From 275232667d26fd5d77dc3c2654fd02b043e82ebc Mon Sep 17 00:00:00 2001
From: Josh Gao <jmgao@google.com>
Date: Tue, 22 Oct 2019 12:30:39 -0700
Subject: [PATCH 1/2] adbd: use libadbd_auth for authentication.

Bug: http://b/137798163
Test: for i in `seq 1 100000`; do echo $i; adb wait-for-device shell "su 0 stop; su 0 start; sleep 10"; adb disconnect; done
Change-Id: Ie481e79a48c4aabf18ef797317ba18f207808c63
---
 adb/Android.bp      |   6 +
 adb/adb.cpp         |   1 +
 adb/daemon/auth.cpp | 264 +++++++++++++-------------------------------
 adb/daemon/main.cpp |   5 +-
 adb/transport.h     |   3 +
 5 files changed, 87 insertions(+), 192 deletions(-)

diff --git a/adb/Android.bp b/adb/Android.bp
index d14fe56bb..9c7a1b936 100644
--- a/adb/Android.bp
+++ b/adb/Android.bp
@@ -361,6 +361,7 @@ cc_library_static {
     ],
 
     shared_libs: [
+        "libadbd_auth",
         "libasyncio",
         "libbase",
         "libcrypto",
@@ -414,6 +415,7 @@ cc_library {
     ],
 
     shared_libs: [
+        "libadbd_auth",
         "libasyncio",
         "libbase",
         "libcrypto",
@@ -460,6 +462,7 @@ cc_library {
     ],
 
     shared_libs: [
+        "libadbd_auth",
         "libadbd_services",
         "libasyncio",
         "libbase",
@@ -494,6 +497,7 @@ cc_binary {
 
     shared_libs: [
         "libadbd",
+        "libadbd_auth",
         "libadbd_services",
         "libbase",
         "libcap",
@@ -509,6 +513,7 @@ phony {
     name: "adbd_system_binaries",
     required: [
         "abb",
+        "libadbd_auth",
         "reboot",
         "set-verity-state",
     ]
@@ -615,6 +620,7 @@ cc_test {
 
     static_libs: [
         "libadbd",
+        "libadbd_auth",
         "libbase",
         "libcutils",
         "libcrypto_utils",
diff --git a/adb/adb.cpp b/adb/adb.cpp
index 1ec145b25..9b663be91 100644
--- a/adb/adb.cpp
+++ b/adb/adb.cpp
@@ -300,6 +300,7 @@ static void handle_new_connection(atransport* t, apacket* p) {
     handle_online(t);
 #else
     if (!auth_required) {
+        LOG(INFO) << "authentication not required";
         handle_online(t);
         send_connect(t);
     } else {
diff --git a/adb/daemon/auth.cpp b/adb/daemon/auth.cpp
index 7a3a4f5c5..2e84ce6b9 100644
--- a/adb/daemon/auth.cpp
+++ b/adb/daemon/auth.cpp
@@ -31,6 +31,7 @@
 #include <algorithm>
 #include <memory>
 
+#include <adbd_auth.h>
 #include <android-base/file.h>
 #include <android-base/strings.h>
 #include <crypto_utils/android_pubkey.h>
@@ -38,85 +39,57 @@
 #include <openssl/rsa.h>
 #include <openssl/sha.h>
 
-static fdevent* listener_fde = nullptr;
-static fdevent* framework_fde = nullptr;
-static auto& framework_mutex = *new std::mutex();
-static int framework_fd GUARDED_BY(framework_mutex) = -1;
-static auto& connected_keys GUARDED_BY(framework_mutex) = *new std::vector<std::string>;
+static AdbdAuthContext* auth_ctx;
 
 static void adb_disconnected(void* unused, atransport* t);
 static struct adisconnect adb_disconnect = {adb_disconnected, nullptr};
-static atransport* adb_transport;
-static bool needs_retry = false;
 
 bool auth_required = true;
 
-bool adbd_auth_verify(const char* token, size_t token_size, const std::string& sig,
-                      std::string* auth_key) {
-    static constexpr const char* key_paths[] = { "/adb_keys", "/data/misc/adb/adb_keys", nullptr };
-
-    for (const auto& path : key_paths) {
-        if (access(path, R_OK) == 0) {
-            LOG(INFO) << "Loading keys from " << path;
-            std::string content;
-            if (!android::base::ReadFileToString(path, &content)) {
-                PLOG(ERROR) << "Couldn't read " << path;
-                continue;
-            }
-
-            for (const auto& line : android::base::Split(content, "\n")) {
-                if (line.empty()) continue;
-                *auth_key = line;
-                // TODO: do we really have to support both ' ' and '\t'?
-                char* sep = strpbrk(const_cast<char*>(line.c_str()), " \t");
-                if (sep) *sep = '\0';
-
-                // b64_pton requires one additional byte in the target buffer for
-                // decoding to succeed. See http://b/28035006 for details.
-                uint8_t keybuf[ANDROID_PUBKEY_ENCODED_SIZE + 1];
-                if (b64_pton(line.c_str(), keybuf, sizeof(keybuf)) != ANDROID_PUBKEY_ENCODED_SIZE) {
-                    LOG(ERROR) << "Invalid base64 key " << line.c_str() << " in " << path;
-                    continue;
-                }
-
-                RSA* key = nullptr;
-                if (!android_pubkey_decode(keybuf, ANDROID_PUBKEY_ENCODED_SIZE, &key)) {
-                    LOG(ERROR) << "Failed to parse key " << line.c_str() << " in " << path;
-                    continue;
-                }
-
-                bool verified =
-                    (RSA_verify(NID_sha1, reinterpret_cast<const uint8_t*>(token), token_size,
-                                reinterpret_cast<const uint8_t*>(sig.c_str()), sig.size(),
-                                key) == 1);
-                RSA_free(key);
-                if (verified) return true;
-            }
-        }
-    }
-    auth_key->clear();
-    return false;
+static void IteratePublicKeys(std::function<bool(std::string_view public_key)> f) {
+    adbd_auth_get_public_keys(
+            auth_ctx,
+            [](const char* public_key, size_t len, void* arg) {
+                return (*static_cast<decltype(f)*>(arg))(std::string_view(public_key, len));
+            },
+            &f);
 }
 
