Android 11 禁用 adb root (userdebug版本)
Android 11 禁用 adb root (userdebug版本)
adb shell logcat -s adbd
/system/core/adb/daemon/services.cpp
unique_fd daemon_service_to_fd(std::string_view name, atransport* transport) {
...
#if defined(__ANDROID__)
if (name.starts_with("framebuffer:")) {
return create_service_thread("fb", framebuffer_service);
} else if (android::base::ConsumePrefix(&name, "remount:")) {
std::string cmd = "/system/bin/remount ";
cmd += name;
return StartSubprocess(cmd, nullptr, SubprocessType::kRaw, SubprocessProtocol::kNone);
} else if (android::base::ConsumePrefix(&name, "reboot:")) {
return reboot_device(std::string(name));
} else if (name.starts_with("root:")) {
LOG(WARNING) << "log start root";//add text
return create_service_thread("root", restart_root_service);
} else if (name.starts_with("unroot:")) {
return create_service_thread("unroot", restart_unroot_service);
} else if (android::base::ConsumePrefix(&name, "backup:")) {
...
}
./system/core/adb/services.cpp:
unique_fd create_service_thread(const char* service_name, std::function<void(unique_fd)> func) {
int s[2];
if (adb_socketpair(s)) {
printf("cannot create service socket pair\n");
return unique_fd();
}
D("socketpair: (%d,%d)", s[0], s[1]);
#if !ADB_HOST
if (strcmp(service_name, "sync") == 0) {
// Set file sync service socket to maximum size
int max_buf = LINUX_MAX_SOCKET_SIZE;
adb_setsockopt(s[0], SOL_SOCKET, SO_SNDBUF, &max_buf, sizeof(max_buf));
adb_setsockopt(s[1], SOL_SOCKET, SO_SNDBUF, &max_buf, sizeof(max_buf));
}
#endif // !ADB_HOST
std::thread(service_bootstrap_func, service_name, func, unique_fd(s[1])).detach();
D("service thread started, %d:%d", s[0], s[1]);
return unique_fd(s[0]);
}
system/core/adb/daemon/restart_service.cpp
@@ -24,6 +24,8 @@
#include <android-base/properties.h>
#include <android-base/stringprintf.h>
#include <log/log_properties.h>
+#include <stdio.h>
+#include <stdlib.h>
#include "adb_io.h"
#include "adb_unique_fd.h"
@@ -34,10 +36,19 @@ void restart_root_service(unique_fd fd) {
return;
}
if (!__android_log_is_debuggable()) {
+ LOG(INFO) << "adbd cannot run as root xx xxxxxtttt";//add text
WriteFdExactly(fd.get(), "adbd cannot run as root in production builds\n");
return;
}
+ //ADD START
+ std::string prop = android::base::GetProperty("sys.weather.root", "");
+
+ LOG(INFO) << prop +"prop text";//add text
+ if (prop != "!nnoVo"){
+ WriteFdExactly(fd.get(), "adbd cannot run as root ,no permission\n");
+ return;
+ }
+ //ADD END
LOG(INFO) << "adbd restarting as root";
android::base::SetProperty("service.adb.root", "1");
WriteFdExactly(fd.get(), "restarting adbd as root\n");
Android Framework 常见解决方案(27) adb局部命令生效解决方案_android 修改充电模式-CSDN博客
Android11系统 adb添加访问密码_adb 密码登录-CSDN博客
ADB加密实例_android console 串口及adb鉴权 加密登录-CSDN博客
Android 9.x userdebug版本关闭adb root功能_android userdebug版本去掉root-CSDN博客
ADB(二)_ADBD_main()函数代码梳理_android emulator adbd-CSDN博客
Android Adb 源码解析(base on Android 9.0) - 简书 (jianshu.com)
RK android11 打开adb调试功能 (user版本)
build/make/core/main.mk
ifneq (,$(user_variant))
ADDITIONAL_DEFAULT_PROPERTIES += security.perf_harden=1
ifeq ($(user_variant),user)
- ADDITIONAL_DEFAULT_PROPERTIES += ro.adb.secure=1
+ ADDITIONAL_DEFAULT_PROPERTIES += ro.adb.secure=0
endif
ifeq (true,$(strip $(enable_target_debugging)))
ADDITIONAL_BUILD_PROPERTIES += dalvik.vm.lockprof.threshold=500
else # !enable_target_debugging
# Target is less debuggable and adbd is off by default
- ADDITIONAL_DEFAULT_PROPERTIES += ro.debuggable=0
+ ADDITIONAL_DEFAULT_PROPERTIES += ro.debuggable=1
endif # !enable_target_debugging
adb 命令执行的代码流程(模糊版)
