Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 9b30c0a7 authored by Bowgo Tsai's avatar Bowgo Tsai
Browse files

adbd: allowing adb root when the device is unlocked 

As there is no security guarantee when the device is unlocked,
allowing adb root gives us more rooms to debug a USER build images.

Also, this makes it possible to run VTS on a USER build GSI, with
setting ro.debuggable=1 and unlocking the device.

This basically re-lands a reverted change:
https://android-review.googlesource.com/c/platform/system/core/+/437815

Which isn't needed after we moved /sbin/adbd to /system/bin/adbd in
USERDEBUG GSI. But it's still needed for USER build GSI.

Bug: 126493225
Test: unlock a USER build device, check 'adb root' can work
Change-Id: I93f12c8a3fe65c96c947e4602795eadfe591c521
parent 9d3310c0

adb/Android.bp

+4 −2
Original line number Diff line number Diff line
@@ -25,6 +25,7 @@ cc_defaults { 
        "-Wthread-safety",

        "-Wvla",

        "-DADB_HOST=1",         // overridden by adbd_defaults

        "-DALLOW_ADBD_ROOT=0",  // overridden by adbd_defaults

    ],

    cpp_std: "experimental",
@@ -79,7 +80,8 @@ cc_defaults { 
    product_variables: {

        debuggable: {

            cflags: [

                "-DALLOW_ADBD_ROOT",

                "-UALLOW_ADBD_ROOT",

                "-DALLOW_ADBD_ROOT=1",

                "-DALLOW_ADBD_DISABLE_VERITY",

                "-DALLOW_ADBD_NO_AUTH",

            ],

adb/daemon/main.cpp

+15 −8
Original line number Diff line number Diff line
@@ -58,17 +58,23 @@ 
#if defined(__ANDROID__)

static const char* root_seclabel = nullptr;



static inline bool is_device_unlocked() {

    return "orange" == android::base::GetProperty("ro.boot.verifiedbootstate", "");

}



static bool should_drop_capabilities_bounding_set() {

#if defined(ALLOW_ADBD_ROOT)

    if (ALLOW_ADBD_ROOT || is_device_unlocked()) {

        if (__android_log_is_debuggable()) {

            return false;

        }

#endif

    }

    return true;

}



static bool should_drop_privileges() {

#if defined(ALLOW_ADBD_ROOT)

    // "adb root" not allowed, always drop privileges.

    if (!ALLOW_ADBD_ROOT && !is_device_unlocked()) return true;



    // The properties that affect `adb root` and `adb unroot` are ro.secure and

    // ro.debuggable. In this context the names don't make the expected behavior

    // particularly obvious.
@@ -98,9 +104,6 @@ static bool should_drop_privileges() { 
    }



    return drop;

#else

    return true; // "adb root" not allowed, always drop privileges.

#endif // ALLOW_ADBD_ROOT

}



static void drop_privileges(int server_port) {
@@ -205,6 +208,10 @@ int adbd_main(int server_port) { 
#if defined(ALLOW_ADBD_NO_AUTH)

    // If ro.adb.secure is unset, default to no authentication required.

    auth_required = android::base::GetBoolProperty("ro.adb.secure", false);

#elif defined(__ANDROID__)

    if (is_device_unlocked()) {  // allows no authentication when the device is unlocked.

        auth_required = android::base::GetBoolProperty("ro.adb.secure", false);

    }

#endif



    adbd_auth_init();