-static bool adbd_send_key_message_locked(std::string_view msg_type, std::string_view key)
-        REQUIRES(framework_mutex) {
-    if (framework_fd < 0) {
-        LOG(ERROR) << "Client not connected to send msg_type " << msg_type;
-        return false;
-    }
-    std::string msg = std::string(msg_type) + std::string(key);
-    int msg_len = msg.length();
-    if (msg_len >= static_cast<int>(MAX_FRAMEWORK_PAYLOAD)) {
-        LOG(ERROR) << "Key too long (" << msg_len << ")";
-        return false;
-    }
+bool adbd_auth_verify(const char* token, size_t token_size, const std::string& sig,
+                      std::string* auth_key) {
+    bool authorized = false;
+    auth_key->clear();
 
-    LOG(DEBUG) << "Sending '" << msg << "'";
-    if (!WriteFdExactly(framework_fd, msg.c_str(), msg_len)) {
-        PLOG(ERROR) << "Failed to write " << msg_type;
-        return false;
-    }
-    return true;
+    IteratePublicKeys([&](std::string_view public_key) {
+        // TODO: do we really have to support both ' ' and '\t'?
+        std::vector<std::string> split = android::base::Split(std::string(public_key), " \t");
+        uint8_t keybuf[ANDROID_PUBKEY_ENCODED_SIZE + 1];
+        const std::string& pubkey = split[0];
+        if (b64_pton(pubkey.c_str(), keybuf, sizeof(keybuf)) != ANDROID_PUBKEY_ENCODED_SIZE) {
+            LOG(ERROR) << "Invalid base64 key " << pubkey;
+            return true;
+        }
+
+        RSA* key = nullptr;
+        if (!android_pubkey_decode(keybuf, ANDROID_PUBKEY_ENCODED_SIZE, &key)) {
+            LOG(ERROR) << "Failed to parse key " << pubkey;
+            return true;
+        }
+
+        bool verified =
+                (RSA_verify(NID_sha1, reinterpret_cast<const uint8_t*>(token), token_size,
+                            reinterpret_cast<const uint8_t*>(sig.c_str()), sig.size(), key) == 1);
+        RSA_free(key);
+        if (verified) {
+            *auth_key = public_key;
+            authorized = true;
+            return false;
+        }
+
+        return true;
+    });
+
+    return authorized;
 }
 
 static bool adbd_auth_generate_token(void* token, size_t token_size) {
@@ -127,113 +100,6 @@ static bool adbd_auth_generate_token(void* token, size_t token_size) {
     return okay;
 }
 
-static void adb_disconnected(void* unused, atransport* t) {
-    LOG(INFO) << "ADB disconnect";
-    adb_transport = nullptr;
-    needs_retry = false;
-    {
-        std::lock_guard<std::mutex> lock(framework_mutex);
-        if (framework_fd >= 0) {
-            adbd_send_key_message_locked("DC", t->auth_key);
-        }
-        connected_keys.erase(std::remove(connected_keys.begin(), connected_keys.end(), t->auth_key),
-                             connected_keys.end());
-    }
-}
-
-static void framework_disconnected() {
-    LOG(INFO) << "Framework disconnect";
-    if (framework_fde) {
-        fdevent_destroy(framework_fde);
-        {
-            std::lock_guard<std::mutex> lock(framework_mutex);
-            framework_fd = -1;
-        }
-    }
-}
-
-static void adbd_auth_event(int fd, unsigned events, void*) {
-    if (events & FDE_READ) {
-        char response[2];
-        int ret = unix_read(fd, response, sizeof(response));
-        if (ret <= 0) {
-            framework_disconnected();
-        } else if (ret == 2 && response[0] == 'O' && response[1] == 'K') {
-            if (adb_transport) {
-                adbd_auth_verified(adb_transport);
-            }
-        }
-    }
-}
-
-void adbd_auth_confirm_key(atransport* t) {
-    if (!adb_transport) {
-        adb_transport = t;
-        t->AddDisconnect(&adb_disconnect);
-    }
-
-    {
-        std::lock_guard<std::mutex> lock(framework_mutex);
-        if (framework_fd < 0) {
-            LOG(ERROR) << "Client not connected";
-            needs_retry = true;
-            return;
-        }
-
-        adbd_send_key_message_locked("PK", t->auth_key);
-    }
-}
-
-static void adbd_auth_listener(int fd, unsigned events, void* data) {
-    int s = adb_socket_accept(fd, nullptr, nullptr);
-    if (s < 0) {
-        PLOG(ERROR) << "Failed to accept";
-        return;
-    }
-
-    {
-        std::lock_guard<std::mutex> lock(framework_mutex);
-        if (framework_fd >= 0) {
-            LOG(WARNING) << "adb received framework auth socket connection again";
-            framework_disconnected();
-        }
-
-        framework_fd = s;
-        framework_fde = fdevent_create(framework_fd, adbd_auth_event, nullptr);
-        fdevent_add(framework_fde, FDE_READ);
-
-        if (needs_retry) {
-            needs_retry = false;
-            send_auth_request(adb_transport);
-        }
-
-        // if a client connected before the framework was available notify the framework of the
-        // connected key now.
-        if (!connected_keys.empty()) {
-            for (const auto& key : connected_keys) {
-                adbd_send_key_message_locked("CK", key);
-            }
-        }
-    }
-}
-
-void adbd_notify_framework_connected_key(atransport* t) {
-    if (!adb_transport) {
-        adb_transport = t;
-        t->AddDisconnect(&adb_disconnect);
-    }
-    {
-        std::lock_guard<std::mutex> lock(framework_mutex);
-        if (std::find(connected_keys.begin(), connected_keys.end(), t->auth_key) ==
-            connected_keys.end()) {
-            connected_keys.push_back(t->auth_key);
-        }
-        if (framework_fd >= 0) {
-            adbd_send_key_message_locked("CK", t->auth_key);
-        }
-    }
-}
-
 void adbd_cloexec_auth_socket() {
     int fd = android_get_control_socket("adbd");
     if (fd == -1) {
@@ -243,20 +109,23 @@ void adbd_cloexec_auth_socket() {
     fcntl(fd, F_SETFD, FD_CLOEXEC);
 }
 
