diff options
| author | Elliott Hughes <enh@google.com> | 2015-06-17 15:23:42 -0700 |
|---|---|---|
| committer | Elliott Hughes <enh@google.com> | 2015-06-19 13:26:02 -0700 |
| commit | 1cddc2092f544c5eac339e59746436facfdd5dc7 (patch) | |
| tree | 2980a377d028230c412251e516c88751ece12382 | |
| parent | 6ee7ff426893d8b8ebbb63e02073b9780912bd17 (diff) | |
| download | system_core-1cddc2092f544c5eac339e59746436facfdd5dc7.zip system_core-1cddc2092f544c5eac339e59746436facfdd5dc7.tar.gz system_core-1cddc2092f544c5eac339e59746436facfdd5dc7.tar.bz2 | |
Ignore ro.adb.secure in user builds.
Require authorization by default, and remove the ability to override
that in user builds. (userdebug and eng are still free to do whatever
they want.)
Bug: http://b/21862859
Change-Id: Ibf8af375be5bf1141c1ad481eee7a59fb10a7adb
(cherry picked from commit 5cba504215ea91187cc36ec7aec5dce1b0f4b0fe)
| -rw-r--r-- | adb/Android.mk | 5 | ||||
| -rw-r--r-- | adb/adb.cpp | 4 | ||||
| -rw-r--r-- | adb/adb_auth.cpp | 2 | ||||
| -rw-r--r-- | adb/adb_auth.h | 2 | ||||
| -rw-r--r-- | adb/adb_main.cpp | 9 |
5 files changed, 11 insertions, 11 deletions
diff --git a/adb/Android.mk b/adb/Android.mk index 1613a88..425bf9b 100644 --- a/adb/Android.mk +++ b/adb/Android.mk @@ -232,12 +232,11 @@ LOCAL_CFLAGS := \ -D_GNU_SOURCE \ -Wno-deprecated-declarations \ -ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT))) -LOCAL_CFLAGS += -DALLOW_ADBD_ROOT=1 -endif +LOCAL_CFLAGS += -DALLOW_ADBD_NO_AUTH=$(if $(filter userdebug eng,$(TARGET_BUILD_VARIANT)),1,0) ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT))) LOCAL_CFLAGS += -DALLOW_ADBD_DISABLE_VERITY=1 +LOCAL_CFLAGS += -DALLOW_ADBD_ROOT=1 endif LOCAL_MODULE := adbd diff --git a/adb/adb.cpp b/adb/adb.cpp index 8a7b9c9..f64b19f 100644 --- a/adb/adb.cpp +++ b/adb/adb.cpp @@ -421,9 +421,9 @@ void handle_packet(apacket *p, atransport *t) parse_banner(reinterpret_cast<const char*>(p->data), t); - if (HOST || !auth_enabled) { + if (HOST || !auth_required) { handle_online(t); - if(!HOST) send_connect(t); + if (!HOST) send_connect(t); } else { send_auth_request(t); } diff --git a/adb/adb_auth.cpp b/adb/adb_auth.cpp index dc01825..cff26d6 100644 --- a/adb/adb_auth.cpp +++ b/adb/adb_auth.cpp @@ -28,7 +28,7 @@ #include "adb.h" #include "transport.h" -int auth_enabled = 0; +bool auth_required = true; void send_auth_request(atransport *t) { diff --git a/adb/adb_auth.h b/adb/adb_auth.h index 1e1978d..a13604a 100644 --- a/adb/adb_auth.h +++ b/adb/adb_auth.h @@ -19,7 +19,7 @@ #include "adb.h" -extern int auth_enabled; +extern bool auth_required; int adb_auth_keygen(const char* filename); void adb_auth_verified(atransport *t); diff --git a/adb/adb_main.cpp b/adb/adb_main.cpp index 3f88d13..45a2158 100644 --- a/adb/adb_main.cpp +++ b/adb/adb_main.cpp @@ -239,10 +239,11 @@ int adb_main(int is_daemon, int server_port) // descriptor will always be open. adbd_cloexec_auth_socket(); - property_get("ro.adb.secure", value, "0"); - auth_enabled = !strcmp(value, "1"); - if (auth_enabled) - adbd_auth_init(); + if (ALLOW_ADBD_NO_AUTH && property_get_bool("ro.adb.secure", 0) == 0) { + auth_required = false; + } + + adbd_auth_init(); // Our external storage path may be different than apps, since // we aren't able to bind mount after dropping root. |