Gitiles
Code Review Sign In
LeafOS / LeafOS-Project / android_system_core / 5cba504215ea91187cc36ec7aec5dce1b0f4b0fe^! / .
commit5cba504215ea91187cc36ec7aec5dce1b0f4b0fe[log] [tgz]
authorElliott Hughes <enh@google.com>Wed Jun 17 15:23:42 2015 -0700
committerElliott Hughes <enh@google.com>Thu Jun 18 10:19:30 2015 -0700
tree93466acd853df1bd85349a9aaa60aca89794cb65
parent53d504f00dea232601e1290c8255274afb0f4256 [diff]
Ignore ro.adb.secure in user builds.

Require authorization by default, and remove the ability to override
that in user builds. (userdebug and eng are still free to do whatever
they want.)

Bug: http://b/21862859
Change-Id: Ibf8af375be5bf1141c1ad481eee7a59fb10a7adb

diff --git a/adb/Android.mk b/adb/Android.mk
index f030041..7977009 100644
--- a/adb/Android.mk
+++ b/adb/Android.mk

@@ -238,12 +238,11 @@
     -D_GNU_SOURCE \
     -Wno-deprecated-declarations \
 
-ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT)))
-LOCAL_CFLAGS += -DALLOW_ADBD_ROOT=1
-endif
+LOCAL_CFLAGS += -DALLOW_ADBD_NO_AUTH=$(if $(filter userdebug eng,$(TARGET_BUILD_VARIANT)),1,0)
 
 ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT)))
 LOCAL_CFLAGS += -DALLOW_ADBD_DISABLE_VERITY=1
+LOCAL_CFLAGS += -DALLOW_ADBD_ROOT=1
 endif
 
 LOCAL_MODULE := adbd

diff --git a/adb/adb.cpp b/adb/adb.cpp
index 9af1586..6a0540c 100644
--- a/adb/adb.cpp
+++ b/adb/adb.cpp

@@ -431,9 +431,9 @@
 
         parse_banner(reinterpret_cast<const char*>(p->data), t);
 
-        if (HOST || !auth_enabled) {
+        if (HOST || !auth_required) {
             handle_online(t);
-            if(!HOST) send_connect(t);
+            if (!HOST) send_connect(t);
         } else {
             send_auth_request(t);
         }

diff --git a/adb/adb_auth.cpp b/adb/adb_auth.cpp
index dc01825..cff26d6 100644
--- a/adb/adb_auth.cpp
+++ b/adb/adb_auth.cpp

@@ -28,7 +28,7 @@
 #include "adb.h"
 #include "transport.h"
 
-int auth_enabled = 0;
+bool auth_required = true;
 
 void send_auth_request(atransport *t)
 {

diff --git a/adb/adb_auth.h b/adb/adb_auth.h
index 1e1978d..a13604a 100644
--- a/adb/adb_auth.h
+++ b/adb/adb_auth.h

@@ -19,7 +19,7 @@
 
 #include "adb.h"
 
-extern int auth_enabled;
+extern bool auth_required;
 
 int adb_auth_keygen(const char* filename);
 void adb_auth_verified(atransport *t);

diff --git a/adb/daemon/main.cpp b/adb/daemon/main.cpp
index d7fa362..157c97b 100644
--- a/adb/daemon/main.cpp
+++ b/adb/daemon/main.cpp

@@ -125,11 +125,12 @@
     // descriptor will always be open.
     adbd_cloexec_auth_socket();
 
-    auth_enabled = property_get_bool("ro.adb.secure", 0) != 0;
-    if (auth_enabled) {
-        adbd_auth_init();
+    if (ALLOW_ADBD_NO_AUTH && property_get_bool("ro.adb.secure", 0) == 0) {
+        auth_required = false;
     }
 
+    adbd_auth_init();
+
     // Our external storage path may be different than apps, since
     // we aren't able to bind mount after dropping root.
     const char* adb_external_storage = getenv("ADB_EXTERNAL_STORAGE");