Android 取得root权限的方法
On the emulator provided with the SDK r10, you can get a root
shell executing "adb shell" from your host computer. Once you have
such root shell, you cat follow this steps to get a command that
can log you as root from the terminal emulator:
# Remount /data to allow executables and setuids
on itmount -o
remount,rw
/dev/block/mtdblock1 /data# There's no "cp" command on
Androidcat /system/bin/sh >
/data/su# Give setuid permissions to the
shellchmod 7755 /data/su
Now, from the emulator, just run "/data/su" and that's it,
you're root.
The normal "/system/xbin/su" command included in the SDK
performs internal user id checks, so these commands...
mount -o remount,rw /dev/block/mtdblock0 /system
chmod 7755 /system/xbin/su
...just won't work. There's no way to trick /system/xbin/su to
allow the normal user (UID 10018 in my case) to become root.
Please note that dealing with setuid programs can be a security
risk (not higher than having a universal "su" command, though). Use
this solution at your own risk.