Gitiles
Code Review Sign In
review.blissroms.org / platform_system_core_old / e6f61a676892a198930c1831b0c88b033f4921dd^! / .
commite6f61a676892a198930c1831b0c88b033f4921dd[log] [tgz]
authorBowgo Tsai <bowgotsai@google.com>Tue Mar 12 04:25:33 2019 +0800
committerBowgo Tsai <bowgotsai@google.com>Fri Mar 15 03:04:46 2019 +0800
tree9b1f6ac0aa21de24890ba84026048e5ba4084f8e
parent1b18fdbee586fee2d76169d65e4ec3fe8b453671 [diff]
adbd: allowing adb root when the device is unlocked

As there is no security guarantee when the device is unlocked,
allowing adb root gives us more rooms to debug a USER build images.

Also, this makes it possible to run VTS on a USER build GSI, with
setting ro.debuggable=1 and unlocking the device.

This basically re-lands a reverted change:
https://android-review.googlesource.com/c/platform/system/core/+/437815

Which isn't needed after we moved /sbin/adbd to /system/bin/adbd in
USERDEBUG GSI. But it's still needed for USER build GSI.

Bug: 126493225
Test: unlock a USER build device, check 'adb root' can work
Change-Id: I93f12c8a3fe65c96c947e4602795eadfe591c521

diff --git a/adb/Android.bp b/adb/Android.bp
index 1e085a7..01e00dd 100644
--- a/adb/Android.bp
+++ b/adb/Android.bp

@@ -24,7 +24,8 @@
         "-Wno-missing-field-initializers",
         "-Wthread-safety",
         "-Wvla",
-        "-DADB_HOST=1", // overridden by adbd_defaults
+        "-DADB_HOST=1",         // overridden by adbd_defaults
+        "-DALLOW_ADBD_ROOT=0",  // overridden by adbd_defaults
     ],
     cpp_std: "experimental",
 
@@ -79,7 +80,8 @@
     product_variables: {
         debuggable: {
             cflags: [
-                "-DALLOW_ADBD_ROOT",
+                "-UALLOW_ADBD_ROOT",
+                "-DALLOW_ADBD_ROOT=1",
                 "-DALLOW_ADBD_DISABLE_VERITY",
                 "-DALLOW_ADBD_NO_AUTH",
             ],

diff --git a/adb/daemon/main.cpp b/adb/daemon/main.cpp
index fce3a4f..e5a4917 100644
--- a/adb/daemon/main.cpp
+++ b/adb/daemon/main.cpp

@@ -58,17 +58,23 @@
 #if defined(__ANDROID__)
 static const char* root_seclabel = nullptr;
 
+static inline bool is_device_unlocked() {
+    return "orange" == android::base::GetProperty("ro.boot.verifiedbootstate", "");
+}
+
 static bool should_drop_capabilities_bounding_set() {
-#if defined(ALLOW_ADBD_ROOT)
-    if (__android_log_is_debuggable()) {
-        return false;
+    if (ALLOW_ADBD_ROOT || is_device_unlocked()) {
+        if (__android_log_is_debuggable()) {
+            return false;
+        }
     }
-#endif
     return true;
 }
 
 static bool should_drop_privileges() {
-#if defined(ALLOW_ADBD_ROOT)
+    // "adb root" not allowed, always drop privileges.
+    if (!ALLOW_ADBD_ROOT && !is_device_unlocked()) return true;
+
     // The properties that affect `adb root` and `adb unroot` are ro.secure and
     // ro.debuggable. In this context the names don't make the expected behavior
     // particularly obvious.
@@ -98,9 +104,6 @@
     }
 
     return drop;
-#else
-    return true; // "adb root" not allowed, always drop privileges.
-#endif // ALLOW_ADBD_ROOT
 }
 
 static void drop_privileges(int server_port) {
@@ -205,6 +208,10 @@
 #if defined(ALLOW_ADBD_NO_AUTH)
     // If ro.adb.secure is unset, default to no authentication required.
     auth_required = android::base::GetBoolProperty("ro.adb.secure", false);
+#elif defined(__ANDROID__)
+    if (is_device_unlocked()) {  // allows no authentication when the device is unlocked.
+        auth_required = android::base::GetBoolProperty("ro.adb.secure", false);
+    }
 #endif
 
     adbd_auth_init();