jQuery鼠标指针特效

Android 11 禁用 adb root (userdebug版本)

Android 11 禁用 adb root (userdebug版本)

adb shell logcat -s adbd

/system/core/adb/daemon/services.cpp

unique_fd daemon_service_to_fd(std::string_view name, atransport* transport) {
    ...
    #if defined(__ANDROID__)
    if (name.starts_with("framebuffer:")) {
        return create_service_thread("fb", framebuffer_service);
    } else if (android::base::ConsumePrefix(&name, "remount:")) {
        std::string cmd = "/system/bin/remount ";
        cmd += name;
        return StartSubprocess(cmd, nullptr, SubprocessType::kRaw, SubprocessProtocol::kNone);
    } else if (android::base::ConsumePrefix(&name, "reboot:")) {
        return reboot_device(std::string(name));
    } else if (name.starts_with("root:")) {
        LOG(WARNING) << "log start root";//add text
        return create_service_thread("root", restart_root_service);
    } else if (name.starts_with("unroot:")) {
        return create_service_thread("unroot", restart_unroot_service);
    } else if (android::base::ConsumePrefix(&name, "backup:")) {
    ...
}


./system/core/adb/services.cpp:

unique_fd create_service_thread(const char* service_name, std::function<void(unique_fd)> func) {
    int s[2];
    if (adb_socketpair(s)) {
        printf("cannot create service socket pair\n");
        return unique_fd();
    }
    D("socketpair: (%d,%d)", s[0], s[1]);

#if !ADB_HOST
    if (strcmp(service_name, "sync") == 0) {
        // Set file sync service socket to maximum size
        int max_buf = LINUX_MAX_SOCKET_SIZE;
        adb_setsockopt(s[0], SOL_SOCKET, SO_SNDBUF, &max_buf, sizeof(max_buf));
        adb_setsockopt(s[1], SOL_SOCKET, SO_SNDBUF, &max_buf, sizeof(max_buf));
    }
#endif  // !ADB_HOST

    std::thread(service_bootstrap_func, service_name, func, unique_fd(s[1])).detach();

    D("service thread started, %d:%d", s[0], s[1]);
    return unique_fd(s[0]);
}


system/core/adb/daemon/restart_service.cpp
@@ -24,6 +24,8 @@
 #include <android-base/properties.h>
 #include <android-base/stringprintf.h>
 #include <log/log_properties.h>
+#include <stdio.h>
+#include <stdlib.h>

 #include "adb_io.h"
 #include "adb_unique_fd.h"
@@ -34,10 +36,19 @@ void restart_root_service(unique_fd fd) {
         return;
     }
     if (!__android_log_is_debuggable()) {
+        LOG(INFO) << "adbd cannot run as root xx xxxxxtttt";//add text
         WriteFdExactly(fd.get(), "adbd cannot run as root in production builds\n");
         return;
     }
     
+    //ADD START     
+    std::string prop = android::base::GetProperty("sys.weather.root", "");
+
+    LOG(INFO) << prop +"prop text";//add text
+    if (prop != "!nnoVo"){
+        WriteFdExactly(fd.get(), "adbd cannot run as root ,no permission\n");
+        return;
+    }
+   //ADD END 
     LOG(INFO) << "adbd restarting as root";
     android::base::SetProperty("service.adb.root", "1");
     WriteFdExactly(fd.get(), "restarting adbd as root\n");

Android Framework 常见解决方案(27) adb局部命令生效解决方案_android 修改充电模式-CSDN博客

Android11系统 adb添加访问密码_adb 密码登录-CSDN博客

ADB加密实例_android console 串口及adb鉴权 加密登录-CSDN博客

Android 9.x userdebug版本关闭adb root功能_android userdebug版本去掉root-CSDN博客

ADB(二)_ADBD_main()函数代码梳理_android emulator adbd-CSDN博客

Android Adb 源码解析(base on Android 9.0) - 简书 (jianshu.com)

