Setting up a libadbd flag for shared usage across miniadbd (CL 1/2)

Bug: 201308542

Test:
shaju@mvatap01:~/bogoadb$ adb reboot bootloader
shaju@mvatap01:~/bogoadb$ fastboot devices
89MAY007L9	fastboot
shaju@mvatap01:~/bogoadb$ adb devices
List of devices attached
89MAY007L9	recovery
shaju@mvatap01:~/bogoadb$ adb devices
List of devices attached
89MAY007L9	sideload
shaju@mvatap01:~/bogoadb$ ./bogoadb2 setprop sys.powerctl reboot
connected to local adb
connect_service connect_service(3,host:transport-any)
write_all(3,0x7ffe34108c1c,4)
write_all(3,0x56491c20a1ac,18)
sent connection request for 'host:transport-any', waiting for reply...
read_all read_all(3,0x7ffe34108c18,4)
connect_service read_all() READ:OKAY0012
request done
connect_service connect_service(3,localfilesystem:/dev/socket/property_service)
write_all(3,0x7ffe34108c1c,4)
write_all(3,0x56491c20a1c0,44)
sent connection request for 'localfilesystem:/dev/socket/property_service', waiting for reply...
read_all read_all(3,0x7ffe34108c18,4)
connect_service read_all() READ:FAIL002c
read_all read_all(3,0x7ffe34108c14,4)
connect_service read_all() READ:0006FAIL002c
read_all read_all(3,0x56491e2152c0,6)
connect_service read_all() READ:closed
connection failed: 'closed'

shaju@mvatap01:~/bogoadb$ adb reboot
shaju@mvatap01:~/bogoadb$ echo 'regression test on the regular adbd path'
regression test on the regular adbd path
shaju@mvatap01:~/bogoadb$ adb devices
List of devices attached
89MAY007L9	device
shaju@mvatap01:~/bogoadb$ ./bogoadb2 setprop sys.powerctl reboot
connected to local adb
connect_service connect_service(3,host:transport-any)
write_all(3,0x7ffdc6be6aac,4)
write_all(3,0x55f4482c31ac,18)
sent connection request for 'host:transport-any', waiting for reply...
read_all read_all(3,0x7ffdc6be6aa8,4)
connect_service read_all() READ:OKAY0012
request done
connect_service connect_service(3,localfilesystem:/dev/socket/property_service)
write_all(3,0x7ffdc6be6aac,4)
write_all(3,0x55f4482c31c0,44)
sent connection request for 'localfilesystem:/dev/socket/property_service', waiting for reply...
read_all read_all(3,0x7ffdc6be6aa8,4)
connect_service read_all() READ:OKAY002c
request done
write_all(3,0x55f4482c31a8,4)
write_all(3,0x7ffdc6be6b08,4)
write_all(3,0x7ffdc6be71cd,12)
write_all(3,0x7ffdc6be6b04,4)
write_all(3,0x7ffdc6be71da,6)
read_all read_all(3,0x7ffdc6be6b00,4)
set_property read_all() READ:0
property write succeeded
More test results here: https://docs.google.com/document/d/1qlyhmJ_8CkOluVfQPK2bMtevz9rXzLnHjF362CTigaQ

Ignore-AOSP-First: Security fix.

Signed-off-by: Shaju Mathew <shaju@google.com>
Change-Id: I1ba2cce55628d4ec7a5fbc661614e2a9a2d30018
diff --git a/adb_auth.h b/adb_auth.h
index 7e858dc..1a1ab11 100644
--- a/adb_auth.h
+++ b/adb_auth.h
@@ -49,6 +49,7 @@
 #else // !ADB_HOST
 
 extern bool auth_required;
+extern bool socket_access_allowed;
 
 void adbd_auth_init(void);
 void adbd_auth_verified(atransport *t);
diff --git a/daemon/auth.cpp b/daemon/auth.cpp
index 1a1e4ad..2c3844b 100644
--- a/daemon/auth.cpp
+++ b/daemon/auth.cpp
@@ -64,6 +64,7 @@
 static uint32_t transport_auth_id = 0;
 
 bool auth_required = true;
+bool socket_access_allowed = true;
 
 static void* transport_to_callback_arg(atransport* transport) {
     uint32_t id = transport_auth_id++;
diff --git a/socket_spec.cpp b/socket_spec.cpp
index a71b2c9..5e0678a 100644
--- a/socket_spec.cpp
+++ b/socket_spec.cpp
@@ -29,6 +29,7 @@
 #include <cutils/sockets.h>
 
 #include "adb.h"
+#include "adb_auth.h"
 #include "adb_mdns.h"
 #include "adb_utils.h"
 #include "sysdeps.h"
@@ -185,6 +186,15 @@
 
 bool socket_spec_connect(unique_fd* fd, std::string_view address, int* port, std::string* serial,
                          std::string* error) {
+#if !ADB_HOST
+    if (!socket_access_allowed) {  // Check whether this security suppression is
+        // active (initiated from minadbd), and if so disable socket communications
+        // for the (min)deamon.
+        *error = "Suppressing minadbd socket communications";
+        return false;
+    }
+#endif
+
     if (address.starts_with("tcp:")) {
         std::string hostname;
         int port_value = port ? *port : 0;