Snap for 8005451 from 3c01530eb77b9d5b062d924309d9c63114aab514 to sc-v2-release
Change-Id: I337f4704cac7e024d98ca355d4d38caca1f225ae
diff --git a/adb_auth.h b/adb_auth.h
index 7e858dc..1a1ab11 100644
--- a/adb_auth.h
+++ b/adb_auth.h
@@ -49,6 +49,7 @@
#else // !ADB_HOST
extern bool auth_required;
+extern bool socket_access_allowed;
void adbd_auth_init(void);
void adbd_auth_verified(atransport *t);
diff --git a/daemon/auth.cpp b/daemon/auth.cpp
index 1a1e4ad..2c3844b 100644
--- a/daemon/auth.cpp
+++ b/daemon/auth.cpp
@@ -64,6 +64,7 @@
static uint32_t transport_auth_id = 0;
bool auth_required = true;
+bool socket_access_allowed = true;
static void* transport_to_callback_arg(atransport* transport) {
uint32_t id = transport_auth_id++;
diff --git a/socket_spec.cpp b/socket_spec.cpp
index c93b023..4a05210 100644
--- a/socket_spec.cpp
+++ b/socket_spec.cpp
@@ -29,6 +29,7 @@
#include <cutils/sockets.h>
#include "adb.h"
+#include "adb_auth.h"
#include "adb_mdns.h"
#include "adb_utils.h"
#include "sysdeps.h"
@@ -185,6 +186,15 @@
bool socket_spec_connect(unique_fd* fd, std::string_view address, int* port, std::string* serial,
std::string* error) {
+#if !ADB_HOST
+ if (!socket_access_allowed) { // Check whether this security suppression is
+ // active (initiated from minadbd), and if so disable socket communications
+ // for the (min)deamon.
+ *error = "Suppressing minadbd socket communications";
+ return false;
+ }
+#endif
+
if (address.starts_with("tcp:")) {
std::string hostname;
int port_value = port ? *port : 0;