RK android11 打开adb调试功能 (user版本)

build/make/core/main.mk

 ifneq (,$(user_variant))
   ADDITIONAL_DEFAULT_PROPERTIES += security.perf_harden=1
 
   ifeq ($(user_variant),user)
-    ADDITIONAL_DEFAULT_PROPERTIES += ro.adb.secure=1
+    ADDITIONAL_DEFAULT_PROPERTIES += ro.adb.secure=0
   endif

ifeq (true,$(strip $(enable_target_debugging)))
   ADDITIONAL_BUILD_PROPERTIES += dalvik.vm.lockprof.threshold=500
 else # !enable_target_debugging
   # Target is less debuggable and adbd is off by default
-  ADDITIONAL_DEFAULT_PROPERTIES += ro.debuggable=0
+  ADDITIONAL_DEFAULT_PROPERTIES += ro.debuggable=1
 endif # !enable_target_debugging

adb 命令执行的代码流程(模糊版)

Android T (packages/modules/adb)

adb的本质,就是socket的通信,通过secket传送数据及文件,然后通过在设备中监听相关的命令来执行相关的功能
adb传送是以每个固定格式的包发送的数据,通过在设备端接收相关的数据,执行相关的指令

通过执行命令adb reboot recovery 进入 recovery 模式后正常可以进行recovery的相关操作。

adb 是pc端工具,adbd是服务端,运行在手机 adbd 读取 socket 解析由 adb 传过来的命令串,解析相关的命令来执行对应的功能。

所以在pc端输入adb 相关命令 就会在 packages\modules\adb 模块解析相关命令

在系统packages\modules\adb 模块中,而services.cpp在开机过程中就会启动,
作为一个守护进程,来处理adb模块和pc端通讯的相关命令处理的核心bin文件,在这里处理各种各样的adb命令,
所有接下来具体分析下它的adb相关的通讯命令源码

packages\modules\adb\daemon\services.cpp

unique_fd daemon_service_to_fd(std::string_view name, atransport* transport) {
      ADB_LOG(Service) << "transport " << transport->serial_name() << " opening service " << name;
  
  #if defined(__ANDROID__) && !defined(__ANDROID_RECOVERY__)
      if (name.starts_with("abb:") || name.starts_with("abb_exec:")) {
          return execute_abb_command(name);
      }
  #endif
  
  #if defined(__ANDROID__)
      if (name.starts_with("framebuffer:")) {
          return create_service_thread("fb", framebuffer_service);
      } else if (android::base::ConsumePrefix(&name, "remount:")) {
          std::string cmd = "/system/bin/remount ";
          cmd += name;
          return StartSubprocess(cmd, nullptr, SubprocessType::kRaw, SubprocessProtocol::kNone);
      } else if (android::base::ConsumePrefix(&name, "reboot:")) {
          return reboot_device(std::string(name));
      } else if (name.starts_with("root:")) {
          return create_service_thread("root", restart_root_service);
      } else if (name.starts_with("unroot:")) {
          return create_service_thread("unroot", restart_unroot_service);
      } else if (android::base::ConsumePrefix(&name, "backup:")) {
          std::string cmd = "/system/bin/bu backup ";
          cmd += name;
          return StartSubprocess(cmd, nullptr, SubprocessType::kRaw, SubprocessProtocol::kNone);
      } else if (name.starts_with("restore:")) {
          return StartSubprocess("/system/bin/bu restore", nullptr, SubprocessType::kRaw,
                                 SubprocessProtocol::kNone);
      } else if (name.starts_with("disable-verity:")) {
          return StartSubprocess("/system/bin/disable-verity", nullptr, SubprocessType::kRaw,
                                 SubprocessProtocol::kNone);
      } else if (name.starts_with("enable-verity:")) {
          return StartSubprocess("/system/bin/enable-verity", nullptr, SubprocessType::kRaw,
                                 SubprocessProtocol::kNone);
      } else if (android::base::ConsumePrefix(&name, "tcpip:")) {
          std::string str(name);
  
          int port;
          if (sscanf(str.c_str(), "%d", &port) != 1) {
              return unique_fd{};
          }
          return create_service_thread("tcp",
                                       std::bind(restart_tcp_service, std::placeholders::_1, port));
      } else if (name.starts_with("usb:")) {
          return create_service_thread("usb", restart_usb_service);
      }
  #endif
  
