From 594f70ffb8c5be164eb1b2484ddb399674ab0dcb Mon Sep 17 00:00:00 2001 From: Josh Gao Date: Thu, 15 Aug 2019 14:05:12 -0700 Subject: [PATCH] Move adbd to an apex. Test: adb shell "su 0 readlink /proc/\`pidof adbd\`/exe" Change-Id: I84dfe4d1b28b619f98c03a2c8eeef2c783d30af2 --- CleanSpec.mk | 1 + adb/Android.bp | 101 ++++++++++++++-------------- adb/apex/adbd.rc | 6 ++ adb/apex/apex_manifest.json | 4 ++ adb/apex/com.android.adbd.avbpubkey | Bin 0 -> 1032 bytes adb/apex/com.android.adbd.pem | 51 ++++++++++++++ adb/apex/com.android.adbd.pk8 | Bin 0 -> 2374 bytes adb/apex/com.android.adbd.x509.pem | 35 ++++++++++ adb/apex/ld.config.txt | 51 ++++++++++++++ liblog/liblog.map.txt | 8 +-- rootdir/init.usb.rc | 1 + 11 files changed, 203 insertions(+), 55 deletions(-) create mode 100644 adb/apex/adbd.rc create mode 100644 adb/apex/apex_manifest.json create mode 100644 adb/apex/com.android.adbd.avbpubkey create mode 100644 adb/apex/com.android.adbd.pem create mode 100644 adb/apex/com.android.adbd.pk8 create mode 100644 adb/apex/com.android.adbd.x509.pem create mode 100644 adb/apex/ld.config.txt diff --git a/CleanSpec.mk b/CleanSpec.mk index 73379cded..c84bd24c4 100644 --- a/CleanSpec.mk +++ b/CleanSpec.mk @@ -89,3 +89,4 @@ $(call add-clean-step, rm -rf $(PRODUCT_OUT)/root/product_services) $(call add-clean-step, rm -rf $(PRODUCT_OUT)/recovery/root/product_services) $(call add-clean-step, rm -rf $(PRODUCT_OUT)/debug_ramdisk/product_services) $(call add-clean-step, find $(PRODUCT_OUT) -type l -name "charger" -print0 | xargs -0 rm -f) +$(call add-clean-step, rm -f $(PRODUCT_OUT)/system/bin/adbd) diff --git a/adb/Android.bp b/adb/Android.bp index 9c7a1b936..d60590780 100644 --- a/adb/Android.bp +++ b/adb/Android.bp @@ -356,11 +356,11 @@ cc_library_static { generated_headers: ["platform_tools_version"], static_libs: [ - "libadbconnection_server", "libdiagnose_usb", ], shared_libs: [ + "libadbconnection_server", "libadbd_auth", "libasyncio", "libbase", @@ -409,12 +409,12 @@ cc_library { ], static_libs: [ - "libadbconnection_server", "libadbd_core", "libdiagnose_usb", ], shared_libs: [ + "libadbconnection_server", "libadbd_auth", "libasyncio", "libbase", @@ -462,6 +462,7 @@ cc_library { ], shared_libs: [ + "libadbconnection_server", "libadbd_auth", "libadbd_services", "libasyncio", @@ -495,18 +496,27 @@ cc_binary { keep_symbols: true, }, - shared_libs: [ + stl: "libc++_static", + static_libs: [ "libadbd", "libadbd_auth", "libadbd_services", + "libasyncio", "libbase", "libcap", - "libcrypto", + "libcrypto_utils", "libcutils", + "libdiagnose_usb", "liblog", + "libmdnssd", "libminijail", "libselinux", ], + + shared_libs: [ + "libadbconnection_server", + "libcrypto", + ], } phony { @@ -526,53 +536,6 @@ phony { ], } -cc_binary { - name: "static_adbd", - defaults: ["adbd_defaults", "host_adbd_supported"], - - recovery_available: false, - static_executable: true, - host_supported: false, - - srcs: [ - "daemon/main.cpp", - ], - - cflags: [ - "-D_GNU_SOURCE", - "-Wno-deprecated-declarations", - ], - - strip: { - keep_symbols: true, - }, - - static_libs: [ - "libadbconnection_server", - "libadbd", - "libadbd_services", - "libasyncio", - "libavb_user", - "libbase", - "libbootloader_message", - "libcap", - "libcrypto_static", - "libcrypto_utils", - "libcutils", - "libdiagnose_usb", - "libext4_utils", - "libfec", - "libfec_rs", - "libfs_mgr", - "liblog", - "liblp", - "libmdnssd", - "libminijail", - "libselinux", - "libsquashfs_utils", - ], -} - cc_binary { name: "abb", @@ -765,3 +728,39 @@ cc_test_host { "fastdeploy/testdata/sample.cd", ], } + +prebuilt_etc { + name: "com.android.adbd.ld.config.txt", + src: "apex/ld.config.txt", + filename: "ld.config.txt", + installable: false, +} + +apex { + name: "com.android.adbd", + manifest: "apex/apex_manifest.json", + + binaries: ["adbd"], + prebuilts: ["com.android.adbd.init.rc", "com.android.adbd.ld.config.txt"], + + key: "com.android.adbd.key", + certificate: ":com.android.adbd.certificate", +} + +apex_key { + name: "com.android.adbd.key", + public_key: "apex/com.android.adbd.avbpubkey", + private_key: "apex/com.android.adbd.pem", +} + +android_app_certificate { + name: "com.android.adbd.certificate", + certificate: "apex/com.android.adbd", +} + +prebuilt_etc { + name: "com.android.adbd.init.rc", + src: "apex/adbd.rc", + filename: "init.rc", + installable: false, +} diff --git a/adb/apex/adbd.rc b/adb/apex/adbd.rc new file mode 100644 index 000000000..9cb072bcc --- /dev/null +++ b/adb/apex/adbd.rc @@ -0,0 +1,6 @@ +service adbd /apex/com.android.adbd/bin/adbd --root_seclabel=u:r:su:s0 + class core + socket adbd seqpacket 660 system system + disabled + override + seclabel u:r:adbd:s0 diff --git a/adb/apex/apex_manifest.json b/adb/apex/apex_manifest.json new file mode 100644 index 000000000..ff2df127b --- /dev/null +++ b/adb/apex/apex_manifest.json @@ -0,0 +1,4 @@ +{ + "name": "com.android.adbd", + "version": 1 +} diff --git a/adb/apex/com.android.adbd.avbpubkey b/adb/apex/com.android.adbd.avbpubkey new file mode 100644 index 0000000000000000000000000000000000000000..06235bd1f61cc259fef6414d31ed779ffc2e24af GIT binary patch literal 1032 zcmV+j1o!&@01yD1FY&LzNsi)Q*>t#O1;A~m0ON`tv+1zAiIC3$SSJ-(*tvkwl~BO+ z;Df^bHd_ZjU?X!l-tV`vL6dqt!y;Lxrac`UPf|HH43@vZdvR{bCN0XWy~-iMoMtje zG1g&no-gl1OG1u3SeQ2_riEroduTjv3k5b&!MFt4x)@5~BJQs|XWy-GSdix)%&AoK zP+KC@PphWPQE5ARFE2woy>drb3{Insu_z`MZy(rrR0>P_B)p*o|SC{FYI>-9lOF(F)tz?{Fl@= z|J)Ss&e*~040atJ(3`#wFQ%q!v}CwSLHAi_&3fJ2aK3UE9!OQ( z0%Pg=-SMRS|+#({U$YmzX(LRjBnUV=Ql=JQn31tC&1M+qgn^%D_B*0iFk2^#q za8bff*!BMsn-#e2{}u?+mF_vuKh}P=7o3~SfBn_Oy6Ot1VL%>{NRQHs6Cs}Bbx}z& zim7wiyZW(9qrg=qB!P?KUVGi#%IvSNH^<+5>eaiDw!~q7<{KIffZa$vrc4R6=|1$g z6EbUbdr++&nPd@{qTaqPkn#q!g9#UhU`(bisJ9tzuOm6mo{hRT2@Th868AnS2ae0> zRB}ThqEG9URi;yv7(M(f7UeAhv~B`Bl0a?