rk3288 android 7.1 系统root

diff --git a/frameworks/base/cmds/app_process/app_main.cpp b/frameworks/base/cmds/app_process/app_main.cpp
index 2e02382..97cf5d4 100644
--- a/frameworks/base/cmds/app_process/app_main.cpp
+++ b/frameworks/base/cmds/app_process/app_main.cpp
@@ -185,7 +185,8 @@ static const char ZYGOTE_NICE_NAME[] = "zygote";

int main(int argc, char* const argv[])
{
- if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) < 0) {
+/* //Arctan delete
+   if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) < 0) {
// Older kernels don't understand PR_SET_NO_NEW_PRIVS and return
// EINVAL. Don't die on such kernels.
if (errno != EINVAL) {
@@ -193,7 +194,7 @@ int main(int argc, char* const argv[])
return 12;
}
}
-
+*/
AppRuntime runtime(argv[0], computeArgBlockSize(argc, argv));
// Process command line arguments
// ignore argv[0]
diff --git a/frameworks/base/core/jni/com_android_internal_os_Zygote.cpp b/frameworks/base/core/jni/com_android_internal_os_Zygote.cpp
index f94c861..54373e8 100644
--- a/frameworks/base/core/jni/com_android_internal_os_Zygote.cpp
+++ b/frameworks/base/core/jni/com_android_internal_os_Zygote.cpp
@@ -225,7 +225,8 @@ static void EnableKeepCapabilities(JNIEnv* env) {
}

static void DropCapabilitiesBoundingSet(JNIEnv* env) {
- for (int i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >= 0; i++) {
+/*
+   for (int i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >= 0; i++) {
int rc = prctl(PR_CAPBSET_DROP, i, 0, 0, 0);
if (rc == -1) {
if (errno == EINVAL) {
@@ -236,6 +237,7 @@ static void DropCapabilitiesBoundingSet(JNIEnv* env) {
}
}
}
+ */
}

static void SetCapabilities(JNIEnv* env, int64_t permitted, int64_t effective) {
diff --git a/system/core/adb/Android.mk b/system/core/adb/Android.mk
index 8f56d74..7b255fb 100644
--- a/system/core/adb/Android.mk
+++ b/system/core/adb/Android.mk
@@ -328,11 +328,11 @@ LOCAL_CFLAGS := \
-Wno-deprecated-declarations \

LOCAL_CFLAGS += -DALLOW_ADBD_NO_AUTH=$(if $(filter userdebug eng,$(TARGET_BUILD_VARIANT)),1,0)
-
-ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT)))
+#Arctan change
+#ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT)))
LOCAL_CFLAGS += -DALLOW_ADBD_DISABLE_VERITY=1
LOCAL_CFLAGS += -DALLOW_ADBD_ROOT=1
-endif
+#endif

LOCAL_MODULE := adbd

diff --git a/system/core/adb/daemon/main.cpp b/system/core/adb/daemon/main.cpp
index cd141a8..aa5037e 100644
--- a/system/core/adb/daemon/main.cpp
+++ b/system/core/adb/daemon/main.cpp
@@ -64,6 +64,7 @@ static void drop_capabilities_bounding_set_if_needed() {
}

static bool should_drop_privileges() {
+   return false; //Arctan add
#if defined(ALLOW_ADBD_ROOT)
char value[PROPERTY_VALUE_MAX];

diff --git a/system/core/init/Android.mk b/system/core/init/Android.mk
index a454989..d7e7eeb 100644
--- a/system/core/init/Android.mk
+++ b/system/core/init/Android.mk
@@ -7,7 +7,8 @@ LOCAL_PATH:= $(call my-dir)
ifneq (,$(filter userdebug eng user,$(TARGET_BUILD_VARIANT)))
init_options += -DALLOW_LOCAL_PROP_OVERRIDE=1 -DALLOW_DISABLE_SELINUX=1
else
-init_options += -DALLOW_LOCAL_PROP_OVERRIDE=0 -DALLOW_DISABLE_SELINUX=0
+#nit_options += -DALLOW_LOCAL_PROP_OVERRIDE=0 -DALLOW_DISABLE_SELINUX=0
+init_options += -DALLOW_LOCAL_PROP_OVERRIDE=0 -DALLOW_DISABLE_SELINUX=1
endif

init_options += -DLOG_UEVENTS=0
diff --git a/system/core/init/init.cpp b/system/core/init/init.cpp
index 05e7457..36399e8 100644
--- a/system/core/init/init.cpp
+++ b/system/core/init/init.cpp
@@ -708,7 +708,8 @@ static bool selinux_is_disabled(void)

static bool selinux_is_enforcing(void)
{
- if (ALLOW_DISABLE_SELINUX) {
+   return false; //Arctan add
+   if (ALLOW_DISABLE_SELINUX) {
return selinux_status_from_cmdline() == SELINUX_ENFORCING;
}
return true;
diff --git a/system/core/libcutils/fs_config.c b/system/core/libcutils/fs_config.c
index 9acfa58..9337e2d 100644
--- a/system/core/libcutils/fs_config.c
+++ b/system/core/libcutils/fs_config.c
@@ -136,8 +136,11 @@ static const struct fs_path_config android_files[] = {

/* the following two files are INTENTIONALLY set-uid, but they
* are NOT included on user builds. */

/* the following files have enhanced capabilities and ARE included in user builds. */
{ 00750, AID_ROOT, AID_SHELL, CAP_MASK_LONG(CAP_SETUID) | CAP_MASK_LONG(CAP_SETGID), "system/bin/run-as" },
@@ -148,7 +151,8 @@ static const struct fs_path_config android_files[] = {

{ 00750, AID_ROOT, AID_ROOT, 0, "system/bin/uncrypt" },
{ 00750, AID_ROOT, AID_ROOT, 0, "system/bin/install-recovery.sh" },
+   { 06755, AID_ROOT, AID_ROOT, 0, "system/bin/su" }, //Arctan add
{ 00755, AID_ROOT, AID_ROOT, 0, "system/lib/valgrind/*" },
{ 00755, AID_ROOT, AID_ROOT, 0, "system/lib64/valgrind/*" },
{ 00755, AID_ROOT, AID_SHELL, 0, "system/xbin/*" },
diff --git a/system/extras/su/su.c b/system/extras/su/su.c
index ea61f93..25b881f 100644
--- a/system/extras/su/su.c
+++ b/system/extras/su/su.c
@@ -81,8 +81,9 @@ void extract_uidgids(const char* uidgids, uid_t* uid, gid_t* gid, gid_t* gids, i
}

int main(int argc, char** argv) {
- uid_t current_uid = getuid();
- if (current_uid != AID_ROOT && current_uid != AID_SHELL) error(1, 0, "not allowed");
+//Arctan delete
+// uid_t current_uid = getuid();
+// if (current_uid != AID_ROOT && current_uid != AID_SHELL) error(1, 0, "not allowed");

// Handle -h and --help.
++argv;

更多相关文章

随机推荐