adbd

README.md

@@ -0,0 +1,105 @@
+# ADB Root
+
+You don't need this module if you don't know what is "adb root". It's not an
+ordinary root (su).
+
+This is a highly insecure magisk module.
+Don't forget to disable it once you've done all the things you need.
+Don't use it constantly.
+
+This module allows you to run adb daemon from root user. It provides own adbd binary.
+The binary obtained from AOSP sources with the following patch that disables props
+checks and usb auth. The binary is required because "adb root" can be disabled
+in compile time by some vendors. Aarch64 only.
+
+<details>
+
+<summary>Patch:</summary>
+
+```diff
+diff --git a/adb/daemon/main.cpp b/adb/daemon/main.cpp
+index d064d0d..a520bfd 100644
+--- a/adb/daemon/main.cpp
++++ b/adb/daemon/main.cpp
+@@ -51,48 +51,11 @@
+ static const char* root_seclabel = nullptr;
+
+ static bool should_drop_capabilities_bounding_set() {
+-#if defined(ALLOW_ADBD_ROOT)
+- if (__android_log_is_debuggable()) {
+- return false;
+- }
+-#endif
+- return true;
++ return false;
+ }
+
+ static bool should_drop_privileges() {
+-#if defined(ALLOW_ADBD_ROOT)
+- // The properties that affect `adb root` and `adb unroot` are ro.secure and
+- // ro.debuggable. In this context the names don't make the expected behavior
+- // particularly obvious.
+- //
+- // ro.debuggable:
+- // Allowed to become root, but not necessarily the default. Set to 1 on
+- // eng and userdebug builds.
+- //
+- // ro.secure:
+- // Drop privileges by default. Set to 1 on userdebug and user builds.
+- bool ro_secure = android::base::GetBoolProperty("ro.secure", true);
+- bool ro_debuggable = __android_log_is_debuggable();
+-
+- // Drop privileges if ro.secure is set...
+- bool drop = ro_secure;
+-
+- // ... except "adb root" lets you keep privileges in a debuggable build.
+- std::string prop = android::base::GetProperty("service.adb.root", "");
+- bool adb_root = (prop == "1");
+- bool adb_unroot = (prop == "0");
+- if (ro_debuggable && adb_root) {
+- drop = false;
+- }
+- // ... and "adb unroot" lets you explicitly drop privileges.
+- if (adb_unroot) {
+- drop = true;
+- }
+-
+- return drop;
+-#else
+- return true; // "adb root" not allowed, always drop privileges.
+-#endif // ALLOW_ADBD_ROOT
++ return false;
+ }
+
+ static void drop_privileges(int server_port) {
+@@ -183,9 +146,7 @@ int adbd_main(int server_port) {
+ // descriptor will always be open.
+ adbd_cloexec_auth_socket();
+
+- if (ALLOW_ADBD_NO_AUTH && !android::base::GetBoolProperty("ro.adb.secure", false)) {
+- auth_required = false;
+- }
++ auth_required = false;
+
+ adbd_auth_init();
+
+diff --git a/adb/services.cpp b/adb/services.cpp
+index 8518f2e..24f9def 100644
+--- a/adb/services.cpp
++++ b/adb/services.cpp
+@@ -78,12 +78,6 @@ void restart_root_service(int fd, void *cookie) {
+ WriteFdExactly(fd, "adbd is already running as root\n");
+ adb_close(fd);
+ } else {
+- if (!__android_log_is_debuggable()) {
+- WriteFdExactly(fd, "adbd cannot run as root in production builds\n");
+- adb_close(fd);
+- return;
+- }
+-
+ android::base::SetProperty("service.adb.root", "1");
+ WriteFdExactly(fd, "restarting adbd as root\n");
+ adb_close(fd);
+```
+
+</details>

module.prop

@@ -0,0 +1,6 @@
+id=adb_root
+name=ADB Root
+version=v1
+versionCode=1
+author=Denis Efremov (@evdenis)
+description=Allows to "adb root" regardless of props settings and skips usb keys auth. Kind of "adbd Insecure" as a Magisk Module. Arm64 only.

sepolicy.rule

@@ -0,0 +1,3 @@
+allow adbd adbd process setcurrent
+allow adbd su process dyntransition
+allow su * * *