Loading adb/Android.bp +0 −11 Original line number Diff line number Diff line Loading @@ -25,7 +25,6 @@ cc_defaults { "-Wthread-safety", "-Wvla", "-DADB_HOST=1", // overridden by adbd_defaults "-DALLOW_ADBD_ROOT=0", // overridden by adbd_defaults "-DANDROID_BASE_UNIQUE_FD_DISABLE_IMPLICIT_CONVERSION=1", ], cpp_std: "experimental", Loading Loading @@ -81,16 +80,6 @@ cc_defaults { defaults: ["adb_defaults"], cflags: ["-UADB_HOST", "-DADB_HOST=0"], product_variables: { debuggable: { cflags: [ "-UALLOW_ADBD_ROOT", "-DALLOW_ADBD_ROOT=1", "-DALLOW_ADBD_DISABLE_VERITY", "-DALLOW_ADBD_NO_AUTH", ], }, }, } cc_defaults { Loading adb/daemon/main.cpp +5 −26 Original line number Diff line number Diff line Loading @@ -62,23 +62,7 @@ #if defined(__ANDROID__) static const char* root_seclabel = nullptr; static inline bool is_device_unlocked() { return "orange" == android::base::GetProperty("ro.boot.verifiedbootstate", ""); } static bool should_drop_capabilities_bounding_set() { if (ALLOW_ADBD_ROOT || is_device_unlocked()) { if (__android_log_is_debuggable()) { return false; } } return true; } static bool should_drop_privileges() { // "adb root" not allowed, always drop privileges. if (!ALLOW_ADBD_ROOT && !is_device_unlocked()) return true; // The properties that affect `adb root` and `adb unroot` are ro.secure and // ro.debuggable. In this context the names don't make the expected behavior // particularly obvious. Loading Loading @@ -132,7 +116,7 @@ static void drop_privileges(int server_port) { // Don't listen on a port (default 5037) if running in secure mode. // Don't run as root if running in secure mode. if (should_drop_privileges()) { const bool should_drop_caps = should_drop_capabilities_bounding_set(); const bool should_drop_caps = !__android_log_is_debuggable(); if (should_drop_caps) { minijail_use_caps(jail.get(), CAP_TO_MASK(CAP_SETUID) | CAP_TO_MASK(CAP_SETGID)); Loading Loading @@ -224,15 +208,10 @@ int adbd_main(int server_port) { // descriptor will always be open. adbd_cloexec_auth_socket(); #if defined(__ANDROID_RECOVERY__) if (is_device_unlocked() || __android_log_is_debuggable()) { auth_required = false; } #elif defined(ALLOW_ADBD_NO_AUTH) // If ro.adb.secure is unset, default to no authentication required. auth_required = android::base::GetBoolProperty("ro.adb.secure", false); #elif defined(__ANDROID__) if (is_device_unlocked()) { // allows no authentication when the device is unlocked. #if defined(__ANDROID__) // If we're on userdebug/eng or the device is unlocked, permit no-authentication. bool device_unlocked = "orange" == android::base::GetProperty("ro.boot.verifiedbootstate", ""); if (__android_log_is_debuggable() || device_unlocked) { auth_required = android::base::GetBoolProperty("ro.adb.secure", false); } #endif Loading fs_mgr/fs_mgr.cpp +27 −2 Original line number Diff line number Diff line Loading @@ -1120,8 +1120,28 @@ class CheckpointManager { } android::dm::DmTable table; if (!table.AddTarget(std::make_unique<android::dm::DmTargetBow>( 0, size, entry->blk_device))) { auto bowTarget = std::make_unique<android::dm::DmTargetBow>(0, size, entry->blk_device); // dm-bow uses the first block as a log record, and relocates the real first block // elsewhere. For metadata encrypted devices, dm-bow sits below dm-default-key, and // for post Android Q devices dm-default-key uses a block size of 4096 always. // So if dm-bow's block size, which by default is the block size of the underlying // hardware, is less than dm-default-key's, blocks will get broken up and I/O will // fail as it won't be data_unit_size aligned. // However, since it is possible there is an already shipping non // metadata-encrypted device with smaller blocks, we must not change this for // devices shipped with Q or earlier unless they explicitly selected dm-default-key // v2 constexpr unsigned int pre_gki_level = __ANDROID_API_Q__; unsigned int options_format_version = android::base::GetUintProperty<unsigned int>( "ro.crypto.dm_default_key.options_format.version", (android::fscrypt::GetFirstApiLevel() <= pre_gki_level ? 