adb connect calls connect() in the event loop. If you pass a wrong ip
address or the server is slow to respond, this will block the event loop
and you can't even kill the adb server with adb kill-server. Handle connect
requests in a service thread instead.
Change-Id: I2ee732869a3dc22a6d3b87cf8ac80acaa7790037
When a filesystem is mounted read-only, make the underlying
block device read-only too. This helps prevent an attacker
who is able to change permissions on the files in /dev
(for example, symlink attack) from modifying the block device.
In particular, this change would have stopped the LG Thrill / Optimus
3D rooting exploit
(http://vulnfactory.org/blog/2012/02/26/rooting-the-lg-thrill-optimus-3d/)
as that exploit modified the raw block device corresponding to /system.
This change also makes UID=0 less powerful. Block devices cannot
be made writable again without CAP_SYS_ADMIN, so an escalation
to UID=0 by itself doesn't give full root access.
adb/mount: Prior to mounting something read-write, remove the
read-only restrictions on the underlying block device. This avoids
messing up developer workflows.
Change-Id: I135098a8fe06f327336f045aab0d48ed9de33807
Move the responsibility for rebooting the system from the
reboot command to init. Init is in a better position to take
actions to bring the system down cleanly, including making sure
filesystems are mounted read-only.
The only UIDs which can perform an init triggered reboot are
root, system, and shell.
Modify the reboot command so that it calls into init to perform
the reboot. The reboot command no longer requires CAP_SYS_BOOT.
Remove the -n reboot option and code which supports it. Anyone needing
to do an unclean shutdown can just do a 'echo c > /proc/sysrq-trigger'.
Modify adb so that it calls into init to perform a shutdown.
Bug: 8646621
Change-Id: I84c0513acb549720cb0e8c9fcbda0050f5c396f5
Add the OUYA VID to the list of known USB VIDs to allow developers with OUYA
consoles to have their device automatically recognized.
Change-Id: I499114d8071747b972c24681fc0771f000ad9f9d
Both CS_RECOVERY and CS_SIDELOAD where not being checked by
connection_state_name which resulted in adb get-state returning
unknown when a device is in those modes.
Change-Id: I00716024d6a0bdb68d6e2380c8cd7b5d056bd15f
Signed-off-by: trevd <trevd1234@gmail.com>
- adds a library to compute the SHA-256 hash
- updates the RSA verifier to take an argument specifying either SHA-1
or SHA-256
- updates DumpPublicKey to with new "key" version numbers for
specifying SHA-256
- adds new argument to adb auth code to maintain existing behavior
Change-Id: I5b1406cf57c2b8993f6032eda3e29139f7740839
adbd can receive multiple AUTH_RSAPUBLICKEY packets. This happens for
example when booting with usb attached when we retry authenticating
after the framework is done booting. Make sure usb_disconnect is only
registered once, otherwise this creates a loop in the disconnects list.
Bug: 8504991
Change-Id: Ia1f9a37005dd17b7eefee1493d622e1679263eea
Set the CAP_SYS_BOOT filesystem capability on the new reboot
command and keep CAP_SYS_BOOT in adb bounding set so that the
shell user can run it.
Change-Id: I1dd6143445ee2a952254f0452ab6e544318431dd
The adb sideload utility referes to the filename as 'sideload' in some
places. This patch changes the printouts to display the filename instead.
Change-Id: I38ada01a08bed53a8d9697c03f55ce8cee2abe12
Signed-off-by: Magnus Eriksson <eriksson.mag@gmail.com>
run-as: don't require CAP_DAC_OVERRIDE.
Prevent an adb spawned application from acquiring capabilities
other than
* CAP_NET_RAW
* CAP_SETUID
* CAP_SETGID
The only privileged programs accessible on user builds are
* /system/bin/ping
* /system/bin/run-as
and the capabilities above are sufficient to cover those
two programs.
If the kernel doesn't support file capabilities, we ignore
a prctl(PR_CAPBSET_DROP) failure. In a future CL, this could
become a fatal error.
Change-Id: I45a56712bfda35b5ad9378dde9e04ab062fe691a
When booting with usb attached, the secure adb authentication happens
long before the framework is done booting, so adb can't notify the
framework to install the public key.
Change-Id: Id2af6cebece345022f56cb0c4b5af24e1d7a425c
# By Ray Donnelly
# Via Android Git Automerger (2) and others
* commit '282caf3bd0dfd81b92ac74e0b3ea970d195fee7b':
Windows adb: include stdint.h for uint8_t on MinGW-w64
# By Ray Donnelly
# Via Android Git Automerger (2) and others
* commit '6c3d3ccfa5d1d77b80e5c7619909a48b976c69ec':
Windows adb: initialize on to 1 in disable_tcp_nagle
Add a new connection state, so that devices, that require confirmation
to allow adb, appear as "unauthorized" in the adb devices lists.
Change-Id: Ib4264bc5736dedecf05bcf8e31896f4d7a91fad8
The framework can now clear the user key list, so we need to reload the
key list on every auth request instead of loading it once when adbd
starts.
This also fixes issues with encrypted devices, where the user key file
is only readable after the user has unlocked the device.
Change-Id: I350c5aab986f8ca86b95f316398d03012553e581
Benoit Goby