We want repeatable builds for minimal OTAs.
Bug: http://b/64634017
Bug: 64709603 (presubmit balking at the line above)
Test: repeated builds after `touch daemon/main.cpp` keep same md5sum
Change-Id: Iedeb44377ea45bbf20e2212760802198a57dc14a
This method works around the downsides of
ENDPOINT_ALLOC, namely that it is not affected
by memory fragmentation and it uses an upstream
interface.
Also add libasyncio to provide the necessary syscalls
to both adb and mtp.
Add some small optimizations to file_sync.
Bug: 37916658
Test: run adb push/pull
Change-Id: If3b3be02b5e2d4f9cffec1b8ddc02a5768a51a1f
ALLOW_ADBD_ROOT ('adb root') and ALLOW_ADBD_NO_AUTH (ro.adb.secure = 0)
are false in user build. This prevents a non-A/B device from running
Treble VTS because it requires 'adb root'. Without ALLOW_ADBD_NO_AUTH,
adb still can work if ro.adb.secure = 1. However, allowing it to be 0
is better for test automation.
The image combination in VTS is:
- system.img (userdebug): provided by Googlg
- boot.img (user): provided by the OEM <-- adbd is here
- vendor.img (user): provided by the OEM
This change allows 'adb root' and 'ro.adb.secure = 0' when the device is
unlocked in user build. No changes for userdebug/eng builds.
Note that the device must be unlocked when running VTS. Otherwise,
verified boot will prevent it from booting the system.img provided by
Google (no verity metadata).
Bug: 63313955
Bug: 63381692
Test: use the above image combination, check 'adb root' and
'ro.adb.secure = 0' can work
Change-Id: I109d96c950e54c4fb0ac0c98b989a20593681e52
This CL is in support of another CL c/2048848, topic
'Refactor hid command in /frameworks/base/cmds' in
internal master. Adding the permissions for
shell here to access uhid_node as part of the
new 'uhid' group.
Bug: 34052337
Test: Tested on angler, bluetooth mouse works OK.
Change-Id: If9e100aa1262d689fb8adc5c0ce93f157c96399e
Annoyingly folks parse the "adb --version" output so we have the
less-interesting protocol version first. But at least now we'll
have the "real" version somewhere...
Bug: N/A
Test: "adb --version"/"fastboot --version"
Change-Id: Ia85b561bd8d84c6fd6995923730d36f53b2f800b
This reverts commit 05fe272a87.
Commit "adb: Do not signal gaget stack unless descriptors are written"
fixed the main issue for configfs devices where device wasn't enabled
until after the ioctl was attempted. Thus it is safe to bring up the
retry count so that the ioctl doesn't fail due to small delays in
usb stack.
Test: use adb, switch configs on configfs devices
- moved __android_log_is_debuggable to a new public header
(log_properties.h)
- vendor version of sched_policy uses ALOG* instead SLOG*
Test: (sanity) liblog-unit-tests
Test: (sanity) libcutils_test (noting b/b/32972117, two tests continue
to fail)
Test: system/core as a whole makes with BOARD_VNDK_VERSION := current
now with no problems.
Test: boots/works on internal marlin
Bug: 33241851
(cherry picked from commit 1f83aa424f)
Merged-In: I5bc1f348dc0f0c8814bec5b5c3d2c52c825ab640
Change-Id: I5bc1f348dc0f0c8814bec5b5c3d2c52c825ab640
We have std::thread now, so we can delete this cruft.
Test: python test_device.py
Test: adb_test
Test: wine adb_test.exe
Test: /data/nativetest/adbd_test/adbd_test
Change-Id: Ie1c1792547b20dec45e2a62ce6515fcb981c3ef8
While recovering from endpoint errors, the gadget stack was being
signalled even when desriptors were NOT being rewritten. Avoid this
as this might cause enumeration loops.
Bug: 36036550
Change-Id: Iff2b2fc8cded001ef3c77dc170dce3b96848970c
Test: Was able to discover a raspberry pi.
Bug: 28074466
(cherry picked from e292cd16760321fccc99c8c261cb92fa4b6462ab)
Change-Id: Id9571576457a4a0a078e48a274a4e8eac78bfe2b
Now all devices won't appear as "Android." Should make it easier to
multiplex.
Test: Verified locally on a raspberry pi 3
Bug: 28887278
(cherry picked from 815b23319635d264ae0ce2c8c29a5776a57b8051)
Change-Id: Icfd0116477543af6a3049c14d818c1cff7fc3b93
We now request mdnsd from adb and register a service of type _adb._tcp
for clients to connect to.
Test: Verified service appears in avahi-browse
Bug: 28074466
(cherry picked from 379ac414e4d9f53388d903913022a55695292775)
Change-Id: Ie871b9c8b40e86063cc1e68e8f3e4290ead2d279
Sometimes when endpoint_alloc returns ENODEV,
max_rw will end up being a value that is too
big.
