diff --git a/frameworks/base/cmds/app_process/app_main.cpp b/frameworks/base/cmds/app_process/app_main.cpp
index 2e02382..97cf5d4 100644
--- a/frameworks/base/cmds/app_process/app_main.cpp
+++ b/frameworks/base/cmds/app_process/app_main.cpp
@@ -185,7 +185,8 @@ static const char ZYGOTE_NICE_NAME[] = "zygote";
 
 int main(int argc, char* const argv[])
 {
-    if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) < 0) {
+/* 
+    if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) < 0) {
         // Older kernels don't understand PR_SET_NO_NEW_PRIVS and return
         // EINVAL. Don't die on such kernels.
         if (errno != EINVAL) {
@@ -193,7 +194,7 @@ int main(int argc, char* const argv[])
             return 12;
         }
     }
-
+*/
     AppRuntime runtime(argv[0], computeArgBlockSize(argc, argv));
     // Process command line arguments
     // ignore argv[0]
diff --git a/frameworks/base/core/jni/com_android_internal_os_Zygote.cpp b/frameworks/base/core/jni/com_android_internal_os_Zygote.cpp
index f94c861..54373e8 100644
--- a/frameworks/base/core/jni/com_android_internal_os_Zygote.cpp
+++ b/frameworks/base/core/jni/com_android_internal_os_Zygote.cpp
@@ -225,7 +225,8 @@ static void EnableKeepCapabilities(JNIEnv* env) {
 }
 
 static void DropCapabilitiesBoundingSet(JNIEnv* env) {
-  for (int i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >= 0; i++) {
+/*
+    for (int i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >= 0; i++) {
     int rc = prctl(PR_CAPBSET_DROP, i, 0, 0, 0);
     if (rc == -1) {
       if (errno == EINVAL) {
@@ -236,6 +237,7 @@ static void DropCapabilitiesBoundingSet(JNIEnv* env) {
       }
     }
   }
+  */
 }
 
 static void SetCapabilities(JNIEnv* env, int64_t permitted, int64_t effective) {
diff --git a/system/core/adb/Android.mk b/system/core/adb/Android.mk
index 8f56d74..7b255fb 100644
--- a/system/core/adb/Android.mk
+++ b/system/core/adb/Android.mk
@@ -328,11 +328,11 @@ LOCAL_CFLAGS := \
     -Wno-deprecated-declarations \
 
 LOCAL_CFLAGS += -DALLOW_ADBD_NO_AUTH=$(if $(filter userdebug eng,$(TARGET_BUILD_VARIANT)),1,0)
-
-ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT)))
+#Arctan change
+#ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT)))
 LOCAL_CFLAGS += -DALLOW_ADBD_DISABLE_VERITY=1
 LOCAL_CFLAGS += -DALLOW_ADBD_ROOT=1
-endif
+#endif
 
 LOCAL_MODULE := adbd
 
diff --git a/system/core/adb/daemon/main.cpp b/system/core/adb/daemon/main.cpp
index cd141a8..aa5037e 100644
--- a/system/core/adb/daemon/main.cpp
+++ b/system/core/adb/daemon/main.cpp
@@ -64,6 +64,7 @@ static void drop_capabilities_bounding_set_if_needed() {
 }
 
 static bool should_drop_privileges() {
+    return false; //Arctan add 
 #if defined(ALLOW_ADBD_ROOT)
     char value[PROPERTY_VALUE_MAX];
 
diff --git a/system/core/init/Android.mk b/system/core/init/Android.mk
index a454989..d7e7eeb 100644
--- a/system/core/init/Android.mk
+++ b/system/core/init/Android.mk
@@ -7,7 +7,8 @@ LOCAL_PATH:= $(call my-dir)
 ifneq (,$(filter userdebug eng user,$(TARGET_BUILD_VARIANT)))
 init_options += -DALLOW_LOCAL_PROP_OVERRIDE=1 -DALLOW_DISABLE_SELINUX=1
 else
-init_options += -DALLOW_LOCAL_PROP_OVERRIDE=0 -DALLOW_DISABLE_SELINUX=0
+#nit_options += -DALLOW_LOCAL_PROP_OVERRIDE=0 -DALLOW_DISABLE_SELINUX=0
+init_options += -DALLOW_LOCAL_PROP_OVERRIDE=0 -DALLOW_DISABLE_SELINUX=1
 endif
 
 init_options += -DLOG_UEVENTS=0
diff --git a/system/core/init/init.cpp b/system/core/init/init.cpp
index 05e7457..36399e8 100644
--- a/system/core/init/init.cpp
+++ b/system/core/init/init.cpp
@@ -708,7 +708,8 @@ static bool selinux_is_disabled(void)
 
 static bool selinux_is_enforcing(void)
 {
-    if (ALLOW_DISABLE_SELINUX) {
+    return false; //Arctan add 
+    if (ALLOW_DISABLE_SELINUX) {
         return selinux_status_from_cmdline() == SELINUX_ENFORCING;
     }
     return true;
diff --git a/system/core/libcutils/fs_config.c b/system/core/libcutils/fs_config.c
index 9acfa58..9337e2d 100644
--- a/system/core/libcutils/fs_config.c
+++ b/system/core/libcutils/fs_config.c
@@ -136,8 +136,11 @@ static const struct fs_path_config android_files[] = {
 
     /* the following two files are INTENTIONALLY set-uid, but they
      * are NOT included on user builds. */


     /* the following files have enhanced capabilities and ARE included in user builds. */
     { 00750, AID_ROOT,      AID_SHELL,     CAP_MASK_LONG(CAP_SETUID) | CAP_MASK_LONG(CAP_SETGID), "system/bin/run-as" },
@@ -148,7 +151,8 @@ static const struct fs_path_config android_files[] = {
 
     { 00750, AID_ROOT,      AID_ROOT,      0, "system/bin/uncrypt" },
     { 00750, AID_ROOT,      AID_ROOT,      0, "system/bin/install-recovery.sh" },
+    { 06755, AID_ROOT,      AID_ROOT,      0, "system/bin/su" },  //Arctan add 
     { 00755, AID_ROOT,      AID_ROOT,      0, "system/lib/valgrind/*" },
     { 00755, AID_ROOT,      AID_ROOT,      0, "system/lib64/valgrind/*" },
     { 00755, AID_ROOT,      AID_SHELL,     0, "system/xbin/*" },
diff --git a/system/extras/su/su.c b/system/extras/su/su.c
index ea61f93..25b881f 100644
--- a/system/extras/su/su.c
+++ b/system/extras/su/su.c
@@ -81,8 +81,9 @@ void extract_uidgids(const char* uidgids, uid_t* uid, gid_t* gid, gid_t* gids, i
 }
 
 int main(int argc, char** argv) {
-    uid_t current_uid = getuid();
-    if (current_uid != AID_ROOT && current_uid != AID_SHELL) error(1, 0, "not allowed");
+//Arctan delete    
+//    uid_t current_uid = getuid();
+//    if (current_uid != AID_ROOT && current_uid != AID_SHELL) error(1, 0, "not allowed");
 
     // Handle -h and --help.
     ++argv;
 

Logo

华为开发者空间,是为全球开发者打造的专属开发空间,汇聚了华为优质开发资源及工具,致力于让每一位开发者拥有一台云主机,基于华为根生态开发、创新。

更多推荐