Loading adb/Android.bp +7 −18 Original line number Diff line number Diff line Loading @@ -25,7 +25,6 @@ cc_defaults { "-Wthread-safety", "-Wvla", "-DADB_HOST=1", // overridden by adbd_defaults "-DALLOW_ADBD_ROOT=0", // overridden by adbd_defaults "-DANDROID_BASE_UNIQUE_FD_DISABLE_IMPLICIT_CONVERSION=1", ], cpp_std: "experimental", Loading Loading @@ -81,16 +80,6 @@ cc_defaults { defaults: ["adb_defaults"], cflags: ["-UADB_HOST", "-DADB_HOST=0"], product_variables: { debuggable: { cflags: [ "-UALLOW_ADBD_ROOT", "-DALLOW_ADBD_ROOT=1", "-DALLOW_ADBD_DISABLE_VERITY", "-DALLOW_ADBD_NO_AUTH", ], }, }, } cc_defaults { Loading Loading @@ -605,16 +594,14 @@ cc_binary { ], } }, required: [ "libadbd_auth", "libadbd_fs", ], } phony { name: "adbd_system_binaries", // Interface between adbd in a module and the system. name: "adbd_system_api", required: [ "libadbd_auth", "libadbd_fs", "abb", "reboot", "set-verity-state", Loading @@ -622,8 +609,10 @@ phony { } phony { name: "adbd_system_binaries_recovery", name: "adbd_system_api_recovery", required: [ "libadbd_auth", "libadbd_fs", "reboot.recovery", ], } Loading adb/daemon/adb_wifi.cpp +2 −1 Original line number Diff line number Diff line Loading @@ -42,7 +42,8 @@ static struct adisconnect adb_disconnect = {adb_disconnected, nullptr}; static void adb_disconnected(void* unused, atransport* t) { LOG(INFO) << "ADB wifi device disconnected"; adbd_auth_tls_device_disconnected(auth_ctx, kAdbTransportTypeWifi, t->auth_id); CHECK(t->auth_id.has_value()); adbd_auth_tls_device_disconnected(auth_ctx, kAdbTransportTypeWifi, t->auth_id.value()); } // TODO(b/31559095): need bionic host so that we can use 'prop_info' returned Loading adb/daemon/auth.cpp +25 −7 Original line number Diff line number Diff line Loading @@ -207,15 +207,27 @@ void adbd_cloexec_auth_socket() { } static void adbd_auth_key_authorized(void* arg, uint64_t id) { LOG(INFO) << "adb client authorized"; LOG(INFO) << "adb client " << id << " authorized"; fdevent_run_on_main_thread([=]() { LOG(INFO) << "arg = " << reinterpret_cast<uintptr_t>(arg); auto* transport = transport_from_callback_arg(arg); if (!transport) { LOG(ERROR) << "authorization received for deleted transport, ignoring"; LOG(ERROR) << "authorization received for deleted transport (" << id << "), ignoring"; return; } if (transport->auth_id.has_value()) { if (transport->auth_id.value() != id) { LOG(ERROR) << "authorization received, but auth id doesn't match, ignoring (expected " << transport->auth_id.value() << ", got " << id << ")"; return; } } else { // Older versions (i.e. dogfood/beta builds) of libadbd_auth didn't pass the initial // auth id to us, so we'll just have to trust it until R ships and we can retcon this. transport->auth_id = id; } adbd_auth_verified(transport); }); } Loading Loading @@ -265,15 +277,21 @@ void adbd_auth_verified(atransport* t) { static void adb_disconnected(void* unused, atransport* t) { LOG(INFO) << "ADB disconnect"; adbd_auth_notify_disconnect(auth_ctx, t->auth_id); CHECK(t->auth_id.has_value()); adbd_auth_notify_disconnect(auth_ctx, t->auth_id.value()); } void adbd_auth_confirm_key(atransport* t) { LOG(INFO) << "prompting user to authorize key"; t->AddDisconnect(&adb_disconnect); if (adbd_auth_prompt_user_with_id) { t->auth_id = adbd_auth_prompt_user_with_id(auth_ctx, t->auth_key.data(), t->auth_key.size(), transport_to_callback_arg(t)); } else { adbd_auth_prompt_user(auth_ctx, t->auth_key.data(), t->auth_key.size(), transport_to_callback_arg(t)); } } void adbd_notify_framework_connected_key(atransport* t) { t->auth_id = adbd_auth_notify_auth(auth_ctx, t->auth_key.data(), t->auth_key.size()); Loading adb/daemon/main.cpp +5 −26 Original line number Diff line number Diff line Loading @@ -62,23 +62,7 @@ #if defined(__ANDROID__) static const char* root_seclabel = nullptr; static inline bool is_device_unlocked() { return "orange" == android::base::GetProperty("ro.boot.verifiedbootstate", ""); } static bool should_drop_capabilities_bounding_set() { if (ALLOW_ADBD_ROOT || is_device_unlocked()) { if (__android_log_is_debuggable()) { return false; } } return true; } static bool should_drop_privileges() { // "adb root" not allowed, always drop privileges. if (!ALLOW_ADBD_ROOT && !is_device_unlocked()) return true; // The properties that affect `adb root` and `adb unroot` are ro.secure and // ro.debuggable. In this context the names don't make the expected behavior // particularly obvious. Loading Loading @@ -132,7 +116,7 @@ static void drop_privileges(int server_port) { // Don't listen on a port (default 5037) if running in secure mode. // Don't run as root if running in secure mode. if (should_drop_privileges()) { const bool should_drop_caps = should_drop_capabilities_bounding_set(); const bool should_drop_caps = !