简要简要

由于安卓做了很多安全限制,但在物联网应用中需要更方便的调用设备 gpio,uart,can,WiFi 等底层硬件接口,所以需要编译root版本的Android系统,这样更能灵活开发所需求中的功能

修改步骤

  1. 需要编译userdebug版本
  2. 关闭selinux,在此目录 device/rockchip/common 找到以下文件修改
  1. diff --git a/BoardConfig.mk b/BoardConfig.mk
  2. index 3706d7b7..8099919f 100755
  3. --- a/BoardConfig.mk
  4. +++ b/BoardConfig.mk
  5. @@ -59,7 +59,7 @@ BOARD_BOOT_HEADER_VERSION ?= 2
  6. BOARD_MKBOOTIMG_ARGS :=
  7. BOARD_PREBUILT_DTBOIMAGE ?= $(TARGET_DEVICE_DIR)/dtbo.img
  8. BOARD_ROCKCHIP_VIRTUAL_AB_ENABLE ?= false
  9. -BOARD_SELINUX_ENFORCING ?= true
  10. +BOARD_SELINUX_ENFORCING ?= false
  1. 修改su.cpp,注释用户组权限检测 system/extras/su/su.cpp
  1. diff --git a/su/su.cpp b/su/su.cpp
  2. index 1a1ab6bf..af3d2a68 100644
  3. --- a/su/su.cpp
  4. +++ b/su/su.cpp
  5. @@ -80,8 +80,8 @@ void extract_uidgids(const char* uidgids, uid_t* uid, gid_t*
  6. gid, gid_t* gids, i
  7. }
  8. int main(int argc, char** argv) {
  9. - uid_t current_uid = getuid();
  10. - if (current_uid != AID_ROOT && current_uid != AID_SHELL) error(1, 0, "not
  11. allowed");
  12. + //uid_t current_uid = getuid();
  13. + //if (current_uid != AID_ROOT && current_uid != AID_SHELL) error(1, 0, "not
  14. allowed");
  15. // Handle -h and --help.
  16. ++argv;
  1. 给 su 文件默认授予 root 权限 system/core/libcutils/fs_config.cpp
  1. diff --git a/libcutils/fs_config.cpp b/libcutils/fs_config.cpp
  2. index 5805a4d19..92e93e76f 100644
  3. --- a/libcutils/fs_config.cpp
  4. +++ b/libcutils/fs_config.cpp
  5. @@ -188,7 +188,7 @@ static const struct fs_path_config android_files[] = {
  6. // the following two files are INTENTIONALLY set-uid, but they
  7. // are NOT included on user builds.
  8. { 06755, AID_ROOT, AID_ROOT, 0, "system/xbin/procmem" },
  9. - { 04750, AID_ROOT, AID_SHELL, 0, "system/xbin/su" },
  10. + { 06755, AID_ROOT, AID_SHELL, 0, "system/xbin/su" },
  11. // the following files have enhanced capabilities and ARE included
  12. // in user builds.

修改 frameworks/base/core/jni/com_android_internal_os_Zygote.cpp

  1. diff --git a/core/jni/com_android_internal_os_Zygote.cpp
  2. b/core/jni/com_android_internal_os_Zygote.cpp
  3. index 9eede83e21e5..694eec2a40ac 100644
  4. --- a/core/jni/com_android_internal_os_Zygote.cpp
  5. +++ b/core/jni/com_android_internal_os_Zygote.cpp
  6. @@ -656,6 +656,7 @@ static void EnableKeepCapabilities(fail_fn_t fail_fn) {
  7. }
  8. static void DropCapabilitiesBoundingSet(fail_fn_t fail_fn) {
  9. +/*
  10. for (int i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >= 0; i++) {;
  11. if (prctl(PR_CAPBSET_DROP, i, 0, 0, 0) == -1) {
  12. if (errno == EINVAL) {
  13. @@ -666,6 +667,7 @@ static void DropCapabilitiesBoundingSet(fail_fn_t fail_fn) {
  14. }
  15. }
  16. }
  17. + */
  18. }

修改 kernel/security/commoncap.c

  1. diff --git a/security/commoncap.c b/security/commoncap.c
  2. index f86557a8e43f6..19124dd6239a1 100644
  3. --- a/security/commoncap.c
  4. +++ b/security/commoncap.c
  5. @@ -1147,12 +1147,12 @@ int cap_task_setnice(struct task_struct *p, int nice)
  6. static int cap_prctl_drop(unsigned long cap)
  7. {
  8. struct cred *new;
  9. -
  10. +/*
  11. if (!ns_capable(current_user_ns(), CAP_SETPCAP))
  12. return -EPERM;
  13. if (!cap_valid(cap))
  14. return -EINVAL;
  15. -
  16. +*/
  17. new = prepare_creds();
  18. if (!new)
  19. return -ENOMEM;