+static void adbd_auth_key_authorized(void* arg, uint64_t id) {
+    LOG(INFO) << "adb client authorized";
+    auto* transport = static_cast<atransport*>(arg);
+    transport->auth_id = id;
+    adbd_auth_verified(transport);
+}
+
 void adbd_auth_init(void) {
-    int fd = android_get_control_socket("adbd");
-    if (fd == -1) {
-        PLOG(ERROR) << "Failed to get adbd socket";
-        return;
-    }
-
-    if (listen(fd, 4) == -1) {
-        PLOG(ERROR) << "Failed to listen on '" << fd << "'";
-        return;
-    }
-
-    listener_fde = fdevent_create(fd, adbd_auth_listener, nullptr);
-    fdevent_add(listener_fde, FDE_READ);
+    AdbdAuthCallbacks cb;
+    cb.version = 1;
+    cb.callbacks.v1.key_authorized = adbd_auth_key_authorized;
+    auth_ctx = adbd_auth_new(&cb);
+    std::thread([]() {
+        adb_thread_setname("adbd auth");
+        adbd_auth_run(auth_ctx);
+        LOG(FATAL) << "auth thread terminated";
+    }).detach();
 }
 
 void send_auth_request(atransport* t) {
@@ -280,3 +149,18 @@ void adbd_auth_verified(atransport* t) {
     handle_online(t);
     send_connect(t);
 }
+
+static void adb_disconnected(void* unused, atransport* t) {
+    LOG(INFO) << "ADB disconnect";
+    adbd_auth_notify_disconnect(auth_ctx, t->auth_id);
+}
+
+void adbd_auth_confirm_key(atransport* t) {
+    LOG(INFO) << "prompting user to authorize key";
+    t->AddDisconnect(&adb_disconnect);
+    adbd_auth_prompt_user(auth_ctx, t->auth_key.data(), t->auth_key.size(), t);
+}
+
+void adbd_notify_framework_connected_key(atransport* t) {
+    adbd_auth_notify_auth(auth_ctx, t->auth_key.data(), t->auth_key.size());
+}
diff --git a/adb/daemon/main.cpp b/adb/daemon/main.cpp
index 9ebab740e..70e4dd41d 100644
--- a/adb/daemon/main.cpp
+++ b/adb/daemon/main.cpp
@@ -214,8 +214,6 @@ int adbd_main(int server_port) {
     }
 #endif
 
-    adbd_auth_init();
-
     // Our external storage path may be different than apps, since
     // we aren't able to bind mount after dropping root.
     const char* adb_external_storage = getenv("ADB_EXTERNAL_STORAGE");
@@ -230,6 +228,9 @@ int adbd_main(int server_port) {
     drop_privileges(server_port);
 #endif
 
+    // adbd_auth_init will spawn a thread, so we need to defer it until after selinux transitions.
+    adbd_auth_init();
+
     bool is_usb = false;
 
 #if defined(__ANDROID__)
diff --git a/adb/transport.h b/adb/transport.h
index c38cb1d8b..89d76b8c9 100644
--- a/adb/transport.h
+++ b/adb/transport.h
@@ -277,8 +277,11 @@ class atransport {
     std::string device;
     std::string devpath;
 
+#if !ADB_HOST
     // Used to provide the key to the framework.
     std::string auth_key;
+    uint64_t auth_id;
+#endif
 
     bool IsTcpDevice() const { return type == kTransportLocal; }
 

From 594f70ffb8c5be164eb1b2484ddb399674ab0dcb Mon Sep 17 00:00:00 2001
From: Josh Gao <jmgao@google.com>
Date: Thu, 15 Aug 2019 14:05:12 -0700
Subject: [PATCH 2/2] Move adbd to an apex.

Test: adb shell "su 0 readlink /proc/\`pidof adbd\`/exe"
Change-Id: I84dfe4d1b28b619f98c03a2c8eeef2c783d30af2
---
 CleanSpec.mk                        |   1 +
 adb/Android.bp                      | 101 ++++++++++++++--------------
 adb/apex/adbd.rc                    |   6 ++
 adb/apex/apex_manifest.json         |   4 ++
 adb/apex/com.android.adbd.avbpubkey | Bin 0 -> 1032 bytes
 adb/apex/com.android.adbd.pem       |  51 ++++++++++++++
 adb/apex/com.android.adbd.pk8       | Bin 0 -> 2374 bytes
 adb/apex/com.android.adbd.x509.pem  |  35 ++++++++++
 adb/apex/ld.config.txt              |  51 ++++++++++++++
 liblog/liblog.map.txt               |   8 +--
 rootdir/init.usb.rc                 |   1 +
 11 files changed, 203 insertions(+), 55 deletions(-)
 create mode 100644 adb/apex/adbd.rc
 create mode 100644 adb/apex/apex_manifest.json
 create mode 100644 adb/apex/com.android.adbd.avbpubkey
 create mode 100644 adb/apex/com.android.adbd.pem
 create mode 100644 adb/apex/com.android.adbd.pk8
 create mode 100644 adb/apex/com.android.adbd.x509.pem
 create mode 100644 adb/apex/ld.config.txt

