admin管理员组文章数量:1603107
RK3568 Android11 获取 root 权限
http://www.atmcu/3507.html
该方法同时适用于RK3566,以及其他Android11 相关的RK平台
- 需要将固件编译成 userdebug 版本,方法如下:
source build/envsetup.sh
lunch rk3566_r-userdebug
make -j32
./mkimage.sh - 关闭 selinux 模式,方法如下:
device/rockchip/common/BoardConfig.mk
diff --git a/BoardConfig.mk b/BoardConfig.mk
index e28fd4b…4fcbaf8 100755
— a/BoardConfig.mk
+++ b/BoardConfig.mk
@@ -59,7 +59,7 @@ BOARD_BOOT_HEADER_VERSION ?= 2
BOARD_MKBOOTIMG_ARGS :=
BOARD_PREBUILT_DTBOIMAGE ?= $(TARGET_DEVICE_DIR)/dtbo.img
BOARD_ROCKCHIP_VIRTUAL_AB_ENABLE ?= false
-BOARD_SELINUX_ENFORCING ?= true
+BOARD_SELINUX_ENFORCING ?= false - 修改 su.cpp,注释用户组权限检测,方法如下:
system/extras/su/su.cpp
diff --git a/su/su.cpp b/su/su.cpp
index 1a1ab6bf…af3d2a68 100644
— a/su/su.cpp
+++ b/su/su.cpp
@@ -80,8 +80,8 @@ void extract_uidgids(const char* uidgids, uid_t* uid, gid_t* gid, gid_t* gids, i
}
int main(int argc, char** argv) {
- uid_t current_uid = getuid();
- if (current_uid != AID_ROOT && current_uid != AID_SHELL) error(1, 0, “not allowed”);
- //uid_t current_uid = getuid();
- //if (current_uid != AID_ROOT && current_uid != AID_SHELL) error(1, 0, “not allowed”);
- 给su文件默认授予root 权限,方法如下:
system/core/libcutils/fs_config.cpp
diff --git a/libcutils/fs_config.cpp b/libcutils/fs_config.cpp
index 5805a4d19…92e93e76f 100644
— a/libcutils/fs_config.cpp
+++ b/libcutils/fs_config.cpp
@@ -188,7 +188,7 @@ static const struct fs_path_config android_files[] = {
// the following two files are INTENTIONALLY set-uid, but they
// are NOT included on user builds.
{ 06755, AID_ROOT, AID_ROOT, 0, “system/xbin/procmem” },
- { 04750, AID_ROOT, AID_SHELL, 0, “system/xbin/su” },
-
{ 06755, AID_ROOT, AID_SHELL, 0, “system/xbin/su” },
// the following files have enhanced capabilities and ARE included
// in user builds.
frameworks/base/core/jni/com_android_internal_os_Zygote.cpp
diff --git a/core/jni/com_android_internal_os_Zygote.cpp b/core/jni/com_android_internal_os_Zygote.cpp
index 9eede83e21e…a260aca1fe8 100644
— a/core/jni/com_android_internal_os_Zygote.cpp
+++ b/core/jni/com_android_internal_os_Zygote.cpp
@@ -656,7 +656,7 @@ static void EnableKeepCapabilities(fail_fn_t fail_fn) {
}
static void DropCapabilitiesBoundingSet(fail_fn_t fail_fn) {
- for (int i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >= 0; i++) {;
- /*for (int i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >= 0; i++) {;
if (prctl(PR_CAPBSET_DROP, i, 0, 0, 0) == -1) {
if (errno == EINVAL) {
ALOGE("prctl(PR_CAPBSET_DROP) failed with EINVAL. Please verify "
@@ -665,7 +665,7 @@ static void DropCapabilitiesBoundingSet(fail_fn_t fail_fn) {
fail_fn(CREATE_ERROR(“prctl(PR_CAPBSET_DROP, %d) failed: %s”, i, strerror(errno)));
}
}
- }
-
}*/
}
kernel/security/commoncap.c
diff --git a/security/commoncap.c b/security/commoncap.c
index 876cfe01d939…8b338503b122 100644
— a/security/commoncap.c
+++ b/security/commoncap.c
@@ -1167,10 +1167,12 @@ static int cap_prctl_drop(unsigned long cap)
{
struct cred *new; -
/*
if (!ns_capable(current_user_ns(), CAP_SETPCAP))
return -EPERM;
if (!cap_valid(cap))
return -EINVAL; -
*/
new = prepare_creds();
if (!new)
uart5修改
1.在板级文件(最终用的dts文件)里使能uart5 rk3568-evb1-ddr4-v10.dtsi
&uart5 {
current-speed = <115200>;
//pinctrl-names = “default”;
//dma-names = “tx”, “rx”;
//pinctrl-0 = <&uart4_xfer>;
status = “okay”;
};
2.给串口读写权限(device\rockchip\common\ueventd.rockchip.rc)
/dev/ttyS5 0777 root system
版权声明:本文标题:RK3568 Android11 获取 root 权限 内容由热心网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:https://www.elefans.com/dongtai/1728429599a1157805.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论