adb_root icon indicating copy to clipboard operation
adb_root copied to clipboard
verified publisher icon evdenis

Make it a bit more secure

Open biennvops opened this issue 2 years ago • 0 comments

The idea is to make this module more secure by design, while still allow root debugging for developers/users.

Instead of:

int adbd_main(int server_port) {
     // descriptor will always be open.
     adbd_cloexec_auth_socket();

     auth_required = false;
 
     adbd_auth_init();

We can modify the original function's prop to something different, like:

int adbd_main(int server_port) {
     // descriptor will always be open.
     adbd_cloexec_auth_socket();
 
    if (android::base::GetBoolProperty("ro.adb.insecure", true)) {
        auth_required = false;
    }
 
     adbd_auth_init();

Then, adbd will check for ro.adb.insecure instead of ro.adb.secure. This also avoid SafetyNet detection. By default, ro.adb.insecure should be false, so that if the phone gets connected to a new/unknown PC, it won't just trust and give all root permissions. The user can revert to the old behavior with ro.adb.insecure=true if they need (like for example a dead phone display).

biennvops avatar Aug 03 '23 02:08 biennvops