找了文章一開始以為只要修改init.rc server adbd 的權限就好
service adbd /sbin/adbd
實際上跑得時候發現 adbd 碰沒有跑起來user adb
group shell log adb
改用別的身份login console跑 adbd 出現
cannot bind 'tcp:5037'
這時才知道原來adbd本身需要跑再root的權限上。
trace adbd 的 source code 看看
再system/core/adb/adb.c
int adb_main(int is_daemon)
{
....
/* run adbd in secure mode if ro.secure is set and
** we are not in the emulator
*/
property_get("ro.kernel.qemu", value, "");
if (strcmp(value, "1") != 0) {
property_get("ro.secure", value, "");
if (strcmp(value, "1") == 0) {
// don't run as root if ro.secure is set...
secure = 1;
// ... except we allow running as root in userdebug builds if the
// service.adb.root property has been set by the "adb root" command
property_get("ro.debuggable", value, "");
if (strcmp(value, "1") == 0) {
property_get("service.adb.root", value, "");
if (strcmp(value, "1") == 0) {
secure = 0;
}
}
}
}
/* don't listen on port 5037 if we are running in secure mode */
/* don't run as root if we are running in secure mode */
if (secure) {
struct __user_cap_header_struct header;
struct __user_cap_data_struct cap;
if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) != 0) {
exit(1);
}
...
}
由 get property service.adb.root 可得知 login root 時會將secure設成0
轉而往上 trace
發現 source = 1 的情況如下:
ro.kernel.qemu = 0
ro.secure = 1
service.adb.root = 0
這時可以設定的方式有三種:
- 修改code(廢話...),要麼就是讓source 永遠等於0,不然就是再特定地方加上property_set的function。不過這會改到android的code所以不鼓勵。
- 根據網路上其他文章可以發現system起來的時候,會去Load幾個property的檔案。
- 修改init.rc 加入
/default.prop
/system/build.prop
/system/default.prop
/data/local.prop
setprop ro.kernel.qemu 0
setprop ro.secure 1
setprop service.adb.root 0
沒有留言:
張貼留言