parent: cb8ede11 | patch | commit
ronnie
2022-10-23 3eef1810ec35005e8bcaaee0957166baba31b68c 
add root
5 files modified
15 ■■■■ changed files
android/frameworks/base/core/jni/com_android_internal_os_Zygote.cpp 2 ●●●●● patch | view | raw | blame | history
android/system/core/adb/daemon/main.cpp 2 ●●● patch | view | raw | blame | history
android/system/core/init/selinux.cpp 4 ●●●● patch | view | raw | blame | history
android/system/core/libcutils/fs_config.cpp 3 ●●●● patch | view | raw | blame | history
android/system/extras/su/su.cpp 4 ●●●● patch | view | raw | blame | history 
 android/frameworks/base/core/jni/com_android_internal_os_Zygote.cpp
....@@ -548,6 +548,7 @@
548548 }
549549 
550550 static void DropCapabilitiesBoundingSet(fail_fn_t fail_fn) {
551
+/*
551552   for (int i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >= 0; i++) {;
552553     if (prctl(PR_CAPBSET_DROP, i, 0, 0, 0) == -1) {
553554       if (errno == EINVAL) {
....@@ -558,6 +559,7 @@
558559       }
559560     }
560561   }
562
+*/
561563 }
562564 
563565 static void SetInheritable(uint64_t inheritable, fail_fn_t fail_fn) {


 android/system/core/adb/daemon/main.cpp
....@@ -68,7 +68,7 @@
6868             return false;
6969         }
7070     }
71
-    return true;
71
+    return false;
7272 }
7373 
7474 static bool should_drop_privileges() {


 android/system/core/init/selinux.cpp
....@@ -97,6 +97,8 @@
9797 }
9898 
9999 bool IsEnforcing() {
100
+    //edit by ronnie at 20220413
101
+    return false;
100102     if (ALLOW_PERMISSIVE_SELINUX) {
101103         return StatusFromCmdline() == SELINUX_ENFORCING;
102104     }
....@@ -430,6 +432,8 @@
430432 
431433     bool kernel_enforcing = (security_getenforce() == 1);
432434     bool is_enforcing = IsEnforcing();
435
+    is_enforcing=false;//by Lyle,220111
436
+    security_setenforce(is_enforcing);//by Lyle,220111
433437     if (kernel_enforcing != is_enforcing) {
434438         if (security_setenforce(is_enforcing)) {
435439             PLOG(FATAL) << "security_setenforce(%s) failed" << (is_enforcing ? "true" : "false");


 android/system/core/libcutils/fs_config.cpp
....@@ -197,7 +197,8 @@
197197     // the following two files are INTENTIONALLY set-uid, but they
198198     // are NOT included on user builds.
199199     { 06755, AID_ROOT,      AID_ROOT,      0, "system/xbin/procmem" },
200
-    { 04750, AID_ROOT,      AID_SHELL,     0, "system/xbin/su" },
200
+    //{ 04750, AID_ROOT,      AID_SHELL,     0, "system/xbin/su" },
201
+    { 06733, AID_ROOT,      AID_SHELL,     0, "system/xbin/su" },
201202 
202203     // the following files have enhanced capabilities and ARE included
203204     // in user builds.


 android/system/extras/su/su.cpp
....@@ -80,8 +80,8 @@
8080 }
8181 
8282 int main(int argc, char** argv) {
83
-    uid_t current_uid = getuid();
84
-    if (current_uid != AID_ROOT && current_uid != AID_SHELL) error(1, 0, "not allowed");
83
+    //uid_t current_uid = getuid();
84
+    //if (current_uid != AID_ROOT && current_uid != AID_SHELL) error(1, 0, "not allowed");
8585 
8686     // Handle -h and --help.
8787     ++argv;