参考github:https://github.com/bonnyfone/adb-arm
本来的目的是在arm平台编译以后能够使用adb shell获取shell权限,然后就可以避开其他权限无法执行su的问题。
最开始,先修改了android源码中的su.c,将root和shell权限验证部分注释掉,编译出来还是不行,在setgid和setuid的时候会产生错误,这个错误折腾了我两天也没搞定,只能另找办法了。
突然想到adb是有shell权限的,可以自己编译adb为动态库,通过jni方式给android应用调用,这样在已经root的手机上就能有root权限了(没有root的平台就需要再研究一下如何root),目前这个方法还未验证。
提供adb编译的方法(这个方法只是编译可执行文件adb,可以在这个基础上修改为动态库方式,这个方式比较简单,就不在这里说明了):
编译版本是:android-4.4.4_r2.0.1
源码的下载需要梯子……
脚本文件:
# CONFIG
# -------------------------
# Branch to checkout from Android source code repo
branch=android-4.4.4_r2.0.1
# Makefile to use (will be automatically copied into system/core/adb)
makefile=makefile.sample
# DOWNLOAD necessary files
# -------------------------
echo "\n>> >>> ADB for ARM <<< \n"
echo "\n>> Downloading necessay files ($branch branch)\n"
mkdir android-adb
cd android-adb
mkdir system
cd system
git clone -b $branch https://android.googlesource.com/platform/system/core
git clone -b $branch https://android.googlesource.com/platform/system/extras
cd ..
mkdir external
cd external
git clone -b $branch https://android.googlesource.com/platform/external/zlib
git clone -b $branch https://android.googlesource.com/platform/external/openssl
git clone -b $branch https://android.googlesource.com/platform/external/libselinux
cd ..
# MAKE
# -------------------------
echo "\n>> Copying makefile into system/core/adb...\n"
cp ../$makefile system/core/adb/makefile -f
cd system/core/adb/
echo "\n>> Make... \n"
make clean
make
echo "\n>> Copying adb back into current dir...\n"
cp adb ../../../../
echo "\n>> FINISH!\n"
makefile.example文件:
# ADB makefile
# ------------
#TODO change TOOLCHAIN variable to your toolchain path
#TOOLCHAIN= /opt/poky/1.5/sysroots/x86_64-pokysdk-linux/usr/bin/arm-poky-linux-gnueabi/arm-poky-linux-gnueabi-
TOOLCHAIN = /home/linux/bin/android-toolchain/bin/arm-linux-androideabi-
CC = $(TOOLCHAIN)gcc
LD = $(TOOLCHAIN)gcc
CXX = $(CC)
SRCS += adb.c
SRCS += fdevent.c
SRCS += adb_client.c
SRCS += commandline.c
SRCS += console.c
SRCS += file_sync_client.c
SRCS += get_my_path_linux.c
SRCS += services.c
SRCS += sockets.c
SRCS += transport.c
SRCS += transport_local.c
SRCS += transport_usb.c
SRCS += usb_linux.c
SRCS += usb_vendors.c
SRCS += adb_auth_host.c
VPATH += ../libcutils
SRCS += list.c
SRCS += socket_inaddr_any_server.c
SRCS += socket_local_client.c
SRCS += socket_local_server.c
SRCS += socket_loopback_client.c
SRCS += socket_loopback_server.c
SRCS += socket_network_client.c
SRCS += load_file.c
VPATH += ../libzipfile
SRCS += centraldir.c
SRCS += zipfile.c
VPATH += ../../../external/zlib/src
SRCS += adler32.c
SRCS += compress.c
SRCS += crc32.c
SRCS += deflate.c
SRCS += infback.c
SRCS += inffast.c
SRCS += inflate.c
SRCS += inftrees.c
SRCS += trees.c
SRCS += uncompr.c
SRCS += zutil.c
CPPFLAGS += -DADB_HOST=1
CPPFLAGS += -DHAVE_FORKEXEC=1
CPPFLAGS += -DHAVE_SYMLINKS
CPPFLAGS += -DHAVE_TERMIO_H
CPPFLAGS += -DHAVE_SYS_SOCKET_H
CPPFLAGS += -D_GNU_SOURCE
CPPFLAGS += -D_XOPEN_SOURCE
CPPFLAGS += -std=c++11
CPPFLAGS += -I.
CPPFLAGS += -I../include
CPPFLAGS += -I../../../external/zlib
CPPFLAGS += -I../../../external/openssl/include
CPPFLAGS += -I../base/include
CFLAGS += -O2 -g -Wall -Wno-unused-parameter
LIBS = -lcrypto -pthread -fPIE -pie
#LIBS += -lrt
OBJS = $(SRCS:.c=.o)
all: adb
adb: $(OBJS)
$(LD) -o $@ $(LDFLAGS) $(OBJS) $(LIBS)
clean:
rm -rf $(OBJS)
TOOLCHAIN是本地的ndk工具链,是从r9中抽取出来的。
可以手动下载脚本中的源代码,然后直接把makefile放在~/system/core/adb/下面,执行make就能产生adb文件,验证没有问题。动态库还没来得及编译。