[高通SM6225][Android13][Kernel5.15]user版本默认获取root权限

需求描述：

user版本默认是不会开启root权限的，但是一般性能版本需要设置CPU GPU DDR performance或者监听节点信息等debug手段去验证当前问题是否与CPU GPU DDR有关系。

基线代码判断逻辑：

1.adb代码会检测相关属性

ro.secure
ro.debuggable (通过调用__android_log_is_debuggable()获取返回值)

2.代码path

2.1 adbd启动时检查属性，决定是否进行权限降级到AID_SHELL
path：system/adb/core/daemon/main.cpp line:121
if (should_drop_privileges()){
… …

2.2 system/adb/core/下搜索__android_log_is_debuggable()

3.修改思路

3.1 should_drop_privileges() 修改强制返回false，保持adb root用户级别
3.2 __android_log_is_debuggable() 返回true

packages/modules/adb/daemon/main.cpp
static bool should_drop_privileges() {// The properties that affect `adb root` and `adb unroot` are ro.secure and// ro.debuggable. In this context the names don't make the expected behavior// particularly obvious.//// ro.debuggable://   Allowed to become root, but not necessarily the default. Set to 1 on//   eng and userdebug builds.//// ro.secure://   Drop privileges by default. Set to 1 on userdebug and user builds.bool ro_secure = android::base::GetBoolProperty("ro.secure", true);bool ro_debuggable = __android_log_is_debuggable();// Drop privileges if ro.secure is set...bool drop = ro_secure;std::string build_prop = android::base::GetProperty("ro.build.type", "");bool adb_build_root = (build_prop == "userdebug");if (adb_build_root) {return false;}// ... except "adb root" lets you keep privileges in a debuggable build.std::string prop = android::base::GetProperty("service.adb.root", "");bool adb_root = (prop == "1");bool adb_unroot = (prop == "0");if (ro_debuggable && adb_root) {drop = false;}// ... and "adb unroot" lets you explicitly drop privileges.if (adb_unroot) {drop = true;}return drop;
}

具体实现：

1.关闭ro.secure、ro.adb.secure，打开ro.debuggable
文件路径：qssi/build/make/core/main.mk
详细修改：

diff --git a/core/main.mk b/core/main.mk
index 1579294..f223432 100644
--- a/core/main.mk
+++ b/core/main.mk
@@ -365,11 +365,11 @@tags_to_install :=ifneq (,$(user_variant))# Target is secure in user builds.
-  ADDITIONAL_SYSTEM_PROPERTIES += ro.secure=1
+  ADDITIONAL_SYSTEM_PROPERTIES += ro.secure=0ADDITIONAL_SYSTEM_PROPERTIES += security.perf_harden=1ifeq ($(user_variant),user)
-    ADDITIONAL_SYSTEM_PROPERTIES += ro.adb.secure=1
+    ADDITIONAL_SYSTEM_PROPERTIES += ro.adb.secure=0endififeq ($(user_variant),userdebug)
@@ -377,7 +377,7 @@tags_to_install += debugelse# Disable debugging in plain user builds.
-    enable_target_debugging :=
+    enable_target_debugging := trueendif# Disallow mock locations by default for user builds
@@ -399,7 +399,7 @@ADDITIONAL_SYSTEM_PROPERTIES += dalvik.vm.lockprof.threshold=500else # !enable_target_debugging# Target is less debuggable and adbd is off by default
-  ADDITIONAL_SYSTEM_PROPERTIES += ro.debuggable=0
+  ADDITIONAL_SYSTEM_PROPERTIES += ro.debuggable=1endif # !enable_target_debugging## eng ##

2.should_drop_privileges return false,allow adb root
文件路径：qssi/packages/modules/adb/daemon/main.cpp
详细修改：

diff --git a/daemon/main.cpp b/daemon/main.cpp
index 1d4e626..6c9792f 100644
--- a/daemon/main.cpp
+++ b/daemon/main.cpp
@@ -74,6 +74,7 @@//// ro.secure://   Drop privileges by default. Set to 1 on userdebug and user builds.
+    return false;bool ro_secure = android::base::GetBoolProperty("ro.secure", true);bool ro_debuggable = __android_log_is_debuggable();

3.ALLOW_ADBD_DISABLE_VERITY=1
文件路径：qssi/system/core/fs_mgr/Android.bp
详细修改：

diff --git a/fs_mgr/Android.bp b/fs_mgr/Android.bp
index 49761ac..ac1c31d 100644
--- a/fs_mgr/Android.bp
+++ b/fs_mgr/Android.bp
@@ -109,7 +109,8 @@"libfstab",],cppflags: [
-        "-DALLOW_ADBD_DISABLE_VERITY=0",
+        "-UALLOW_ADBD_DISABLE_VERITY",
+        "-DALLOW_ADBD_DISABLE_VERITY=1",],product_variables: {debuggable: {
@@ -237,7 +238,8 @@"fs_mgr_remount.cpp",],cppflags: [
-        "-DALLOW_ADBD_DISABLE_VERITY=0",
+        "-UALLOW_ADBD_DISABLE_VERITY",
+        "-DALLOW_ADBD_DISABLE_VERITY=1",],product_variables: {debuggable: {

4.close selinux enforce=Permissive
文件路径：qssi/system/core/init/selinux.cpp
详细修改：

diff --git a/init/selinux.cpp b/init/selinux.cpp
index 6ae4bc0..4d50cb6 100644
--- a/init/selinux.cpp
+++ b/init/selinux.cpp
@@ -124,6 +124,7 @@bool IsEnforcing() {// close selinux for user version with root
+    return false;#if defined(LCT_BUILD_TYPE_FACTORY)return false;#endif

5.sepolicy
文件路径：qssi/system/sepolicy/Android.mk
详细修改：

diff --git a/Android.mk b/Android.mk
index a2793af..da5cebf 100644
--- a/Android.mk
+++ b/Android.mk
@@ -613,7 +613,7 @@ifneq ($(filter address,$(SANITIZE_TARGET)),)local_fc_files += $(wildcard $(addsuffix /file_contexts_asan, $(PLAT_PRIVATE_POLICY)))endif
-ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT)))
+ifneq (,$(filter user userdebug eng,$(TARGET_BUILD_VARIANT)))local_fc_files += $(wildcard $(addsuffix /file_contexts_overlayfs, $(PLAT_PRIVATE_POLICY)))endif