I have a OnePlus 6T. It is rooted by TWRP and Magisk. I have set ro.debuggable
to 1
. But when I type adb root
it does this:
I cannot even use adb pull
on system files.
Answer
On production (user
) build of a ROM, you can't start adbd
as root unless ROM or at least adbd
binary is rebuilt with required modifications. Reason is the ALLOW_ADBD_ROOT
build flag (1, 2).
That's why adbd Insecure was developed, which replaced the adbd
binary with a modified one.
On a userdebug
or eng
build (or with insecure adbd
binary extracted from any of these build types):
- If
ro.secure=0
,adbd
runs as root when enabled from Settings (Developer Options) (3). Howeveradb root
won't work (4). - If
ro.debuggable=1
,adb root
will restartadbd
as root (5, 6).
However adbd
can be built from modified source code to skip all these checks. Additionally SELinux should also be taken care of, if in enforcing
mode. adbd
must be allowed to run in unrestricted superuser context: u:r:su:s0
(7, 8), which isn't the case for user
builds (9, 10, 11). See this answer for more details.
Android properties can be overwritten using /data/local.prop
on userdebug
/eng
builds i.e. if ALLOW_LOCAL_PROP_OVERRIDE
build flag is set (12, 13). But this doesn't work for ro.*
properties (14) and same is true for setprop
commandline tool. However default.prop
/ prop.default
file - which could be located under multiple possible locations depending on the device build configurations (15) - can be modified to change read-only properties (if not already set from some other property file or *.rc
file). If the file is in ramdisk, boot.img
needs to be modified.
Magisk's resetprop tool can reset the read-only properties even if they are already set. ro.secure
and ro.debuggable
both may have possibly been changed as a part of MagiskHide policy (16), which you can revert back to allow adbd
run as root.
Another related property is ro.adb.secure
, which controls public key authentification. By setting ro.adb.secure=0
on userdebug
/eng
builds, authentification is skipped (no device unauthorized
message ever) (17, 18, 19). Related: Storage location of “adb_keys”.
No comments:
Post a Comment