Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b1260205 authored by Luca Stefani's avatar Luca Stefani Committed by Michael Bestas
Browse files

Add adb_root daemon and hooks 

Author: Luca Stefani <luca.stefani.ge1@gmail.com>
Date:   Sat Nov 2 22:46:12 2019 +0100

    Add adb_root daemon

    Change-Id: I516f1b85e28f5d061c8c54282a7657d53162bccb

Author: Luca Stefani <luca.stefani.ge1@gmail.com>
Date:   Sat Nov 2 23:54:43 2019 +0100

    Add adb root hooks

    Change-Id: I6b42ae84ab22ed4e86b92c3c1276a44a14d61781

Author: dianlujitao <dianlujitao@lineageos.org>
Date:   Sun Nov 17 23:21:36 2019 +0800

    Create /data/adbroot on post-fs-data

     * The real /data partition is not available before this stage.

    Change-Id: I2cbcd788f35a2d51c823a71e2c944502812c1cfd

Author: dianlujitao <dianlujitao@lineageos.org>
Date:   Sat Nov 23 20:55:42 2019 +0800

    adbd: Initialize adbroot status to false

    Change-Id: I6d5dc84974dff1a219702fb628e08517848977eb

Author: dianlujitao <dianlujitao@lineageos.org>
Date:   Sat Nov 23 20:58:31 2019 +0800

    adbd: Make adbroot interface a static lib

    Change-Id: I40e46b8312ec77992fc1c11d2190b611bfd049cb

Author: dianlujitao <dianlujitao@lineageos.org>
Date:   Sun Nov 24 16:24:27 2019 +0800

    adb_root: Enforce caller UID

     * AID_SYSTEM - Settings app
     * AID_SHELL - adbd
     * Apply minor clean up while at it

    Change-Id: I15a5d18204a96cc2f8352a6cc7f6f901193aa5b9

Author: dianlujitao <dianlujitao@lineageos.org>
Date:   Sun Nov 24 16:39:11 2019 +0800

    adb_root: Add mutex to binder interface

     * Binder IPC is not implemented in a thread-safe manner, add mutex to
       avoid possible race.

    Change-Id: I37cdca33d519b0fc960960272790d1f55874e2e2

Author: dianlujitao <dianlujitao@lineageos.org>
Date:   Sun Nov 24 17:01:49 2019 +0800

    adb_root: Restart adbd when turning off root

     * The running adbd session remains rooted after turning off from UI.

    Change-Id: Iedd5282b4e3c11ef6c0959ae6867448521cb2c78

Author: PIPIPIG233666 <pig.priv@gmail.com>
Date:   Sat Dec 21 11:23:43 2019 -0500

    adb_root: Run adb_root with system group

    * Avoid the need to rely on dac_override

    Change-Id: I4ba218f7c613c34aa6739f186102460b6f11b873

Change-Id: Ib4089593c2c3e384087f1abf1951e3c066764362
parent 559545a0

adb/Android.bp

+53 −0
Original line number Diff line number Diff line
@@ -423,22 +423,35 @@ cc_library { 
                "daemon/restart_service.cpp",

                "daemon/set_verity_enable_state_service.cpp",

            ],

            cflags: [

                "-Wno-exit-time-destructors",

            ],

            static_libs: [

                "adbroot_aidl_interface-cpp",

                "libavb_user",

            ],

            shared_libs: [

                "libbinder",

                "libbootloader_message",

                "libmdnssd",

                "libext4_utils",

                "libfec",

                "libfs_mgr",

                "libselinux",

                "libutils",

            ],

        },

        recovery: {

            exclude_srcs: [

                "daemon/abb_service.cpp",

            ],

            exclude_static_libs: [

                "adbroot_aidl_interface-cpp",

            ],

            exclude_shared_libs: [

                "libbinder",

                "libutils",

            ],

        },

    },

}
@@ -505,6 +518,26 @@ cc_binary { 
    ],

}



cc_binary {

    name: "adb_root",

    srcs: [

        "root/adbroot_service.cpp",

        "root/main.cpp",

    ],

    init_rc: [

        "root/adb_root.rc",

    ],

    static_libs: [

        "adbroot_aidl_interface-cpp",

    ],

    shared_libs: [

        "libbase",

        "libbinder",

        "liblog",

        "libutils",

    ]

}



cc_binary {

    name: "abb",
@@ -604,3 +637,23 @@ python_test_host { 
        },

    },

}



aidl_interface {

    name: "adbroot_aidl_interface",

    srcs: [

        "aidl/android/adbroot/IADBRootService.aidl",

    ],

    local_include_dir: "aidl",

    backend: {

        ndk: {

            enabled: false,

        },

    },

}



filegroup {

    name: "adbrootservice_aidl",

    srcs: [

        "aidl/android/adbroot/IADBRootService.aidl",

    ],

}

adb/aidl/android/adbroot/IADBRootService.aidl

0 → 100644
+22 −0
Original line number Diff line number Diff line 
/*

 * Copyright (C) 2019 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

package android.adbroot;



