Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit dcd8dbb0 authored by LuK1337's avatar LuK1337 Committed by Michael Bestas
Browse files

Squashed import of adb root patches 

Author: Luca Stefani <luca.stefani.ge1@gmail.com>
Date:   Sat Nov 2 22:46:12 2019 +0100

    Add adb_root daemon

    Change-Id: I516f1b85e28f5d061c8c54282a7657d53162bccb

Author: Luca Stefani <luca.stefani.ge1@gmail.com>
Date:   Sat Nov 2 23:54:43 2019 +0100

    Add adb root hooks

    Change-Id: I6b42ae84ab22ed4e86b92c3c1276a44a14d61781

Author: Luca Stefani <luca.stefani.ge1@gmail.com>
Date:   Fri Nov 8 11:36:04 2019 +0100

    Make adb use a custom prop for adb root

    Change-Id: Ie2b8c5e9d75371da43305f003607869370bbd1a4

Author: dianlujitao <dianlujitao@lineageos.org>
Date:   Sun Nov 17 23:21:36 2019 +0800

    Create /data/adbroot on post-fs-data

     * The real /data partition is not available before this stage.

    Change-Id: I2cbcd788f35a2d51c823a71e2c944502812c1cfd

Author: dianlujitao <dianlujitao@lineageos.org>
Date:   Sat Nov 23 20:55:42 2019 +0800

    adbd: Initialize adbroot status to false

    Change-Id: I6d5dc84974dff1a219702fb628e08517848977eb

Author: dianlujitao <dianlujitao@lineageos.org>
Date:   Sat Nov 23 20:58:31 2019 +0800

    adbd: Make adbroot interface a static lib

    Change-Id: I40e46b8312ec77992fc1c11d2190b611bfd049cb

Author: dianlujitao <dianlujitao@lineageos.org>
Date:   Sun Nov 24 16:24:27 2019 +0800

    adb_root: Enforce caller UID

     * AID_SYSTEM - Settings app
     * AID_SHELL - adbd
     * Apply minor clean up while at it

    Change-Id: I15a5d18204a96cc2f8352a6cc7f6f901193aa5b9

Author: dianlujitao <dianlujitao@lineageos.org>
Date:   Sun Nov 24 16:39:11 2019 +0800

    adb_root: Add mutex to binder interface

     * Binder IPC is not implemented in a thread-safe manner, add mutex to
       avoid possible race.

    Change-Id: I37cdca33d519b0fc960960272790d1f55874e2e2

Author: dianlujitao <dianlujitao@lineageos.org>
Date:   Sun Nov 24 17:01:49 2019 +0800

    adb_root: Restart adbd when turning off root

     * The running adbd session remains rooted after turning off from UI.

    Change-Id: Iedd5282b4e3c11ef6c0959ae6867448521cb2c78

Author: Alessandro Astone <ales.astone@gmail.com>
Date:   Fri Mar 20 19:47:03 2020 +0100

    adb: go back to standard adb root prop

     * This reverts change Ie2b8c5e9d75371da43305f003607869370bbd1a4
       plus more changes

    Change-Id: Ia17239e3671d2c1a92664810ed53175110699473

[LuK1337]: Rework for Android 11.

Change-Id: Ie8db34705d36f3e9f2c53617ec59a26087cbcc87
parent ff248cde

adb/Android.bp

+67 −0
Original line number Original line Diff line number Diff line
@@ -476,18 +476,26 @@ cc_library { 
                "daemon/restart_service.cpp",

