android手机权限分析

一，如何将user版本手机root。
如何root user版本手机
1，将user load的bootimg解包，将default.prop里的ro.secure值改写。

2，将eng版本的adbd放到user版本的bootimg里的/sbin/目录下

if (should_drop_privileges()) {        struct __user_cap_header_struct header;        struct __user_cap_data_struct cap;        if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) != 0) {            exit(1);        }        /* add extra groups:        ** AID_ADB to access the USB driver        ** AID_LOG to read system logs (adb logcat)        ** AID_INPUT to diagnose input issues (getevent)        ** AID_INET to diagnose network issues (netcfg, ping)        ** AID_GRAPHICS to access the frame buffer        ** AID_NET_BT and AID_NET_BT_ADMIN to diagnose bluetooth (hcidump)        ** AID_SDCARD_R to allow reading from the SD card        ** AID_SDCARD_RW to allow writing to the SD card        ** AID_MOUNT to allow unmounting the SD card before rebooting        ** AID_NET_BW_STATS to read out qtaguid statistics        */        gid_t groups[] = { AID_ADB, AID_LOG, AID_INPUT, AID_INET, AID_GRAPHICS,                           AID_NET_BT, AID_NET_BT_ADMIN, AID_SDCARD_R, AID_SDCARD_RW,                           AID_MOUNT, AID_NET_BW_STATS };        if (setgroups(sizeof(groups)/sizeof(groups[0]), groups) != 0) {            exit(1);        }        /* then switch user and group to "shell" */        if (setgid(AID_SHELL) != 0) {            exit(1);        }        if (setuid(AID_SHELL) != 0) {            exit(1);        }        /* set CAP_SYS_BOOT capability, so "adb reboot" will succeed */        header.version = _LINUX_CAPABILITY_VERSION;        header.pid = 0;        cap.effective = cap.permitted = (1 << CAP_SYS_BOOT);        cap.inheritable = 0;        capset(&header, &cap);        D("Local port disabled\n");

二：android 4.3权限分析

android 4.3权限分析