diff --git a/CleanSpec.mk b/CleanSpec.mk
index 73379cded..c84bd24c4 100644
--- a/CleanSpec.mk
+++ b/CleanSpec.mk
@@ -89,3 +89,4 @@ $(call add-clean-step, rm -rf $(PRODUCT_OUT)/root/product_services)
 $(call add-clean-step, rm -rf $(PRODUCT_OUT)/recovery/root/product_services)
 $(call add-clean-step, rm -rf $(PRODUCT_OUT)/debug_ramdisk/product_services)
 $(call add-clean-step, find $(PRODUCT_OUT) -type l -name "charger" -print0 | xargs -0 rm -f)
+$(call add-clean-step, rm -f $(PRODUCT_OUT)/system/bin/adbd)
diff --git a/adb/Android.bp b/adb/Android.bp
index 9c7a1b936..d60590780 100644
--- a/adb/Android.bp
+++ b/adb/Android.bp
@@ -356,11 +356,11 @@ cc_library_static {
     generated_headers: ["platform_tools_version"],
 
     static_libs: [
-        "libadbconnection_server",
         "libdiagnose_usb",
     ],
 
     shared_libs: [
+        "libadbconnection_server",
         "libadbd_auth",
         "libasyncio",
         "libbase",
@@ -409,12 +409,12 @@ cc_library {
     ],
 
     static_libs: [
-        "libadbconnection_server",
         "libadbd_core",
         "libdiagnose_usb",
     ],
 
     shared_libs: [
+        "libadbconnection_server",
         "libadbd_auth",
         "libasyncio",
         "libbase",
@@ -462,6 +462,7 @@ cc_library {
     ],
 
     shared_libs: [
+        "libadbconnection_server",
         "libadbd_auth",
         "libadbd_services",
         "libasyncio",
@@ -495,18 +496,27 @@ cc_binary {
         keep_symbols: true,
     },
 
-    shared_libs: [
+    stl: "libc++_static",
+    static_libs: [
         "libadbd",
         "libadbd_auth",
         "libadbd_services",
+        "libasyncio",
         "libbase",
         "libcap",
-        "libcrypto",
+        "libcrypto_utils",
         "libcutils",
+        "libdiagnose_usb",
         "liblog",
+        "libmdnssd",
         "libminijail",
         "libselinux",
     ],
+
+    shared_libs: [
+        "libadbconnection_server",
+        "libcrypto",
+    ],
 }
 
 phony {
@@ -526,53 +536,6 @@ phony {
     ],
 }
 
-cc_binary {
-    name: "static_adbd",
-    defaults: ["adbd_defaults", "host_adbd_supported"],
-
-    recovery_available: false,
-    static_executable: true,
-    host_supported: false,
-
-    srcs: [
-        "daemon/main.cpp",
-    ],
-
-    cflags: [
-        "-D_GNU_SOURCE",
-        "-Wno-deprecated-declarations",
-    ],
-
-    strip: {
-        keep_symbols: true,
-    },
-
-    static_libs: [
-        "libadbconnection_server",
-        "libadbd",
-        "libadbd_services",
-        "libasyncio",
-        "libavb_user",
-        "libbase",
-        "libbootloader_message",
-        "libcap",
-        "libcrypto_static",
-        "libcrypto_utils",
-        "libcutils",
-        "libdiagnose_usb",
-        "libext4_utils",
-        "libfec",
-        "libfec_rs",
-        "libfs_mgr",
-        "liblog",
-        "liblp",
-        "libmdnssd",
-        "libminijail",
-        "libselinux",
-        "libsquashfs_utils",
-    ],
-}
-
 cc_binary {
     name: "abb",
 
@@ -765,3 +728,39 @@ cc_test_host {
         "fastdeploy/testdata/sample.cd",
     ],
 }
+
+prebuilt_etc {
+    name: "com.android.adbd.ld.config.txt",
+    src: "apex/ld.config.txt",
+    filename: "ld.config.txt",
+    installable: false,
+}
+
+apex {
+    name: "com.android.adbd",
+    manifest: "apex/apex_manifest.json",
+
+    binaries: ["adbd"],
+    prebuilts: ["com.android.adbd.init.rc", "com.android.adbd.ld.config.txt"],
+
+    key: "com.android.adbd.key",
+    certificate: ":com.android.adbd.certificate",
+}
+
+apex_key {
+    name: "com.android.adbd.key",
+    public_key: "apex/com.android.adbd.avbpubkey",
+    private_key: "apex/com.android.adbd.pem",
+}
+
+android_app_certificate {
+    name: "com.android.adbd.certificate",
+    certificate: "apex/com.android.adbd",
+}
+
+prebuilt_etc {
+    name: "com.android.adbd.init.rc",
+    src: "apex/adbd.rc",
+    filename: "init.rc",
+    installable: false,
+}
diff --git a/adb/apex/adbd.rc b/adb/apex/adbd.rc
new file mode 100644
index 000000000..9cb072bcc
--- /dev/null
+++ b/adb/apex/adbd.rc
@@ -0,0 +1,6 @@
+service adbd /apex/com.android.adbd/bin/adbd --root_seclabel=u:r:su:s0
+    class core
+    socket adbd seqpacket 660 system system
+    disabled
+    override
+    seclabel u:r:adbd:s0
diff --git a/adb/apex/apex_manifest.json b/adb/apex/apex_manifest.json
new file mode 100644
index 000000000..ff2df127b
--- /dev/null
+++ b/adb/apex/apex_manifest.json
@@ -0,0 +1,4 @@
+{
+  "name": "com.android.adbd",
+  "version": 1
+}
diff --git a/adb/apex/com.android.adbd.avbpubkey b/adb/apex/com.android.adbd.avbpubkey
new file mode 100644
index 0000000000000000000000000000000000000000..06235bd1f61cc259fef6414d31ed779ffc2e24af
GIT binary patch
literal 1032
zcmV+j1o!&@01yD1FY&LzNsi)Q*>t#O1;A~m0ON`tv+1zAiIC3$SSJ-(*tvkwl~BO+
z;Df^bHd_ZjU?X!l-tV`vL6dqt!y;Lxrac`UPf|HH43@vZdvR{bCN0XWy~-iMoMtje
zG1g&no-gl1OG1u3SeQ2_riEroduTjv3k5b&!MFt4x)@5~BJQs|XWy-GSdix)%&AoK
zP+KC@PphWPQE5ARFE2woy>drb3{Insu_z`MZy(rrR0<?BMjpqgyd?4Cd1SN8Rn18T
zsywp`hvt-h!W4WRrZPg(wNwL9N7@ySa%n|*vK2`@LNO=zQa7+wb(BioKU<;e7`l4{
z0jKGZ`Ns_wBT2Kv$5xv2Y)BW`sCeZ$;CtR#!g&!_{zm*v1_sC=lki+-G%}Av#Kdlk
zn<x?PTD+@?y*M&s-N}tDn;E;yq%a&`;8>>P_B)p*o|SC{FYI>-9lOF(F)tz?{Fl@=
z|J)Ss&e*~040atJ(3`#wFQ%<bX3)+00!WdB4N>q!v}CwSLHAi_&3fJ2aK3UE9!OQ(
z0%Pg=-<Zz>SMRS|+#({U$YmzX(LRjBnUV=Ql=JQn31tC&1M+qgn^%D_B*0iFk2^#q
za8bff*!BMsn-#e2{}u?+mF_vuKh}P=7o3~SfBn_Oy6Ot1VL%>{NRQHs6Cs}Bbx}z&
zim7wiyZW(9qrg=qB!P?KUVGi#%IvSNH^<+5>eaiDw!~q7<{KIffZa$vrc4R6=|1$g
z6EbUbdr++&nPd@{qTaqPkn#q!g9#UhU`(bisJ9tzuOm6mo{hRT2@Th868AnS2ae0>
zRB}ThqEG9URi;yv7(M(f7UeAhv~B`Bl0a?*f(sp#7J?B*VOStO89TrXkj${8$me06
zSbE#No-TaAowN;^hIeDxu_FQ?oje~2<6jPFw9M$d1EcQU7nLV5ehOL#{ovn;XzM99
z+C9wTD}-50_$g;BcVXRLGL3nC`ctN{SPhiIqluAerA%5EUyha;B5@T$u`Lsm>KUr?
zRK^9(*5_Yq=vOG|=FL5etot~j2i`@MNdz31+@I5-!N<T34|zxQ?9AC6@kZ_5p6vPg
zyq8kg$4DnuQx@uIsiG*oXO{5Dqy7$v^57=%<){O-!Sz(4l{ta0=$wh`f`dvuHR{ND
zHkd0;ICdI>zrHTkJnz)Rf@IG0=+#Ss5S*#1k3wGVoJ#}*sr1(AEr)#_w6zu$aysrx
zJBl|bh?2Bken6cUK^AteqStMU1yE<fbB4jI_-qQ_y|aSKFg8LH_2u+7Vuu;YY+CI$
z44sS1U^)x(C}4sEUJjgx-(B#|5W)K(U$0vyU-luR$&i=n;)KK6Rj<|5%<_359D4R*
CEcluL

