1,system/core/adb/daemon/main.cpp
--- a/system/core/adb/daemon/main.cpp
+++ b/system/core/adb/daemon/main.cpp
@@ -72,38 +72,8 @@ static bool should_drop_capabilities_bounding_set() {
}
static bool should_drop_privileges() {
- // "adb root" not allowed, always drop privileges.
- if (!ALLOW_ADBD_ROOT && !is_device_unlocked()) return true;
-
- // The properties that affect `adb root` and `adb unroot` are ro.secure and
- // ro.debuggable. In this context the names don't make the expected behavior
- // particularly obvious.
- //
- // ro.debuggable:
- // Allowed to become root, but not necessarily the default. Set to 1 on
- // eng and userdebug builds.
- //
- // ro.secure:
- // Drop privileges by default. Set to 1 on userdebug and user builds.
- bool ro_secure = android::base::GetBoolProperty("ro.secure", true);
- bool ro_debuggable = __android_log_is_debuggable();
-
- // Drop privileges if ro.secure is set...
- bool drop = ro_secure;
-
- // ... except "adb root" lets you keep privileges in a debuggable build.
- std::string prop = android::base::GetProperty("service.adb.root", "");
- bool adb_root = (prop == "1");
- bool adb_unroot = (prop == "0");
- if (ro_debuggable && adb_root) {
- drop = false;
- }
- // ... and "adb unroot" lets you explicitly drop privileges.
- if (adb_unroot) {
- drop = true;
- }
- return drop;
+ return 0;
}
2,system/sepolicy/Android.mk
--- a/system/sepolicy/Android.mk
+++ b/system/sepolicy/Android.mk
@@ -983,7 +983,7 @@ $(built_sepolicy_neverallows)
echo "ERROR: permissive domains not allowed in user builds" 1>&2; \
echo "List of invalid domains:" 1>&2; \
cat $@.permissivedomains 1>&2; \
- exit 1; \
+ #exit 1; \
fi
$(hide) mv $@.tmp $@
@@ -1037,7 +1037,7 @@ $(LOCAL_BUILT_MODULE): $(sepolicy.recovery.conf) $(HOST_OUT_EXECUTABLES)/checkpo
echo "ERROR: permissive domains not allowed in user builds" 1>&2; \
echo "List of invalid domains:" 1>&2; \
cat $@.permissivedomains 1>&2; \
- exit 1; \
+ #exit 1; \
3,system/sepolicy/definitions.mk
--- a/system/sepolicy/definitions.mk
+++ b/system/sepolicy/definitions.mk
@@ -4,7 +4,7 @@ define transform-policy-to-conf
@mkdir -p $(dir $@)
$(hide) m4 --fatal-warnings $(PRIVATE_ADDITIONAL_M4DEFS) \
-D mls_num_sens=$(PRIVATE_MLS_SENS) -D mls_num_cats=$(PRIVATE_MLS_CATS) \
- -D target_build_variant=$(PRIVATE_TARGET_BUILD_VARIANT) \
+ -D target_build_variant=eng \