Ignore ro.adb.secure in user builds.

Require authorization by default, and remove the ability to override that in user builds. (userdebug and eng are still free to do whatever they want.) Bug: http://b/21862859 Change-Id: Ibf8af375be5bf1141c1ad481eee7a59fb10a7adb (cherry picked from commit 5cba504215)
2015-06-17 15:23:42 -07:00 · 2015-06-17 15:23:42 -07:00 · 1cddc2092f
parent 6ee7ff4268
commit 1cddc2092f
5 changed files with 11 additions and 11 deletions
--- a/adb/Android.mk
+++ b/adb/Android.mk
@ -232,12 +232,11 @@ LOCAL_CFLAGS := \
    -D_GNU_SOURCE \
    -Wno-deprecated-declarations \

-ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT)))
-LOCAL_CFLAGS += -DALLOW_ADBD_ROOT=1
-endif
+LOCAL_CFLAGS += -DALLOW_ADBD_NO_AUTH=$(if $(filter userdebug eng,$(TARGET_BUILD_VARIANT)),1,0)

 ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT)))
 LOCAL_CFLAGS += -DALLOW_ADBD_DISABLE_VERITY=1
+LOCAL_CFLAGS += -DALLOW_ADBD_ROOT=1
 endif

 LOCAL_MODULE := adbd
--- a/adb/adb.cpp
+++ b/adb/adb.cpp
@ -421,9 +421,9 @@ void handle_packet(apacket *p, atransport *t)

        parse_banner(reinterpret_cast<const char*>(p->data), t);

-        if (HOST || !auth_enabled) {
+        if (HOST || !auth_required) {
            handle_online(t);
-            if(!HOST) send_connect(t);
+            if (!HOST) send_connect(t);
        } else {
            send_auth_request(t);
        }
--- a/adb/adb_auth.cpp
+++ b/adb/adb_auth.cpp
@ -28,7 +28,7 @@
 #include "adb.h"
 #include "transport.h"

-int auth_enabled = 0;
+bool auth_required = true;

 void send_auth_request(atransport *t)
 {
--- a/adb/adb_auth.h
+++ b/adb/adb_auth.h
@ -19,7 +19,7 @@

 #include "adb.h"

-extern int auth_enabled;
+extern bool auth_required;

 int adb_auth_keygen(const char* filename);
 void adb_auth_verified(atransport *t);
--- a/adb/adb_main.cpp
+++ b/adb/adb_main.cpp
@ -239,10 +239,11 @@ int adb_main(int is_daemon, int server_port)
    // descriptor will always be open.
    adbd_cloexec_auth_socket();

-    property_get("ro.adb.secure", value, "0");
-    auth_enabled = !strcmp(value, "1");
-    if (auth_enabled)
-        adbd_auth_init();
+    if (ALLOW_ADBD_NO_AUTH && property_get_bool("ro.adb.secure", 0) == 0) {
+        auth_required = false;
+    }
+
+    adbd_auth_init();

    // Our external storage path may be different than apps, since
    // we aren't able to bind mount after dropping root.