepolicy/definitions.mk
define transform-policy-to-conf
@mkdir -p $(dir $@)
$(hide) m4 --fatal-warnings $(PRIVATE_ADDITIONAL_M4DEFS) \
-D mls_num_sens=$(PRIVATE_MLS_SENS) -D mls_num_cats=$(PRIVATE_MLS_CATS) \
-D target_build_variant=eng \
-D target_with_dexpreopt=$(WITH_DEXPREOPT) \
-D target_arch=$(PRIVATE_TGT_ARCH) \
-D target_with_asan=$(PRIVATE_TGT_WITH_ASAN) \
-D target_with_native_coverage=$(PRIVATE_TGT_WITH_NATIVE_COVERAGE) \
-D target_full_treble=$(PRIVATE_SEPOLICY_SPLIT) \
-D target_compatible_property=$(PRIVATE_COMPATIBLE_PROPERTY) \
-D target_exclude_build_test=$(PRIVATE_EXCLUDE_BUILD_TEST) \
$(PRIVATE_TGT_RECOVERY) \
-s $^ > $@
endef
.KATI_READONLY := transform-policy-to-conf
