verity

verity

关注
发信
关注(28)粉丝(399)

android - 如何在Android设备上启用和禁用dm verity?

此问题与device-mapper-verity(dm-verity)内核功能有关,该功能提供了对块设备的透明完整性检查。 dm-verity有助于防止持久化的rootkit可以保留root特权并危及设备。

以下命令可以很好地在userdebug版本上禁用或启用verity。

adb disable-verity
adb enable-verity

但是这些命令不适用于用户版本。用户构建上还有其他选择吗?

最佳答案

简而言之,我还无法为您提供解决方案。

但是,这里有一些有用的提示:
那是我得到的错误:

C:\Users\Test>adb remount
dm_verity is enabled on the system and vendor partitions.
Use "adb disable-verity" to disable verity.
If you do not, remount may succeed, however, you will still not be able to write to these volumes.
remount of system failed: Permission denied
remount failed

(^对于在Google中搜索以在此处找到文字的人来说,某些准确的文字也很重要^)

当使用IDA Hex-ray进行逆向工程/反编译'\sbin\adbd '时,我注意到
净输出此错误的相关 adbd 源代码在net中:
void remount_service(int fd, void *cookie)
{
    char buffer[200];
    char prop_buf[PROPERTY_VALUE_MAX];

    bool system_verified = false, vendor_verified = false;
    property_get("partition.system.verified", prop_buf, "0");
    if (!strcmp(prop_buf, "1")) {
        system_verified = true;
    }

    property_get("partition.vendor.verified", prop_buf, "0");
    if (!strcmp(prop_buf, "1")) {
        vendor_verified = true;
    }

    if (system_verified || vendor_verified) {
        // Allow remount but warn of likely bad effects
        bool both = system_verified && vendor_verified;
        snprintf(buffer, sizeof(buffer),
                 "dm_verity is enabled on the %s%s%s partition%s.\n",
                 system_verified ? "system" : "",
                 both ? " and " : "",
                 vendor_verified ? "vendor" : "",
                 both ? "s" : "");
        write_string(fd, buffer);
        snprintf(buffer, sizeof(buffer),
                 "Use \"adb disable-verity\" to disable verity.\n"
                 "If you do not, remount may succeed, however, you will still "
                 "not be able to write to these volumes.\n");
        write_string(fd, buffer);
    }

    if (remount("/system", &system_ro)) {
        snprintf(buffer, sizeof(buffer), "remount of system failed: %s\n",strerror(errno));
        write_string(fd, buffer);
    }

    if (hasVendorPartition()) {
        if (remount("/vendor", &vendor_ro)) {
            snprintf(buffer, sizeof(buffer), "remount of vendor failed: %s\n",strerror(errno));
            write_string(fd, buffer);
        }
    }

    if (!system_ro && (!vendor_ro || !hasVendorPartition()))
        write_string(fd, "remount succeeded\n");
    else {
        write_string(fd, "remount failed\n");
    }

    adb_close(fd);
}

http://www.contrib.andrew.cmu.edu/~rjkohler/android-tools-5.0.1+git20141213/core/adb/remount_service.c
顺便说一句,我过去用来反编译的adb守护进程来自Android 5.1.1。

因此,这里的要点是 partition.vendor.verified partition.system.verified 。如果将它们设置为“1”,则会收到错误消息。

好吧,下一步将是寻找设置这些设置的原因和方式
...以及如何防止这种情况。

但是, adb重新安装所做的全部工作就是重新安装/system (也许是/vendor )。您也可以自己执行以下操作:
adb shell su mount -o remount /system

那条小线通常可以帮助我并达到目标。
su -可以解决问题。
(但是是的,只有在您的设备已“rooted”时, su 命令才会出现。)

关于android - 如何在Android设备上启用和禁用dm verity?,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/38304435/

10-10 18:10
Powered by LMLPHP ©2024 verity 0.027611