文章目录
-
- 开发平台基本信息
- 问题描述
- 解决方法
开发平台基本信息
芯片: MSM8953_64 Android 10 msm-4.9
问题描述
user默认版本是不允许的root以及remount然而,作为硬件定制制造商,客户往往需要root因此,有必要执行一些系统级别的权限user版本的root权限开放。
解决方法
diff --git a/build/make/core/main.mk b/build/make/core/main.mk index c7df0f7..f09692b 100755 --- a/build/make/core/main.mk b/build/make/core/main.mk @@ -283,11 283,11 @@ enable_target_debugging := true tags_to_install := ifneq (,$(user_variant)) # Target is secure in user builds. - ADDITIONAL_DEFAULT_PROPERTIES = ro.secure=1 ADDITIONAL_DEFAULT_PROPERTIES = ro.secure=0 ADDITIONAL_DEFAULT_PROPERTIES = security.perf_harden=1 ifeq ($(user_variant),user) - ADDITIONAL_DEFAULT_PROPERTIES = ro.adb.secure=1 ADDITIONAL_DEFAULT_PROPERTIES = ro.adb.secure=0 endif # Fix by yubin.chen for remove debug app 2020-11-28 BEGIN # @@ -296,7 296,7 @@ ifneq (,$(user_variant)) #tags_to_install += debug else # Disable debugging in plain user builds. - enable_target_debugging := + #enable_target_debugging := endif # Fix by yubin.chen for remove debug app 2020-11-28 END # --- a/system/core/adb/Android.bp +++ b/system/core/adb/Android.bp @@ -76,7 +76,14 @@ cc_defaults {
name: "adbd_defaults", defaults: ["adb_defaults"], - cflags: ["-UADB_HOST", "-DADB_HOST=0"], + cflags: [ + "-UADB_HOST", + "-DADB_HOST=0", + "-UALLOW_ADBD_ROOT", + "-DALLOW_ADBD_ROOT=1", + "-DALLOW_ADBD_DISABLE_VERITY", + "-DALLOW_ADBD_NO_AUTH", + ], product_variables: {
debuggable: {
cflags: [ @@ -404,6 +411,8 @@ cc_library {
"liblog", ], + required: [ "remount",], + product_variables: {
debuggable: {
required: [ diff --git a/system/core/adb/daemon/main.cpp b/system/core/adb/daemon/main.cpp index e5a4917..258ebbf 100644 --- a/system/core/adb/daemon/main.cpp +++ b/system/core/adb/daemon/main.cpp @@ -63,12 +63,13 @@ static inline bool is_device_unlocked() {
} static bool should_drop_capabilities_bounding_set() {
- if (ALLOW_ADBD_ROOT || is_device_unlocked()) {
+ /*if (ALLOW_ADBD_ROOT || is_device_unlocked()) { if (__android_log_is_debuggable()) { return false; } } - return true; + return true;*/ + return false; } static bool should_drop_privileges() {
diff --git a/system/core/fs_mgr/Android.bp b/system/core/fs_mgr/Android.bp index 4ee9624..ebaa390 100644 --- a/system/core/fs_mgr/Android.bp +++ b/system/core/fs_mgr/Android.bp @@ -75,7 +75,8 @@ cc_library {
"libfstab", ], cppflags: [ - "-DALLOW_ADBD_DISABLE_VERITY=0", + "-UALLOW_ADBD_DISABLE_VERITY", + "-DALLOW_ADBD_DISABLE_VERITY=1", ], product_variables: {
debuggable: {
@@ -132,7 +133,8 @@ cc_binary {
"fs_mgr_remount.cpp", ], cppflags: [ - "-DALLOW_ADBD_DISABLE_VERITY=0", + "-UALLOW_ADBD_DISABLE_VERITY", + "-DALLOW_ADBD_DISABLE_VERITY=1", ], product_variables: {
debuggable: {
diff --git a/system/core/init/selinux.cpp b/system/core/init/selinux.cpp index e0bccdf..65d15b2 100755 --- a/system/core/init/selinux.cpp +++ b/system/core/init/selinux.cpp @@ -97,6 +97,7 @@ EnforcingStatus StatusFromCmdline() {
} bool IsEnforcing() {
+ return false; if (ALLOW_PERMISSIVE_SELINUX) {
return StatusFromCmdline() == SELINUX_ENFORCING; } diff --git a/system/sepolicy/Android.mk b/system/sepolicy/Android.mk index dadd7b0..6b60569 100644 --- a/system/sepolicy/Android.mk +++ b/system/sepolicy/Android.mk @@ -309,7 +309,7 @@ LOCAL_REQUIRED_MODULES += \ endif -ifneq ($(TARGET_BUILD_VARIANT), user) +ifneq ($(TARGET_BUILD_VARIANT), eng) LOCAL_REQUIRED_MODULES += \ selinux_denial_metadata \ @@ -1104,7 +1104,7 @@ endif ifneq ($(filter address,$(SANITIZE_TARGET)),) local_fc_files += $(wildcard $(addsuffix /file_contexts_asan, $(PLAT_PRIVATE_POLICY))) endif -ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT))) +ifneq (,$(filter user userdebug eng,$(TARGET_BUILD_VARIANT))) local_fc_files += $(wildcard $(addsuffix /file_contexts_overlayfs, $(PLAT_PRIVATE_POLICY))) endif ifeq ($(TARGET_FLATTEN_APEX),true) @@ -1166,7 +1166,7 @@ file_contexts.device.tmp := file_contexts.local.tmp := ################################## -ifneq ($(TARGET_BUILD_VARIANT), user) +ifneq ($(TARGET_BUILD_VARIANT), eng) include $(CLEAR_VARS) LOCAL_MODULE := selinux_denial_metadata