Android 9 Pie IMX6 - Recovery

leonardoprates · ‎12-24-2020

I have a custom board running Android 9 and at ENG build when I do a "reboot recovery" I get recovery menu as expected and I can use adb sideload command to update system. But at USER build, when I do reboot recovery instead of recovery menu I get "no command" message.

Someone could help me understand why this happens?

Thanks,

Leonardo

Zhiming_Liu · ‎12-28-2020

Hi

change./default.prop

set ro.secure =0，persist.service.adb.enable=1，adbd will boot with root

You can see init.rc

... ...

# adbd is controlled by the persist.service.adb.enable system property

service adbd /sbin/adbd

disabled

# adbd on at boot in emulator

on property:ro.kernel.qemu=1

start adbd

on property:persist.service.adb.enable=1

start adbd

on property:persist.service.adb.enable=0

stop adbd

... ...

This defined a trigger，if persist.service.adb.enable=1，will start /sbin/adbd。

in main.mk of build folder

## user/userdebug ##

user_variant := $(filter userdebug user,$(TARGET_BUILD_VARIANT))

enable_target_debugging := true

ifneq (,$(user_variant))

# Target is secure in user builds.

ADDITIONAL_DEFAULT_PROPERTIES += ro.secure=1

tags_to_install := user

ifeq ($(user_variant),userdebug)

# Pick up some extra useful tools

tags_to_install += debug

else

# Disable debugging in plain user builds.

enable_target_debugging :=

endif

# TODO: Always set WITH_DEXPREOPT (for user builds) once it works on OSX.

# Also, remove the corresponding block in config/product_config.make.

ifeq ($(HOST_OS)-$(WITH_DEXPREOPT_buildbot),linux-true)

WITH_DEXPREOPT := true

endif

# Disallow mock locations by default for user builds

ADDITIONAL_DEFAULT_PROPERTIES += ro.allow.mock.location=0

else # !user_variant

# Turn on checkjni for non-user builds.

ADDITIONAL_BUILD_PROPERTIES += ro.kernel.android.checkjni=1

# Set device insecure for non-user builds.

ADDITIONAL_DEFAULT_PROPERTIES += ro.secure=0

# Allow mock locations by default for non user builds

ADDITIONAL_DEFAULT_PROPERTIES += ro.allow.mock.location=1

endif # !user_variant

ifeq (true,$(strip $(enable_target_debugging)))

# Target is more debuggable and adbd is on by default

ADDITIONAL_DEFAULT_PROPERTIES += ro.debuggable=1 persist.service.adb.enable=1

# Include the debugging/testing OTA keys in this build.

INCLUDE_TEST_OTA_KEYS := true

else # !enable_target_debugging

# Target is less debuggable and adbd is off by default

ADDITIONAL_DEFAULT_PROPERTIES += ro.debuggable=0 persist.service.adb.enable=0

endif # !enable_target_debugging

Let me explain roughly this code:

Mainly by judging the current compilation mode to assign different values to several properties, and then store the properties in the variable ADDITIONAL_DEFAULT_PROPERTIES, which will be written to /default.prop in the root directory later, at system startup Loaded by the property service. In other words, the values of several properties we see in /default.prop are set here.

Just look at the two properties ro.secure, persist.service.adb.enable. If it is currently in user mode, the compilation system will set ro.secure to 1 and persist.service.adb.enable to 0. In other words, the system compiled in user mode runs in safe mode, and adbd is disabled by default. Even if it is opened by setting attributes, the user of the adbd process is a shell and does not have root privileges. In this way, after ordinary users or developers get a machine and run adb shell through the PC, they log in to the machine as the shell user.

Ok, now set ro.secure to 0 and recompile. As long as the property persist.service.adb.enable is set to 1, the adbd process will start as the root user.

BR

Zhiming