Android Framework 常见解决方案(26)user版本可root方案

发布时间:2024年01月10日

1 原理说明

User版本默认是没有root权限和remount功能的,一般该方法用于调试性能相关问题。如果使用debug版本对照,差异过大,因此就有了这样的需求。

修改的核心原理就是调整adbd及相关属性中的一些判定,即user和debug版本的区别点入手。另外就是user版本中本身是没有remount的,需要单独添加才行。同时也需要修改should_drop_privileges的返回值以防止降低adbd进程的权限等限制。

2 修改方案(Android S)

2.1 在packages/modules下的修改

在packages/modules/adb/Android.bp文件中修改:

//...
cc_binary {
    name: "adbd",
    defaults: ["adbd_defaults", "host_adbd_supported", "libadbd_binary_dependencies"],
    recovery_available: true,
    apex_available: ["com.android.adbd"],

    srcs: [
        "daemon/main.cpp",
    ],

    cflags: [
        "-D_GNU_SOURCE",
        "-Wno-deprecated-declarations",
    ],

    strip: {
        keep_symbols: true,
    },

    static_libs: [
        "libadbd",
        "libadbd_services",
        "libasyncio",
        "libcap",
        "liblz4",
        "libminijail",
        "libssl",
    ],

    shared_libs: [
        "libadb_protos",
        "libadbd_auth",
    ],

    target: {
        recovery: {
            exclude_shared_libs: [
                "libadb_pairing_auth",
                "libadb_pairing_connection",
            ],
        }
    },
+    required: [
+        "libadbd_auth",
+        "libadbd_fs",
+        "remount",
+    ],
}
//...

在packages/modules/adb/daemon/main.cpp文件中修改:

//...
//should_drop_privileges直接返回false,目的是防止因此降低adbd进程的权限
static bool should_drop_privileges() {
+    return false;
    //...
}
//...
int adbd_main(int server_port) {
    umask(0);

    signal(SIGPIPE, SIG_IGN);

#if defined(__BIONIC__)
    auto fdsan_level = android_fdsan_get_error_level();
    if (fdsan_level == ANDROID_FDSAN_ERROR_LEVEL_DISABLED) {
        android_fdsan_set_error_level(ANDROID_FDSAN_ERROR_LEVEL_WARN_ONCE);
    }
#endif

    init_transport_registration();

    // We need to call this even if auth isn't enabled because the file
    // descriptor will always be open.
    adbd_cloexec_auth_socket();

#if defined(__ANDROID__)
    // If we're on userdebug/eng or the device is unlocked, permit no-authentication.
-    bool device_unlocked = "orange" == android::base::GetProperty("ro.boot.verifiedbootstate", "");
+      bool device_unlocked = true;
    if (__android_log_is_debuggable() || device_unlocked) {
-      auth_required = android::base::GetBoolProperty("ro.adb.secure", false);
+      auth_required = false;
    }
#endif
//...

至此,package下的修改就结束了。接下来是system部分的修改。

2.2 system下的修改

在system/core/fs_mgr/Android.bp文件中修改:

//...
cc_defaults {
    name: "libfs_mgr_defaults",
    defaults: ["fs_mgr_defaults"],
    export_include_dirs: ["include"],
    include_dirs: ["system/vold"],
    cflags: [
        "-D_FILE_OFFSET_BITS=64",
    ],
    srcs: [
        "blockdev.cpp",
        "file_wait.cpp",
        "fs_mgr.cpp",
        "fs_mgr_format.cpp",
        "fs_mgr_verity.cpp",
        "fs_mgr_dm_linear.cpp",
        "fs_mgr_overlayfs.cpp",
        "fs_mgr_roots.cpp",
        "fs_mgr_vendor_overlay.cpp",
        ":libfiemap_srcs",
    ],
    shared_libs: [
        "libbase",
        "libcrypto",
        "libcrypto_utils",
        "libcutils",
        "libext4_utils",
        "libfec",
        "liblog",
        "liblp",
        "libselinux",
    ],
    static_libs: [
        "libavb",
        "libfs_avb",
        "libfstab",
        "libdm",
        "libgsi",
    ],
    export_static_lib_headers: [
        "libfs_avb",
        "libfstab",
        "libdm",
    ],
    export_shared_lib_headers: [
      "liblp",
    ],
    whole_static_libs: [
        "liblogwrap",
        "libdm",
        "libext2_uuid",
        "libfscrypt",
        "libfstab",
    ],
    cppflags: [
-        "-DALLOW_ADBD_DISABLE_VERITY=0",
+        "-UALLOW_ADBD_DISABLE_VERITY",
+        "-DALLOW_ADBD_DISABLE_VERITY=1",
    ],
-    product_variables: {
-        debuggable: {
-            cppflags: [
-                "-UALLOW_ADBD_DISABLE_VERITY",
-                "-DALLOW_ADBD_DISABLE_VERITY=1",
-            ],
-        },
-    },
    header_libs: [
        "libfiemap_headers",
        "libstorage_literals_headers",
    ],
    export_header_lib_headers: [
        "libfiemap_headers",
    ],
    required: [
        "e2freefrag",
        "e2fsdroid",
    ],
//...
cc_binary {
    name: "remount",
    defaults: ["fs_mgr_defaults"],
    static_libs: [
        "libavb_user",
        "libgsid",
        "libutils",
        "libvold_binder",
    ],
    shared_libs: [
        "libbootloader_message",
        "libbase",
        "libbinder",
        "libcutils",
        "libcrypto",
        "libext4_utils",
        "libfec",
        "libfs_mgr_binder",
        "liblog",
        "liblp",
        "libselinux",
    ],
    header_libs: [
        "libcutils_headers",
    ],
    srcs: [
        "fs_mgr_remount.cpp",
    ],
    cppflags: [
-        "-DALLOW_ADBD_DISABLE_VERITY=0",
+       "-UALLOW_ADBD_DISABLE_VERITY",
+        "-DALLOW_ADBD_DISABLE_VERITY=1",
    ],
-    product_variables: {
-        debuggable: {
-            cppflags: [
-                "-UALLOW_ADBD_DISABLE_VERITY",
-                "-DALLOW_ADBD_DISABLE_VERITY=1",
-            ],
-        },
-    },
    required: [
        "clean_scratch_files",
    ],
}
//...

这里-DALLOW_ADBD_DISABLE_VERITY=1的含义是允许adbd进程关闭Verity检查。

在system/core/fs_mgr/fs_mgr_remount.cpp文件中修改:

//...
static int do_remount(int argc, char* argv[]) {
    RemountStatus retval = REMOUNT_SUCCESS;

    // If somehow this executable is delivered on a "user" build, it can
    // not function, so providing a clear message to the caller rather than
    // letting if fall through and provide a lot of confusing failure messages.
-    if (!ALLOW_ADBD_DISABLE_VERITY || (android::base::GetProperty("ro.debuggable", "0") != "1")) {
+    if (!ALLOW_ADBD_DISABLE_VERITY) {
        LOG(ERROR) << "only functions on userdebug or eng builds";
        return NOT_USERDEBUG;
    }

    const char* fstab_file = nullptr;
    auto can_reboot = false;
    //...
}
//...

在core/init/property_service.cpp文件中修改:

//...
 static void update_sys_usb_config() {
-    bool is_debuggable = android::base::GetBoolProperty("ro.debuggable", false);
+    bool is_debuggable = true;
     std::string config = android::base::GetProperty("persist.sys.usb.config", "");
     // b/150130503, add (config == "none") condition here to prevent appending
     // ",adb" if "none" is explicitly defined in default prop.
     //...
}

在system/core/set-verity-state/set-verity-state.cpp文件中修改:

static bool overlayfs_setup(bool enable) {
  auto change = false;
+#if 0
  errno = 0;
  if (enable ? fs_mgr_overlayfs_teardown(nullptr, &change)
             : fs_mgr_overlayfs_setup(nullptr, nullptr, &change)) {
    if (change) {
      printf("%s overlayfs\n", enable ? "disabling" : "using");
    }
  } else if (errno) {
    printf("Overlayfs %s failed with error %s\n", enable ? "teardown" : "setup", strerror(errno));
    suggest_run_adb_root();
  }
+#endif
+  printf("overlayfs_setup(%d)",enable); //fix build error
  return change;
}

至此,system部分的修改也结束了。

文章来源:https://blog.csdn.net/vviccc/article/details/135503402
本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。