literal 0
HcmV?d00001

diff --git a/adb/apex/com.android.adbd.pem b/adb/apex/com.android.adbd.pem
new file mode 100644
index 000000000..2c9a86079
--- /dev/null
+++ b/adb/apex/com.android.adbd.pem
@@ -0,0 +1,51 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIJKQIBAAKCAgEAwUmO4l/ZdLhmBcBtpwDjih6z6bC7iZDPAVgnFVnYuYDRlVDA
+9OCDwv02Wwc/YCNzON7vt7JBk3o9wyJZpqY9HR1PUjk2DJa/wHtxbskmLcqsvcoh
+wZxmMkgx1mFyni/vQ0tCjjxYmDcnpoVmSntoPG4LBTZRwbgE2roYSuEi7q88Z9+t
+cFiQ5x7MqVTzUFsi1E+rpsxRaTt6Ly9DO71yR1gMTqONsSgmFm8f2HhUCiQzRh7H
+qLwk8eN5ZLPLVc1JBqo8swuH5pR9whR8HaYyQtK1VANRR9oVj3JpRXmyFUk8QjEn
+91I3sFV1lErdP1uh6xi6ewMBp+mQ+ccNFiNJs8PHVprzbEgX2ah45Tnge95ZwnkR
+V/5G/EwGBsggk/BcZjQyj0PExG6LmygR7lq8q4m9ODJj3cmNLZsZu8ukMBxf4Fim
+4/Y7lyaelW0FL+x3CR27wlIxLyIf/JfUNv/cFO/O2MHrDHYdHtCbvg8vpq1MZtDN
++gJIkYQNUfBEtGS4SkH3WWfNet3bcL5yFx5IVdwCY+n635jPA1fvr1vcIiKnyGUm
+zNE+jMOZkgk6lPPuDwllAX0D8nYTm1eBMCTAWCePO0QlcFHCT9j1/xKbFbjt/xYI
+0pXuOc8/1n61F5ybzH/91cS66gqmYUAekUiP0osTIZ7idVFJMoqpc9m7+rECAwEA
+AQKCAgEAkjg9WU89SCk/NNavnQj1GUXEwOKr3JOppdC0MFi5tQuYgSaH8jfuNZIs
+joxbCzWGMt2j5wl4xkJRes7/lyxnSyEjIoaZNsjL4qb/1tlggn+yUhkZlEfmn98x
+pIYvmS+WBwhmHwfT1cLTwgtkqK/W2PA+cgD3tF6rfXQOcIcEUCBMyB/UKws1A0Kv
+fOIA9ycaoBZtOk+SvtL5ybwtVoIoc4ROOydLR1uiBJKoOrA8kzdzenZKgIFkSYDW
+ErJY/l3AAsTCCoiMlIh84ldw1VUm7JpOBnJECOEYMl5Q+PfpGmU+qqxZGaYe7syX
+mElSOl3tjdY1LF3H4Oi2fd5xLfAgDgQjXcawKRYpImEgbqNfEUHW4BE/uVp0hHn+
+W0tCq9hvWoizhjxVq7oEfpdCXJBH0bTg9h3Ho2nuJMHTrUVbSWPTqNJn1xOi4Oxl
+vWsD5qjOOVw1e0P1dtxQ+6a8+rCL8LDvIthQC9Wpt0yXduEi/vUWiMFx2VbcSpNn
+5PB9HK7vvCpR/k0IocaTKt80D3m2svJCnfrekRx/7n//x8imrvtvaYNpoToTSN0q
+hPOpTNc77R4aARJNXm4sVHzGs6HUXsJfODJdjFtTuaDHjLvRoXZi2wFUVWBvIaFg
+/4+PHXjsfMkY15KULKn3f7Xs7K6rmINAb853zti3Qkllv1EeYoECggEBAP9t1Jxe
+hLKnVrJ5jJ0zCT0/ez6qM5cQG8YvXbVICmoAOQ+/NV6qjPABg5j8FuNhpyr45OuJ
+m1oISLgZPVCbIvYx3oZS4ekWUp9Z7jlDGzsWiBCkEUFLRzDLQRUl4bQMI2SWM+vD
+RL9AAM+NHJQ8LJN7ASNdSQw9ZinNCSByCZ52QjPCfRON0OPY4l1FJKHHymzBNXpe
+R5e9a1o9KEIhd7j+3YX9y8SOVrbUe6U8me5LZ6RY+pLB+cA/UHcSQK23hYAkMcvL
+MQny6B57P6rquzFZDG/OUOZWzWub2FSYTTmiYSHPAuB15FyWShs7h7+wK8y2xrSM
+Lq3FWHxzR1OK2HkCggEBAMG4KsAU/lp9rQhNpdw2NQXqbDLgHy09BFMOOWhyp2/Z
+2lbDo9aP746Q56HAfRRgx5oAAtr3SxeN/R/uEJLYzzDU+SrG4TQO/TZ3DPZOAVYM
+oESWG/HXLN4Hw6j4iWt2NvqpnSVJrvYr6zar/QxRHOMwnUoUV3ugmzUkqFC/Nwmm