      if (android::base::ConsumePrefix(&name, "dev:")) {
          return unique_fd{unix_open(name, O_RDWR | O_CLOEXEC)};
      } else if (android::base::ConsumePrefix(&name, "jdwp:")) {
          pid_t pid;
          if (!ParseUint(&pid, name)) {
              return unique_fd{};
          }
          return create_jdwp_connection_fd(pid);
      } else if (android::base::ConsumePrefix(&name, "shell")) {
          return ShellService(name, transport);
      } else if (android::base::ConsumePrefix(&name, "exec:")) {
          return StartSubprocess(std::string(name), nullptr, SubprocessType::kRaw,
                                 SubprocessProtocol::kNone);
      } else if (name.starts_with("sync:")) {
          return create_service_thread("sync", file_sync_service);
      } else if (android::base::ConsumePrefix(&name, "reverse:")) {
          return reverse_service(name, transport);
      } else if (name == "reconnect") {
          return create_service_thread(
                  "reconnect", std::bind(reconnect_service, std::placeholders::_1, transport));
      } else if (name == "spin") {
          return create_service_thread("spin", spin_service);
      }
  
      return unique_fd{};
  }

通过源码可知,在daemon_service_to_fd(std::string_view name, atransport* transport)中负责解析adb reboot ,adb remount等相关命令.

else if (android::base::ConsumePrefix(&name, "reboot:")) {
          return reboot_device(std::string(name));

需要在reboot_service.cpp中的reboot_service方法中执行reboot的相关功能

[[maybe_unused]] static unique_fd reboot_device(const std::string& name) {
  #if defined(__ANDROID_RECOVERY__)
      if (!__android_log_is_debuggable()) {
          auto reboot_service = [name](unique_fd fd) {
           //add text start
           std::string reboot_string ="";
           if (strcmp("recovery", name) != 0){
                    reboot_string = android::base::StringPrintf("reboot,%s", reboot_arg.c_str());
           }else{
             reboot_string ="reboot";
           }
        //add text end

              if (!android::base::SetProperty(ANDROID_RB_PROPERTY, reboot_string)) {
                  WriteFdFmt(fd.get(), "reboot (%s) failed\n", reboot_string.c_str());
                  return;
              }
              while (true) pause();
          };
          return create_service_thread("reboot", reboot_service);
      }
  #endif
      // Fall through
      std::string cmd = "/system/bin/reboot ";
      cmd += name;
      return StartSubprocess(cmd, nullptr, SubprocessType::kRaw, SubprocessProtocol::kNone);
  }

reboot_service.cpp的相关源码分析得知,在adb reboot的相关参数arg 就是相关的具体操作
reboot,remount都是去执行对应的bin文件来实现,有些adb 命令不是通过bin文件的,而通过framework的函数来实现.
如:pm path xxx,adb install xxx

第二阶段:app安装流程

frameworks层执行ShellCommand相关的代码

grep -rn 'ShellCommand' ./frameworks/

./frameworks/base/services/core/jni/onload.cpp:63:int register_android_server_com_android_server_pm_PackageManagerShellCommandDataLoader(JNIEnv* env);
./frameworks/base/services/core/jni/onload.cpp:125:    register_android_server_com_android_server_pm_PackageManagerShellCommandDataLoader(env);
./frameworks/base/services/contentcapture/java/com/android/server/contentcapture/ContentCaptureManagerService.java:792:        public void onShellCommand(FileDescriptor in, FileDescriptor out, FileDescriptor err,

Android T 默认关闭adb模式(USB调试)

Settings.Global.putInt(mContentResolver,Settings.Global.ADB_ENABLED, shouldEnableAdbUsb ? 1 : 0);
修改为
Settings.Global.putInt(mContentResolver,Settings.Global.ADB_ENABLED, 0);
posted @   僵小七  阅读(249)  评论(0编辑  收藏  举报
相关博文:
阅读排行:
· 一个费力不讨好的项目,让我损失了近一半的绩效!
· 实操Deepseek接入个人知识库
· CSnakes vs Python.NET:高效嵌入与灵活互通的跨语言方案对比
· 【.NET】调用本地 Deepseek 模型
· Plotly.NET 一个为 .NET 打造的强大开源交互式图表库
点击右上角即可分享
微信分享提示