adbd: lessen security constraints when the device is unlocked
ALLOW_ADBD_ROOT ('adb root') and ALLOW_ADBD_NO_AUTH (ro.adb.secure = 0)
are false in user build. This prevents a non-A/B device from running
Treble VTS because it requires 'adb root'. Without ALLOW_ADBD_NO_AUTH,
adb still can work if ro.adb.secure = 1. However, allowing it to be 0
is better for test automation.
The image combination in VTS is:
- system.img (userdebug): provided by Googlg
- boot.img (user): provided by the OEM <-- adbd is here
- vendor.img (user): provided by the OEM
This change allows 'adb root' and 'ro.adb.secure = 0' when the device is
unlocked in user build. No changes for userdebug/eng builds.
Note that the device must be unlocked when running VTS. Otherwise,
verified boot will prevent it from booting the system.img provided by
Google (no verity metadata).
Bug: 63313955
Bug: 63381692
Test: use the above image combination, check 'adb root' and
'ro.adb.secure = 0' can work
Change-Id: I109d96c950e54c4fb0ac0c98b989a20593681e52
diff --git a/adb/Android.mk b/adb/Android.mk
index 1f6f194..ae03593 100644
--- a/adb/Android.mk
+++ b/adb/Android.mk
@@ -350,11 +350,11 @@
-D_GNU_SOURCE \
-Wno-deprecated-declarations \
+LOCAL_CFLAGS += -DALLOW_ADBD_ROOT=$(if $(filter userdebug eng,$(TARGET_BUILD_VARIANT)),1,0)
LOCAL_CFLAGS += -DALLOW_ADBD_NO_AUTH=$(if $(filter userdebug eng,$(TARGET_BUILD_VARIANT)),1,0)
ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT)))
LOCAL_CFLAGS += -DALLOW_ADBD_DISABLE_VERITY=1
-LOCAL_CFLAGS += -DALLOW_ADBD_ROOT=1
endif
LOCAL_MODULE := adbd