Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 5cba5042 authored by Elliott Hughes's avatar Elliott Hughes
Browse files

Ignore ro.adb.secure in user builds. 

Require authorization by default, and remove the ability to override
that in user builds. (userdebug and eng are still free to do whatever
they want.)

Bug: http://b/21862859
Change-Id: Ibf8af375be5bf1141c1ad481eee7a59fb10a7adb
parent 53d504f0

adb/Android.mk

+2 −3
Original line number Diff line number Diff line
@@ -238,12 +238,11 @@ LOCAL_CFLAGS := \ 
    -D_GNU_SOURCE \

    -Wno-deprecated-declarations \



ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT)))

LOCAL_CFLAGS += -DALLOW_ADBD_ROOT=1

endif

LOCAL_CFLAGS += -DALLOW_ADBD_NO_AUTH=$(if $(filter userdebug eng,$(TARGET_BUILD_VARIANT)),1,0)



ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT)))

LOCAL_CFLAGS += -DALLOW_ADBD_DISABLE_VERITY=1

LOCAL_CFLAGS += -DALLOW_ADBD_ROOT=1

endif



LOCAL_MODULE := adbd

adb/adb.cpp

+2 −2
Original line number Diff line number Diff line
@@ -431,7 +431,7 @@ void handle_packet(apacket *p, atransport *t) 


        parse_banner(reinterpret_cast<const char*>(p->data), t);



        if (HOST || !auth_enabled) {

        if (HOST || !auth_required) {

            handle_online(t);

            if (!HOST) send_connect(t);

        } else {

adb/adb_auth.cpp

+1 −1
Original line number Diff line number Diff line
@@ -28,7 +28,7 @@ 
#include "adb.h"

#include "transport.h"



int auth_enabled = 0;

bool auth_required = true;



void send_auth_request(atransport *t)

{

adb/adb_auth.h

+1 −1
Original line number Diff line number Diff line
@@ -19,7 +19,7 @@ 


#include "adb.h"



extern int auth_enabled;

extern bool auth_required;



int adb_auth_keygen(const char* filename);

void adb_auth_verified(atransport *t);

adb/daemon/main.cpp

+4 −3
Original line number Diff line number Diff line
@@ -125,11 +125,12 @@ int adbd_main(int server_port) { 
    // descriptor will always be open.

    adbd_cloexec_auth_socket();



    auth_enabled = property_get_bool("ro.adb.secure", 0) != 0;

    if (auth_enabled) {

        adbd_auth_init();

    if (ALLOW_ADBD_NO_AUTH && property_get_bool("ro.adb.secure", 0) == 0) {

        auth_required = false;

    }



    adbd_auth_init();



    // Our external storage path may be different than apps, since

    // we aren't able to bind mount after dropping root.

    const char* adb_external_storage = getenv("ADB_EXTERNAL_STORAGE");