From 5cba504215ea91187cc36ec7aec5dce1b0f4b0fe Mon Sep 17 00:00:00 2001
From: Elliott Hughes <enh@google.com>
Date: Wed, 17 Jun 2015 15:23:42 -0700
Subject: [PATCH] Ignore ro.adb.secure in user builds.

Require authorization by default, and remove the ability to override
that in user builds. (userdebug and eng are still free to do whatever
they want.)

Bug: http://b/21862859
Change-Id: Ibf8af375be5bf1141c1ad481eee7a59fb10a7adb
---
 adb/Android.mk      | 5 ++---
 adb/adb.cpp         | 4 ++--
 adb/adb_auth.cpp    | 2 +-
 adb/adb_auth.h      | 2 +-
 adb/daemon/main.cpp | 7 ++++---
 5 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/adb/Android.mk b/adb/Android.mk
index f03004195..7977009e7 100644
--- a/adb/Android.mk
+++ b/adb/Android.mk
@@ -238,12 +238,11 @@ LOCAL_CFLAGS := \
     -D_GNU_SOURCE \
     -Wno-deprecated-declarations \
 
-ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT)))
-LOCAL_CFLAGS += -DALLOW_ADBD_ROOT=1
-endif
+LOCAL_CFLAGS += -DALLOW_ADBD_NO_AUTH=$(if $(filter userdebug eng,$(TARGET_BUILD_VARIANT)),1,0)
 
 ifneq (,$(filter userdebug eng,$(TARGET_BUILD_VARIANT)))
 LOCAL_CFLAGS += -DALLOW_ADBD_DISABLE_VERITY=1
+LOCAL_CFLAGS += -DALLOW_ADBD_ROOT=1
 endif
 
 LOCAL_MODULE := adbd
diff --git a/adb/adb.cpp b/adb/adb.cpp
index 9af158698..6a0540c7e 100644
--- a/adb/adb.cpp
+++ b/adb/adb.cpp
@@ -431,9 +431,9 @@ void handle_packet(apacket *p, atransport *t)
 
         parse_banner(reinterpret_cast<const char*>(p->data), t);
 
-        if (HOST || !auth_enabled) {
+        if (HOST || !auth_required) {
             handle_online(t);
-            if(!HOST) send_connect(t);
+            if (!HOST) send_connect(t);
         } else {
             send_auth_request(t);
         }
diff --git a/adb/adb_auth.cpp b/adb/adb_auth.cpp
index dc0182519..cff26d619 100644
--- a/adb/adb_auth.cpp
+++ b/adb/adb_auth.cpp
@@ -28,7 +28,7 @@
 #include "adb.h"
 #include "transport.h"
 
-int auth_enabled = 0;
+bool auth_required = true;
 
 void send_auth_request(atransport *t)
 {
diff --git a/adb/adb_auth.h b/adb/adb_auth.h
index 1e1978d92..a13604a76 100644
--- a/adb/adb_auth.h
+++ b/adb/adb_auth.h
@@ -19,7 +19,7 @@
 
 #include "adb.h"
 
-extern int auth_enabled;
+extern bool auth_required;
 
 int adb_auth_keygen(const char* filename);
 void adb_auth_verified(atransport *t);
diff --git a/adb/daemon/main.cpp b/adb/daemon/main.cpp
index d7fa362c7..157c97bbc 100644
--- a/adb/daemon/main.cpp
+++ b/adb/daemon/main.cpp
@@ -125,11 +125,12 @@ int adbd_main(int server_port) {
     // descriptor will always be open.
     adbd_cloexec_auth_socket();
 
-    auth_enabled = property_get_bool("ro.adb.secure", 0) != 0;
-    if (auth_enabled) {
-        adbd_auth_init();
+    if (ALLOW_ADBD_NO_AUTH && property_get_bool("ro.adb.secure", 0) == 0) {
+        auth_required = false;
     }
 
+    adbd_auth_init();
+
     // Our external storage path may be different than apps, since
     // we aren't able to bind mount after dropping root.
     const char* adb_external_storage = getenv("ADB_EXTERNAL_STORAGE");