am 0620e3dd: Merge "adbd: switch to su domain when running as root"

* commit '0620e3ddb85582f66612d046d1295dc20bf1a4f5':
  adbd: switch to su domain when running as root

2 files changed, 30 insertions, 8 deletions

diff --git a/adb/adb.c b/adb/adb.c
index 41270f9..665e958 100644
--- a/adb/adb.c
+++ b/adb/adb.c
@@ -39,6 +39,8 @@
 #include <sys/capability.h>
 #include <linux/prctl.h>
 #include <sys/mount.h>
+#include <getopt.h>
+#include <selinux/selinux.h>
 #else
 #include "usb_vendors.h"
 #endif
@@ -54,6 +56,7 @@ static int auth_enabled = 0;
 
 #if !ADB_HOST
 static const char *adb_device_banner = "device";
+static const char *root_seclabel = NULL;
 #endif
 
 void fatal(const char *fmt, ...)
@@ -1356,6 +1359,12 @@ int adb_main(int is_daemon, int server_port)
         D("Local port disabled\n");
     } else {
         char local_name[30];
+        if ((root_seclabel != NULL) && (is_selinux_enabled() > 0)) {
+            // b/12587913: fix setcon to allow const pointers
+            if (setcon((char *)root_seclabel) < 0) {
+                exit(1);
+            }
+        }
         build_local_name(local_name, sizeof(local_name), server_port);
         if(install_listener(local_name, "*smartsocket*", NULL, 0)) {
             exit(1);
@@ -1642,10 +1651,6 @@ int handle_host_request(char *service, transport_type ttype, char* serial, int r
     return -1;
 }
 
-#if !ADB_HOST
-int recovery_mode = 0;
-#endif
-
 int main(int argc, char **argv)
 {
 #if ADB_HOST
@@ -1657,9 +1662,26 @@ int main(int argc, char **argv)
     /* If adbd runs inside the emulator this will enable adb tracing via
      * adb-debug qemud service in the emulator. */
     adb_qemu_trace_init();
-    if((argc > 1) && (!strcmp(argv[1],"recovery"))) {
-        adb_device_banner = "recovery";
-        recovery_mode = 1;
+    while(1) {
+        int c;
+        int option_index = 0;
+        static struct option opts[] = {
+            {"root_seclabel", required_argument, 0, 's' },
+            {"device_banner", required_argument, 0, 'b' }
+        };
+        c = getopt_long(argc, argv, "", opts, &option_index);
+        if (c == -1)
+            break;
+        switch (c) {
+        case 's':
+            root_seclabel = optarg;
+            break;
+        case 'b':
+            adb_device_banner = optarg;
+            break;
+        default:
+            break;
+        }
     }
 
     start_device_log();
diff --git a/rootdir/init.rc b/rootdir/init.rc
index 38dbf1a..f3f3187 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -447,7 +447,7 @@ on property:ro.debuggable=1
     start console
 
 # adbd is controlled via property triggers in init.<platform>.usb.rc
-service adbd /sbin/adbd
+service adbd /sbin/adbd --root_seclabel=u:r:su:s0
     class core
     socket adbd stream 660 system system
     disabled