Android中如何自己制作su

本文原博客：http://hubingforever.blog.163.com/blog/static/171040579201372915716149/

在Android源码的system\extras（比如Android4.0\system\extras）下新建一个目录，比如su_robin目录

在su_robin目录下包含以三个文件：

su.h文件

#ifndef SU_h #define SU_h 1
#ifdef LOG_TAG#undef LOG_TAG#endif#define LOG_TAG "robin"
#define REQUESTOR "com.noshufou.android.su"#define REQUESTOR_DATA_PATH "/data/data/" REQUESTOR#define REQUESTOR_CACHE_PATH "/dev/" REQUESTOR
#define REQUESTOR_DATABASES_PATH REQUESTOR_DATA_PATH "/databases"#define REQUESTOR_DATABASE_PATH REQUESTOR_DATABASES_PATH "/permissions.sqlite"
/* intent actions */#define ACTION_REQUEST REQUESTOR ".REQUEST"#define ACTION_RESULT  REQUESTOR ".RESULT"
#define DEFAULT_SHELL "/system/bin/sh"
#ifdef SU_LEGACY_BUILD#define VERSION_EXTRA "l"#else#define VERSION_EXTRA ""#endif
#define VERSION "3.1.1" VERSION_EXTRA#define VERSION_CODE 17
#define DATABASE_VERSION 6#define PROTO_VERSION 0
struct su_initiator {    pid_t pid;    unsigned uid;    char bin[PATH_MAX];    char args[4096];};
struct su_request {    unsigned uid;    int login;    int keepenv;    char *shell;    char *command;    char **argv;    int argc;    int optind;};
struct su_context {    struct su_initiator from;    struct su_request to;    mode_t umask;};
enum {    DB_INTERACTIVE,    DB_DENY,    DB_ALLOW};#endif

注意，这里的很多东西是多余。

su.c文件

#include <sys/types.h>#include <sys/socket.h>#include <sys/un.h>#include <sys/wait.h>#include <sys/select.h>#include <sys/time.h>#include <unistd.h>#include <limits.h>#include <fcntl.h>#include <errno.h>#include <endian.h>#include <stdio.h>#include <stdlib.h>#include <string.h>#include <getopt.h>#include <stdint.h>#include <pwd.h>
#include <private/android_filesystem_config.h>#include <cutils/properties.h>#include <cutils/log.h>
#include "su.h"
int main(int argc, char *argv[]){ LOGI("hello !robin-su begin %d !",getuid()); printf("hello !robin-su begin"); int uid=0; int gid=0; if(setgid(gid) || setuid(uid)) { LOGI("robin su: permission denied\n"); fprintf(stderr,"su: permission denied\n"); return 1; }  char command[1024];
LOGI("hello !robin-su end %d !",getuid()); printf("hello !robin-su end"); /* Default exec shell. */   execlp("/system/bin/sh", "sh", NULL);   fprintf(stderr, "su: exec failed\n"); return 1;}
Android.mk文件

LOCAL_PATH := $(call my-dir)include $(CLEAR_VARS)
LOCAL_MODULE := surLOCAL_SRC_FILES := su.c
LOCAL_STATIC_LIBRARIES := \    liblog \    libc \
LOCAL_MODULE_PATH := $(TARGET_OUT_OPTIONAL_EXECUTABLES)LOCAL_MODULE_TAGS := eng debugLOCAL_FORCE_STATIC_EXECUTABLE := true
include $(BUILD_EXECUTABLE)

编译Android源码，生成rom

如果你还不知道如何编译Android源码，请参照

http://source.android.com/source/building-running.html

在out\target\product\generic\system\xbin目录下找到生成的可执行文件sur,就是我们自己制作的su文件

通过adb push命令将其推送到手机上的system\xbin目录，

通过执行系统原来自己带的su切换到root用户，对手机上sur文件执行chmod 6777 sur命令。 

使文件属性变为rwsrwsrwx，如下所示

rwsrwsrwx root     root        58960 2013-08-29 11:31 sur

然后你可以通过执行系统原来自己带的sur切换到root用户

关于chmod 6777 sur命令请参考《chmod命令基本篇》和请参考《chmod命令高级篇（
SetUID与SetGID标识位）》

关于setuid请参考《setuid()与setgid()的使用 》

结束！