/** {@hide} */

interface IADBRootService {

    void setEnabled(boolean enabled);

    boolean getEnabled();

}

adb/daemon/restart_service.cpp

+35 −0
Original line number Diff line number Diff line
@@ -25,6 +25,12 @@ 
#include <android-base/stringprintf.h>

#include <log/log_properties.h>



#if defined(__ANDROID__) && !defined(__ANDROID_RECOVERY__)

#include <android/adbroot/IADBRootService.h>

#include <binder/IServiceManager.h>

#include <utils/String16.h>

#endif



#include "adb_io.h"

#include "adb_unique_fd.h"
@@ -33,10 +39,39 @@ void restart_root_service(unique_fd fd) { 
        WriteFdExactly(fd.get(), "adbd is already running as root\n");

        return;

    }



#if defined(__ANDROID__) && !defined(__ANDROID_RECOVERY__)

    android::sp<android::IBinder> binder =

            android::defaultServiceManager()->getService(android::String16("adbroot_service"));

    if (!binder) {

        LOG(ERROR) << "Failed to get service: adbroot_service";

        return;

    }



    android::sp<android::adbroot::IADBRootService> service =

            android::adbroot::IADBRootService::asInterface(binder);

    if (!service) {

        LOG(ERROR) << "Failed to get adbroot_service interface";

        return;

    }

#endif



#if defined(__ANDROID__) && !defined(__ANDROID_RECOVERY__)

    bool enabled = false;

    if (auto status = service->getEnabled(&enabled); !status.isOk()) {

#endif

    if (!__android_log_is_debuggable()) {

        WriteFdExactly(fd.get(), "adbd cannot run as root in production builds\n");

        return;

    }

#if defined(__ANDROID__) && !defined(__ANDROID_RECOVERY__)

    }

    if (!enabled) {

        WriteFdExactly(fd, "ADB Root access is disabled by system setting - "

                "enable in Settings -> System -> Developer options\n");

        return;

    }

#endif



    LOG(INFO) << "adbd restarting as root";

    android::base::SetProperty("service.adb.root", "1");

adb/root/adb_root.rc

0 → 100644
+7 −0
Original line number Diff line number Diff line 
service adb_root /system/bin/adb_root

    class main

    user root

    group root system



on post-fs-data

    mkdir /data/adbroot 0700 root root

adb/root/adbroot_service.cpp

0 → 100644
+91 −0
Original line number Diff line number Diff line 
/*

 * Copyright (C) 2019 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */



#include <android-base/file.h>

#include <android-base/logging.h>

#include <android-base/properties.h>

#include <android-base/strings.h>

#include <private/android_filesystem_config.h>



#include "adbroot_service.h"



namespace {

const std::string kStoragePath = "/data/adbroot/";

const std::string kEnabled = "enabled";



static android::binder::Status SecurityException(const std::string& msg) {

    LOG(ERROR) << msg;

    return android::binder::Status::fromExceptionCode(android::binder::Status::EX_SECURITY,

            android::String8(msg.c_str()));

}

}  // anonymous namespace



namespace android {

namespace adbroot {



using base::ReadFileToString;

using base::Trim;

using base::WriteStringToFile;



ADBRootService::ADBRootService() : enabled_(false) {

    std::string buf;

    if (ReadFileToString(kStoragePath + kEnabled, &buf)) {

        enabled_ = std::stoi(Trim(buf));

    }

}



void ADBRootService::Register() {

    auto ret = BinderService<ADBRootService>::publish();

    if (ret != OK) {

        LOG(FATAL) << "Could not register adbroot service: " << ret;

    }

}



binder::Status ADBRootService::setEnabled(bool enabled) {

    uid_t uid = IPCThreadState::self()->getCallingUid();

    if (uid != AID_SYSTEM) {

        return SecurityException("Caller must be system");

    }



    AutoMutex _l(lock_);



    if (enabled_ != enabled) {

        enabled_ = enabled;

        WriteStringToFile(std::to_string(enabled), kStoragePath + kEnabled);



        // Turning off adb root, restart adbd.

        if (!enabled) {

            base::SetProperty("lineage.service.adb.root", "0");

            base::SetProperty("ctl.restart", "adbd");

        }

    }



    return binder::Status::ok();

}



binder::Status ADBRootService::getEnabled(bool* _aidl_return) {

    uid_t uid = IPCThreadState::self()->getCallingUid();

    if (uid != AID_SYSTEM && uid != AID_SHELL) {

        return SecurityException("Caller must be system or shell");

    }



    AutoMutex _l(lock_);

    *_aidl_return = enabled_;

    return binder::Status::ok();

}



}  // namespace adbroot

}  // namespace android