高通 -Android12 打开su

news2024/9/21 19:30:28

1、问题

		近日，客户反馈，设备无法执行pm uninstall <packageName>卸载第三方apk的命令，提示无权限。设备是高通平台的Android12系统，提示如下：

W/System.err: java.io.IOException: Cannot run program "su": error=13, Permission denied

	下面针对该系统下配置root权限，做一个记录分享。

2、解决

		**注意：以下目录均是在项目的UM***中，在QSSI中修改无效。**

（1）frameworks/base/core/jni/com_android_internal_os_Zygote.cpp

static void DropCapabilitiesBoundingSet(fail_fn_t fail_fn) {
	/*
  for (int i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >= 0; i++) {;
    if (prctl(PR_CAPBSET_DROP, i, 0, 0, 0) == -1) {
      if (errno == EINVAL) {
        ALOGE("prctl(PR_CAPBSET_DROP) failed with EINVAL. Please verify "
              "your kernel is compiled with file capabilities support");
      } else {
        fail_fn(CREATE_ERROR("prctl(PR_CAPBSET_DROP, %d) failed: %s", i, strerror(errno)));
      }
    }
  }
  */
}

（2）kernel/msm-4.19/security/commoncap.c

/*
 * Implement PR_CAPBSET_DROP.  Attempt to remove the specified capability from
 * the current task's bounding set.  Returns 0 on success, -ve on error.
 */
static int cap_prctl_drop(unsigned long cap)
{
	struct cred *new;

	/* if (!ns_capable(current_user_ns(), CAP_SETPCAP))
		return -EPERM;
	if (!cap_valid(cap))
		return -EINVAL; */

	new = prepare_creds();
	if (!new)
		return -ENOMEM;
	cap_lower(new->cap_bset, cap);
	return commit_creds(new);
}

（3）system/core/libcutils/fs_config.cpp

// the following two files are INTENTIONALLY set-uid, but they
    // are NOT included on user builds.
    { 06755, AID_ROOT,      AID_ROOT,      0, "system/xbin/procmem" },
    { 06755, AID_ROOT,      AID_SHELL,     0, "system/xbin/su" },

{ 00755, AID_ROOT,         AID_SHELL,        0, "system/vendor" },
{ 00755, AID_ROOT,         AID_SHELL,        0, "system/xbin" },

（4）system/extras/su/su.cpp

int main(int argc, char** argv) {
    /* uid_t current_uid = getuid();
    //if (current_uid != AID_ROOT && current_uid != AID_SHELL) error(1, 0, "not allowed");
    if (current_uid != AID_ROOT && current_uid != AID_SHELL) fprintf(stderr, "current_uid %d\n",current_uid); */

    // Handle -h and --help.
    ++argv;
    if (*argv && (strcmp(*argv, "--help") == 0 || strcmp(*argv, "-h") == 0)) {
        fprintf(stderr,
                "usage: su [WHO [COMMAND...]]\n"
                "\n"
                "Switch to WHO (default 'root') and run the given COMMAND (default sh).\n"
                "\n"
                "WHO is a comma-separated list of user, group, and supplementary groups\n"
                "in that order.\n"
                "\n");
        return 0;
    }