+nMGJbTQbEha8OyatfwejmhrCkbQMBiCk0AQmgLybUxs2ckGs5jibau7VqXVxly0f
+WkAsWE/qfybQl4oyBhGCFNObr3Co/PHTaD4ACFQQvaEEF4bTuh6wP+MIgJKxL8IB
+SkrKWO5PFbJWY5lacnNMe7ITrWy60HukLlJe5or5lfkCggEBAP3Rwghw1CRDrR9F
+Mbm0UWYPgwTOVN20ICVcRB40LEURW6KOOxaLG+oTVxXay1PAYkGNes2jvEBHIxvt
+2MQUpTVIcPvBuMPKbufykYtNZ+3bgfInVw4vI9sU3uOI9TPZLAJ0T7vkGpiBnUyh
+yNh0w0b6YDMoK8KB8Ndw67TWHUDd+wM8LNYVgpInnylX4ALzae+QPvgOX84laFwP
+kcXFRBcNDExt2uLDHuAnXYbhJYVqYN8rnDPhlbC4OdlYxfTZ/UtMrD769wwP2SER
+ED9jagirmHQx7Ko3b4GTJ/FINtUiyqqx7wXloLtwjMtq6IZPJfcTWXloI6qCBGAG
+ncYinuECggEAfZeiF8BEm3RpTz3QL3HxdHFkTqOhctnhSNuq+n2C8nBCLwhN21ic
+DkkB84txTFnmboBdWYsEYzQKDL5yflIUGeup00L3VKH3Jm2OuM0f7qLm8TCE04kW
+rKhKAO2JYmNVB7QZjsgzp6QXre1ZdLfNy7mD8Dg584vPtGecvCUMULR1YsBvTV3T
+n2vPyaan+dLmoTzN6/XzrwxLVLWFt0HYYoctEkk/RSn17PwXDm5jfbya7YoSg1Vb
+tFV+Oflul8FHMV35I0hcHYhbR/8LZz0nRBH8EsyIGUdZVB76BKDdfqEJgm2ntHEP
+dvytPAo4s2m9tFkvkZOYgOCTq5GdVDK2OQKCAQAsz+y9rDcqFciCESu4IHzmtckT
+0kwP2W5ds5hzUjbY0Y2AKTx2oHNOFak6WW5vxN0+OIn37SNK3RBStPWJiigut4R4
+rGrZM4pijm53s3cWzd0h8XyLGisl2zORu8gD2IQLkQf79F3lEZHGA+J0mkSHB85N
+IuqReFzL6cfOToNd+8WYjMgJcXmVuKiCV1FRK3jrqNpXO2cLtnhFvQMxRUAYU4j+
+2MIdBFVeMq5ftMMOBS21hM9cNLlOzoSN2HmK+ZkmrlTCK0G9lmF427/lqXTmWLed
+sspOUbOLfBOwxdCCc9JUxz5KggKWcDcTqX25M0mv09rpuCxIEg8lez1Ax0if
+-----END RSA PRIVATE KEY-----
diff --git a/adb/apex/com.android.adbd.pk8 b/adb/apex/com.android.adbd.pk8
new file mode 100644
index 0000000000000000000000000000000000000000..cdddc3fdfb96490fda8cc5fa7a992642cb78bd4d
GIT binary patch
literal 2374
zcmV-M3Ay$#f(b$b0RS)!1_>&LNQU<f0RaI800e>wEHHuzC;|Zh0)heo0J_b!9$GGM
zG!Cx_E(Hd%Q1-XDQS49YHk+_EFItg7peb&=$rIU>W~FllTd^}km1en1*?_hc9^z)6
z@yJ(unnlf(6I7M@%41nHZTq0@umgLFw0SG8k2zy0`r7$~1f4(?P9@iyifbOHEh!(X
z7eq_ip1Q@(M2!Do=+f!s!D4x1h}@p{WK?oFD$Os6^5$QRxtWMB)z=qcZ1Q6r{eQvo
zc>DBnG+|+Qh!KW(^re*G$m`1V9{yl1F$;{R-8BTdY}svopsbHP4g*)ON>O+P>!d|~
z$m5Wbe+eg$8#L~FKa^WBWZXNP=*gRiy-Q9=x4$fvwl%e_flk`bjOg~cHI;{e4tcpu
zVkh4_Sp16iRi`q>I$`3P6fj>)QdG@xkIh-!fX>S<{J;_>%XS#ZBhL-6oAW+_%F!uq
zN`Hjz-r^YTUrsp#CeL_@LO`d(kl<`2aW!DHKoR)W^P>sPjB<Lan5yd4(W!SqsV1%d
z318DtAT&F3^Z}k*voq*glXUFh-A*ODzWxYjcS)4)LQewl^#e8<p+SB}+Nf*yM%s{O
zm$`?;tzmN_I@NTNGo4*QierLnE=S8D+HZkYl~_Q&$wWcDfuwYDi)mqdNm{y-shHk4
zFE`^9&3tYxhHA)2i(`<vfbs$4`Iu`_+7BiRxH#Z`ogeHIeF6gk009Dm0swF`hKfj-
zgKE7u9ImI1G9<T4`i2^Al_8tC=aJ#iMV_(5HQ0dnyH7kRE*iN2m7{Yb@edzlKBHn$
