diff options
| author | Bowgo Tsai <bowgotsai@google.com> | 2017-07-18 02:45:06 +0000 |
|---|---|---|
| committer | android-build-merger <android-build-merger@google.com> | 2017-07-18 02:45:06 +0000 |
| commit | 77d10dc9c9ab6c9f4c863139736df4ff634bbb61 (patch) | |
| tree | 599285c9f3be4f86e73308387f98c410702fecc4 | |
| parent | cf5a40bfeef628a7d34be1c9027e9676bfff07a1 (diff) | |
| parent | e55a4a9206766dcf53e0489ab3a480cc9fa287a1 (diff) | |
| download | adb-77d10dc9c9ab6c9f4c863139736df4ff634bbb61.tar.gz | |
Merge "adbd: lessen security constraints when the device is unlocked" am: e03665142e am: 0fe0ced23c
am: 620f6e65b3
Change-Id: I532c68a077019cbf133db5cbdcf967509415687b
| -rw-r--r-- | Android.mk | 2 | ||||
| -rw-r--r-- | daemon/main.cpp | 24 |
2 files changed, 16 insertions, 10 deletions
@@ -350,11 +350,11 @@ LOCAL_CFLAGS := \ -D_GNU_SOURCE \ -Wno-deprecated-declarations \ +LOCAL_CFLAGS += -DALLOW_ADBD_ROOT=$(if $(filter userdebug eng,$(TARGET_BUILD_VARIANT)),1,0) LOCAL_CFLAGS += -DALLOW_ADBD_NO_AUTH=$(if $(filter userdebug eng,$(TARGET_BUILD_VARIANT)),1,0) ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT))) LOCAL_CFLAGS += -DALLOW_ADBD_DISABLE_VERITY=1 -LOCAL_CFLAGS += -DALLOW_ADBD_ROOT=1 endif LOCAL_MODULE := adbd diff --git a/daemon/main.cpp b/daemon/main.cpp index 1c94298..e0629ab 100644 --- a/daemon/main.cpp +++ b/daemon/main.cpp @@ -49,17 +49,23 @@ static const char* root_seclabel = nullptr; +static inline bool is_device_unlocked() { + return "orange" == android::base::GetProperty("ro.boot.verifiedbootstate", ""); +} + static void drop_capabilities_bounding_set_if_needed(struct minijail *j) { -#if defined(ALLOW_ADBD_ROOT) - if (__android_log_is_debuggable()) { - return; + if (ALLOW_ADBD_ROOT || is_device_unlocked()) { + if (__android_log_is_debuggable()) { + return; + } } -#endif minijail_capbset_drop(j, CAP_TO_MASK(CAP_SETUID) | CAP_TO_MASK(CAP_SETGID)); } static bool should_drop_privileges() { -#if defined(ALLOW_ADBD_ROOT) + // "adb root" not allowed, always drop privileges. + if (!ALLOW_ADBD_ROOT && !is_device_unlocked()) return true; + // The properties that affect `adb root` and `adb unroot` are ro.secure and // ro.debuggable. In this context the names don't make the expected behavior // particularly obvious. @@ -89,9 +95,6 @@ static bool should_drop_privileges() { } return drop; -#else - return true; // "adb root" not allowed, always drop privileges. -#endif // ALLOW_ADBD_ROOT } static void drop_privileges(int server_port) { @@ -158,7 +161,10 @@ int adbd_main(int server_port) { // descriptor will always be open. adbd_cloexec_auth_socket(); - if (ALLOW_ADBD_NO_AUTH && !android::base::GetBoolProperty("ro.adb.secure", false)) { + // Respect ro.adb.secure in userdebug/eng builds (ALLOW_ADBD_NO_AUTH), or when the + // device is unlocked. + if ((ALLOW_ADBD_NO_AUTH || is_device_unlocked()) && + !android::base::GetBoolProperty("ro.adb.secure", false)) { auth_required = false; } |