此问题与device-mapper-verity(dm-verity)内核功能有关,该功能提供块设备的透明完整性检查。dm-verity有助于防止持久性rootkit,这些rootkit可以保留root权限并危害设备。下面的命令可以在userdebug版本上禁用或启用verity。
adb disable-verity adb enable-verity
adb disable-verity
adb enable-verity
字符串但是这些命令在用户版本上不起作用。有没有其他方法在用户版本上起作用?
oxf4rvwz1#
简而言之,我还不能给予你一个解决这个问题的办法。然而,这里有一些有用的提示:这是我得到的错误:
C:\Users\Test>adb remountdm_verity is enabled on the system and vendor partitions.Use "adb disable-verity" to disable verity.If you do not, remount may succeed, however, you will still not be able to write to these volumes.remount of system failed: Permission deniedremount failed
C:\Users\Test>adb remount
dm_verity is enabled on the system and vendor partitions.
Use "adb disable-verity" to disable verity.
If you do not, remount may succeed, however, you will still not be able to write to these volumes.
remount of system failed: Permission denied
remount failed
字符串(^一些确切的文字也是重要的人在谷歌搜索找到这里^)当使用IDA Hex-rays进行反向工程/反编译'\sbin\adbd'时,我注意到输出此错误的相关adbd源代码位于net中:
void remount_service(int fd, void *cookie){ char buffer[200]; char prop_buf[PROPERTY_VALUE_MAX]; bool system_verified = false, vendor_verified = false; property_get("partition.system.verified", prop_buf, "0"); if (!strcmp(prop_buf, "1")) { system_verified = true; } property_get("partition.vendor.verified", prop_buf, "0"); if (!strcmp(prop_buf, "1")) { vendor_verified = true; } if (system_verified || vendor_verified) { // Allow remount but warn of likely bad effects bool both = system_verified && vendor_verified; snprintf(buffer, sizeof(buffer), "dm_verity is enabled on the %s%s%s partition%s.\n", system_verified ? "system" : "", both ? " and " : "", vendor_verified ? "vendor" : "", both ? "s" : ""); write_string(fd, buffer); snprintf(buffer, sizeof(buffer), "Use \"adb disable-verity\" to disable verity.\n" "If you do not, remount may succeed, however, you will still " "not be able to write to these volumes.\n"); write_string(fd, buffer); } if (remount("/system", &system_ro)) { snprintf(buffer, sizeof(buffer), "remount of system failed: %s\n",strerror(errno)); write_string(fd, buffer); } if (hasVendorPartition()) { if (remount("/vendor", &vendor_ro)) { snprintf(buffer, sizeof(buffer), "remount of vendor failed: %s\n",strerror(errno)); write_string(fd, buffer); } } if (!system_ro && (!vendor_ro || !hasVendorPartition())) write_string(fd, "remount succeeded\n"); else { write_string(fd, "remount failed\n"); } adb_close(fd);}
void remount_service(int fd, void *cookie)
{
char buffer[200];
char prop_buf[PROPERTY_VALUE_MAX];
bool system_verified = false, vendor_verified = false;
property_get("partition.system.verified", prop_buf, "0");
if (!strcmp(prop_buf, "1")) {
system_verified = true;
}
property_get("partition.vendor.verified", prop_buf, "0");
vendor_verified = true;
if (system_verified || vendor_verified) {
// Allow remount but warn of likely bad effects
bool both = system_verified && vendor_verified;
snprintf(buffer, sizeof(buffer),
"dm_verity is enabled on the %s%s%s partition%s.\n",
system_verified ? "system" : "",
both ? " and " : "",
vendor_verified ? "vendor" : "",
both ? "s" : "");
write_string(fd, buffer);
"Use \"adb disable-verity\" to disable verity.\n"
"If you do not, remount may succeed, however, you will still "
"not be able to write to these volumes.\n");
if (remount("/system", &system_ro)) {
snprintf(buffer, sizeof(buffer), "remount of system failed: %s\n",strerror(errno));
if (hasVendorPartition()) {
if (remount("/vendor", &vendor_ro)) {
snprintf(buffer, sizeof(buffer), "remount of vendor failed: %s\n",strerror(errno));
if (!system_ro && (!vendor_ro || !hasVendorPartition()))
write_string(fd, "remount succeeded\n");
else {
write_string(fd, "remount failed\n");
adb_close(fd);
型http://www.contrib.andrew.cmu.edu/~rjkohler/android-tools-5.0.1+git20141213/core/adb/remount_service.c顺便说一句,我用来反编译的adb deamon来自Android 5.1.1。所以这里的要点是partition.vendor.verified和partition.system.verified。如果它们设置为“1”,您将得到错误。那么接下来将是追捕为什么和如何设置这些.以及如何防止这种情况。不过,adb remount所做的只是重新挂载**/system**(可能还有**/vendor**)。您也可以自己完成:
adb shell su mount -o remount /system
型这一小行通常可以帮助我完成同样的任务。su-这就可以了。(但是,是的,su命令只会在你的设备被“root”的情况下出现。)
hrysbysz2#
adb disable-verity只适用于adb 1.0.33及以上版本,所以升级你的adb版本
svdrlsy43#
在用户版本上运行verity disable不是错误的吗?关键是verity是阻止attacher更改OS文件系统添加恶意应用程序
3条答案
按热度按时间oxf4rvwz1#
简而言之,我还不能给予你一个解决这个问题的办法。
然而,这里有一些有用的提示:这是我得到的错误:
字符串
(^一些确切的文字也是重要的人在谷歌搜索找到这里^)
当使用IDA Hex-rays进行反向工程/反编译'\sbin\adbd'时,我注意到输出此错误的相关adbd源代码位于net中:
型
http://www.contrib.andrew.cmu.edu/~rjkohler/android-tools-5.0.1+git20141213/core/adb/remount_service.c顺便说一句,我用来反编译的adb deamon来自Android 5.1.1。
所以这里的要点是partition.vendor.verified和partition.system.verified。如果它们设置为“1”,您将得到错误。
那么接下来将是追捕为什么和如何设置这些.以及如何防止这种情况。
不过,adb remount所做的只是重新挂载**/system**(可能还有**/vendor**)。您也可以自己完成:
型
这一小行通常可以帮助我完成同样的任务。su-这就可以了。(但是,是的,su命令只会在你的设备被“root”的情况下出现。)
hrysbysz2#
adb disable-verity只适用于adb 1.0.33及以上版本,所以升级你的adb版本
svdrlsy43#
在用户版本上运行verity disable不是错误的吗?关键是verity是阻止attacher更改OS文件系统添加恶意应用程序