adb, how it works?

dushistov · 2017-09-04 15:07:29

My question is not common,
it is not about how to get it to work,
but about how it works?

I download (from android site not via pacman) and run `adb` (Android debug bridge) and it works,
it connected to device without problem. But it should not able to do it.

$ cat /proc/22728/status | grep -i name
Name:   adb
$ ls -l `readlink  /proc/22728/fd/10`
crw-rw----+ 1 root adbusers 189, 13 сен  4 14:08 /dev/bus/usb/001/014
$ cat /proc/22728/status | egrep  -i '^uid|^gid'
Uid:    1000    1000    1000    1000
Gid:    1000    1000    1000    1000
$ grep adbuser /etc/group
adbusers:x:993:
$ ls -l `readlink /proc/22728/exe`
-rwxr-xr-x 1 evgeniy evgeniy 2353724 мар 23 13:21 /home/evgeniy/Android/Sdk/platform-tools/adb
$ grep 1000 /etc/passwd
evgeniy:x:1000:1000::/home/evgeniy:/bin/bash
$ grep 1000 /etc/group
evgeniy:x:1000:

As you can see I have process adb, that run from user 1000/1000, and executable file also
belong to this user without any suid bit.

And this executable (adb) open file /dev/bus/usb/001/014 that belong to root/adbusers, without other access (no other read/write/exec)
And adbusers group have no members,
so how, how it works?

progandy · 2017-09-04 23:58:17

Most likely sytemd-logind and udev set the right access permissions with uaccess. These permissions are always changed to the currently logged in user and stored as POSIX acl. You can see that acl entries exist when the '+' appears after the permissions. You can get them with 'getfacl /your/file'

dushistov · 2017-09-05 00:06:06

> Most likely sytemd-logind and udev set the right access permissions with uaccess

you right:

$ getfacl /dev/bus/usb/001/014
getfacl: Removing leading '/' from absolute path names
# file: dev/bus/usb/001/014
# owner: root
# group: adbusers
user::rw-
user:evgeniy:rw-
group::rw-
mask::rw-
other::---

thanks

Arch Linux

#1 2017-09-04 15:07:29

adb, how it works?

#2 2017-09-04 23:58:17

Re: adb, how it works?

#3 2017-09-05 00:06:06

Re: adb, how it works?

Board footer