1 Architecture
Figure 1-1 adb Data Flow
2 Adb Root Patch
@ source code
diff --git a/adb/Android.mk b/adb/Android.mk
index a815c77..56b66d8 100644
--- a/adb/Android.mk
+++ b/adb/Android.mk
@@ -121,7 +121,7 @@ endif
LOCAL_CFLAGS := -O2 -g -DADB_HOST=0 -Wall -Wno-unused-parameter -Werror
LOCAL_CFLAGS += -D_XOPEN_SOURCE -D_GNU_SOURCE
-ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT)))
+ifneq (,$(filter userdebug eng user,$(TARGET_BUILD_VARIANT)))
LOCAL_CFLAGS += -DALLOW_ADBD_ROOT=1
endif
diff --git a/adb/adb.c b/adb/adb.c
index 4300754..d2aa962 100644
--- a/adb/adb.c
+++ b/adb/adb.c
@@ -1280,7 +1280,7 @@ static int should_drop_privileges() {
// ... except we allow running as root in userdebug builds if the
// service.adb.root property has been set by the "adb root" command
property_get("ro.debuggable", value, "");
- if (strcmp(value, "1") == 0) {
+ if (1) {//strcmp(value, "1") == 0) {
property_get("service.adb.root", value, "");
if (strcmp(value, "1") == 0) {
secure = 0;
diff --git a/adb/services.c b/adb/services.c
index e61371a..cdf68f4 100644
--- a/adb/services.c
+++ b/adb/services.c
@@ -61,6 +61,7 @@ void restart_root_service(int fd, void *cookie)
{
char buf[100];
char value[PROPERTY_VALUE_MAX];
+ const char *oem_pwd = "123456";
if (getuid() == 0) {
snprintf(buf, sizeof(buf), "adbd is already running as root\n");
@@ -68,17 +69,22 @@ void restart_root_service(int fd, void *cookie)
adb_close(fd);
} else {
property_get("ro.debuggable", value, "");
- if (strcmp(value, "1") != 0) {
+ if ((cookie != NULL) && !strcmp((char *)cookie, oem_pwd)) {
+ property_set("service.adb.root", "1");
+ snprintf(buf, sizeof(buf), "restarting adbd as root\n");
+ writex(fd, buf, strlen(buf));
+ adb_close(fd);
+ } else if (strcmp(value, "1") != 0) {
snprintf(buf, sizeof(buf), "adbd cannot run as root in production builds\n");
writex(fd, buf, strlen(buf));
adb_close(fd);
return;
- }
-
- property_set("service.adb.root", "1");
- snprintf(buf, sizeof(buf), "restarting adbd as root\n");
- writex(fd, buf, strlen(buf));
- adb_close(fd);
+ } else {
+ snprintf(buf, sizeof(buf), "adbd cannot run as root, pwd error\n");
+ writex(fd, buf, strlen(buf));
+ adb_close(fd);
+ return;
+ }
}
}
@@ -434,7 +440,7 @@ int service_to_fd(const char *name)
if (arg == NULL) return -1;
ret = create_service_thread(reboot_service, arg);
} else if(!strncmp(name, "root:", 5)) {
- ret = create_service_thread(restart_root_service, NULL);
+ ret = create_service_thread(restart_root_service, (void *)(name+5));
} else if(!strncmp(name, "backup:", 7)) {
char* arg = strdup(name + 7);
if (arg == NULL) return -1;
diff --git a/adb/sockets.c b/adb/sockets.c
index faa9564..6e0a32e 100644
--- a/adb/sockets.c
+++ b/adb/sockets.c
@@ -455,7 +455,7 @@ asocket *create_local_service_socket(const char *name)
property_get("ro.debuggable", debug, "");
if ((!strncmp(name, "root:", 5) && getuid() != 0
- && strcmp(debug, "1") == 0)
+ /*&& strcmp(debug, "1") == 0*/)
|| !strncmp(name, "usb:", 4)
|| !strncmp(name, "tcpip:", 6)) {
D("LS(%d): enabling exit_on_close\n", s->id);
@ sepolicy
diff --git a/adbd.te b/adbd.te
index 5fcaf69..0ed7649 100644
--- a/adbd.te
+++ b/adbd.te
@@ -2,10 +2,10 @@
# it lives in the rootfs and has no unique file type.
type adbd, domain;
-userdebug_or_eng(`
+#userdebug_or_eng(`
allow adbd self:process setcurrent;
allow adbd su:process dyntransition;
-')
+#')
domain_auto_trans(adbd, shell_exec, shell)
@@ -74,3 +74,5 @@ allow adbd zygote_exec:file r_file_perms;
allow adbd system_file:file r_file_perms;
allow adbd kernel:security read_policy;
+
+allow adbd init:process sigchld;
diff --git a/su.te b/su.te
index 73ca514..3c1801c 100644
--- a/su.te
+++ b/su.te
@@ -1,7 +1,7 @@
# File types must be defined for file_contexts.
type su_exec, exec_type, file_type;
-userdebug_or_eng(`
+#userdebug_or_eng(`
# Domain used for su processes, as well as for adbd and adb shell
# after performing an adb root command. The domain definition is
# wrapped to ensure that it does not exist at all on -user builds.
@@ -41,4 +41,4 @@ userdebug_or_eng(`
dontaudit su domain:peer *;
dontaudit su domain:binder *;
dontaudit su property_type:property_service *;
-')
+#')
LA adb How-to
版权声明:本文为博主原创文章,未经博主允许不得转载。 https://blog.csdn.net/zoosenpin/article/details/79009013
猜你喜欢
转载自blog.csdn.net/zoosenpin/article/details/79009013
今日推荐
周排行