1 : 2)); if (options_format_version > 1) { bowTarget->SetBlockSize(4096); } if (!table.AddTarget(std::move(bowTarget))) { LERROR << "Failed to add bow target"; return false; } Loading Loading @@ -1757,6 +1777,11 @@ int fs_mgr_remount_userdata_into_checkpointing(Fstab* fstab) { // wrapper to __mount() and expects a fully prepared fstab_rec, // unlike fs_mgr_do_mount which does more things with avb / verity etc. int fs_mgr_do_mount_one(const FstabEntry& entry, const std::string& mount_point) { // First check the filesystem if requested. if (entry.fs_mgr_flags.wait && !WaitForFile(entry.blk_device, 20s)) { LERROR << "Skipping mounting '" << entry.blk_device << "'"; } // Run fsck if needed prepare_fs_for_mount(entry.blk_device, entry); Loading fs_mgr/libdm/dm_target.cpp +5 −0 Original line number Diff line number Diff line Loading @@ -120,6 +120,11 @@ std::string DmTargetAndroidVerity::GetParameterString() const { return keyid_ + " " + block_device_; } std::string DmTargetBow::GetParameterString() const { if (!block_size_) return target_string_; return target_string_ + " 1 block_size:" + std::to_string(block_size_); } std::string DmTargetSnapshot::name() const { if (mode_ == SnapshotStorageMode::Merge) { return "snapshot-merge"; Loading fs_mgr/libdm/include/libdm/dm_target.h +4 −1 Original line number Diff line number Diff line Loading @@ -175,11 +175,14 @@ class DmTargetBow final : public DmTarget { DmTargetBow(uint64_t start, uint64_t length, const std::string& target_string) : DmTarget(start, length), target_string_(target_string) {} void SetBlockSize(uint32_t block_size) { block_size_ = block_size; } std::string name() const override { return "bow"; } std::string GetParameterString() const override { return target_string_; } std::string GetParameterString() const override; private: std::string target_string_; uint32_t block_size_ = 0; }; enum class SnapshotStorageMode { Loading Loading
adb/Android.bp +0 −11 Original line number Diff line number Diff line Loading @@ -25,7 +25,6 @@ cc_defaults { "-Wthread-safety", "-Wvla", "-DADB_HOST=1", // overridden by adbd_defaults "-DALLOW_ADBD_ROOT=0", // overridden by adbd_defaults "-DANDROID_BASE_UNIQUE_FD_DISABLE_IMPLICIT_CONVERSION=1", ], cpp_std: "experimental", Loading Loading @@ -81,16 +80,6 @@ cc_defaults { defaults: ["adb_defaults"], cflags: ["-UADB_HOST", "-DADB_HOST=0"], product_variables: { debuggable: { cflags: [ "-UALLOW_ADBD_ROOT", "-DALLOW_ADBD_ROOT=1", "-DALLOW_ADBD_DISABLE_VERITY", "-DALLOW_ADBD_NO_AUTH", ], }, }, } cc_defaults { Loading
adb/daemon/main.cpp +5 −26 Original line number Diff line number Diff line Loading @@ -62,23 +62,7 @@ #if defined(__ANDROID__) static const char* root_seclabel = nullptr; static inline bool is_device_unlocked() { return "orange" == android::base::GetProperty("ro.boot.verifiedbootstate", ""); } static bool should_drop_capabilities_bounding_set() { if (ALLOW_ADBD_ROOT || is_device_unlocked()) { if (__android_log_is_debuggable()) { return false; } } return true; } static bool should_drop_privileges() { // "adb root" not allowed, always drop privileges. if (!ALLOW_ADBD_ROOT && !is_device_unlocked()) return true; // The properties that affect `adb root` and `adb unroot` are ro.secure and // ro.debuggable. In this context the names don't make the expected behavior // particularly obvious. Loading Loading @@ -132,7 +116,7 @@ static void drop_privileges(int server_port) { // Don't listen on a port (default 5037) if running in secure mode. // Don't run as root if running in secure mode. if (should_drop_privileges()) { const bool should_drop_caps = should_drop_capabilities_bounding_set(); const bool should_drop_caps = !