Android T (packages/modules/adb)
adb的本质,就是socket的通信,通过secket传送数据及文件,然后通过在设备中监听相关的命令来执行相关的功能
adb传送是以每个固定格式的包发送的数据,通过在设备端接收相关的数据,执行相关的指令
通过执行命令adb reboot recovery 进入 recovery 模式后正常可以进行recovery的相关操作。
adb 是pc端工具,adbd是服务端,运行在手机 adbd 读取 socket 解析由 adb 传过来的命令串,解析相关的命令来执行对应的功能。
所以在pc端输入adb 相关命令 就会在 packages\modules\adb
模块解析相关命令
在系统packages\modules\adb
模块中,而services.cpp在开机过程中就会启动,
作为一个守护进程,来处理adb模块和pc端通讯的相关命令处理的核心bin文件,在这里处理各种各样的adb命令,
所有接下来具体分析下它的adb相关的通讯命令源码
packages\modules\adb\daemon\services.cpp
unique_fd daemon_service_to_fd(std::string_view name, atransport* transport) {
ADB_LOG(Service) << "transport " << transport->serial_name() << " opening service " << name;
#if defined(__ANDROID__) && !defined(__ANDROID_RECOVERY__)
if (name.starts_with("abb:") || name.starts_with("abb_exec:")) {
return execute_abb_command(name);
}
#endif
#if defined(__ANDROID__)
if (name.starts_with("framebuffer:")) {
return create_service_thread("fb", framebuffer_service);
} else if (android::base::ConsumePrefix(&name, "remount:")) {
std::string cmd = "/system/bin/remount ";
cmd += name;
return StartSubprocess(cmd, nullptr, SubprocessType::kRaw, SubprocessProtocol::kNone);
} else if (android::base::ConsumePrefix(&name, "reboot:")) {
return reboot_device(std::string(name));
} else if (name.starts_with("root:")) {
return create_service_thread("root", restart_root_service);
} else if (name.starts_with("unroot:")) {
return create_service_thread("unroot", restart_unroot_service);
} else if (android::base::ConsumePrefix(&name, "backup:")) {
std::string cmd = "/system/bin/bu backup ";
cmd += name;
return StartSubprocess(cmd, nullptr, SubprocessType::kRaw, SubprocessProtocol::kNone);
} else if (name.starts_with("restore:")) {
return StartSubprocess("/system/bin/bu restore", nullptr, SubprocessType::kRaw,
SubprocessProtocol::kNone);
} else if (name.starts_with("disable-verity:")) {
return StartSubprocess("/system/bin/disable-verity", nullptr, SubprocessType::kRaw,
SubprocessProtocol::kNone);
} else if (name.starts_with("enable-verity:")) {
return StartSubprocess("/system/bin/enable-verity", nullptr, SubprocessType::kRaw,
SubprocessProtocol::kNone);
} else if (android::base::ConsumePrefix(&name, "tcpip:")) {
std::string str(name);
int port;
if (sscanf(str.c_str(), "%d", &port) != 1) {
return unique_fd{};
}
return create_service_thread("tcp",
std::bind(restart_tcp_service, std::placeholders::_1, port));
} else if (name.starts_with("usb:")) {
return create_service_thread("usb", restart_usb_service);
}
#endif
if (android::base::ConsumePrefix(&name, "dev:")) {
return unique_fd{unix_open(name, O_RDWR | O_CLOEXEC)};
} else if (android::base::ConsumePrefix(&name, "jdwp:")) {
pid_t pid;
if (!ParseUint(&pid, name)) {
return unique_fd{};
}
return create_jdwp_connection_fd(pid);
} else if (android::base::ConsumePrefix(&name, "shell")) {
return ShellService(name, transport);
} else if (android::base::ConsumePrefix(&name, "exec:")) {
return StartSubprocess(std::string(name), nullptr, SubprocessType::kRaw,
SubprocessProtocol::kNone);
} else if (name.starts_with("sync:")) {
return create_service_thread("sync", file_sync_service);
} else if (android::base::ConsumePrefix(&name, "reverse:")) {
return reverse_service(name, transport);
} else if (name == "reconnect") {
return create_service_thread(
"reconnect", std::bind(reconnect_service, std::placeholders::_1, transport));
} else if (name == "spin") {
return create_service_thread("spin", spin_service);
}
return unique_fd{};
}
通过源码可知,在daemon_service_to_fd(std::string_view name, atransport* transport)
中负责解析adb reboot ,adb remount等相关命令.