                "daemon/restart_service.cpp",

            ],

            ],

            shared_libs: [

            shared_libs: [

                "libbinder_ndk",

                "libmdnssd",

                "libmdnssd",

                "libselinux",

                "libselinux",

            ],

            ],

            static_libs: [

                "adbroot_aidl_interface-ndk_platform",

            ],

        },

        },

        recovery: {

        recovery: {

            exclude_srcs: [

            exclude_srcs: [

                "daemon/abb_service.cpp",

                "daemon/abb_service.cpp",

            ],

            ],

            exclude_shared_libs: [

            exclude_shared_libs: [

                "libbinder_ndk",

                "libadb_pairing_auth",

                "libadb_pairing_auth",

                "libadb_pairing_connection",

                "libadb_pairing_connection",

            ],

            ],

            exclude_static_libs: [

                "adbroot_aidl_interface-ndk_platform",

            ],

        },

        },

    },

    },
@@ -587,10 +595,25 @@ cc_binary { 
    ],

    ],





    target: {

    target: {

        android: {

            shared_libs: [

                "libbinder_ndk",

            ],



            static_libs: [

                "adbroot_aidl_interface-ndk_platform",

            ],

        },



        recovery: {

        recovery: {

            exclude_shared_libs: [

            exclude_shared_libs: [

                "libadb_pairing_auth",

                "libadb_pairing_auth",

                "libadb_pairing_connection",

                "libadb_pairing_connection",

                "libbinder_ndk",

            ],



            exclude_static_libs: [

                "adbroot_aidl_interface-ndk_platform",

            ],

            ],

        }

        }

    },

    },
@@ -617,6 +640,26 @@ phony { 
    ],

    ],

}

}





cc_binary {

    name: "adb_root",

    srcs: [

        "root/adbroot_service.cpp",

        "root/main.cpp",

    ],

    init_rc: [

        "root/adb_root.rc",

    ],

    shared_libs: [

        "libbase",

        "libbinder_ndk",

        "liblog",

        "libutils",

    ],

    static_libs: [

        "adbroot_aidl_interface-ndk_platform",

    ],

}



cc_binary {

cc_binary {

    name: "abb",

    name: "abb",
@@ -819,3 +862,27 @@ cc_test_host { 
        "fastdeploy/testdata/sample.cd",

        "fastdeploy/testdata/sample.cd",

    ],

    ],

}

}



aidl_interface {

    name: "adbroot_aidl_interface",

    unstable: true,

    local_include_dir: "aidl",

    srcs: [

        "aidl/android/adbroot/IADBRootService.aidl",

    ],

    backend: {

        ndk: {

            apex_available: [

                "//apex_available:platform",

                "com.android.adbd",

            ],

        },

    },

}



filegroup {

    name: "adbrootservice_aidl",

    srcs: [

        "aidl/android/adbroot/IADBRootService.aidl",

    ],

}

adb/aidl/android/adbroot/IADBRootService.aidl

0 → 100644
+22 −0
Original line number Original line Diff line number Diff line 
/*

 * Copyright (C) 2019 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

package android.adbroot;



/** {@hide} */

interface IADBRootService {

    void setEnabled(boolean enabled);

    boolean getEnabled();

}

adb/daemon/restart_service.cpp

+28 −0
Original line number Original line Diff line number Diff line
@@ -16,6 +16,11 @@ 




#define TRACE_TAG SERVICES

#define TRACE_TAG SERVICES





#if defined(__ANDROID__) && !defined(__ANDROID_RECOVERY__)

#include <aidl/android/adbroot/IADBRootService.h>

#include <android/binder_manager.h>

#endif



#include "sysdeps.h"

#include "sysdeps.h"





#include <unistd.h>

#include <unistd.h>
@@ -33,10 +38,33 @@ void restart_root_service(unique_fd fd) { 
        WriteFdExactly(fd.get(), "adbd is already running as root\n");

        WriteFdExactly(fd.get(), "adbd is already running as root\n");

        return;

        return;

    }

    }



#if defined(__ANDROID__) && !defined(__ANDROID_RECOVERY__)

    ndk::SpAIBinder binder = ndk::SpAIBinder(AServiceManager_getService("adbroot_service"));

    std::shared_ptr<aidl::android::adbroot::IADBRootService> service =

            aidl::android::adbroot::IADBRootService::fromBinder(binder);

    if (!service) {

        LOG(ERROR) << "Failed to get adbroot_service interface";

        return;