*f(sp#7J?B*VOStO89TrXkj${8$me06 zSbE#No-TaAowN;^hIeDxu_FQ?oje~2<6jPFw9M$d1EcQU7nLV5ehOL#{ovn;XzM99 z+C9wTD}-50_$g;BcVXRLGL3nC`ctN{SPhiIqluAerA%5EUyha;B5@T$u`Lsm>KUr? zRK^9(*5_Yq=vOG|=FL5etot~j2i`@MNdz31+@I5-!NzrHTkJnz)Rf@IG0=+#Ss5S*#1k3wGVoJ#}*sr1(AEr)#_w6zu$aysrx zJBl|bh?2Bken6cUK^AteqStMU1yE&LNQUwEHHuzC;|Zh0)heo0J_b!9$GGM zG!Cx_E(Hd%Q1-XDQS49YHk+_EFItg7peb&=$rIU>W~FllTd^}km1en1*?_hc9^z)6 z@yJ(unnlf(6I7M@%41nHZTq0@umgLFw0SG8k2zy0`r7$~1f4(?P9@iyifbOHEh!(X z7eq_ip1Q@(M2!Do=+f!s!D4x1h}@p{WK?oFD$Os6^5$QRxtWMB)z=qcZ1Q6r{eQvo zc>DBnG+|+Qh!KW(^re*G$m`1V9{yl1F$;{R-8BTdY}svopsbHP4g*)ON>O+P>!d|~ z$m5Wbe+eg$8#L~FKa^WBWZXNP=*gRiy-Q9=x4$fvwl%e_flk`bjOg~cHI;{e4tcpu zVkh4_Sp16iRi`q>I$`3P6fj>)QdG@xkIh-!fX>S<{J;_>%XS#ZBhL-6oAW+_%F!uq zN`Hjz-r^YTUrsp#CeL_@LO`d(kl<`2aW!DHKoR)W^P>sPjBgY&Hn-bQ(>sZ zz`7*odep>Hb7pZ`Be3|MOvW!G!bv__tu?X}Ig20LVf<&S6qlAnT9*>8lyV=`u=>Vz z^YQ;g03^OC5rBy%Kp2uNE+_z)(y*HmqAd$X+`QdSjk-IItn^JWYh3SL2Z)#sgJ0S= zbHlC+^fDodh2asE{Hb5Awy0t++&gA`=}_sOhsO3P4Rd%WJEP-$LKD?}^iuD2;4Hgc z;v>TQoK{)`2U&ytZAR+jc>yO3)^0M-7E#=0Tw_aqq$?RkLz8xjP>}Z77$3*EA3k(0 z*0N{(7qO>RD$gHU()7^!BnefHT`@$92-#V8L&Wj%Dgwa4a)3UAC?Lg+7?!7J>XnMtuS z!W=i)&P3CEhfs%>K1^Sg6R%Ccu=$6gSKcb6<18ja*;rz#kJu=a2shcw7cj$wJ>!;s zEIPZC6Yt1iU!G=mn>oJwYa#yRHbM)lDG`AHSj_BB3$q;E8-W6X0RaH)^A#sYutK0U zz!7&iSP|p3ovW17v4+!0OlRDYgQ^p>R7s1RW|S{PaUSbY~&FAAB ze47cZ6SMN8Y+y|Fw7%F}YsdJ9R&j5q9_))A`$^!o5*z0)2wNuh0|rsEv^pd`aRsoK zDi)Wz;9V0bWhj+u?QL=P>YNpa^$y-0BA+f!sgOagpu_1X$+#yOekkHR4lKST_!wR$ z-WOXL?#3_k5~SuE>|?Bl(agIjA|qfVyT7;u2a;6KSAh3VdxML3;cc1`W>BO8o-wcC zL#DxxdKLLTOr+jqKY%@)7SJ?KO!Y#ta&Cxygzt_l$8`Yy;SQt$sSPI96^mq*;DgriIr>A-1FMeGxrI`&>X6~g&egAI9OG;A&y}Z`M8Tc4 zEujK@P)j`FruPps-_BXs3m07aMs{_Vx%i*X6AO`8BXi(6m%IFGFG5hq3kFnHK#I+2 zwwr7UVBbXL@kGQ>vm^brh(TY_WT@nffGOnq$m8SeWWAn(-|G@Z?A%zkzj$37{XHM; zko@(#Ag#wyAr^m9*n|0)hbmb1u(MqUWjG zn}u9>De0B?t!9zy?BrE=3?G^`e18^%F`Dm2|yyRhK0UjYUYdwJr*CuPIT1!!>^*L7EEnpP~M2O-vu7pSE#JNwym4J)+j{n z%R0&^CYh$ z#ho0PYKO_ou}hTUPaU9cR4>M83}9RJ_N7(RED}mB^no<)1G6;*?W7mgS2Oo(V&Z3@ z>CP(`*qJVARKbZmnp?~XCjn>xr8j@t21wpEcU{rl#i$@w4&!DC0)hbn0HN|0f!2u0 zIAlX{u4vk2jVbhi61omYVKZKnuZh-`D-{}Ph5IU}@nk-_{&sRRg=72oLDA`)l=ZB` zDLUdoaVWBa&;ml&V)`z;E4SE^61A?Td$ltLYpb9DX~y?2=Mwr! zHc;~?(3LR7?}=H4b{r1-Q2!&N;qW#mZzu^8A_eA{cxuT2qTOO1-@|I#GF@0g?L+Qi zV(jc*LSKDgV1}LxXue_OKufF<;hHODIY7TqEuFl^u->sNbrzOfnLP;kny3s3KB^BLDyZ literal 0 HcmV?d00001 diff --git a/adb/apex/com.android.adbd.x509.pem b/adb/apex/com.android.adbd.x509.pem new file mode 100644 index 000000000..bb85c1d11 --- /dev/null +++ b/adb/apex/com.android.adbd.x509.pem @@ -0,0 +1,35 @@ +-----BEGIN CERTIFICATE----- +MIIGHzCCBAegAwIBAgIUW8npFHXBP+wsEAesGMBxaV7TScAwDQYJKoZIhvcNAQEL +BQAwgZ0xCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQH +DA1Nb3VudGFpbiBWaWV3MRAwDgYDVQQKDAdBbmRyb2lkMRAwDgYDVQQLDAdBbmRy +b2lkMRkwFwYDVQQDDBBjb20uYW5kcm9pZC5hZGJkMSIwIAYJKoZIhvcNAQkBFhNh +bmRyb2lkQGFuZHJvaWQuY29tMCAXDTE5MDgxNTE5MzkxM1oYDzQ3NTcwNzExMTkz +OTEzWjCBnTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNV +BAcMDU1vdW50YWluIFZpZXcxEDAOBgNVBAoMB0FuZHJvaWQxEDAOBgNVBAsMB0Fu +ZHJvaWQxGTAXBgNVBAMMEGNvbS5hbmRyb2lkLmFkYmQxIjAgBgkqhkiG9w0BCQEW +E2FuZHJvaWRAYW5kcm9pZC5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK +AoICAQC6zbUeWi5vNA6vCC4FBrJQ9re4UexP6TabsDYvWpFBoCluvMkT2ZRmpXMF +W7EzQ5VmuUvZgLYVHuJmnvHIV3uaRc2VE1SV+spjWTRt+6DtsAN7irR5K66POWMp ++tr5hASdQBVOJdebimsepy0pH6sXREvanrrFzkSM/2Ho0unlwWJ5Y4jcnvdkVHI5 +Ks0vifLmX4y5mYgv1dcXYWzyYx39f8HyePv0cjRhYXiIEYZ49KWU4MjryvQe/mAu +MQuMp901BLps2W1+oKyPPA4DV69KUXgF66RFfsjjkJJ/CSeQGzTuez+UWzFk3Duc +6MmbiL1LTki3vyyVtjW1rYFO2s+M6Pa5NZWHgA55uUxiJ987WPyK9lWnMsY6YeKa +FDBfS1JUzXGPzVncgM7LLvzAEibLdhjII88NsJvzPoHK0SluSn+E7t7iGO1fTjkD +Js94iUJAp8OQ4GwkcTVgtEAR+NXzownNjHJ6qpiq6tXRqXdBqSat/glf01AgNDtz +9AGeW7Mz6FqTdOzg3U4lu77+CGd3SZTuQk8C8PUDNhqhQX5H2qhr90bakGaXuYfE +rWFzIjrVdJIznV1BimOCay5HyyHab4FWlVhAvslEQb2BpHRyi2lhe0laupOpmN44 +LzfjFM18bi2GashIi2OQuYDyAeT5mGtR2g8mC7g44H6dH+wTfQIDAQABo1MwUTAd +BgNVHQ4EFgQU7lyyxPO5SOOh9a5O0l4+RjckcgcwHwYDVR0jBBgwFoAU7lyyxPO5 +SOOh9a5O0l4+RjckcgcwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC +AgEAStsOy8bkbZg/Ygx47bPkLSz0cJIvATxTChUGOabkz+brLis88ABVWVP0IXps +tlLlZR5cjXBJguE7GJXzKPWzQZuB8+YwcGHG6QDFpfdMeGrxPDhwNfGy236ArVnx +K0v1IIxoZRZ0P7aubk3xwUAPgsmT5ayZCKu+dqlEy5B6ioKEsr7Y2RRT/8ifERNm +cjS9AhcyWrp4R3cjy2iA/RpdsPFwE5ac3I+GtUB4D2up5aDMsy85i9t2/1kuTUaA +9UHwGXCpcqP8f8BqeLzuxDzYkAvkntlNxbXn1cbn+dTRIOCBoDbtSeqtxhWooOUH +RQROeRsB7iicdYJJRge0+WyR+216AKUSQPE6/rT0Ifr06ZRwi22/YyySpwuO3SNA ++yWffh+f4h31Dz+p6pu8wjbMDkq4LnCWyjLwfF/yhvWhwwm5+KPAEhvJABeHQc+3 +cslOC9dlXJm9sPoUC7ghmUiFsCmN2hIzQrr2QoK0Obh0AGexOvOAw9cqtOdZQncB +bqC8c4sVYScVxwDWkg0lNfRMC5boPjBsl7+M2CC1ukgVpXTyDOEjMWILrBXfYCDX +unBH3kbKQOfL5RT0nE1Lkt1rn5qAWMJg4mvS4QuIurbRtEoj3QYQadF9md4qJXs0 +TvqvY8iEC4xrWU2SQn1K3PutXgaLP9/b6Cy1SBrhBX+AC5s= +-----END CERTIFICATE----- diff --git a/adb/apex/ld.config.txt b/adb/apex/ld.config.txt new file mode 100644 index 000000000..85f9b298d --- /dev/null +++ b/adb/apex/ld.config.txt @@ -0,0 +1,51 @@ +# Copyright (C) 2019 The Android Open Source Project +# +# Bionic loader config file for the adbd APEX. + +dir.adbd = /apex/com.android.adbd/bin/ + +[adbd] +additional.namespaces = platform,art,adbd + +namespace.default.isolated = true +namespace.default.links = art,adbd,platform +namespace.default.link.art.shared_libs = libadbconnection_server.so +namespace.default.link.platform.allow_all_shared_libs = true +namespace.default.link.adbd.allow_all_shared_libs = true + +############################################################################### +# "adbd" APEX namespace +############################################################################### +namespace.adbd.isolated = true +namespace.adbd.search.paths = /apex/com.android.adbd/${LIB} +namespace.adbd.asan.search.paths = /apex/com.android.adbd/${LIB} +namespace.adbd.links = platform +namespace.adbd.link.platform.allow_all_shared_libs = true + +############################################################################### +# "art" APEX namespace: used for libadbdconnection_server +############################################################################### +namespace.art.isolated = true +namespace.art.search.paths = /apex/com.android.art/${LIB} +namespace.art.asan.search.paths = /apex/com.android.art/${LIB} +namespace.art.links = platform +namespace.art.link.platform.allow_all_shared_libs = true + +############################################################################### +# "platform" namespace: used for NDK libraries, and libadbd_auth +############################################################################### +namespace.platform.isolated = true +namespace.platform.search.paths = /system/${LIB} +namespace.platform.asan.search.paths = /data/asan/system/${LIB} + +# /system/lib/libc.so, etc are symlinks to +# /apex/com.android.runtime/lib/bionic/libc.so, etc. Add the path to the +# permitted paths because linker uses realpath(3) to check the accessibility +# of the lib. We could add this to search.paths instead but that makes the +# resolution of bionic libs be dependent on the order of /system/lib and +# /apex/.../lib/bionic in search.paths. If the latter is after the former, +# then the latter is never tried because libc.so is always found in +# /system/lib but fails to pass the accessibility test because of its realpath. +# It's better to not depend on the ordering if possible. +namespace.platform.permitted.paths = /apex/com.android.runtime/${LIB}/bionic +namespace.platform.asan.permitted.paths = /apex/com.android.runtime/${LIB}/bionic diff --git a/liblog/liblog.map.txt b/liblog/liblog.map.txt index ce4c53c82..aea33507f 100644 --- a/liblog/liblog.map.txt +++ b/liblog/liblog.map.txt @@ -51,7 +51,7 @@ LIBLOG_M { LIBLOG_O { global: __android_log_is_loggable_len; - __android_log_is_debuggable; # vndk + __android_log_is_debuggable; # apex vndk }; LIBLOG_Q { @@ -61,15 +61,15 @@ LIBLOG_Q { __android_log_bwrite; # apex __android_log_close; # apex __android_log_security; # apex - android_log_reset; #vndk - android_log_parser_reset; #vndk + __android_log_security_bswrite; # apex + android_log_reset; # vndk + android_log_parser_reset; # vndk }; LIBLOG_PRIVATE { global: __android_log_pmsg_file_read; __android_log_pmsg_file_write; - __android_log_security_bswrite; __android_logger_get_buffer_size; __android_logger_property_get_bool; android_openEventTagMap; diff --git a/rootdir/init.usb.rc b/rootdir/init.usb.rc index b6cba901e..688d9ad08 100644 --- a/rootdir/init.usb.rc +++ b/rootdir/init.usb.rc @@ -16,6 +16,7 @@ service adbd /system/bin/adbd --root_seclabel=u:r:su:s0 class core socket adbd seqpacket 660 system system disabled + updatable seclabel u:r:adbd:s0 on boot