From 1cddc2092f544c5eac339e59746436facfdd5dc7 Mon Sep 17 00:00:00 2001 From: Elliott Hughes Date: Wed, 17 Jun 2015 15:23:42 -0700 Subject: [PATCH] Ignore ro.adb.secure in user builds. Require authorization by default, and remove the ability to override that in user builds. (userdebug and eng are still free to do whatever they want.) Bug: http://b/21862859 Change-Id: Ibf8af375be5bf1141c1ad481eee7a59fb10a7adb (cherry picked from commit 5cba504215ea91187cc36ec7aec5dce1b0f4b0fe) --- adb/Android.mk | 5 ++--- adb/adb.cpp | 4 ++-- adb/adb_auth.cpp | 2 +- adb/adb_auth.h | 2 +- adb/adb_main.cpp | 9 +++++---- 5 files changed, 11 insertions(+), 11 deletions(-) diff --git a/adb/Android.mk b/adb/Android.mk index 1613a88e4..425bf9ba5 100644 --- a/adb/Android.mk +++ b/adb/Android.mk @@ -232,12 +232,11 @@ LOCAL_CFLAGS := \ -D_GNU_SOURCE \ -Wno-deprecated-declarations \ -ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT))) -LOCAL_CFLAGS += -DALLOW_ADBD_ROOT=1 -endif +LOCAL_CFLAGS += -DALLOW_ADBD_NO_AUTH=$(if $(filter userdebug eng,$(TARGET_BUILD_VARIANT)),1,0) ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT))) LOCAL_CFLAGS += -DALLOW_ADBD_DISABLE_VERITY=1 +LOCAL_CFLAGS += -DALLOW_ADBD_ROOT=1 endif LOCAL_MODULE := adbd diff --git a/adb/adb.cpp b/adb/adb.cpp index 8a7b9c9f3..f64b19f80 100644 --- a/adb/adb.cpp +++ b/adb/adb.cpp @@ -421,9 +421,9 @@ void handle_packet(apacket *p, atransport *t) parse_banner(reinterpret_cast(p->data), t); - if (HOST || !auth_enabled) { + if (HOST || !auth_required) { handle_online(t); - if(!HOST) send_connect(t); + if (!HOST) send_connect(t); } else { send_auth_request(t); } diff --git a/adb/adb_auth.cpp b/adb/adb_auth.cpp index dc0182519..cff26d619 100644 --- a/adb/adb_auth.cpp +++ b/adb/adb_auth.cpp @@ -28,7 +28,7 @@ #include "adb.h" #include "transport.h" -int auth_enabled = 0; +bool auth_required = true; void send_auth_request(atransport *t) { diff --git a/adb/adb_auth.h b/adb/adb_auth.h index 1e1978d92..a13604a76 100644 --- a/adb/adb_auth.h +++ b/adb/adb_auth.h @@ -19,7 +19,7 @@ #include "adb.h" -extern int auth_enabled; +extern bool auth_required; int adb_auth_keygen(const char* filename); void adb_auth_verified(atransport *t); diff --git a/adb/adb_main.cpp b/adb/adb_main.cpp index 3f88d1303..45a215870 100644 --- a/adb/adb_main.cpp +++ b/adb/adb_main.cpp @@ -239,10 +239,11 @@ int adb_main(int is_daemon, int server_port) // descriptor will always be open. adbd_cloexec_auth_socket(); - property_get("ro.adb.secure", value, "0"); - auth_enabled = !strcmp(value, "1"); - if (auth_enabled) - adbd_auth_init(); + if (ALLOW_ADBD_NO_AUTH && property_get_bool("ro.adb.secure", 0) == 0) { + auth_required = false; + } + + adbd_auth_init(); // Our external storage path may be different than apps, since // we aren't able to bind mount after dropping root.