Android ADB and others get root permissions

Android ADB obtains the root permission

(1) In Android compiled by myself, the ADB shell automatically obtains the root permission (that is, the display # instead of $ ):

Method:

Modify./Default. Prop

Set Ro. Secure to 0, persist. Service. ADB. Enable to 1, and the adbd process will start as the root user. For the principles, see the following reprinted article.

(2) other programs need to obtain root permissions (no GUI confirmation ):

We need to use a completely free su program to transform the su source code from superuser-
Unlimited no management function of SU (https://github.com/wendal/android_su), Su provided here, removed the tedious operations such as GUI validation, any program can be without a prompt to get the root permission, if you add it yourself, make sure that the partition supports SUID and set Su permission to 6777. (Reference: let your android go naked !! -Paralyzing the android Security Mechanism
Http://wendal.net/321.html)

 

The following article is reprinted:

 

Method:

Modify./Default. Prop

Set Ro. Secure to 0, persist. Service. ADB. Enable to 1, and the adbd process will start as the root user.

 

 

Principle:

You can take a look at the/init. RC fragment in the root directory of the Android system:

......

# Adbd is controlled by the persist. Service. ADB. Enable System Property

Service adbd/sbin/adbd

Disabled

# Adbd on at boot in emulator

On Property: Ro. kernel. qemu = 1

Start adbd

On Property: persist. Service. ADB. Enable = 1

Start adbd

On Property: persist. Service. ADB. Enable = 0

Stop adbd

......

A trigger is defined here. As long as the persist. Service. ADB. Enable value is set to 1,/sbin/adbd will be started.

 

Search in the build directory and find such code snippets in Main. mk.

# User/userdebug ##

 

User_variant: = $ (filter userdebug user, $ (target_build_variant ))

Enable_target_debugging: = true

Ifneq (, $ (user_variant ))

# Target is secure in user builds.

Additional_default_properties + = Ro. Secure = 1

 

Tags_to_install: = user

Ifeq ($ (user_variant), userdebug)

# Pick up some extra useful tools

Tags_to_install + = debug

Else

# Disable debugging in plain user builds.

Enable_target_debugging: =

Endif

 

# Todo: always set with_dexpreopt (for user builds) once it works on OSX.

# Also, remove the corresponding block in config/product_config.make.

Ifeq ($ (host_ OS)-$ (with_dexpreopt_buildbot), Linux-true)

With_dexpreopt: = true

Endif

 

# Disallow mock locations by default for user builds

Additional_default_properties + = Ro. Allow. Mock. Location = 0

 

Else #! User_variant

# Turn On checkjni for non-user builds.

Additional_build_properties + = Ro. kernel. Android. checkjni = 1

# Set device insecure for non-user builds.

Additional_default_properties + = Ro. Secure = 0

# Allow mock locations by default for non user builds

Additional_default_properties + = Ro. Allow. Mock. Location = 1

Endif #! User_variant

 

Ifeq (true, $ (Strip $ (enable_target_debugging )))

# Target is more debuggable and adbd is on by default

Additional_default_properties + = Ro. debuggable = 1 persist. Service. ADB. Enable = 1

# Include the debugging/testing OTA keys in this build.

Include_test_ota_keys: = true

Else #! Enable_target_debugging

# Target is less debuggable and adbd is off by default

Additional_default_properties + = Ro. debuggable = 0 persist. Service. ADB. Enable = 0

Endif #! Enable_target_debugging

I will give a general explanation of this Code:

It mainly assigns different values to several attributes by judging the current compilation mode, and then stores the attributes in the additional_default_properties variable. This variable will be written to/default under the root directory. in prop, which is loaded by the property service at system startup. That is to say, the values of the attributes we see in/Default. Prop are set here.

Only the Ro. Secure and persist. Service. ADB. Enable attributes are available. If the current user mode is used, the compilation system will. set secure to 1 and persist. service. ADB. enable is set to 0. that is to say, the system compiled in user mode runs in safe mode, and adbd is disabled by default. Even if the adbd process is opened by setting properties, the user of the adbd process is shell and does not have the root permission. In this way, when a common user or developer obtains a machine and runs the ADB shell through a PC, the user logs on to the machine as a shell user.

Okay. Now, set Ro. set secure to 0 and re-compile. You only need to set the attribute persist. service. ADB. if the value of enable is 1, The adbd process starts as the root user.

From: http://hi.baidu.com/jugege/blog/item/fae44f226b54e3e9d6cae248.html

Http://blog.csdn.net/koko7958/article/details/6972239