am 0620e3dd: Merge "adbd: switch to su domain when running as root"

* commit '0620e3ddb85582f66612d046d1295dc20bf1a4f5': adbd: switch to su domain when running as root
2014-01-24 10:06:46 -08:00 · 2014-01-24 10:06:46 -08:00 · 1638431224
parent 4b53b0147a 0620e3ddb8
commit 1638431224
2 changed files with 30 additions and 8 deletions
--- a/adb/adb.c
+++ b/adb/adb.c
@ -39,6 +39,8 @@
 #include <sys/capability.h>
 #include <linux/prctl.h>
 #include <sys/mount.h>
+#include <getopt.h>
+#include <selinux/selinux.h>
 #else
 #include "usb_vendors.h"
 #endif
@ -54,6 +56,7 @@ static int auth_enabled = 0;

 #if !ADB_HOST
 static const char *adb_device_banner = "device";
+static const char *root_seclabel = NULL;
 #endif

 void fatal(const char *fmt, ...)
@ -1356,6 +1359,12 @@ int adb_main(int is_daemon, int server_port)
        D("Local port disabled\n");
    } else {
        char local_name[30];
+        if ((root_seclabel != NULL) && (is_selinux_enabled() > 0)) {
+            // b/12587913: fix setcon to allow const pointers
+            if (setcon((char *)root_seclabel) < 0) {
+                exit(1);
+            }
+        }
        build_local_name(local_name, sizeof(local_name), server_port);
        if(install_listener(local_name, "*smartsocket*", NULL, 0)) {
            exit(1);
@ -1642,10 +1651,6 @@ int handle_host_request(char *service, transport_type ttype, char* serial, int r
    return -1;
 }

-#if !ADB_HOST
-int recovery_mode = 0;
-#endif
-
 int main(int argc, char **argv)
 {
 #if ADB_HOST
@ -1657,9 +1662,26 @@ int main(int argc, char **argv)
    /* If adbd runs inside the emulator this will enable adb tracing via
     * adb-debug qemud service in the emulator. */
    adb_qemu_trace_init();
-    if((argc > 1) && (!strcmp(argv[1],"recovery"))) {
-        adb_device_banner = "recovery";
-        recovery_mode = 1;
+    while(1) {
+        int c;
+        int option_index = 0;
+        static struct option opts[] = {
+            {"root_seclabel", required_argument, 0, 's' },
+            {"device_banner", required_argument, 0, 'b' }
+        };
+        c = getopt_long(argc, argv, "", opts, &option_index);
+        if (c == -1)
+            break;
+        switch (c) {
+        case 's':
+            root_seclabel = optarg;
+            break;
+        case 'b':
+            adb_device_banner = optarg;
+            break;
+        default:
+            break;
+        }
    }

    start_device_log();
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@ -447,7 +447,7 @@ on property:ro.debuggable=1
    start console

 # adbd is controlled via property triggers in init.<platform>.usb.rc
-service adbd /sbin/adbd
+service adbd /sbin/adbd --root_seclabel=u:r:su:s0
    class core
    socket adbd stream 660 system system
    disabled