commit c7e28899c3917ad6e72d5dc99401bcd133cbd475
author Nick Kralevich <nnk@google.com> Fri Jan 24 18:09:26 2014 +0000
committer Android Git Automerger <android-git-automerger@android.com> Fri Jan 24 18:09:26 2014 +0000
tree dde1f4b9d520bee66f74d04d205e5aaf7706a0fe
parent b36cfdb718f30c667858f8bac04d012366dca94f
parent 16384312244b8dccd53478a7bdeeb9a492821807

am 16384312: am 0620e3dd: Merge "adbd: switch to su domain when running as root"

* commit '16384312244b8dccd53478a7bdeeb9a492821807':
  adbd: switch to su domain when running as root

adb/adb.c

diff --git a/adb/adb.c b/adb/adb.c
index 41270f9..665e958 100644
--- a/adb/adb.c
+++ b/adb/adb.c
@@ -39,6 +39,8 @@
 #include <sys/capability.h>
 #include <linux/prctl.h>
 #include <sys/mount.h>
+#include <getopt.h>
+#include <selinux/selinux.h>
 #else
 #include "usb_vendors.h"
 #endif
@@ -54,6 +56,7 @@
 
 #if !ADB_HOST
 static const char *adb_device_banner = "device";
+static const char *root_seclabel = NULL;
 #endif
 
 void fatal(const char *fmt, ...)
@@ -1356,6 +1359,12 @@
         D("Local port disabled\n");
     } else {
         char local_name[30];
+        if ((root_seclabel != NULL) && (is_selinux_enabled() > 0)) {
+            // b/12587913: fix setcon to allow const pointers
+            if (setcon((char *)root_seclabel) < 0) {
+                exit(1);
+            }
+        }
         build_local_name(local_name, sizeof(local_name), server_port);
         if(install_listener(local_name, "*smartsocket*", NULL, 0)) {
             exit(1);
@@ -1642,10 +1651,6 @@
     return -1;
 }
 
-#if !ADB_HOST
-int recovery_mode = 0;
-#endif
-
 int main(int argc, char **argv)
 {
 #if ADB_HOST
@@ -1657,9 +1662,26 @@
     /* If adbd runs inside the emulator this will enable adb tracing via
      * adb-debug qemud service in the emulator. */
     adb_qemu_trace_init();
-    if((argc > 1) && (!strcmp(argv[1],"recovery"))) {
-        adb_device_banner = "recovery";
-        recovery_mode = 1;
+    while(1) {
+        int c;
+        int option_index = 0;
+        static struct option opts[] = {
+            {"root_seclabel", required_argument, 0, 's' },
+            {"device_banner", required_argument, 0, 'b' }
+        };
+        c = getopt_long(argc, argv, "", opts, &option_index);
+        if (c == -1)
+            break;
+        switch (c) {
+        case 's':
+            root_seclabel = optarg;
+            break;
+        case 'b':
+            adb_device_banner = optarg;
+            break;
+        default:
+            break;
+        }
     }
 
     start_device_log();

rootdir/init.rc

diff --git a/rootdir/init.rc b/rootdir/init.rc
index 199ee89..1aafaa3 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -451,7 +451,7 @@
     start console
 
 # adbd is controlled via property triggers in init.<platform>.usb.rc
-service adbd /sbin/adbd
+service adbd /sbin/adbd --root_seclabel=u:r:su:s0
     class core
     socket adbd stream 660 system system
     disabled