zNj~VB!#@(1Jm_<A@<j#@T9SnYP(Iw4qvL9{b`Z$pYagZ0At1D3{b>gY&Hn-bQ(>sZ
zz`7*odep>Hb7pZ`Be3|MOvW!G!bv__tu?X}Ig20LVf<&S6qlAnT9*>8lyV=`u=>Vz
z^YQ;g03^OC5rBy%Kp2uNE+_z)(y*HmqAd$X+`QdSjk-IItn^JWYh3SL2Z)#sgJ0S=
zbHlC+^fDodh2asE{Hb5Awy0t++&gA`=}_sOhsO3P4Rd%WJEP-$LKD?}^iuD2;4Hgc
z;v>TQoK{)`2U&ytZAR+jc>yO3)^0M-7E#=0Tw_aqq$?RkLz8xjP>}Z77$3*EA3k(0
z*0N{(7qO>RD$gHU<mI#eP~@1q?RqPOf=z=5hOyk4H(p~CIrn}gME{Lh`@x9liZ<rp
zrL9H3#)qL{Kz>()7^!BnefHT`@$92-#V8L&Wj%Dgwa4a)3UAC?Lg+7?!7J>XnMtuS
z!W=i)&P3CEhfs%>K1^Sg6R%Ccu=$6gSKcb6<18ja*;rz#kJu=a2shcw7cj$wJ>!;s
zEIPZC6Yt1iU!G=mn>oJwYa#yRHbM)lDG`AHSj_BB3$q;E8-W6X0RaH)^A#sYutK0U
zz!7&iSP|p3ovW17v4+!0OlRDYgQ^p>R7s1RW|S{PaUSbY<wfW_Mn(rtOiw>~&FAAB
ze47cZ6SMN8Y+y|Fw7%F}YsdJ9R&j5q9_))A`$^!o5*z0)2wNuh0|rsEv^pd`aRsoK
zDi)Wz;9V0bWhj+u?QL=P>YNpa^$y-0BA+f!sgOagpu_1X$+#yOekkHR4lKST_!wR$
z-WOXL?#3_k5~SuE>|?Bl(agIjA|qfVyT7;u2a;6KSAh3VdxML3;cc1`W>BO8o-wcC
zL#DxxdKLLTOr+jqKY%@)7SJ?KO!Y#ta&Cxygzt_<i9_1O$qOX{f&l>l$<l-DTap<c
z@dj^gvgGm!P9{{nDV^vG_#xJV<Y6B|$L(~o#^f-8TCS-^=dQb<qP#J}jXHs&aK(Lw
z>8`Yy;SQt$sSPI96^mq*;DgriIr>A-1FMeGxrI`&>X6~g&egAI9OG;A&y}Z`M8Tc4
zEujK@P)j`FruPps-_BXs3m07aMs{_Vx%i*X6AO`8BXi(6m%IFGFG5hq3kFnHK#I+2
zwwr7UVBbXL@kGQ>vm^brh(TY_WT@nffGOnq$m8SeWWAn(-|G@Z?A%zkzj$37{XHM;
zko@(#Ag#wyA<Y;0EUD?OP#2e!*Ac$hpdKkAh1EzGv@>r^m9*n|0)hbmb1u(MqUWjG
zn}u9>De0B?t!9zy?BrE=3?G^`e18^%F`Dm<a9`yV{T@g=csdQckYwJ`+FSYp4?*g|
zS}m|>2|yyRhK0UjYUYdwJr*CuPIT1!!>^*L7EEnpP~M2O-vu7pSE#JNwym4J)+j{n
z%<bmEr&K+veCqMZfQue7(k8|2DTEZzAT^#(vT1hsmfZ`VA@;oxG_pZSh>R0&^CYh$
z#ho0PYKO_ou}hTUPaU9cR4>M83}9RJ_N7(RED}mB^no<)1G6;*?W7mgS2Oo(V&Z3@
z>CP(`*qJVARKbZmnp?~XCjn>xr8j@t21wpEcU{rl#i$@w4&!DC0)hbn0HN|0f!2u0
zIAlX{u4vk2jVbhi61omYVKZKnuZh-`D-{}Ph5IU}@nk-_{&sRRg=72oLDA`)l=ZB`
zDLUdoaVWBa&;ml&V)`z;E4SE^<aps^|NKSqc@6yed6fTT@ZT4Jgx-m6+F3ji8<H@3
z$RjZexs3#pdCzQj`g|ZP-@7KLDErx(N`a&cH)QzdOa4Z|DfOe4%k9`4(OUamIY`+U
zGdG||b)0?+-zQeG;J%)wy1(}oS2r$y7H-imI6ZR!HFPlJyvWGx1jr|s*esL$!-7FZ
z8E-mFL^s&F6I3`VfO}$WYw^^)fo6h=&2Y{_+q~d|)ZutkTJzQpp#p*d08uwiJE=7~
zEtHF;*Z?8DYTd)~{K+qm1JI4$I}!AoXe2RwM!Rb1+aNaM-4x$8=)DoIgaKXh*pdue
z-XOODAh{B_Fzsl8Ef{&EaLgIrowiw73!Z_kd6~p>61A?Td$ltLYpb9DX~y?2=Mwr!
zHc;~?(3LR7?}=H4b{r1-Q2!&N;qW#mZzu^8A_eA{cxuT2qTOO1-@|I#GF@0g?L+Qi
zV(jc*LSKDgV1}LxXue_OKufF<;hHODIY7TqEuFl^u->sNbrzOfnLP<N0LeSq(3K_i
s)-X-!j|D^s&<b&*gNa5z1Cn|wA81@<H5VdiRqINILugI>;kny3s3KB^BLDyZ

