diff options
author | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2024-04-23 23:18:23 +0000 |
---|---|---|
committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2024-04-23 23:18:23 +0000 |
commit | 9f65ddd4608b486e72040325ad91a3380fde64cd (patch) | |
tree | b8a00cc1972485de15ad2bd27d40600956f80aef | |
parent | d639e63f745f062fddd2e7b4af13615936f06843 (diff) | |
parent | e10984486b53439fd76c693da8257f889782069f (diff) | |
download | adb-sdk-release.tar.gz |
Snap for 11754915 from e10984486b53439fd76c693da8257f889782069f to sdk-releasesdk-release
Change-Id: I5dbba1f42d31d4462ac09d8ecf21383a993554c5
-rw-r--r-- | Android.bp | 54 | ||||
-rw-r--r-- | crypto/tests/Android.bp | 6 | ||||
-rw-r--r-- | daemon/main.cpp | 16 | ||||
-rw-r--r-- | fastdeploy/Android.bp | 3 | ||||
-rw-r--r-- | pairing_auth/tests/Android.bp | 6 | ||||
-rw-r--r-- | pairing_connection/tests/Android.bp | 6 | ||||
-rw-r--r-- | sysdeps.h | 5 | ||||
-rw-r--r-- | tls/tests/Android.bp | 6 |
8 files changed, 78 insertions, 24 deletions
@@ -13,6 +13,7 @@ // limitations under the License. package { + default_team: "trendy_team_native_tools_libraries", default_applicable_licenses: ["packages_modules_adb_license"], } @@ -48,7 +49,7 @@ cc_defaults { "-Wno-missing-field-initializers", "-Wthread-safety", "-Wvla", - "-DADB_HOST=1", // overridden by adbd_defaults + "-DADB_HOST=1", // overridden by adbd_defaults "-DANDROID_BASE_UNIQUE_FD_DISABLE_IMPLICIT_CONVERSION=1", ], cpp_std: "experimental", @@ -113,7 +114,10 @@ cc_defaults { name: "adbd_defaults", defaults: ["adb_defaults"], - cflags: ["-UADB_HOST", "-DADB_HOST=0"], + cflags: [ + "-UADB_HOST", + "-DADB_HOST=0", + ], } cc_defaults { @@ -171,7 +175,7 @@ library_linking_strategy_cc_defaults { "libselinux", ], - soong_config_variables:{ + soong_config_variables: { library_linking_strategy: { prefer_static: { static_libs: [ @@ -402,7 +406,7 @@ cc_test_host { test_options: { // TODO(b/247985207) remove "no-remote" tag when b/247985207 is fixed. tags: ["no-remote"], - } + }, } cc_binary_host { @@ -430,7 +434,7 @@ cc_binary_host { generated_headers: [ "bin2c_fastdeployagent", - "bin2c_fastdeployagentscript" + "bin2c_fastdeployagentscript", ], static_libs: [ @@ -502,7 +506,10 @@ cc_binary_host { // libadbd_core contains the common sources to build libadbd and libadbd_services. cc_library_static { name: "libadbd_core", - defaults: ["adbd_defaults", "host_adbd_supported"], + defaults: [ + "adbd_defaults", + "host_adbd_supported", + ], recovery_available: true, // libminadbd wants both, as it's used to build native tests. @@ -551,7 +558,7 @@ cc_library_static { "daemon/usb.cpp", "daemon/usb_ffs.cpp", "daemon/watchdog.cpp", - ] + ], }, recovery: { exclude_shared_libs: [ @@ -559,7 +566,7 @@ cc_library_static { "libadb_pairing_connection", "libapp_processes_protos_lite", ], - } + }, }, min_sdk_version: "30", @@ -575,7 +582,10 @@ cc_library_static { cc_library { name: "libadbd_services", - defaults: ["adbd_defaults", "host_adbd_supported"], + defaults: [ + "adbd_defaults", + "host_adbd_supported", + ], recovery_available: true, compile_multilib: "both", @@ -659,7 +669,10 @@ cc_library { cc_library { name: "libadbd", - defaults: ["adbd_defaults", "host_adbd_supported"], + defaults: [ + "adbd_defaults", + "host_adbd_supported", + ], recovery_available: true, min_sdk_version: "30", apex_available: ["com.android.adbd"], @@ -706,10 +719,9 @@ cc_library { "libadb_pairing_auth", "libadb_pairing_connection", ], - } + }, }, - visibility: [ "//bootable/recovery/minadbd", "//packages/modules/adb", @@ -718,7 +730,11 @@ cc_library { cc_binary { name: "adbd", - defaults: ["adbd_defaults", "host_adbd_supported", "libadbd_binary_dependencies"], + defaults: [ + "adbd_defaults", + "host_adbd_supported", + "libadbd_binary_dependencies", + ], recovery_available: true, min_sdk_version: "30", apex_available: ["com.android.adbd"], @@ -757,7 +773,7 @@ cc_binary { "libadb_pairing_auth", "libadb_pairing_connection", ], - } + }, }, } @@ -833,7 +849,10 @@ ADBD_TEST_LIBS = [ cc_test { name: "adbd_test", - defaults: ["adbd_defaults", "libadbd_binary_dependencies"], + defaults: [ + "adbd_defaults", + "libadbd_binary_dependencies", + ], recovery_available: false, srcs: libadb_test_srcs + [ @@ -871,7 +890,10 @@ cc_test { // adbd_test uses the static version of these libraries above, so exclude them here. exclude_shared_libs: ADBD_TEST_LIBS, - test_suites: ["general-tests", "mts-adbd"], + test_suites: [ + "general-tests", + "mts-adbd", + ], require_root: true, } diff --git a/crypto/tests/Android.bp b/crypto/tests/Android.bp index d45b05d2..41e805eb 100644 --- a/crypto/tests/Android.bp +++ b/crypto/tests/Android.bp @@ -15,6 +15,7 @@ // package { + default_team: "trendy_team_native_tools_libraries", // See: http://go/android-license-faq // A large-scale-change added 'default_applicable_licenses' to import // all of the 'license_kinds' from "packages_modules_adb_license" @@ -47,5 +48,8 @@ cc_test { "libadb_sysdeps", ], - test_suites: ["general-tests", "mts-adbd"], + test_suites: [ + "general-tests", + "mts-adbd", + ], } diff --git a/daemon/main.cpp b/daemon/main.cpp index 497a5c19..77e535af 100644 --- a/daemon/main.cpp +++ b/daemon/main.cpp @@ -121,7 +121,19 @@ static void drop_privileges(int server_port) { const bool should_drop_caps = !__android_log_is_debuggable(); if (should_drop_caps) { - minijail_use_caps(jail.get(), CAP_TO_MASK(CAP_SETUID) | CAP_TO_MASK(CAP_SETGID)); + // CAP_SETUI and CAP_SETGID are required for change_uid and change_gid calls below. + // CAP_SYS_NICE needs to be in the bounding set of adbd for sh spawned from `adb shell` + // to also have it in the bounding set. This in turn is required to be able to launch + // VMs from shell (e.g. adb shell /apex/com.android.virt/bin/vm run-microdroid). + // Full fork+execve chain looks like this: + // adbd (CapBnd: CAP_SYS_NICE) -> /system/bin/sh (CapBnd: CAP_SYS_NICE) -> + // /apex/com.android.virt/bin/vm (CapBnd: CAP_SYS_NICE) -> + // virtmngr (CapBnd: CAP_SYS_NICE) -> crosvm (CapEff: CAP_SYS_NICE). + // Note: the adbd will drop it's effective capabilities several lines below, while the + // /system/bin/sh process spawned from adbd will run as non-root uid, hence won't be + // able to use the CAP_SYS_NICE capability in the first place. + minijail_use_caps(jail.get(), CAP_TO_MASK(CAP_SETUID) | CAP_TO_MASK(CAP_SETGID) | + CAP_TO_MASK(CAP_SYS_NICE)); } minijail_change_gid(jail.get(), AID_SHELL); @@ -140,7 +152,7 @@ static void drop_privileges(int server_port) { PLOG(FATAL) << "cap_clear_flag(INHERITABLE) failed"; } if (cap_clear_flag(caps.get(), CAP_EFFECTIVE) == -1) { - PLOG(FATAL) << "cap_clear_flag(PEMITTED) failed"; + PLOG(FATAL) << "cap_clear_flag(EFFECTIVE) failed"; } if (cap_clear_flag(caps.get(), CAP_PERMITTED) == -1) { PLOG(FATAL) << "cap_clear_flag(PEMITTED) failed"; diff --git a/fastdeploy/Android.bp b/fastdeploy/Android.bp index 84e62c62..309c6d1a 100644 --- a/fastdeploy/Android.bp +++ b/fastdeploy/Android.bp @@ -14,6 +14,7 @@ // limitations under the License. // package { + default_team: "trendy_team_framework_android_packages", // See: http://go/android-license-faq // A large-scale-change added 'default_applicable_licenses' to import // all of the 'license_kinds' from "packages_modules_adb_license" @@ -43,7 +44,7 @@ java_binary { ], dex_preopt: { enabled: false, - } + }, } android_test { diff --git a/pairing_auth/tests/Android.bp b/pairing_auth/tests/Android.bp index 9105aa5a..ed515942 100644 --- a/pairing_auth/tests/Android.bp +++ b/pairing_auth/tests/Android.bp @@ -15,6 +15,7 @@ // package { + default_team: "trendy_team_native_tools_libraries", // See: http://go/android-license-faq // A large-scale-change added 'default_applicable_licenses' to import // all of the 'license_kinds' from "packages_modules_adb_license" @@ -43,5 +44,8 @@ cc_test { "libadb_pairing_auth_static", ], - test_suites: ["general-tests", "mts-adbd"], + test_suites: [ + "general-tests", + "mts-adbd", + ], } diff --git a/pairing_connection/tests/Android.bp b/pairing_connection/tests/Android.bp index 4199cabc..2d8c1e74 100644 --- a/pairing_connection/tests/Android.bp +++ b/pairing_connection/tests/Android.bp @@ -15,6 +15,7 @@ // package { + default_team: "trendy_team_android_developer_tools", // See: http://go/android-license-faq // A large-scale-change added 'default_applicable_licenses' to import // all of the 'license_kinds' from "packages_modules_adb_license" @@ -44,5 +45,8 @@ cc_test { "libadb_pairing_server", ], - test_suites: ["general-tests", "mts-adbd"], + test_suites: [ + "general-tests", + "mts-adbd", + ], } @@ -31,12 +31,15 @@ #include <string_view> #include <vector> -// Include this before open/close/unlink are defined as macros below. +// Include this before open/close/isatty/unlink are defined as macros below. #include <android-base/errors.h> #include <android-base/macros.h> #include <android-base/off64_t.h> #include <android-base/unique_fd.h> #include <android-base/utf8.h> +#if __has_include(<print>) +#include <print> +#endif #include "adb_unique_fd.h" #include "sysdeps/errno.h" diff --git a/tls/tests/Android.bp b/tls/tests/Android.bp index cbb3a6a4..5041d6f7 100644 --- a/tls/tests/Android.bp +++ b/tls/tests/Android.bp @@ -15,6 +15,7 @@ // package { + default_team: "trendy_team_native_tools_libraries", // See: http://go/android-license-faq // A large-scale-change added 'default_applicable_licenses' to import // all of the 'license_kinds' from "packages_modules_adb_license" @@ -47,5 +48,8 @@ cc_test { "libadb_tls_connection_static", ], - test_suites: ["general-tests", "mts-adbd"], + test_suites: [ + "general-tests", + "mts-adbd", + ], } |