Android:为什么从pc运行adb shell命令和USB调试不需要权限?
[英]Android: why does running adb shell commands from pc and USB debugging doesn't required permission?
问题描述
Programatically running: getRuntime.exec("screencap", "-p /sdcard/image.png") does not do anything except exiting with code=1 .
以编程方式运行: getRuntime.exec("screencap", "-p /sdcard/image.png")除了以code=1退出之外不执行任何操作。
But when USB debugging, running that same command from pc in cmd: adb shell screencap -p /sdcard/dddd.png works.但是当 USB 调试时,从 cmd 中的 pc 运行相同的命令: adb shell screencap -p /sdcard/dddd.png有效。
From previous stackoverflow posts, It seems that programatcially running that command doesn't work because the app does not have permission, and this requires rooting the phone to give su access to the app.从以前的 stackoverflow 帖子来看,似乎以编程方式运行该命令不起作用,因为该应用程序没有权限,这需要对手机进行 root 才能授予 su 访问该应用程序的权限。
Why does running these commands from the pc doesn't require privileged access?为什么从 pc 上运行这些命令不需要特权访问?
1 个解决方案
解决方案1
2 已采纳 2020-11-15 10:43:51
Difference is that adbd (adb daemon) runs with shell uid, while doing that from the app you're still with your app's uid.不同之处在于adbd (adb 守护进程)使用shell uid 运行,而从应用程序执行此操作时,您仍然使用应用程序的 uid。 So it's different contexts.所以是不同的语境。
There is an SELinux rule that allows adb to invoke the screencap( defined in system/sepolicy/private/adbd.te ):有一个 SELinux 规则允许 adb 调用屏幕截图(在system/sepolicy/private/adbd.te中定义):
# Perform binder IPC to surfaceflinger (screencap)
# XXX Run screencap in a separate domain?
binder_use(adbd)
binder_call(adbd, surfaceflinger)
binder_call(adbd, gpuservice)
# b/13188914
allow adbd gpu_device:chr_file rw_file_perms;
allow adbd ion_device:chr_file rw_file_perms;
r_dir_file(adbd, system_file)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.