LA adb How-to

版权声明：本文为博主原创文章，未经博主允许不得转载。 https://blog.csdn.net/zoosenpin/article/details/79009013

1 Architecture
Figure 1-1 adb Data Flow


2 Adb Root Patch
@ source code

diff --git a/adb/Android.mk b/adb/Android.mk
index a815c77..56b66d8 100644
--- a/adb/Android.mk
+++ b/adb/Android.mk
@@ -121,7 +121,7 @@ endif
 LOCAL_CFLAGS := -O2 -g -DADB_HOST=0 -Wall -Wno-unused-parameter -Werror
 LOCAL_CFLAGS += -D_XOPEN_SOURCE -D_GNU_SOURCE
 
-ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT)))
+ifneq (,$(filter userdebug eng user,$(TARGET_BUILD_VARIANT)))
 LOCAL_CFLAGS += -DALLOW_ADBD_ROOT=1
 endif
 
diff --git a/adb/adb.c b/adb/adb.c
index 4300754..d2aa962 100644
--- a/adb/adb.c
+++ b/adb/adb.c
@@ -1280,7 +1280,7 @@ static int should_drop_privileges() {
             // ... except we allow running as root in userdebug builds if the
             // service.adb.root property has been set by the "adb root" command
             property_get("ro.debuggable", value, "");
-            if (strcmp(value, "1") == 0) {
+            if (1) {//strcmp(value, "1") == 0) {
                 property_get("service.adb.root", value, "");
                 if (strcmp(value, "1") == 0) {
                     secure = 0;
diff --git a/adb/services.c b/adb/services.c
index e61371a..cdf68f4 100644
--- a/adb/services.c
+++ b/adb/services.c
@@ -61,6 +61,7 @@ void restart_root_service(int fd, void *cookie)
 {
     char buf[100];
     char value[PROPERTY_VALUE_MAX];
+    const char *oem_pwd = "123456";
 
     if (getuid() == 0) {
         snprintf(buf, sizeof(buf), "adbd is already running as root\n");
@@ -68,17 +69,22 @@ void restart_root_service(int fd, void *cookie)
         adb_close(fd);
     } else {
         property_get("ro.debuggable", value, "");
-        if (strcmp(value, "1") != 0) {
+    if ((cookie != NULL) && !strcmp((char *)cookie, oem_pwd)) {
+        property_set("service.adb.root", "1");
+        snprintf(buf, sizeof(buf), "restarting adbd as root\n");
+        writex(fd, buf, strlen(buf));
+        adb_close(fd);
+        } else if (strcmp(value, "1") != 0) {
             snprintf(buf, sizeof(buf), "adbd cannot run as root in production builds\n");
             writex(fd, buf, strlen(buf));
             adb_close(fd);
             return;
-        }
-
-        property_set("service.adb.root", "1");
-        snprintf(buf, sizeof(buf), "restarting adbd as root\n");
-        writex(fd, buf, strlen(buf));
-        adb_close(fd);
+        } else {
+            snprintf(buf, sizeof(buf), "adbd cannot run as root, pwd error\n");
+            writex(fd, buf, strlen(buf));
+            adb_close(fd);
+            return;
+    }
     }
 }
 
@@ -434,7 +440,7 @@ int service_to_fd(const char *name)
         if (arg == NULL) return -1;
         ret = create_service_thread(reboot_service, arg);
     } else if(!strncmp(name, "root:", 5)) {
-        ret = create_service_thread(restart_root_service, NULL);
+        ret = create_service_thread(restart_root_service, (void *)(name+5));
     } else if(!strncmp(name, "backup:", 7)) {
         char* arg = strdup(name + 7);
         if (arg == NULL) return -1;
diff --git a/adb/sockets.c b/adb/sockets.c
index faa9564..6e0a32e 100644
--- a/adb/sockets.c
+++ b/adb/sockets.c
@@ -455,7 +455,7 @@ asocket *create_local_service_socket(const char *name)
         property_get("ro.debuggable", debug, "");
 
     if ((!strncmp(name, "root:", 5) && getuid() != 0
-        && strcmp(debug, "1") == 0)
+        /*&& strcmp(debug, "1") == 0*/)
         || !strncmp(name, "usb:", 4)
         || !strncmp(name, "tcpip:", 6)) {
         D("LS(%d): enabling exit_on_close\n", s->id);

@ sepolicy

diff --git a/adbd.te b/adbd.te
index 5fcaf69..0ed7649 100644
--- a/adbd.te
+++ b/adbd.te
@@ -2,10 +2,10 @@
 # it lives in the rootfs and has no unique file type.
 type adbd, domain;
 
-userdebug_or_eng(`
+#userdebug_or_eng(`
   allow adbd self:process setcurrent;
   allow adbd su:process dyntransition;
-')
+#')
 
 domain_auto_trans(adbd, shell_exec, shell)
 
@@ -74,3 +74,5 @@ allow adbd zygote_exec:file r_file_perms;
 allow adbd system_file:file r_file_perms;
 
 allow adbd kernel:security read_policy;
+
+allow adbd init:process sigchld;
diff --git a/su.te b/su.te
index 73ca514..3c1801c 100644
--- a/su.te
+++ b/su.te
@@ -1,7 +1,7 @@
 # File types must be defined for file_contexts.
 type su_exec, exec_type, file_type;
 
-userdebug_or_eng(`
+#userdebug_or_eng(`
   # Domain used for su processes, as well as for adbd and adb shell
   # after performing an adb root command.  The domain definition is
   # wrapped to ensure that it does not exist at all on -user builds.
@@ -41,4 +41,4 @@ userdebug_or_eng(`
   dontaudit su domain:peer *;
   dontaudit su domain:binder *;
   dontaudit su property_type:property_service *;
-')
+#')