Android 10 User版本如何添加属性来控制root权限

需求:User版本如何添加属性来控制root权限
代码路径:
system/core/init/selinux.cpp
system/core/adb/daemon/main.cpp
build / tools/post_process_props.py
在selinux.cpp文件中IsEnforcing()方法中false,则可以去掉selinux权限

--- a/init/selinux.cpp
+++ b/init/selinux.cpp
@@ -97,6 +97,7 @@ EnforcingStatus StatusFromCmdline() {
 }
 
 bool IsEnforcing() {
+       return false;
     {
         int fd(open("/mboot/selinux", O_RDONLY | O_CLOEXEC | O_BINARY));
         if (fd != -1) {

在main.cpp文件中should_drop_privileges()方法中控制root权限是否可以开启,其中drop值为false,则开启root权限,如果为true,则不开启

static bool should_drop_privileges() {
    // "adb root" not allowed, always drop privileges.
	bool persist_user_secure = android::base::GetBoolProperty("persist.sys.user.secure", true);
    if (!ALLOW_ADBD_ROOT && !is_device_unlocked()){
		if(!persist_user_secure){
			return false;
		}else{
			return true;
		}
	}
    // The properties that affect `adb root` and `adb unroot` are ro.secure and
    // ro.debuggable. In this context the names don't make the expected behavior
    // particularly obvious.
    //
    // ro.debuggable:
    //   Allowed to become root, but not necessarily the default. Set to 1 on
    //   eng and userdebug builds.
    //
    // ro.secure:
    //   Drop privileges by default. Set to 1 on userdebug and user builds.
    bool ro_secure = android::base::GetBoolProperty("ro.secure", true);
    bool ro_debuggable = __android_log_is_debuggable();

    // Drop privileges if ro.secure is set...
    bool drop = ro_secure;

    // ... except "adb root" lets you keep privileges in a debuggable build.
    std::string prop = android::base::GetProperty("service.adb.root", "");
    bool adb_root = (prop == "1");
    bool adb_unroot = (prop == "0");
    if (ro_debuggable && adb_root) {
        drop = false;
    }
    // ... and "adb unroot" lets you explicitly drop privileges.
    if (adb_unroot) {
        drop = true;
    }
    return drop;
}

}
在post_process_props.py脚本中修改如下

if prop.get("ro.debuggable") == "1":
    val = prop.get("persist.sys.usb.config")
    if "adb" not in val:
      if val == "":
        val = "adb"
      else:
        val = val + ",adb"
      prop.put("persist.sys.usb.config", val)

修改为


  #if prop.get("ro.debuggable") == "1":
  val = prop.get("persist.sys.usb.config")
  if "adb" not in val:
    if val == "":
      val = "adb"
    else:
      val = val + ",adb"
    prop.put("persist.sys.usb.config", val)

备注:User版本去掉root权限时必须要去掉selinux权限

上一篇:Linux下全局安装composer【转】


下一篇:linux centos系统密码忘记怎么办