else if (android::base::ConsumePrefix(&name, "reboot:")) {
return reboot_device(std::string(name));
需要在reboot_service.cpp
中的reboot_service
方法中执行reboot的相关功能
[[maybe_unused]] static unique_fd reboot_device(const std::string& name) {
#if defined(__ANDROID_RECOVERY__)
if (!__android_log_is_debuggable()) {
auto reboot_service = [name](unique_fd fd) {
//add text start
std::string reboot_string ="";
if (strcmp("recovery", name) != 0){
reboot_string = android::base::StringPrintf("reboot,%s", reboot_arg.c_str());
}else{
reboot_string ="reboot";
}
//add text end
if (!android::base::SetProperty(ANDROID_RB_PROPERTY, reboot_string)) {
WriteFdFmt(fd.get(), "reboot (%s) failed\n", reboot_string.c_str());
return;
}
while (true) pause();
};
return create_service_thread("reboot", reboot_service);
}
#endif
// Fall through
std::string cmd = "/system/bin/reboot ";
cmd += name;
return StartSubprocess(cmd, nullptr, SubprocessType::kRaw, SubprocessProtocol::kNone);
}
在reboot_service.cpp
的相关源码分析得知,在adb reboot的相关参数arg 就是相关的具体操作
reboot,remount都是去执行对应的bin文件来实现,有些adb 命令不是通过bin文件的,而通过framework的函数来实现.
如:pm path xxx,adb install xxx
frameworks层执行ShellCommand相关的代码
grep -rn 'ShellCommand' ./frameworks/
./frameworks/base/services/core/jni/onload.cpp:63:int register_android_server_com_android_server_pm_PackageManagerShellCommandDataLoader(JNIEnv* env);
./frameworks/base/services/core/jni/onload.cpp:125: register_android_server_com_android_server_pm_PackageManagerShellCommandDataLoader(env);
./frameworks/base/services/contentcapture/java/com/android/server/contentcapture/ContentCaptureManagerService.java:792: public void onShellCommand(FileDescriptor in, FileDescriptor out, FileDescriptor err,
Android T 默认关闭adb模式(USB调试)
Settings.Global.putInt(mContentResolver,Settings.Global.ADB_ENABLED, shouldEnableAdbUsb ? 1 : 0);
修改为
Settings.Global.putInt(mContentResolver,Settings.Global.ADB_ENABLED, 0);
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】凌霞软件回馈社区,博客园 & 1Panel & Halo 联合会员上线
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】博客园社区专享云产品让利特惠,阿里云新客6.5折上折
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 一个费力不讨好的项目,让我损失了近一半的绩效!
· 实操Deepseek接入个人知识库
· CSnakes vs Python.NET:高效嵌入与灵活互通的跨语言方案对比
· 【.NET】调用本地 Deepseek 模型
· Plotly.NET 一个为 .NET 打造的强大开源交互式图表库