Google Git
Sign in
android / platform / system / adb / 6205b43fd821c1162e66dac421ac2dee0c2c9d76
commit6205b43fd821c1162e66dac421ac2dee0c2c9d76[log] [tgz]
authorBowgo Tsai <bowgotsai@google.com>Tue Jul 11 21:47:54 2017 +0800
committerBowgo Tsai <bowgotsai@google.com>Tue Jul 18 08:41:19 2017 +0800
treecffed2b2750ef79e4f0d66bc5cd4b9f49a80e864
parentd125ee19bb9e2e48c305f1a72083a3caeaf364ed [diff]
adbd: lessen security constraints when the device is unlocked

ALLOW_ADBD_ROOT ('adb root') and ALLOW_ADBD_NO_AUTH (ro.adb.secure = 0)
are false in user build. This prevents a non-A/B device from running
Treble VTS because it requires 'adb root'. Without ALLOW_ADBD_NO_AUTH,
adb still can work if ro.adb.secure = 1. However, allowing it to be 0
is better for test automation.

The image combination in VTS is:
  - system.img (userdebug): provided by Googlg
  - boot.img (user): provided by the OEM  <-- adbd is here
  - vendor.img (user): provided by the OEM

This change allows 'adb root' and 'ro.adb.secure = 0' when the device is
unlocked in user build. No changes for userdebug/eng builds.

Note that the device must be unlocked when running VTS. Otherwise,
verified boot will prevent it from booting the system.img provided by
Google (no verity metadata).

Bug: 63313955
Bug: 63381692
Test: use the above image combination, check 'adb root' and
      'ro.adb.secure = 0' can work

Change-Id: I109d96c950e54c4fb0ac0c98b989a20593681e52
2 files changed
tree: cffed2b2750ef79e4f0d66bc5cd4b9f49a80e864
  1. client/
  2. daemon/
  3. sysdeps/
  4. .clang-format ⇨ ../.clang-format-4
  5. adb.cpp
  6. adb.h
  7. adb_auth.h
  8. adb_auth_host.cpp
  9. adb_client.cpp
  10. adb_client.h
  11. adb_io.cpp
  12. adb_io.h
  13. adb_io_test.cpp
  14. adb_listeners.cpp
  15. adb_listeners.h
  16. adb_listeners_test.cpp
  17. adb_mdns.h
  18. adb_trace.cpp
  19. adb_trace.h
  20. adb_unique_fd.h
  21. adb_utils.cpp
  22. adb_utils.h
  23. adb_utils_test.cpp
  24. adbd_auth.cpp
  25. Android.bp
  26. Android.mk
  27. bugreport.cpp
  28. bugreport.h
  29. bugreport_test.cpp
  30. commandline.cpp
  31. commandline.h
  32. console.cpp
  33. CPPLINT.cfg
  34. diagnose_usb.cpp
  35. diagnose_usb.h
  36. fdevent.cpp
  37. fdevent.h
  38. fdevent_test.cpp
  39. fdevent_test.h
  40. file_sync_client.cpp
  41. file_sync_service.cpp
  42. file_sync_service.h
  43. framebuffer_service.cpp
  44. jdwp_service.cpp
  45. line_printer.cpp
  46. line_printer.h
  47. MODULE_LICENSE_APACHE2
  48. NOTICE
  49. OVERVIEW.TXT
  50. protocol.txt
  51. remount_service.cpp
  52. remount_service.h
  53. security_log_tags.h
  54. services.cpp
  55. services.h
  56. SERVICES.TXT
  57. set_verity_enable_state_service.cpp
  58. shell_service.cpp
  59. shell_service.h
  60. shell_service_protocol.cpp
  61. shell_service_protocol_test.cpp
  62. shell_service_test.cpp
  63. socket.h
  64. socket_spec.cpp
  65. socket_spec.h
  66. socket_spec_test.cpp
  67. socket_test.cpp
  68. sockets.cpp
  69. sockets.dia
  70. SYNC.TXT
  71. sysdeps.h
  72. sysdeps_test.cpp
  73. sysdeps_unix.cpp
  74. sysdeps_win32.cpp
  75. sysdeps_win32_test.cpp
  76. test_adb.py
  77. test_device.py
  78. trace.sh
  79. transport.cpp
  80. transport.h
  81. transport_local.cpp
  82. transport_mdns.cpp
  83. transport_mdns_unsupported.cpp
  84. transport_test.cpp
  85. transport_usb.cpp
  86. usb.h