如何禁止root并移除su？

RT。
build.sh -b 不管是prod还是prop都能执行adb root，不懂怎么编译user版本

@jefferyzhang 救救

https://www.jianshu.com/p/99bd019ed332

jefferyzhang 发表于 2020-4-7 14:18
https://www.jianshu.com/p/99bd019ed332

所以我直接lunch user然后make？那教程里build.sh -b prod 是起什么作用

编译工程

1、cd  android根目录

2、./build.sh  -b prod

3、生成的固件在rockdev/Image-rk3399pro/目录下。

4、注意：如果单独编译kernel，需要先复制rockdev/Image-rk3399pro/ramdisk.img到kernel目录

swlmx 发表于 2020-4-7 14:25
所以我直接lunch user然后make？那教程里build.sh -b prod 是起什么作用

自己脚本打开看下不就知道了。。。

jefferyzhang 发表于 2020-4-7 14:34
自己脚本打开看下不就知道了。。。

还是编译不过。

1. lunch rk3399pro-user
   
2. build.sh -b prod

复制代码

sepolicy报错 1.5的源码

1. [ 33% 25586/75488] build out/target/product/rk3399pro/obj/ETC/sepolicy.recovery_intermediates/sepolicy
   
2. FAILED: out/target/product/rk3399pro/obj/ETC/sepolicy.recovery_intermediates/sepolicy
   
3. /bin/bash -c "(ASAN_OPTIONS=detect_leaks=0 out/host/linux-x86/bin/checkpolicy -M -c             30 -o out/target/product/rk3399pro/obj/ETC/sepolicy.recovery_intermediates/sepolicy.tmp out/target/product/rk3399pro/obj/ETC/sepolicy.recovery_intermediates/sepolicy.recovery.conf ) && (out/host/linux-x86/bin/sepolicy-analyze out/target/product/rk3399pro/obj/ETC/sepolicy.recovery_intermediates/sepolicy.tmp permissive > out/target/product/rk3399pro/obj/ETC/sepolicy.recovery_intermediates/sepolicy.permissivedomains ) && (if [ "user" = "user" -a -s out/target/product/rk3399pro/obj/ETC/sepolicy.recovery_intermediates/sepolicy.permissivedomains ]; then            echo "==========" 1>&2;           echo "ERROR: permissive domains not allowed in user builds" 1>&2;              echo "List of invalid domains:" 1>&2;              cat out/target/product/rk3399pro/obj/ETC/sepolicy.recovery_intermediates/sepolicy.permissivedomains 1>&2;            exit 1;                 fi ) && (mv out/target/product/rk3399pro/obj/ETC/sepolicy.recovery_intermediates/sepolicy.tmp out/target/product/rk3399pro/obj/ETC/sepolicy.recovery_intermediates/sepolicy )"
   
4. out/host/linux-x86/bin/checkpolicy:  loading policy configuration from out/target/product/rk3399pro/obj/ETC/sepolicy.recovery_intermediates/sepolicy.recovery.conf
   
5. out/host/linux-x86/bin/checkpolicy:  policy configuration loaded
   
6. out/host/linux-x86/bin/checkpolicy:  writing binary representation (version 30) to out/target/product/rk3399pro/obj/ETC/sepolicy.recovery_intermediates/sepolicy.tmp
   
7. ==========
   
8. ERROR: permissive domains not allowed in user builds
   
9. List of invalid domains:
   
10. vendor_boot
    
11. [ 33% 25597/75488] //external/sfntly:libsfntly clang++ cpp/src/sample/chromium/subsetter_impl.cc
    
12. ninja: build stopped: subcommand failed.
    
13. 09:54:47 ninja failed with: exit status 1

复制代码

swlmx 发表于 2020-4-10 10:44
还是编译不过。

ERROR: permissive domains not allowed in user builds
这是sepolicy权限设置问题。
编译问题要自行google处理，我们没办法手把手教你。。

jefferyzhang 发表于 2020-4-10 10:54
ERROR: permissive domains not allowed in user builds
这是sepolicy权限设置问题。
编译问题要自行goog ...

这东西不是镜像自己带的吗……是不是没设置好

注释掉vendor_boot.te中permissive能编译通过，不过usb和触摸屏用不了
要慢慢改源码了……

swlmx 发表于 2020-4-10 13:44
这东西不是镜像自己带的吗……是不是没设置好

我们那个安卓都是AOSP的代码，都没动过。。。