Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / e7407e22fc946261504e71a81ffbd5d9c1740e0c^! / . / microdroid
commite7407e22fc946261504e71a81ffbd5d9c1740e0c[log] [tgz]
authorJiyong Park <jiyong@google.com>Mon Oct 18 15:51:59 2021 +0900
committerJiyong Park <jiyong@google.com>Mon Oct 18 20:38:23 2021 +0900
tree6efb145b4697acbc1e771d3d498cbddf4dd45aeb
parent2294b03332be488acaba7043cc264b10be0bfc11 [diff]
Don't start adb if debugging is off

* Debug level None: adb is not supported
* Debug level app_only: adb is supported, but rooting is prohibited
* Debug level full: adb is supported and can be rooted

Bug: 201362865
Test: start a VM with `--debug none` and try to connect to the VM via
adb. It doesn't work as expected.

Change-Id: I95fe01e722d974ff1eb29469ac96abe7d785288d

diff --git a/microdroid/bootconfig.app_debuggable b/microdroid/bootconfig.app_debuggable
index 79e2b08..f65d4cd 100644
--- a/microdroid/bootconfig.app_debuggable
+++ b/microdroid/bootconfig.app_debuggable

@@ -1 +1,10 @@
+# TODO(b/203369076) This should be 0 to disable adb rooting. For now, we can't do that because
+# if this is set to 0, adbd enforces the host authentication but we don't put the adb
+# public key (which represents the owner) in the VM yet.
+androidboot.microdroid.debuggable=0
+
+# Console output is not redirect to the host-side.
 kernel.console = null
+
+# ADB is supported but rooting is prohibited.
+androidboot.adb.enabled=1

diff --git a/microdroid/bootconfig.full_debuggable b/microdroid/bootconfig.full_debuggable
index d67cd76..f6afdcf 100644
--- a/microdroid/bootconfig.full_debuggable
+++ b/microdroid/bootconfig.full_debuggable

@@ -1 +1,10 @@
+# ro.debuggable is set.
+androidboot.microdroid.debuggable=1
+
+# Kernel message is exported.
 kernel.printk.devkmsg=on
+
+# ADB is supported and rooting is possible. Note that
+# ro.adb.secure is still 0 (see build.prop) which means that adbd is started
+# unrooted by default. To root, developer should explicitly execute `adb root`.
+androidboot.adb.enabled=1

diff --git a/microdroid/bootconfig.normal b/microdroid/bootconfig.normal
index 79e2b08..f7cdfc7 100644
--- a/microdroid/bootconfig.normal
+++ b/microdroid/bootconfig.normal

@@ -1 +1,8 @@
+# ro.debuggable is off
+androidboot.microdroid.debuggable=0
+
+# Console output is not redirect to the host-side.
 kernel.console = null
+
+# ADB is not enabled.
+androidboot.adb.enabled=0

diff --git a/microdroid/build.prop b/microdroid/build.prop
index eaca63d..ada945d 100644
--- a/microdroid/build.prop
+++ b/microdroid/build.prop

@@ -1,6 +1,5 @@
 # build.prop for microdroid
 ro.apex.updatable=true
-ro.debuggable=1
 ro.adb.secure=0
 service.adb.listen_addrs=vsock:5555
 

diff --git a/microdroid/init.rc b/microdroid/init.rc
index 23434bb..078b51d 100644
--- a/microdroid/init.rc
+++ b/microdroid/init.rc

@@ -30,6 +30,8 @@
     # payloads are not designed to run with bootstrap bionic
     setprop apex_config.done true
 
+    setprop ro.debuggable ${ro.boot.microdroid.debuggable:-0}
+
 on init
     # Mount binderfs
     mkdir /dev/binderfs
@@ -80,6 +82,7 @@
     # TODO(b/185767624): remove hidl after full keymint support
     start hwservicemanager
 
+on init && property:ro.boot.adb.enabled=1
     start adbd
 
 on load_persist_props_action