__android_log_is_debuggable(); if (should_drop_caps) { minijail_use_caps(jail.get(), CAP_TO_MASK(CAP_SETUID) | CAP_TO_MASK(CAP_SETGID)); Loading Loading @@ -224,15 +208,10 @@ int adbd_main(int server_port) { // descriptor will always be open. adbd_cloexec_auth_socket(); #if defined(__ANDROID_RECOVERY__) if (is_device_unlocked() || __android_log_is_debuggable()) { auth_required = false; } #elif defined(ALLOW_ADBD_NO_AUTH) // If ro.adb.secure is unset, default to no authentication required. auth_required = android::base::GetBoolProperty("ro.adb.secure", false); #elif defined(__ANDROID__) if (is_device_unlocked()) { // allows no authentication when the device is unlocked. #if defined(__ANDROID__) // If we're on userdebug/eng or the device is unlocked, permit no-authentication. bool device_unlocked = "orange" == android::base::GetProperty("ro.boot.verifiedbootstate", ""); if (__android_log_is_debuggable() || device_unlocked) { auth_required = android::base::GetBoolProperty("ro.adb.secure", false); } #endif Loading adb/tools/check_ms_os_desc.cpp +0 −2 Original line number Diff line number Diff line Loading @@ -131,8 +131,6 @@ static void check_ms_os_desc_v1(libusb_device_handle* device_handle, const std:: errx(1, "failed to retrieve MS OS v1 compat descriptor: %s", libusb_error_name(rc)); } memcpy(&hdr, data.data(), data.size()); struct __attribute__((packed)) ms_os_desc_v1_function { uint8_t bFirstInterfaceNumber; uint8_t reserved1; Loading Loading
adb/Android.bp +7 −18 Original line number Diff line number Diff line Loading @@ -25,7 +25,6 @@ cc_defaults { "-Wthread-safety", "-Wvla", "-DADB_HOST=1", // overridden by adbd_defaults "-DALLOW_ADBD_ROOT=0", // overridden by adbd_defaults "-DANDROID_BASE_UNIQUE_FD_DISABLE_IMPLICIT_CONVERSION=1", ], cpp_std: "experimental", Loading Loading @@ -81,16 +80,6 @@ cc_defaults { defaults: ["adb_defaults"], cflags: ["-UADB_HOST", "-DADB_HOST=0"], product_variables: { debuggable: { cflags: [ "-UALLOW_ADBD_ROOT", "-DALLOW_ADBD_ROOT=1", "-DALLOW_ADBD_DISABLE_VERITY", "-DALLOW_ADBD_NO_AUTH", ], }, }, } cc_defaults { Loading Loading @@ -605,16 +594,14 @@ cc_binary { ], } }, required: [ "libadbd_auth", "libadbd_fs", ], } phony { name: "adbd_system_binaries", // Interface between adbd in a module and the system. name: "adbd_system_api", required: [ "libadbd_auth", "libadbd_fs", "abb", "reboot", "set-verity-state", Loading @@ -622,8 +609,10 @@ phony { } phony { name: "adbd_system_binaries_recovery", name: "adbd_system_api_recovery", required: [ "libadbd_auth", "libadbd_fs", "reboot.recovery", ], } Loading
adb/daemon/adb_wifi.cpp +2 −1 Original line number Diff line number Diff line Loading @@ -42,7 +42,8 @@ static struct adisconnect adb_disconnect = {adb_disconnected, nullptr}; static void adb_disconnected(void* unused, atransport* t) { LOG(INFO) << "ADB wifi device disconnected"; adbd_auth_tls_device_disconnected(auth_ctx, kAdbTransportTypeWifi, t->auth_id); CHECK(t->auth_id.has_value()); adbd_auth_tls_device_disconnected(auth_ctx, kAdbTransportTypeWifi, t->auth_id.value()); } // TODO(b/31559095): need bionic host so that we can use 'prop_info' returned Loading
