1. 首先安装自己手机对应的root的image, 如twrp.img

    //上传supersu 到   adb push SuperSU-v2.79-20161211114519.zip  /mnt/sdcard/supersu.zip   adb reboot fastboot   //等重启好   fastboot  flash recovery twrp-3.3.1-0-shamu.img

  fastboot  flash recovery twrp-3.3.1-0-shamu.img

   进入twrp的菜单,安装SuperSU-v2.79-20161211114519.zip

2. 这样可以通过su命令来取得root权限 , 但是不能adb root这样,

以下命令会提示出错,

adb rootadbd cannot run as root in production builds
adb remountNot running as root. Try "adb root" first.

需要再替换一下adbd, 安装个termux

  找个修改版的adbd,如adbd.21.png ,

adb push adbd.21.png /mnt/sdcard/

 

sustop adbdmount -o rw,remount / /cat /sbin/adbd > /sbin/adbd.originalchown 0.0 /sbin/adbd.originalchmod 644 /sbin/adbd.originalrm /sbin/adbdcat /sdcard/adbd.21.png >  /sbin/adbdchown 0.0  /sbin/adbdchmod 0750 /sbin/adbdcat /system/bin/sh > /sbin/adbshchown 0.0 /sbin/adbdshchmod 0750 /sbin/adbdshsupolicy --live "permissive init_shell" \"allow adbd adbd process setcurrent" \"allow adbd init process dyntransition" \"allow servicemanager { init_shell zygote } dir search" \"allow servicemanager { init_shell zygote } file { read open }" \"allow servicemanager { init_shell zygote } process getattr" \"allow system_server init_shell binder { transfer call }" \"allow zygote { servicemanager system_server } binder call" start adbd

成功之后:

shamu:/ # whoami                                                               rootshamu:/ # ps  | grep adbdroot      9296  1     8628   224   poll_sched 000204f4 S /sbin/adbd$ adb rootadbd is already running as root$ adb remountremount succeeded

发现重启之后不行,于是写了一个脚本adbroot放到/system/bin下面,每次重启之后在termux里执行一下:

shamu:/ # cat /system/bin/adbroot                                              stop adbdmount -o rw,remount /rm /sbin/adbdln -s /data/local/adbd.21.png /sbin/adbdsupolicy --live "permissive init_shell" \"allow adbd adbd process setcurrent" \"allow adbd init process dyntransition" \"allow servicemanager { init_shell zygote } dir search" \"allow servicemanager { init_shell zygote } file { read open }" \"allow servicemanager { init_shell zygote } process getattr" \"allow system_server init_shell binder { transfer call }" \"allow zygote { servicemanager system_server } binder call" start adbd在termux每次重启后执行:su adbroot

 

更多相关文章

  1. android 9.0 car的相关原生编译脚本配置
  2. Android:有关菜单的学习(供自己参考)
  3. Libcurl库移植指南(上)--OpenSSL库移植
  4. android中的/system/bin/input工具
  5. android listview的创建及行删除操作
  6. android 常用命令行笔记
  7. Ubuntu下编译AndroidNDK项目报arm-linux-androideabi-gcc:命令未
  8. Android(安卓)bluetooth介绍(三): 蓝牙扫描(scan)设备分析
  9. Android(安卓)之怎么删除eclipse自动生成的//TODO Auto-generate

随机推荐

  1. sqlserver 数据库压缩与数据库日志(ldf)
  2. SQL查询效率注意事项小结
  3. SQLSERVER查询所有数据库名,表名,和字段名
  4. sqlserver 触发器实例代码
  5. 理解SQL SERVER中的逻辑读,预读和物理读
  6. 三种SQL分页查询的存储过程代码
  7. SQLServer中数据库文件的存放方式,文件和
  8. 使用BULK INSERT大批量导入数据 SQLSERVE
  9. SQL Server 交叉表查询 case
  10. sqlserver数据库最大Id冲突问题解决方法