Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 7d5c3419 authored by Tianjie Xu's avatar Tianjie Xu
Browse files

Start adbd in user mode if bootloader is unlocked 

During automatic tests, we sometimes want to reboot the device out of
the rescue party remotely. And per http://go/recovery-adb-access, one
option is to start adbd in user build if the device has an unlocked
bootloader. This should not add more surface of attack. Because verified
boot is off with the unlocked bootloader, and the user can always flash
a custom recovery image that always starts adbd.

Bug: 141247819
Test: check adbd doesn't start in user build, unlock bootloader, and
check adbd starts.

Change-Id: I851746245f862cb4dfb01e6c3ad035f2c9f9ccec
parent 0d76cad8

etc/init.rc

+4 −0
Original line number Diff line number Diff line
@@ -99,6 +99,10 @@ on property:service.adb.root=1 
on fs && property:ro.debuggable=1

    setprop sys.usb.config adb



# Also start adbd on user build with an unlocked bootloader

on fs && property:ro.debuggable=0 && androidboot.verifiedbootstate=orange

    setprop sys.usb.config adb



on fs && property:sys.usb.configfs=1

    mount configfs none /config

    mkdir /config/usb_gadget/g1 0770 shell shell

recovery_main.cpp

+7 −1
Original line number Diff line number Diff line
@@ -69,6 +69,10 @@ static bool IsRoDebuggable() { 
  return android::base::GetBoolProperty("ro.debuggable", false);

}



static bool IsDeviceUnlocked() {

  return "orange" == android::base::GetProperty("ro.boot.verifiedbootstate", "");

}



static void UiLogger(android::base::LogId /* id */, android::base::LogSeverity severity,

                     const char* /* tag */, const char* /* file */, unsigned int /* line */,

                     const char* message) {
@@ -463,7 +467,9 @@ int main(int argc, char** argv) { 
  listener_thread.detach();



  while (true) {

    std::string usb_config = fastboot ? "fastboot" : IsRoDebuggable() ? "adb" : "none";

    // We start adbd in recovery for the device with userdebug build or a unlocked bootloader.

    std::string usb_config =

        fastboot ? "fastboot" : IsRoDebuggable() || IsDeviceUnlocked() ? "adb" : "none";

    std::string usb_state = android::base::GetProperty("sys.usb.state", "none");

    if (usb_config != usb_state) {

      if (!SetUsbConfig("none")) {