Loading adb/Android.bp +0 −11 Original line number Diff line number Diff line Loading @@ -25,7 +25,6 @@ cc_defaults { "-Wthread-safety", "-Wvla", "-DADB_HOST=1", // overridden by adbd_defaults "-DALLOW_ADBD_ROOT=0", // overridden by adbd_defaults "-DANDROID_BASE_UNIQUE_FD_DISABLE_IMPLICIT_CONVERSION=1", ], cpp_std: "experimental", Loading Loading @@ -81,16 +80,6 @@ cc_defaults { defaults: ["adb_defaults"], cflags: ["-UADB_HOST", "-DADB_HOST=0"], product_variables: { debuggable: { cflags: [ "-UALLOW_ADBD_ROOT", "-DALLOW_ADBD_ROOT=1", "-DALLOW_ADBD_DISABLE_VERITY", "-DALLOW_ADBD_NO_AUTH", ], }, }, } cc_defaults { Loading adb/daemon/main.cpp +5 −26 Original line number Diff line number Diff line Loading @@ -62,23 +62,7 @@ #if defined(__ANDROID__) static const char* root_seclabel = nullptr; static inline bool is_device_unlocked() { return "orange" == android::base::GetProperty("ro.boot.verifiedbootstate", ""); } static bool should_drop_capabilities_bounding_set() { if (ALLOW_ADBD_ROOT || is_device_unlocked()) { if (__android_log_is_debuggable()) { return false; } } return true; } static bool should_drop_privileges() { // "adb root" not allowed, always drop privileges. if (!ALLOW_ADBD_ROOT && !is_device_unlocked()) return true; // The properties that affect `adb root` and `adb unroot` are ro.secure and // ro.debuggable. In this context the names don't make the expected behavior // particularly obvious. Loading Loading @@ -132,7 +116,7 @@ static void drop_privileges(int server_port) { // Don't listen on a port (default 5037) if running in secure mode. // Don't run as root if running in secure mode. if (should_drop_privileges()) { const bool should_drop_caps = should_drop_capabilities_bounding_set(); const bool should_drop_caps = !__android_log_is_debuggable(); if (should_drop_caps) { minijail_use_caps(jail.get(), CAP_TO_MASK(CAP_SETUID) | CAP_TO_MASK(CAP_SETGID)); Loading Loading @@ -218,15 +202,10 @@ int adbd_main(int server_port) { // descriptor will always be open. adbd_cloexec_auth_socket(); #if defined(__ANDROID_RECOVERY__) if (is_device_unlocked() || __android_log_is_debuggable()) { auth_required = false; } #elif defined(ALLOW_ADBD_NO_AUTH) // If ro.adb.secure is unset, default to no authentication required. auth_required = android::base::GetBoolProperty("ro.adb.secure", false); #elif defined(__ANDROID__) if (is_device_unlocked()) { // allows no authentication when the device is unlocked. #if defined(__ANDROID__) // If we're on userdebug/eng or the device is unlocked, permit no-authentication. bool device_unlocked = "orange" == android::base::GetProperty("ro.boot.verifiedbootstate", ""); if (__android_log_is_debuggable() || device_unlocked) { auth_required = android::base::GetBoolProperty("ro.adb.secure", false); } #endif Loading Loading
adb/Android.bp +0 −11 Original line number Diff line number Diff line Loading @@ -25,7 +25,6 @@ cc_defaults { "-Wthread-safety", "-Wvla", "-DADB_HOST=1", // overridden by adbd_defaults "-DALLOW_ADBD_ROOT=0", // overridden by adbd_defaults "-DANDROID_BASE_UNIQUE_FD_DISABLE_IMPLICIT_CONVERSION=1", ], cpp_std: "experimental", Loading Loading @@ -81,16 +80,6 @@ cc_defaults { defaults: ["adb_defaults"], cflags: ["-UADB_HOST", "-DADB_HOST=0"], product_variables: { debuggable: { cflags: [ "-UALLOW_ADBD_ROOT", "-DALLOW_ADBD_ROOT=1", "-DALLOW_ADBD_DISABLE_VERITY", "-DALLOW_ADBD_NO_AUTH", ], }, }, } cc_defaults { Loading
adb/daemon/main.cpp +5 −26 Original line number Diff line number Diff line Loading @@ -62,23 +62,7 @@ #if defined(__ANDROID__) static const char* root_seclabel = nullptr; static inline bool is_device_unlocked() { return "orange" == android::base::GetProperty("ro.boot.verifiedbootstate", ""); } static bool should_drop_capabilities_bounding_set() { if (ALLOW_ADBD_ROOT || is_device_unlocked()) { if (__android_log_is_debuggable()) { return false; } } return true; } static bool should_drop_privileges() { // "adb root" not allowed, always drop privileges. if (!ALLOW_ADBD_ROOT && !is_device_unlocked()) return true; // The properties that affect `adb root` and `adb unroot` are ro.secure and // ro.debuggable. In this context the names don't make the expected behavior // particularly obvious. Loading Loading @@ -132,7 +116,7 @@ static void drop_privileges(int server_port) { // Don't listen on a port (default 5037) if running in secure mode. // Don't run as root if running in secure mode. if (should_drop_privileges()) { const bool should_drop_caps = should_drop_capabilities_bounding_set(); const bool should_drop_caps = !__android_log_is_debuggable(); if (should_drop_caps) { minijail_use_caps(jail.get(), CAP_TO_MASK(CAP_SETUID) | CAP_TO_MASK(CAP_SETGID)); Loading Loading @@ -218,15 +202,10 @@ int adbd_main(int server_port) { // descriptor will always be open. adbd_cloexec_auth_socket(); #if defined(__ANDROID_RECOVERY__) if (is_device_unlocked() || __android_log_is_debuggable()) { auth_required = false; } #elif defined(ALLOW_ADBD_NO_AUTH) // If ro.adb.secure is unset, default to no authentication required. auth_required = android::base::GetBoolProperty("ro.adb.secure", false); #elif defined(__ANDROID__) if (is_device_unlocked()) { // allows no authentication when the device is unlocked. #if defined(__ANDROID__) // If we're on userdebug/eng or the device is unlocked, permit no-authentication. bool device_unlocked = "orange" == android::base::GetProperty("ro.boot.verifiedbootstate", ""); if (__android_log_is_debuggable() || device_unlocked) { auth_required = android::base::GetBoolProperty("ro.adb.secure", false); } #endif Loading
