如何获得root权限，从源头code，而不是生根的ROM中的特定应用程序？ [英] How to grant root access to a specific application from source code instead of rooting the ROM?

问题描述

我从源代码编译一个Android的ROM，和我有，我想这是pre-安装并用root权限运行一个应用程序。

I'm compiling an Android ROM from source, and I have one application that I want it to be pre-installed and have it run with root permission.

我如何能获得root权限这一特定的应用程序，而不生根整个ROM？

How can I grant root access to this specific application, without rooting entire ROM?

推荐答案

典型的股票Android的ROM中提供root权限很少的东西，在使用最低权限的原则。相反，应用程序被授予他们所需要的precise权限。

Hopefully you don't need root...

Typical stock Android ROMs provide root privileges to very few things, in line with the principle of least privilege. Instead, apps are granted the precise permissions they need.

到底为什么你需要这个程序有root权限？你应该先浏览所有内部未公开的Andr​​oid权限来看看其中的一个你想要做什么。既然你正在构建一个系统的应用程序，你甚至可以使用签名权限通常不提供给其他应用程序。你只需要确保您的应用程序与你建立了Android ROM密钥签名的 - 那么你可以用光盘或单独发布它，它仍然有机会获得您所需要的权限

Why exactly do you need this app to have root permissions? You should first look through the list of all the internal unpublished Android permissions to see if one of them does what you want. Since you're building a system app, you can even use signature permissions which are not normally available to other apps. You just need to ensure that your app is signed by the key with which you build the Android ROM - you can then distribute it with the ROM or separately, and it will still have access to the permissions you require.

做这种方式的优点是：

• 如果您的应用程序被泄露或越野车，其影响是有限的。
• 您实际的Java code具有这些权限，所以没有必要工艺繁琐的命令行。

所以，如果你能做你的任务就这样，做的。

So if you can possibly do your task this way, do.

如果你确实需要root，那么事情变得棘手。

If you really do need root, then things get tricky.

您有三个选项。为了对preference：

You have three options. In order of preference:

• 添加新的系统服务。
• 添加一些另类的setuid根二进制文件，不正是你需要的。
• 修改苏二进制来检查到底是谁在调用它。

• Add a new system service.
• Add some alternative setuid-root binary which does just what you need.
• Modify the su binary to check exactly who is calling it.

如果你确实需要的根，那么我会<一href="http://stackoverflow.com/questions/3232718/how-to-add-a-system-service-to-the-android-framework">add新的系统服务的。这可以以root身份运行。你会再加入适当的额外的API，使您的应用程序可以调用它 - 和权限可签名 - 电平，这样只有系统的应用程序可以调用它。这是结构上正确的方式做到这一点在Android的土地。

If you really do need root, then I would add a new system service. This can run as root. You would then add suitable extra APIs so that your app can call into it - and the permissions can be signature-level so that only your system app can call it. This is the architecturally 'correct' way to do it in Android-land.

第二个或第三个选项涉及创建一些命令行工具，你想要做什么，但我不知道这样的工具来检查谁是称这是一个安全的方式。它是可以接受的，以允许任何的应用程序调用该功能。如果是这样，一个新的setuid root用户的​​可执行文件可能是要走的路。不过，正如我说的，我不知道一个办法阻止其他应用程序运行它。

The second or third options involve creating some command-line tool which does what you want, but I don't know a secure way for such a tool to check who is calling it. It may be acceptable to allow any app to call this functionality. If so, a new setuid-root executable might be the way to go. However, as I say, I don't know a way to stop other apps running it.

这篇关于如何获得root权限，从源头code，而不是生根的ROM中的特定应用程序？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！