User版本默认是没有root权限和remount功能的,一般该方法用于调试性能相关问题。如果使用debug版本对照,差异过大,因此就有了这样的需求。
修改的核心原理就是调整adbd及相关属性中的一些判定,即user和debug版本的区别点入手。另外就是user版本中本身是没有remount的,需要单独添加才行。同时也需要修改should_drop_privileges的返回值以防止降低adbd进程的权限等限制。
在packages/modules/adb/Android.bp文件中修改:
//...
cc_binary {
name: "adbd",
defaults: ["adbd_defaults", "host_adbd_supported", "libadbd_binary_dependencies"],
recovery_available: true,
apex_available: ["com.android.adbd"],
srcs: [
"daemon/main.cpp",
],
cflags: [
"-D_GNU_SOURCE",
"-Wno-deprecated-declarations",
],
strip: {
keep_symbols: true,
},
static_libs: [
"libadbd",
"libadbd_services",
"libasyncio",
"libcap",
"liblz4",
"libminijail",
"libssl",
],
shared_libs: [
"libadb_protos",
"libadbd_auth",
],
target: {
recovery: {
exclude_shared_libs: [
"libadb_pairing_auth",
"libadb_pairing_connection",
],
}
},
+ required: [
+ "libadbd_auth",
+ "libadbd_fs",
+ "remount",
+ ],
}
//...在packages/modules/adb/daemon/main.cpp文件中修改:
//...
//should_drop_privileges直接返回false,目的是防止因此降低adbd进程的权限
static bool should_drop_privileges() {
+ return false;
//...
}
//...
int adbd_main(int server_port) {
umask(0);
signal(SIGPIPE, SIG_IGN);
#if defined(__BIONIC__)
auto fdsan_level = android_fdsan_get_error_level();
if (fdsan_level == ANDROID_FDSAN_ERROR_LEVEL_DISABLED) {
android_fdsan_set_error_level(ANDROID_FDSAN_ERROR_LEVEL_WARN_ONCE);
}
#endif
init_transport_registration();
// We need to call this even if auth isn't enabled because the file
// descriptor will always be open.
adbd_cloexec_auth_socket();
#if defined(__ANDROID__)
// If we're on userdebug/eng or the device is unlocked, permit no-authentication.
- bool device_unlocked = "orange" == android::base::GetProperty("ro.boot.verifiedbootstate", "");
+ bool device_unlocked = true;
if (__android_log_is_debuggable() || device_unlocked) {
- auth_required = android::base::GetBoolProperty("ro.adb.secure", false);
+ auth_required = false;
}
#endif
//...至此,package下的修改就结束了。接下来是system部分的修改。
在system/core/fs_mgr/Android.bp文件中修改:
//...
cc_defaults {
name: "libfs_mgr_defaults",
defaults: ["fs_mgr_defaults"],
export_include_dirs: ["include"],
include_dirs: ["system/vold"],
cflags: [
"-D_FILE_OFFSET_BITS=64",
],
srcs: [
"blockdev.cpp",
"file_wait.cpp",
"fs_mgr.cpp",
"fs_mgr_format.cpp",
"fs_mgr_verity.cpp",
"fs_mgr_dm_linear.cpp",
"fs_mgr_overlayfs.cpp",
"fs_mgr_roots.cpp",
"fs_mgr_vendor_overlay.cpp",
":libfiemap_srcs",
],
shared_libs: [
"libbase",
"libcrypto",
"libcrypto_utils",
"libcutils",
"libext4_utils",
"libfec",
"liblog",
"liblp",
"libselinux",
],
static_libs: [
"libavb",
"libfs_avb",
"libfstab",
"libdm",
"libgsi",
],
export_static_lib_headers: [
"libfs_avb",
"libfstab",
"libdm",
],
export_shared_lib_headers: [
"liblp",
],
whole_static_libs: [
"liblogwrap",
"libdm",
"libext2_uuid",
"libfscrypt",
"libfstab",
],
cppflags: [
- "-DALLOW_ADBD_DISABLE_VERITY=0",
+ "-UALLOW_ADBD_DISABLE_VERITY",
+ "-DALLOW_ADBD_DISABLE_VERITY=1",
],
- product_variables: {
- debuggable: {
- cppflags: [
- "-UALLOW_ADBD_DISABLE_VERITY",
- "-DALLOW_ADBD_DISABLE_VERITY=1",
- ],
- },
- },
header_libs: [
"libfiemap_headers",
"libstorage_literals_headers",
],
export_header_lib_headers: [
"libfiemap_headers",
],
required: [
"e2freefrag",
"e2fsdroid",
],
//...
cc_binary {
name: "remount",
defaults: ["fs_mgr_defaults"],
static_libs: [
"libavb_user",
"libgsid",
"libutils",
"libvold_binder",
],
shared_libs: [
"libbootloader_message",
"libbase",
"libbinder",
"libcutils",
"libcrypto",
"libext4_utils",
"libfec",
"libfs_mgr_binder",
"liblog",
"liblp",
"libselinux",
],
header_libs: [
"libcutils_headers",
],
srcs: [
"fs_mgr_remount.cpp",
],
cppflags: [
- "-DALLOW_ADBD_DISABLE_VERITY=0",
+ "-UALLOW_ADBD_DISABLE_VERITY",
+ "-DALLOW_ADBD_DISABLE_VERITY=1",
],
- product_variables: {
- debuggable: {
- cppflags: [
- "-UALLOW_ADBD_DISABLE_VERITY",
- "-DALLOW_ADBD_DISABLE_VERITY=1",
- ],
- },
- },
required: [
"clean_scratch_files",
],
}
//...这里-DALLOW_ADBD_DISABLE_VERITY=1的含义是允许adbd进程关闭Verity检查。
在system/core/fs_mgr/fs_mgr_remount.cpp文件中修改:
//...
static int do_remount(int argc, char* argv[]) {
RemountStatus retval = REMOUNT_SUCCESS;
// If somehow this executable is delivered on a "user" build, it can
// not function, so providing a clear message to the caller rather than
// letting if fall through and provide a lot of confusing failure messages.
- if (!ALLOW_ADBD_DISABLE_VERITY || (android::base::GetProperty("ro.debuggable", "0") != "1")) {
+ if (!ALLOW_ADBD_DISABLE_VERITY) {
LOG(ERROR) << "only functions on userdebug or eng builds";
return NOT_USERDEBUG;
}
const char* fstab_file = nullptr;
auto can_reboot = false;
//...
}
//...在core/init/property_service.cpp文件中修改:
//...
static void update_sys_usb_config() {
- bool is_debuggable = android::base::GetBoolProperty("ro.debuggable", false);
+ bool is_debuggable = true;
std::string config = android::base::GetProperty("persist.sys.usb.config", "");
// b/150130503, add (config == "none") condition here to prevent appending
// ",adb" if "none" is explicitly defined in default prop.
//...
}在system/core/set-verity-state/set-verity-state.cpp文件中修改:
static bool overlayfs_setup(bool enable) {
auto change = false;
+#if 0
errno = 0;
if (enable ? fs_mgr_overlayfs_teardown(nullptr, &change)
: fs_mgr_overlayfs_setup(nullptr, nullptr, &change)) {
if (change) {
printf("%s overlayfs\n", enable ? "disabling" : "using");
}
} else if (errno) {
printf("Overlayfs %s failed with error %s\n", enable ? "teardown" : "setup", strerror(errno));
suggest_run_adb_root();
}
+#endif
+ printf("overlayfs_setup(%d)",enable); //fix build error
return change;
}至此,system部分的修改也结束了。