Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit cc0d8647 authored by TreeHugger Robot's avatar TreeHugger Robot Committed by Automerger Merge Worker
Browse files

Merge "adbd: remove ifdefs guarding root/secure." into rvc-dev am: ab7a967d 

Original change: https://googleplex-android-review.googlesource.com/c/platform/system/core/+/11811383

Change-Id: Ie256a9516089c300adb9f159a9df4ad87501271e
parents 86841a80 ab7a967d

adb/Android.bp

+0 −11
Original line number Diff line number Diff line
@@ -25,7 +25,6 @@ cc_defaults { 
        "-Wthread-safety",

        "-Wvla",

        "-DADB_HOST=1",         // overridden by adbd_defaults

        "-DALLOW_ADBD_ROOT=0",  // overridden by adbd_defaults

        "-DANDROID_BASE_UNIQUE_FD_DISABLE_IMPLICIT_CONVERSION=1",

    ],

    cpp_std: "experimental",
@@ -81,16 +80,6 @@ cc_defaults { 
    defaults: ["adb_defaults"],



    cflags: ["-UADB_HOST", "-DADB_HOST=0"],

    product_variables: {

        debuggable: {

            cflags: [

                "-UALLOW_ADBD_ROOT",

                "-DALLOW_ADBD_ROOT=1",

                "-DALLOW_ADBD_DISABLE_VERITY",

                "-DALLOW_ADBD_NO_AUTH",

            ],

        },

    },

}



cc_defaults {

adb/daemon/main.cpp

+5 −26
Original line number Diff line number Diff line
@@ -62,23 +62,7 @@ 
#if defined(__ANDROID__)

static const char* root_seclabel = nullptr;



static inline bool is_device_unlocked() {

    return "orange" == android::base::GetProperty("ro.boot.verifiedbootstate", "");

}



static bool should_drop_capabilities_bounding_set() {

    if (ALLOW_ADBD_ROOT || is_device_unlocked()) {

        if (__android_log_is_debuggable()) {

            return false;

        }

    }

    return true;

}



static bool should_drop_privileges() {

    // "adb root" not allowed, always drop privileges.

    if (!ALLOW_ADBD_ROOT && !is_device_unlocked()) return true;



    // The properties that affect `adb root` and `adb unroot` are ro.secure and

    // ro.debuggable. In this context the names don't make the expected behavior

    // particularly obvious.
@@ -132,7 +116,7 @@ static void drop_privileges(int server_port) { 
    // Don't listen on a port (default 5037) if running in secure mode.

    // Don't run as root if running in secure mode.

    if (should_drop_privileges()) {

        const bool should_drop_caps = should_drop_capabilities_bounding_set();

        const bool should_drop_caps = !__android_log_is_debuggable();



        if (should_drop_caps) {

            minijail_use_caps(jail.get(), CAP_TO_MASK(CAP_SETUID) | CAP_TO_MASK(CAP_SETGID));
@@ -224,15 +208,10 @@ int adbd_main(int server_port) { 
    // descriptor will always be open.

    adbd_cloexec_auth_socket();



#if defined(__ANDROID_RECOVERY__)

    if (is_device_unlocked() || __android_log_is_debuggable()) {

        auth_required = false;

    }

#elif defined(ALLOW_ADBD_NO_AUTH)

    // If ro.adb.secure is unset, default to no authentication required.

    auth_required = android::base::GetBoolProperty("ro.adb.secure", false);

#elif defined(__ANDROID__)

    if (is_device_unlocked()) {  // allows no authentication when the device is unlocked.

#if defined(__ANDROID__)

    // If we're on userdebug/eng or the device is unlocked, permit no-authentication.

    bool device_unlocked = "orange" == android::base::GetProperty("ro.boot.verifiedbootstate", "");

    if (__android_log_is_debuggable() || device_unlocked) {

        auth_required = android::base::GetBoolProperty("ro.adb.secure", false);

    }

#endif