    }

#endif



#if defined(__ANDROID__) && !defined(__ANDROID_RECOVERY__)

    bool enabled = false;

    if (auto status = service->getEnabled(&enabled); !status.isOk()) {

#endif

    if (!__android_log_is_debuggable()) {

    if (!__android_log_is_debuggable()) {

        WriteFdExactly(fd.get(), "adbd cannot run as root in production builds\n");

        WriteFdExactly(fd.get(), "adbd cannot run as root in production builds\n");

        return;

        return;

    }

    }

#if defined(__ANDROID__) && !defined(__ANDROID_RECOVERY__)

    }

    if (!enabled) {

        WriteFdExactly(fd, "ADB Root access is disabled by system setting - "

                "enable in Settings -> System -> Developer options\n");

        return;

    }

#endif





    LOG(INFO) << "adbd restarting as root";

    LOG(INFO) << "adbd restarting as root";

    android::base::SetProperty("service.adb.root", "1");

    android::base::SetProperty("service.adb.root", "1");

adb/root/adb_root.rc

0 → 100644
+7 −0
Original line number Original line Diff line number Diff line 
service adb_root /system/bin/adb_root

    class main

    user root

    group root



on post-fs-data

    mkdir /data/adbroot 0700 root root

adb/root/adbroot_service.cpp

0 → 100644
+98 −0
Original line number Original line Diff line number Diff line 
/*

 * Copyright (C) 2019 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */



#include <android/binder_manager.h>

#include <android-base/file.h>

#include <android-base/logging.h>

#include <android-base/properties.h>

#include <android-base/strings.h>

#include <private/android_filesystem_config.h>



#include "adbroot_service.h"



namespace {

const std::string kStoragePath = "/data/adbroot/";

const std::string kEnabled = "enabled";



static ndk::ScopedAStatus SecurityException(const std::string& msg) {

    LOG(ERROR) << msg;

    return ndk::ScopedAStatus(AStatus_fromExceptionCodeWithMessage(EX_SECURITY, msg.c_str()));

}

}  // anonymous namespace



namespace aidl {

namespace android {

namespace adbroot {



using ::android::AutoMutex;

using ::android::base::ReadFileToString;

using ::android::base::SetProperty;

using ::android::base::Trim;

using ::android::base::WriteStringToFile;



ADBRootService::ADBRootService() : enabled_(false) {

    std::string buf;

    if (ReadFileToString(kStoragePath + kEnabled, &buf)) {

        enabled_ = std::stoi(Trim(buf));

    }

}



void ADBRootService::Register() {

    auto service = ndk::SharedRefBase::make<ADBRootService>();

    binder_status_t status = AServiceManager_addService(

            service->asBinder().get(), getServiceName());



    if (status != STATUS_OK) {

        LOG(FATAL) << "Could not register adbroot service: " << status;

    }

}



ndk::ScopedAStatus ADBRootService::setEnabled(bool enabled) {

    uid_t uid = AIBinder_getCallingUid();

    if (uid != AID_SYSTEM) {

        return SecurityException("Caller must be system");

    }



    AutoMutex _l(lock_);



    if (enabled_ != enabled) {

        enabled_ = enabled;

        WriteStringToFile(std::to_string(enabled), kStoragePath + kEnabled);



        // Turning off adb root, restart adbd.

        if (!enabled) {

            SetProperty("service.adb.root", "0");

            SetProperty("ctl.restart", "adbd");

        }

    }



    return ndk::ScopedAStatus::ok();

}



ndk::ScopedAStatus ADBRootService::getEnabled(bool* _aidl_return) {

    uid_t uid = AIBinder_getCallingUid();

    if (uid != AID_SYSTEM && uid != AID_SHELL) {

        return SecurityException("Caller must be system or shell");

    }



    AutoMutex _l(lock_);

    *_aidl_return = enabled_;

    return ndk::ScopedAStatus::ok();

}



}  // namespace adbroot

}  // namespace android

}  // namespace aidl