adb/daemon/auth.cpp +25 −7 Original line number Diff line number Diff line Loading @@ -207,15 +207,27 @@ void adbd_cloexec_auth_socket() { } static void adbd_auth_key_authorized(void* arg, uint64_t id) { LOG(INFO) << "adb client authorized"; LOG(INFO) << "adb client " << id << " authorized"; fdevent_run_on_main_thread([=]() { LOG(INFO) << "arg = " << reinterpret_cast<uintptr_t>(arg); auto* transport = transport_from_callback_arg(arg); if (!transport) { LOG(ERROR) << "authorization received for deleted transport, ignoring"; LOG(ERROR) << "authorization received for deleted transport (" << id << "), ignoring"; return; } if (transport->auth_id.has_value()) { if (transport->auth_id.value() != id) { LOG(ERROR) << "authorization received, but auth id doesn't match, ignoring (expected " << transport->auth_id.value() << ", got " << id << ")"; return; } } else { // Older versions (i.e. dogfood/beta builds) of libadbd_auth didn't pass the initial // auth id to us, so we'll just have to trust it until R ships and we can retcon this. transport->auth_id = id; } adbd_auth_verified(transport); }); } Loading Loading @@ -265,15 +277,21 @@ void adbd_auth_verified(atransport* t) { static void adb_disconnected(void* unused, atransport* t) { LOG(INFO) << "ADB disconnect"; adbd_auth_notify_disconnect(auth_ctx, t->auth_id); CHECK(t->auth_id.has_value()); adbd_auth_notify_disconnect(auth_ctx, t->auth_id.value()); } void adbd_auth_confirm_key(atransport* t) { LOG(INFO) << "prompting user to authorize key"; t->AddDisconnect(&adb_disconnect); if (adbd_auth_prompt_user_with_id) { t->auth_id = adbd_auth_prompt_user_with_id(auth_ctx, t->auth_key.data(), t->auth_key.size(), transport_to_callback_arg(t)); } else { adbd_auth_prompt_user(auth_ctx, t->auth_key.data(), t->auth_key.size(), transport_to_callback_arg(t)); } } void adbd_notify_framework_connected_key(atransport* t) { t->auth_id = adbd_auth_notify_auth(auth_ctx, t->auth_key.data(), t->auth_key.size()); Loading
adb/daemon/main.cpp +5 −26 Original line number Diff line number Diff line Loading @@ -62,23 +62,7 @@ #if defined(__ANDROID__) static const char* root_seclabel = nullptr; static inline bool is_device_unlocked() { return "orange" == android::base::GetProperty("ro.boot.verifiedbootstate", ""); } static bool should_drop_capabilities_bounding_set() { if (ALLOW_ADBD_ROOT || is_device_unlocked()) { if (__android_log_is_debuggable()) { return false; } } return true; } static bool should_drop_privileges() { // "adb root" not allowed, always drop privileges. if (!ALLOW_ADBD_ROOT && !is_device_unlocked()) return true; // The properties that affect `adb root` and `adb unroot` are ro.secure and // ro.debuggable. In this context the names don't make the expected behavior // particularly obvious. Loading Loading @@ -132,7 +116,7 @@ static void drop_privileges(int server_port) { // Don't listen on a port (default 5037) if running in secure mode. // Don't run as root if running in secure mode. if (should_drop_privileges()) { const bool should_drop_caps = should_drop_capabilities_bounding_set(); const bool should_drop_caps = !__android_log_is_debuggable(); if (should_drop_caps) { minijail_use_caps(jail.get(), CAP_TO_MASK(CAP_SETUID) | CAP_TO_MASK(CAP_SETGID)); Loading Loading @@ -224,15 +208,10 @@ int adbd_main(int server_port) { // descriptor will always be open. adbd_cloexec_auth_socket(); #if defined(__ANDROID_RECOVERY__) if (is_device_unlocked() || __android_log_is_debuggable()) { auth_required = false; } #elif defined(ALLOW_ADBD_NO_AUTH) // If ro.adb.secure is unset, default to no authentication required. auth_required = android::base::GetBoolProperty("ro.adb.secure", false); #elif defined(__ANDROID__) if (is_device_unlocked()) { // allows no authentication when the device is unlocked. #if defined(__ANDROID__) // If we're on userdebug/eng or the device is unlocked, permit no-authentication. bool device_unlocked = "orange" == android::base::GetProperty("ro.boot.verifiedbootstate", ""); if (__android_log_is_debuggable() || device_unlocked) { auth_required = android::base::GetBoolProperty("ro.adb.secure", false); } #endif Loading
adb/tools/check_ms_os_desc.cpp +0 −2 Original line number Diff line number Diff line Loading @@ -131,8 +131,6 @@ static void check_ms_os_desc_v1(libusb_device_handle* device_handle, const std:: errx(1, "failed to retrieve MS OS v1 compat descriptor: %s", libusb_error_name(rc)); } memcpy(&hdr, data.data(), data.size()); struct __attribute__((packed)) ms_os_desc_v1_function { uint8_t bFirstInterfaceNumber; uint8_t reserved1; Loading