__android_log_is_debuggable(); if (should_drop_caps) { minijail_use_caps(jail.get(), CAP_TO_MASK(CAP_SETUID) | CAP_TO_MASK(CAP_SETGID)); Loading Loading @@ -224,15 +208,10 @@ int adbd_main(int server_port) { // descriptor will always be open. adbd_cloexec_auth_socket(); #if defined(__ANDROID_RECOVERY__) if (is_device_unlocked() || __android_log_is_debuggable()) { auth_required = false; } #elif defined(ALLOW_ADBD_NO_AUTH) // If ro.adb.secure is unset, default to no authentication required. auth_required = android::base::GetBoolProperty("ro.adb.secure", false); #elif defined(__ANDROID__) if (is_device_unlocked()) { // allows no authentication when the device is unlocked. #if defined(__ANDROID__) // If we're on userdebug/eng or the device is unlocked, permit no-authentication. bool device_unlocked = "orange" == android::base::GetProperty("ro.boot.verifiedbootstate", ""); if (__android_log_is_debuggable() || device_unlocked) { auth_required = android::base::GetBoolProperty("ro.adb.secure", false); } #endif Loading
fs_mgr/fs_mgr.cpp +27 −2 Original line number Diff line number Diff line Loading @@ -1120,8 +1120,28 @@ class CheckpointManager { } android::dm::DmTable table; if (!table.AddTarget(std::make_unique<android::dm::DmTargetBow>( 0, size, entry->blk_device))) { auto bowTarget = std::make_unique<android::dm::DmTargetBow>(0, size, entry->blk_device); // dm-bow uses the first block as a log record, and relocates the real first block // elsewhere. For metadata encrypted devices, dm-bow sits below dm-default-key, and // for post Android Q devices dm-default-key uses a block size of 4096 always. // So if dm-bow's block size, which by default is the block size of the underlying // hardware, is less than dm-default-key's, blocks will get broken up and I/O will // fail as it won't be data_unit_size aligned. // However, since it is possible there is an already shipping non // metadata-encrypted device with smaller blocks, we must not change this for // devices shipped with Q or earlier unless they explicitly selected dm-default-key // v2 constexpr unsigned int pre_gki_level = __ANDROID_API_Q__; unsigned int options_format_version = android::base::GetUintProperty<unsigned int>( "ro.crypto.dm_default_key.options_format.version", (android::fscrypt::GetFirstApiLevel() <= pre_gki_level ? 1 : 2)); if (options_format_version > 1) { bowTarget->SetBlockSize(4096); } if (!table.AddTarget(std::move(bowTarget))) { LERROR << "Failed to add bow target"; return false; } Loading Loading @@ -1757,6 +1777,11 @@ int fs_mgr_remount_userdata_into_checkpointing(Fstab* fstab) { // wrapper to __mount() and expects a fully prepared fstab_rec, // unlike fs_mgr_do_mount which does more things with avb / verity etc. int fs_mgr_do_mount_one(const FstabEntry& entry, const std::string& mount_point) { // First check the filesystem if requested. if (entry.fs_mgr_flags.wait && !WaitForFile(entry.blk_device, 20s)) { LERROR << "Skipping mounting '" << entry.blk_device << "'"; } // Run fsck if needed prepare_fs_for_mount(entry.blk_device, entry); Loading
fs_mgr/libdm/dm_target.cpp +5 −0 Original line number Diff line number Diff line Loading @@ -120,6 +120,11 @@ std::string DmTargetAndroidVerity::GetParameterString() const { return keyid_ + " " + block_device_; } std::string DmTargetBow::GetParameterString() const { if (!block_size_) return target_string_; return target_string_ + " 1 block_size:" + std::to_string(block_size_); } std::string DmTargetSnapshot::name() const { if (mode_ == SnapshotStorageMode::Merge) { return "snapshot-merge"; Loading
fs_mgr/libdm/include/libdm/dm_target.h +4 −1 Original line number Diff line number Diff line Loading @@ -175,11 +175,14 @@ class DmTargetBow final : public DmTarget { DmTargetBow(uint64_t start, uint64_t length, const std::string& target_string) : DmTarget(start, length), target_string_(target_string) {} void SetBlockSize(uint32_t block_size) { block_size_ = block_size; } std::string name() const override { return "bow"; } std::string GetParameterString() const override { return target_string_; } std::string GetParameterString() const override; private: std::string target_string_; uint32_t block_size_ = 0; }; enum class SnapshotStorageMode { Loading
