|
1. 首先安裝自己手機對應的root的image, 如twrp.img
adb push SuperSU-v2.79-20161211114519.zip /mnt/sdcard/supersu.zip fastboot flash recovery twrp-3.3.1-0-shamu.img
fastboot flash recovery twrp-3.3.1-0-shamu.img
進入twrp的菜單,安裝SuperSU-v2.79-20161211114519.zip
2. 這樣可以通過su命令來取得root權限 , 但是不能adb root這樣,
以下命令會提示出錯,
adbd cannot run as root in production builds
Not running as root. Try "adb root" first.
需要再替換一下adbd, 安裝個termux
找個修改版的adbd,如adbd.21.png , 下載 https://download.csdn.net/download/aerror/14122036
adb push adbd.21.png /mnt/sdcard/
cat /sbin/adbd > /sbin/adbd.original chown 0.0 /sbin/adbd.original chmod 644 /sbin/adbd.original cat /sdcard/adbd.21.png > /sbin/adbd cat /system/bin/sh > /sbin/adbsh supolicy --live "permissive init_shell" \ "allow adbd adbd process setcurrent" \ "allow adbd init process dyntransition" \ "allow servicemanager { init_shell zygote } dir search" \ "allow servicemanager { init_shell zygote } file { read open }" \ "allow servicemanager { init_shell zygote } process getattr" \ "allow system_server init_shell binder { transfer call }" \ "allow zygote { servicemanager system_server } binder call"
成功之后:
root 9296 1 8628 224 poll_sched 000204f4 S /sbin/adbd adbd is already running as root
發(fā)現(xiàn)重啟之后不行�,于是寫了一個腳本adbroot放到/system/bin下面�,每次重啟之后在termux里執(zhí)行一下:
shamu:/ # cat /system/bin/adbroot ln -s /data/local/adbd.21.png /sbin/adbd supolicy --live "permissive init_shell" \ "allow adbd adbd process setcurrent" \ "allow adbd init process dyntransition" \ "allow servicemanager { init_shell zygote } dir search" \ "allow servicemanager { init_shell zygote } file { read open }" \ "allow servicemanager { init_shell zygote } process getattr" \ "allow system_server init_shell binder { transfer call }" \ "allow zygote { servicemanager system_server } binder call"
|
