Setting up a libadbd flag for shared usage across miniadbd (CL 1/2)
Bug: 201308542
Test:
shaju@mvatap01:~/bogoadb$ adb reboot bootloader
shaju@mvatap01:~/bogoadb$ fastboot devices
89MAY007L9 fastboot
shaju@mvatap01:~/bogoadb$ adb devices
List of devices attached
89MAY007L9 recovery
shaju@mvatap01:~/bogoadb$ adb devices
List of devices attached
89MAY007L9 sideload
shaju@mvatap01:~/bogoadb$ ./bogoadb2 setprop sys.powerctl reboot
connected to local adb
connect_service connect_service(3,host:transport-any)
write_all(3,0x7ffe34108c1c,4)
write_all(3,0x56491c20a1ac,18)
sent connection request for 'host:transport-any', waiting for reply...
read_all read_all(3,0x7ffe34108c18,4)
connect_service read_all() READ:OKAY0012
request done
connect_service connect_service(3,localfilesystem:/dev/socket/property_service)
write_all(3,0x7ffe34108c1c,4)
write_all(3,0x56491c20a1c0,44)
sent connection request for 'localfilesystem:/dev/socket/property_service', waiting for reply...
read_all read_all(3,0x7ffe34108c18,4)
connect_service read_all() READ:FAIL002c
read_all read_all(3,0x7ffe34108c14,4)
connect_service read_all() READ:0006FAIL002c
read_all read_all(3,0x56491e2152c0,6)
connect_service read_all() READ:closed
connection failed: 'closed'
shaju@mvatap01:~/bogoadb$ adb reboot
shaju@mvatap01:~/bogoadb$ echo 'regression test on the regular adbd path'
regression test on the regular adbd path
shaju@mvatap01:~/bogoadb$ adb devices
List of devices attached
89MAY007L9 device
shaju@mvatap01:~/bogoadb$ ./bogoadb2 setprop sys.powerctl reboot
connected to local adb
connect_service connect_service(3,host:transport-any)
write_all(3,0x7ffdc6be6aac,4)
write_all(3,0x55f4482c31ac,18)
sent connection request for 'host:transport-any', waiting for reply...
read_all read_all(3,0x7ffdc6be6aa8,4)
connect_service read_all() READ:OKAY0012
request done
connect_service connect_service(3,localfilesystem:/dev/socket/property_service)
write_all(3,0x7ffdc6be6aac,4)
write_all(3,0x55f4482c31c0,44)
sent connection request for 'localfilesystem:/dev/socket/property_service', waiting for reply...
read_all read_all(3,0x7ffdc6be6aa8,4)
connect_service read_all() READ:OKAY002c
request done
write_all(3,0x55f4482c31a8,4)
write_all(3,0x7ffdc6be6b08,4)
write_all(3,0x7ffdc6be71cd,12)
write_all(3,0x7ffdc6be6b04,4)
write_all(3,0x7ffdc6be71da,6)
read_all read_all(3,0x7ffdc6be6b00,4)
set_property read_all() READ:0
property write succeeded
More test results here: https://docs.google.com/document/d/1qlyhmJ_8CkOluVfQPK2bMtevz9rXzLnHjF362CTigaQ
Ignore-AOSP-First: Security fix.
Signed-off-by: Shaju Mathew <shaju@google.com>
Change-Id: I1ba2cce55628d4ec7a5fbc661614e2a9a2d30018
diff --git a/adb_auth.h b/adb_auth.h
index 7e858dc..1a1ab11 100644
--- a/adb_auth.h
+++ b/adb_auth.h
@@ -49,6 +49,7 @@
#else // !ADB_HOST
extern bool auth_required;
+extern bool socket_access_allowed;
void adbd_auth_init(void);
void adbd_auth_verified(atransport *t);
diff --git a/daemon/auth.cpp b/daemon/auth.cpp
index 1a1e4ad..2c3844b 100644
--- a/daemon/auth.cpp
+++ b/daemon/auth.cpp
@@ -64,6 +64,7 @@
static uint32_t transport_auth_id = 0;
bool auth_required = true;
+bool socket_access_allowed = true;
static void* transport_to_callback_arg(atransport* transport) {
uint32_t id = transport_auth_id++;
diff --git a/socket_spec.cpp b/socket_spec.cpp
index c93b023..4a05210 100644
--- a/socket_spec.cpp
+++ b/socket_spec.cpp
@@ -29,6 +29,7 @@
#include <cutils/sockets.h>
#include "adb.h"
+#include "adb_auth.h"
#include "adb_mdns.h"
#include "adb_utils.h"
#include "sysdeps.h"
@@ -185,6 +186,15 @@
bool socket_spec_connect(unique_fd* fd, std::string_view address, int* port, std::string* serial,
std::string* error) {
+#if !ADB_HOST
+ if (!socket_access_allowed) { // Check whether this security suppression is
+ // active (initiated from minadbd), and if so disable socket communications
+ // for the (min)deamon.
+ *error = "Suppressing minadbd socket communications";
+ return false;
+ }
+#endif
+
if (address.starts_with("tcp:")) {
std::string hostname;
int port_value = port ? *port : 0;