一、概述:
在系统开发中,有时需要用到cmd的方式,即getRuntime().exec();大多数情况下,没有root权限都能实现大部分功能。
但是有些是需要root权限的,系统源码中对某些命令做了权限判断,需要root权限才能使用。
使用getRuntime().exec("su")获得root权限,但是如果系统未配置的话,会导致以下报错:
W/System.err: java.io.IOException: Cannot run program "su": error=13, Permission denied
W/System.err: at java.lang.ProcessBuilder.start(ProcessBuilder.java:1050)
W/System.err: at java.lang.Runtime.exec(Runtime.java:699)
W/System.err: at java.lang.Runtime.exec(Runtime.java:529)
W/System.err: at java.lang.Runtime.exec(Runtime.java:426)
提示权限缺失。
下面针对如何在系统中配置root权限(su权限),做一个记录分享。
二 、修改文件
核心修改文件如下:
frameworks/base/core/jni/com_android_internal_os_Zygote.cpp
kernel-4.14/security/commoncap.c
system/core/libcutils/fs_config.cpp
system/extras/su/su.cpp
1、frameworks/base/core/jni/com_android_internal_os_Zygote.cpp
注释掉DropCapabilitiesBoundingSet方法里的实现;
--- frameworks/base/core/jni/com_android_internal_os_Zygote.cpp (revision 25)
+++ frameworks/base/core/jni/com_android_internal_os_Zygote.cpp (revision 26)
@@ -656,7 +656,7 @@
}
static void DropCapabilitiesBoundingSet(fail_fn_t fail_fn) {
- for (int i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >= 0; i++) {;
+ /*for (int i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >= 0; i++) {;
if (prctl(PR_CAPBSET_DROP, i, 0, 0, 0) == -1) {
if (errno == EINVAL) {
ALOGE("prctl(PR_CAPBSET_DROP) failed with EINVAL. Please verify "
@@ -665,7 +665,7 @@
fail_fn(CREATE_ERROR("prctl(PR_CAPBSET_DROP, %d) failed: %s", i, strerror(errno)));
}
}
- }
+ }*/
}
2、kernel-4.14/security/commoncap.c
此修改是基于MTK的,RK的修改此文件路径可能不同。但是文件名是一样的,find一下就行。
注释代码:
--- kernel-4.14/security/commoncap.c (revision 25)
+++ kernel-4.14/security/commoncap.c (revision 26)
@@ -1087,10 +1087,12 @@
{
struct cred *new;
+/*
if (!ns_capable(current_user_ns(), CAP_SETPCAP))
return -EPERM;
if (!cap_valid(cap))
return -EINVAL;
+*/
new = prepare_creds();
if (!new)
3、system/core/libcutils/fs_config.cpp
提高system/xbin和system/xbin/su目录的权限;
--- system/core/libcutils/fs_config.cpp (revision 25)
+++ system/core/libcutils/fs_config.cpp (revision 26)
@@ -85,7 +85,7 @@
{ 00751, AID_ROOT, AID_SHELL, 0, "system/bin" },
{ 00755, AID_ROOT, AID_ROOT, 0, "system/etc/ppp" },
{ 00755, AID_ROOT, AID_SHELL, 0, "system/vendor" },
- { 00751, AID_ROOT, AID_SHELL, 0, "system/xbin" },
+ { 00755, AID_ROOT, AID_SHELL, 0, "system/xbin" },
{ 00751, AID_ROOT, AID_SHELL, 0, "system/apex/*/bin" },
{ 00751, AID_ROOT, AID_SHELL, 0, "system_ext/bin" },
{ 00751, AID_ROOT, AID_SHELL, 0, "system_ext/apex/*/bin" },
@@ -188,7 +188,7 @@
// the following two files are INTENTIONALLY set-uid, but they
// are NOT included on user builds.
{ 06755, AID_ROOT, AID_ROOT, 0, "system/xbin/procmem" },
- { 04750, AID_ROOT, AID_SHELL, 0, "system/xbin/su" },
+ { 06755, AID_ROOT, AID_SHELL, 0, "system/xbin/su" },
// the following files have enhanced capabilities and ARE included
// in user builds.
4、system/extras/su/su.cpp
下面的修改比较灵活,如果只能系统应用及以上可以使用su权限则添加&& current_uid != AID_SYSTEM,如果普通应用也要能使用su权限,则这两句都可以注释掉。
--- system/extras/su/su.cpp (revision 25)
+++ system/extras/su/su.cpp (revision 26)
@@ -81,7 +81,7 @@
int main(int argc, char** argv) {
uid_t current_uid = getuid();
- if (current_uid != AID_ROOT && current_uid != AID_SHELL) error(1, 0, "not allowed");
+ if (current_uid != AID_ROOT && current_uid != AID_SHELL && current_uid != AID_SYSTEM) error(1, 0, "not allowed");
// Handle -h and --help.
++argv;
su权限下放到普通应用
int main(int argc, char** argv) {
- uid_t current_uid = getuid();
- if (current_uid != AID_ROOT && current_uid != AID_SHELL && current_uid != AID_SYSTEM) error(1, 0, "not allowed");
+ //uid_t current_uid = getuid();
+ //if (current_uid != AID_ROOT && current_uid != AID_SHELL && current_uid != AID_SYSTEM) error(1, 0, "not allowed");
// Handle -h and --help.
本文转载自: https://blog.csdn.net/qq_28391385/article/details/140187958
版权归原作者 Leon_冲冲冲 所有, 如有侵权,请联系我们删除。
版权归原作者 Leon_冲冲冲 所有, 如有侵权,请联系我们删除。