Merge "adbd: lessen security constraints when the device is unlocked"
am: e03665142e
Change-Id: Iae19ade154c0d584268a8b035ea0ed90ceb537b4
diff --git a/Android.mk b/Android.mk
index 1f6f194..ae03593 100644
--- a/Android.mk
+++ b/Android.mk
@@ -350,11 +350,11 @@
-D_GNU_SOURCE \
-Wno-deprecated-declarations \
+LOCAL_CFLAGS += -DALLOW_ADBD_ROOT=$(if $(filter userdebug eng,$(TARGET_BUILD_VARIANT)),1,0)
LOCAL_CFLAGS += -DALLOW_ADBD_NO_AUTH=$(if $(filter userdebug eng,$(TARGET_BUILD_VARIANT)),1,0)
ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT)))
LOCAL_CFLAGS += -DALLOW_ADBD_DISABLE_VERITY=1
-LOCAL_CFLAGS += -DALLOW_ADBD_ROOT=1
endif
LOCAL_MODULE := adbd
diff --git a/daemon/main.cpp b/daemon/main.cpp
index 1c94298..e0629ab 100644
--- a/daemon/main.cpp
+++ b/daemon/main.cpp
@@ -49,17 +49,23 @@
static const char* root_seclabel = nullptr;
+static inline bool is_device_unlocked() {
+ return "orange" == android::base::GetProperty("ro.boot.verifiedbootstate", "");
+}
+
static void drop_capabilities_bounding_set_if_needed(struct minijail *j) {
-#if defined(ALLOW_ADBD_ROOT)
- if (__android_log_is_debuggable()) {
- return;
+ if (ALLOW_ADBD_ROOT || is_device_unlocked()) {
+ if (__android_log_is_debuggable()) {
+ return;
+ }
}
-#endif
minijail_capbset_drop(j, CAP_TO_MASK(CAP_SETUID) | CAP_TO_MASK(CAP_SETGID));
}
static bool should_drop_privileges() {
-#if defined(ALLOW_ADBD_ROOT)
+ // "adb root" not allowed, always drop privileges.
+ if (!ALLOW_ADBD_ROOT && !is_device_unlocked()) return true;
+
// The properties that affect `adb root` and `adb unroot` are ro.secure and
// ro.debuggable. In this context the names don't make the expected behavior
// particularly obvious.
@@ -89,9 +95,6 @@
}
return drop;
-#else
- return true; // "adb root" not allowed, always drop privileges.
-#endif // ALLOW_ADBD_ROOT
}
static void drop_privileges(int server_port) {
@@ -158,7 +161,10 @@
// descriptor will always be open.
adbd_cloexec_auth_socket();
- if (ALLOW_ADBD_NO_AUTH && !android::base::GetBoolProperty("ro.adb.secure", false)) {
+ // Respect ro.adb.secure in userdebug/eng builds (ALLOW_ADBD_NO_AUTH), or when the
+ // device is unlocked.
+ if ((ALLOW_ADBD_NO_AUTH || is_device_unlocked()) &&
+ !android::base::GetBoolProperty("ro.adb.secure", false)) {
auth_required = false;
}