Bug: 35634401
Test: push/pull files
Change-Id: Iaa81a3311b1855e2a835562cdf7a46ff4399feb1
This allows reliable use of larger buffer sizes.
Max r/w size is set only when that preallocation
is successful so that memory is guaranteed to be
available.
Bug: 31722483
Test: adb push with multi GB files
Change-Id: Ia0459ca051988abb144645871792e8f840dd3ff7
Break adbd's USB initialization code into its own static library to
allow it to be used by benchmark code that pretends to be adbd.
Bug: http://b/31289465
Test: adb shell works on bullhead
Change-Id: I0ac7d78a4f7aef59bd6d14fc5cf1ed870e1f3a9d
Remove debuggerd in favor of a helper process that gets execed by
crashing processes.
Bug: http://b/30705528
Test: debuggerd_test
Change-Id: I9906c69473989cbf7fe5ea6cccf9a9c563d75906
Everything should be using the functionfs interface instead by now.
Bug: http://b/34228376
Test: grepping for f_adb, android_adb in source tree
Test: m
Change-Id: I6bc41049c49a867499832588dac8ed108c636c11
This CL adds support to forward or reverse TCP port 0 to allow the
system to automatically select an open port. The resolved port number
will be printed to stdout:
$ adb forward tcp:0 tcp:8000
12345
$ adb reverse tcp:0 tcp:9000
23456
This allows testing to be more robust by not hardcoding TCP ports which
may already be in use.
Forwarding port 0 is a host-only change and will work with any device,
but reversing port 0 requires the device to be updated with a new adbd
binary.
This CL also does a little bit of cleanup such as moving the alistener
class out of adb.h, and adds some error checking and additional tests.
Bug: 28051746
Test: python -m unittest discover
Test: adb_test
Test: `adb forward` and `adb reverse` with tcp:0
Change-Id: Icaa87346685b403ab5da7f0e6aa186aa091da572
Minijail supports dropping capabilities from the bounding set.
Use that code instead.
This cleans up one small loose end in the work started with
https://android-review.googlesource.com/#/c/187775/
Final diff: fewer lines, more unit-tested code.
"""
$ git diff --stat 52cf4fa6aa3e8d13f61b1 adb/daemon/main.cpp
adb/daemon/main.cpp | 56
1 file changed, 27 insertions(+), 29 deletions(-)
"""
Bug: 27314096
Change-Id: I238975920b85fae376522eb26f5ad6d9fee0762a
With https://android-review.googlesource.com/#/c/195400, Minijail will
check for this failure so there's no need to do it here, which allows
to simplify the code.
Bug: 26099611
Change-Id: I7c876fdcab874ed403f82bdd5a4048c0f1e5db58
By using Minijail we avoid writing the same priv-dropping code over
and over again. This also enables future hardening opportunities.
We're already using Minijail for priv-dropping on Brillo.
Minijail is unit- and integration-tested on the
Chrome OS CI infrastructure (pulling from the same repo, see
https://wmatrix.googleplex.com/security?tests=security_Minijail0).
Once CI comes to Android, it will be continuously tested there as well.
Both 'adb root' and 'adb unroot' still work.
Bug: 26099611
Change-Id: I52c456ea272d27bd6fbc71200f4fdd928a592158
Back in 080427e4e2, we said:
If the kernel doesn't support file capabilities, we ignore
a prctl(PR_CAPBSET_DROP) failure. In a future CL, this could
become a fatal error.
Make it a fatal error. With SELinux support, all devices are
required to support file capabilities.
Change-Id: I0ce0c4cb9387c42e325cbf1a63c5d82e6aab530c
Shell scripts of the following form do not work properly with adb:
echo "foo\nbar\nbaz" | {
read FOO
while [ "$FOO" != "" ]; do
adb shell echo $FOO
read FOO
done
}
The first run of adb shell will consume all of the contents of stdin,
causing the loop to immediately end. ssh solves this by providing a -n
flag that causes it to not read from stdin. This commit adds the same.
Bug: http://b/25817224
Change-Id: Id74ca62ef520bcf03678b50f4bf203916fd81038
Add the following mount options to the /proc filesystem:
hidepid=2,gid=3009
This change blocks /proc access unless you're in group 3009
(aka AID_READPROC).
Please see
https://github.com/torvalds/linux/blob/master/Documentation/filesystems/proc.txt
for documentation on the hidepid option.
hidepid=2 is preferred over hidepid=1 since it leaks less information
and doesn't generate SELinux ptrace denials when trying to access
/proc without being in the proper group.
Add AID_READPROC to processes which need to access /proc entries for
other UIDs.
Bug: 23310674
Change-Id: I22bb55ff7b80ff722945e224845215196f09dafa
Bowgo Tsai