diff options
| author | Bowgo Tsai <bowgotsai@google.com> | 2019-03-14 22:05:05 -0700 |
|---|---|---|
| committer | android-build-merger <android-build-merger@google.com> | 2019-03-14 22:05:05 -0700 |
| commit | 76f9dc6f314466e3f7e587c8b2ce71e7e763ae6a (patch) | |
| tree | 8c9201b69c503f5351e95911823303dd4d2fd1c1 /adb | |
| parent | b856ffb8838a59f9d71b9e3bb7a7c4cdbb5a8a4f (diff) | |
| parent | c613c0d1305d8e012cd1e795b8aa5fa472e2dae9 (diff) | |
| download | system_core-76f9dc6f314466e3f7e587c8b2ce71e7e763ae6a.tar.gz system_core-76f9dc6f314466e3f7e587c8b2ce71e7e763ae6a.tar.bz2 system_core-76f9dc6f314466e3f7e587c8b2ce71e7e763ae6a.zip | |
Merge changes from topic "adb_root_in_user" am: da1251d6a5 am: ac5d9460f2
am: c613c0d130
Change-Id: I46e9d64a103c7a983d908e7b6f131332aafe1b72
Diffstat (limited to 'adb')
| -rw-r--r-- | adb/Android.bp | 6 | ||||
| -rw-r--r-- | adb/daemon/main.cpp | 23 |
2 files changed, 19 insertions, 10 deletions
diff --git a/adb/Android.bp b/adb/Android.bp index 1e085a7b3..01e00dd1c 100644 --- a/adb/Android.bp +++ b/adb/Android.bp @@ -24,7 +24,8 @@ cc_defaults { "-Wno-missing-field-initializers", "-Wthread-safety", "-Wvla", - "-DADB_HOST=1", // overridden by adbd_defaults + "-DADB_HOST=1", // overridden by adbd_defaults + "-DALLOW_ADBD_ROOT=0", // overridden by adbd_defaults ], cpp_std: "experimental", @@ -79,7 +80,8 @@ cc_defaults { product_variables: { debuggable: { cflags: [ - "-DALLOW_ADBD_ROOT", + "-UALLOW_ADBD_ROOT", + "-DALLOW_ADBD_ROOT=1", "-DALLOW_ADBD_DISABLE_VERITY", "-DALLOW_ADBD_NO_AUTH", ], diff --git a/adb/daemon/main.cpp b/adb/daemon/main.cpp index fce3a4fb5..e5a49171b 100644 --- a/adb/daemon/main.cpp +++ b/adb/daemon/main.cpp @@ -58,17 +58,23 @@ #if defined(__ANDROID__) static const char* root_seclabel = nullptr; +static inline bool is_device_unlocked() { + return "orange" == android::base::GetProperty("ro.boot.verifiedbootstate", ""); +} + static bool should_drop_capabilities_bounding_set() { -#if defined(ALLOW_ADBD_ROOT) - if (__android_log_is_debuggable()) { - return false; + if (ALLOW_ADBD_ROOT || is_device_unlocked()) { + if (__android_log_is_debuggable()) { + return false; + } } -#endif return true; } static bool should_drop_privileges() { -#if defined(ALLOW_ADBD_ROOT) + // "adb root" not allowed, always drop privileges. + if (!ALLOW_ADBD_ROOT && !is_device_unlocked()) return true; + // The properties that affect `adb root` and `adb unroot` are ro.secure and // ro.debuggable. In this context the names don't make the expected behavior // particularly obvious. @@ -98,9 +104,6 @@ static bool should_drop_privileges() { } return drop; -#else - return true; // "adb root" not allowed, always drop privileges. -#endif // ALLOW_ADBD_ROOT } static void drop_privileges(int server_port) { @@ -205,6 +208,10 @@ int adbd_main(int server_port) { #if defined(ALLOW_ADBD_NO_AUTH) // If ro.adb.secure is unset, default to no authentication required. auth_required = android::base::GetBoolProperty("ro.adb.secure", false); +#elif defined(__ANDROID__) + if (is_device_unlocked()) { // allows no authentication when the device is unlocked. + auth_required = android::base::GetBoolProperty("ro.adb.secure", false); + } #endif adbd_auth_init(); |