Merge "Device and mode definitions for remote submix" into jb-mr1-dev
diff --git a/adb/Android.mk b/adb/Android.mk
index 681c7c7..bc8315e 100644
--- a/adb/Android.mk
+++ b/adb/Android.mk
@@ -17,26 +17,24 @@
   USB_SRCS := usb_linux.c
   EXTRA_SRCS := get_my_path_linux.c
   LOCAL_LDLIBS += -lrt -lncurses -lpthread
-  LOCAL_SHARED_LIBRARIES := libcrypto
 endif
 
 ifeq ($(HOST_OS),darwin)
   USB_SRCS := usb_osx.c
   EXTRA_SRCS := get_my_path_darwin.c
-  LOCAL_LDLIBS += -lpthread -lcrypto -framework CoreFoundation -framework IOKit -framework Carbon
+  LOCAL_LDLIBS += -lpthread -framework CoreFoundation -framework IOKit -framework Carbon
 endif
 
 ifeq ($(HOST_OS),freebsd)
   USB_SRCS := usb_libusb.c
   EXTRA_SRCS := get_my_path_freebsd.c
   LOCAL_LDLIBS += -lpthread -lusb
-  LOCAL_SHARED_LIBRARIES := libcrypto
 endif
 
 ifeq ($(HOST_OS),windows)
   USB_SRCS := usb_windows.c
   EXTRA_SRCS := get_my_path_windows.c ../libcutils/list.c
-  EXTRA_STATIC_LIBS := AdbWinApi libcrypto_static
+  EXTRA_STATIC_LIBS := AdbWinApi
   ifneq ($(strip $(USE_CYGWIN)),)
     # Pure cygwin case
     LOCAL_LDLIBS += -lpthread -lgdi32
@@ -80,14 +78,14 @@
 LOCAL_CFLAGS += -D_XOPEN_SOURCE -D_GNU_SOURCE
 LOCAL_MODULE := adb
 
-LOCAL_STATIC_LIBRARIES := libzipfile libunz $(EXTRA_STATIC_LIBS)
+LOCAL_STATIC_LIBRARIES := libzipfile libunz libcrypto_static $(EXTRA_STATIC_LIBS)
 ifeq ($(USE_SYSDEPS_WIN32),)
 	LOCAL_STATIC_LIBRARIES += libcutils
 endif
 
 include $(BUILD_HOST_EXECUTABLE)
 
-$(call dist-for-goals,dist_files,$(LOCAL_BUILT_MODULE))
+$(call dist-for-goals,dist_files sdk,$(LOCAL_BUILT_MODULE))
 
 ifeq ($(HOST_OS),windows)
 $(LOCAL_INSTALLED_MODULE): \
diff --git a/adb/adb.c b/adb/adb.c
index e7d9485..07bfbe5 100644
--- a/adb/adb.c
+++ b/adb/adb.c
@@ -1122,6 +1122,16 @@
     if (auth_enabled)
         adb_auth_init();
 
+    // Our external storage path may be different than apps, since
+    // we aren't able to bind mount after dropping root.
+    const char* adb_external_storage = getenv("ADB_EXTERNAL_STORAGE");
+    if (NULL != adb_external_storage) {
+        setenv("EXTERNAL_STORAGE", adb_external_storage, 1);
+    } else {
+        D("Warning: ADB_EXTERNAL_STORAGE is not set.  Leaving EXTERNAL_STORAGE"
+          " unchanged.\n");
+    }
+
     /* don't listen on a port (default 5037) if running in secure mode */
     /* don't run as root if we are running in secure mode */
     if (should_drop_privileges()) {
diff --git a/adb/adb.h b/adb/adb.h
index 5e9a0fb..9da8af8 100644
--- a/adb/adb.h
+++ b/adb/adb.h
@@ -36,7 +36,7 @@
 #define ADB_VERSION_MAJOR 1         // Used for help/version information
 #define ADB_VERSION_MINOR 0         // Used for help/version information
 
-#define ADB_SERVER_VERSION    30    // Increment this when we want to force users to start a new adb server
+#define ADB_SERVER_VERSION    31    // Increment this when we want to force users to start a new adb server
 
 typedef struct amessage amessage;
 typedef struct apacket apacket;
diff --git a/adb/adb_auth_host.c b/adb/adb_auth_host.c
index 99dcfcb..9039d42 100644
--- a/adb/adb_auth_host.c
+++ b/adb/adb_auth_host.c
@@ -48,7 +48,7 @@
 #define TRACE_TAG TRACE_AUTH
 
 #define ANDROID_PATH   ".android"
-#define ADB_KEY_FILE   "adb_key"
+#define ADB_KEY_FILE   "adbkey"
 
 
 struct adb_private_key {
@@ -176,6 +176,7 @@
     EVP_PKEY* pkey = EVP_PKEY_new();
     BIGNUM* exponent = BN_new();
     RSA* rsa = RSA_new();
+    mode_t old_mask;
     FILE *f = NULL;
     int ret = 0;
 
@@ -190,12 +191,17 @@
     RSA_generate_key_ex(rsa, 2048, exponent, NULL);
     EVP_PKEY_set1_RSA(pkey, rsa);
 
+    old_mask = umask(077);
+
     f = fopen(file, "w");
     if (!f) {
         D("Failed to open '%s'\n", file);
+        umask(old_mask);
         goto out;
     }
 
+    umask(old_mask);
+
     if (!PEM_write_PrivateKey(f, pkey, NULL, NULL, 0, NULL, NULL)) {
         D("Failed to write key\n");
         goto out;
diff --git a/fastboot/Android.mk b/fastboot/Android.mk
index 905f759..92e9219 100644
--- a/fastboot/Android.mk
+++ b/fastboot/Android.mk
@@ -65,7 +65,7 @@
 include $(BUILD_HOST_EXECUTABLE)
 
 
-$(call dist-for-goals,dist_files,$(LOCAL_BUILT_MODULE))
+$(call dist-for-goals,dist_files sdk,$(LOCAL_BUILT_MODULE))
 
 
 ifeq ($(HOST_OS),linux)
diff --git a/rootdir/init.rc b/rootdir/init.rc
index fc678f0..3d57211 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -63,6 +63,8 @@
 
     # Directory for putting things only root should see.
     mkdir /mnt/secure 0700 root root
+    # Create private mountpoint so we can MS_MOVE from staging
+    mount tmpfs tmpfs /mnt/secure mode=0700,uid=0,gid=0
 
     # Directory for staging bindmounts
     mkdir /mnt/secure/staging 0700 root root
@@ -135,6 +137,7 @@
     mount rootfs rootfs / ro remount
     # mount shared so changes propagate into child namespaces
     mount rootfs rootfs / shared rec
+    mount tmpfs tmpfs /mnt/secure private rec
 
     # We chown/chmod /cache again so because mount is run as root + defaults
     chown system cache /cache