commit 1de0e5e7acd32e7d3ddbdcf43e47cf16c0ffb181
author Elliott Hughes <enh@google.com> Wed Jun 17 15:23:42 2015 -0700
committer Elliott Hughes <enh@google.com> Fri Jun 19 13:26:02 2015 -0700
tree 2980a377d028230c412251e516c88751ece12382
parent ab4df46b1161b6cee2d24c73ad03b4cab385c5e2

Ignore ro.adb.secure in user builds.

Require authorization by default, and remove the ability to override
that in user builds. (userdebug and eng are still free to do whatever
they want.)

Bug: http://b/21862859
Change-Id: Ibf8af375be5bf1141c1ad481eee7a59fb10a7adb
(cherry picked from commit 5cba504215ea91187cc36ec7aec5dce1b0f4b0fe)

adb/Android.mk

diff --git a/adb/Android.mk b/adb/Android.mk
index 1613a88..425bf9b 100644
--- a/adb/Android.mk
+++ b/adb/Android.mk
@@ -232,12 +232,11 @@
     -D_GNU_SOURCE \
     -Wno-deprecated-declarations \
 
-ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT)))
-LOCAL_CFLAGS += -DALLOW_ADBD_ROOT=1
-endif
+LOCAL_CFLAGS += -DALLOW_ADBD_NO_AUTH=$(if $(filter userdebug eng,$(TARGET_BUILD_VARIANT)),1,0)
 
 ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT)))
 LOCAL_CFLAGS += -DALLOW_ADBD_DISABLE_VERITY=1
+LOCAL_CFLAGS += -DALLOW_ADBD_ROOT=1
 endif
 
 LOCAL_MODULE := adbd

adb/adb.cpp

diff --git a/adb/adb.cpp b/adb/adb.cpp
index 8a7b9c9..f64b19f 100644
--- a/adb/adb.cpp
+++ b/adb/adb.cpp
@@ -421,9 +421,9 @@
 
         parse_banner(reinterpret_cast<const char*>(p->data), t);
 
-        if (HOST || !auth_enabled) {
+        if (HOST || !auth_required) {
             handle_online(t);
-            if(!HOST) send_connect(t);
+            if (!HOST) send_connect(t);
         } else {
             send_auth_request(t);
         }

adb/adb_auth.cpp

diff --git a/adb/adb_auth.cpp b/adb/adb_auth.cpp
index dc01825..cff26d6 100644
--- a/adb/adb_auth.cpp
+++ b/adb/adb_auth.cpp
@@ -28,7 +28,7 @@
 #include "adb.h"
 #include "transport.h"
 
-int auth_enabled = 0;
+bool auth_required = true;
 
 void send_auth_request(atransport *t)
 {

adb/adb_auth.h

diff --git a/adb/adb_auth.h b/adb/adb_auth.h
index 1e1978d..a13604a 100644
--- a/adb/adb_auth.h
+++ b/adb/adb_auth.h
@@ -19,7 +19,7 @@
 
 #include "adb.h"
 
-extern int auth_enabled;
+extern bool auth_required;
 
 int adb_auth_keygen(const char* filename);
 void adb_auth_verified(atransport *t);

adb/adb_main.cpp

diff --git a/adb/adb_main.cpp b/adb/adb_main.cpp
index 3f88d13..45a2158 100644
--- a/adb/adb_main.cpp
+++ b/adb/adb_main.cpp
@@ -239,10 +239,11 @@
     // descriptor will always be open.
     adbd_cloexec_auth_socket();
 
-    property_get("ro.adb.secure", value, "0");
-    auth_enabled = !strcmp(value, "1");
-    if (auth_enabled)
-        adbd_auth_init();
+    if (ALLOW_ADBD_NO_AUTH && property_get_bool("ro.adb.secure", 0) == 0) {
+        auth_required = false;
+    }
+
+    adbd_auth_init();
 
     // Our external storage path may be different than apps, since
     // we aren't able to bind mount after dropping root.