百度加google,自己弄了一个zlsu执行文件,放到system/bin/目录下后,调用它的时候,报错:
java.io.IOException: write failed: EPIPE (Broken pipe)。
su文件代码如下:
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <dirent.h>
#include <errno.h>
#include <sys/stat.h>
#include <unistd.h>
void executecmd(char* c);
int exe(int argc, char* argv[]);
int main(int argc, char* argv[])
{
char* c;
char* d;
c = argv[0];
d = "export CLASSPATH=/data/app/com.zl.movetest-2.apk && export LD_LIBRARY_PATH=/vendor/lib:/system/lib && exec app_process /data/app com.zl.movetest/MoveUtil com.zl.hw 2";
puts("print cmd: start");
puts(argv[1]);
puts(argv[2]);
puts("print cmd: end");
printf("%s \n",argv[1]);
printf("%s \n",argv[2]);
/*
puts(c);
puts(d);
argv[1] = "-c";
argv[2] = d;
executecmd(d);
return 0;
return exe(argc,argv);
*/
return exe(argc,argv);
}
void executecmd(char* c){
/*
char Com[80];
strcpy(Com,"netsh wlan set hostednetwork mode=allow ssid=");
strcat(Com,u.c_str());
strcat(Com," key=");
strcat(Com,k.c_str());
*/
system(c);
return;
}
static int executionFailure(char *context)
{
fprintf(stderr, "su: %s. Error:%s\n", context, strerror(errno));
return -errno;
}
static int permissionDenied()
{
// the superuser activity couldn't be started
printf("su: permission denied\n");
return 1;
}
int exe(int argc, char* argv[]){
struct stat stats;
struct passwd *pw;
int uid = 0;
int gid = 0;
if(setgid(gid) || setuid(uid))
return permissionDenied();
char *exec_args[argc + 1];
exec_args[argc] = NULL;
exec_args[0] = "sh";
int i;
char stra[256];
sprintf(stra,"%d",argc);
char coma[80];
strcpy(coma,"main cmd num : ");
strcat(coma,stra);
puts(coma);
for (i = 1; i < argc; i++)
{
exec_args[i] = argv[i];
char Com[80];
strcpy(Com,"main cmd: ");
strcat(Com,exec_args[i]);
puts(Com);
}
execv("/system/bin/sh", exec_args);
return executionFailure("sh");
}
http://bbs.csdn.net/topics/391017555
http://www.xue163.com/588880/39101/391017555.html
http://stackoverflow.com/questions/22907189/java-io-ioexception-write-failed-epipe-broken-pipe
据我亲测和看雪上一些大神的帖子,这种方法在一些高版本的Android上已经失效了,Google利用了Linux的一个草案,将所有应用的父进程app_process程序运行时限制了权能,使由应用exec出来的Linux程序没有使用setuid和setgid的权限,也就是说,即使你把su加上了s位,那么运行后只有euid是root,uid和gid设置不上,就没有root权限,比如我这里的Android4.4就是这样,现在的root软件都是利用系统漏洞实现开机时启动一个root守护进程,su程序只完成进程通信,只是一个空壳。