literal 0
HcmV?d00001

diff --git a/adb/apex/com.android.adbd.x509.pem b/adb/apex/com.android.adbd.x509.pem
new file mode 100644
index 000000000..bb85c1d11
--- /dev/null
+++ b/adb/apex/com.android.adbd.x509.pem
@@ -0,0 +1,35 @@
+-----BEGIN CERTIFICATE-----
+MIIGHzCCBAegAwIBAgIUW8npFHXBP+wsEAesGMBxaV7TScAwDQYJKoZIhvcNAQEL
+BQAwgZ0xCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQH
+DA1Nb3VudGFpbiBWaWV3MRAwDgYDVQQKDAdBbmRyb2lkMRAwDgYDVQQLDAdBbmRy
+b2lkMRkwFwYDVQQDDBBjb20uYW5kcm9pZC5hZGJkMSIwIAYJKoZIhvcNAQkBFhNh
+bmRyb2lkQGFuZHJvaWQuY29tMCAXDTE5MDgxNTE5MzkxM1oYDzQ3NTcwNzExMTkz
+OTEzWjCBnTELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNV
+BAcMDU1vdW50YWluIFZpZXcxEDAOBgNVBAoMB0FuZHJvaWQxEDAOBgNVBAsMB0Fu
+ZHJvaWQxGTAXBgNVBAMMEGNvbS5hbmRyb2lkLmFkYmQxIjAgBgkqhkiG9w0BCQEW
+E2FuZHJvaWRAYW5kcm9pZC5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK
+AoICAQC6zbUeWi5vNA6vCC4FBrJQ9re4UexP6TabsDYvWpFBoCluvMkT2ZRmpXMF
+W7EzQ5VmuUvZgLYVHuJmnvHIV3uaRc2VE1SV+spjWTRt+6DtsAN7irR5K66POWMp
++tr5hASdQBVOJdebimsepy0pH6sXREvanrrFzkSM/2Ho0unlwWJ5Y4jcnvdkVHI5
+Ks0vifLmX4y5mYgv1dcXYWzyYx39f8HyePv0cjRhYXiIEYZ49KWU4MjryvQe/mAu
+MQuMp901BLps2W1+oKyPPA4DV69KUXgF66RFfsjjkJJ/CSeQGzTuez+UWzFk3Duc
+6MmbiL1LTki3vyyVtjW1rYFO2s+M6Pa5NZWHgA55uUxiJ987WPyK9lWnMsY6YeKa
+FDBfS1JUzXGPzVncgM7LLvzAEibLdhjII88NsJvzPoHK0SluSn+E7t7iGO1fTjkD
+Js94iUJAp8OQ4GwkcTVgtEAR+NXzownNjHJ6qpiq6tXRqXdBqSat/glf01AgNDtz
+9AGeW7Mz6FqTdOzg3U4lu77+CGd3SZTuQk8C8PUDNhqhQX5H2qhr90bakGaXuYfE
+rWFzIjrVdJIznV1BimOCay5HyyHab4FWlVhAvslEQb2BpHRyi2lhe0laupOpmN44
+LzfjFM18bi2GashIi2OQuYDyAeT5mGtR2g8mC7g44H6dH+wTfQIDAQABo1MwUTAd
+BgNVHQ4EFgQU7lyyxPO5SOOh9a5O0l4+RjckcgcwHwYDVR0jBBgwFoAU7lyyxPO5
+SOOh9a5O0l4+RjckcgcwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC
+AgEAStsOy8bkbZg/Ygx47bPkLSz0cJIvATxTChUGOabkz+brLis88ABVWVP0IXps
+tlLlZR5cjXBJguE7GJXzKPWzQZuB8+YwcGHG6QDFpfdMeGrxPDhwNfGy236ArVnx
+K0v1IIxoZRZ0P7aubk3xwUAPgsmT5ayZCKu+dqlEy5B6ioKEsr7Y2RRT/8ifERNm
+cjS9AhcyWrp4R3cjy2iA/RpdsPFwE5ac3I+GtUB4D2up5aDMsy85i9t2/1kuTUaA
+9UHwGXCpcqP8f8BqeLzuxDzYkAvkntlNxbXn1cbn+dTRIOCBoDbtSeqtxhWooOUH
+RQROeRsB7iicdYJJRge0+WyR+216AKUSQPE6/rT0Ifr06ZRwi22/YyySpwuO3SNA
++yWffh+f4h31Dz+p6pu8wjbMDkq4LnCWyjLwfF/yhvWhwwm5+KPAEhvJABeHQc+3
+cslOC9dlXJm9sPoUC7ghmUiFsCmN2hIzQrr2QoK0Obh0AGexOvOAw9cqtOdZQncB
+bqC8c4sVYScVxwDWkg0lNfRMC5boPjBsl7+M2CC1ukgVpXTyDOEjMWILrBXfYCDX
+unBH3kbKQOfL5RT0nE1Lkt1rn5qAWMJg4mvS4QuIurbRtEoj3QYQadF9md4qJXs0
+TvqvY8iEC4xrWU2SQn1K3PutXgaLP9/b6Cy1SBrhBX+AC5s=
+-----END CERTIFICATE-----
diff --git a/adb/apex/ld.config.txt b/adb/apex/ld.config.txt
new file mode 100644
index 000000000..85f9b298d
--- /dev/null
+++ b/adb/apex/ld.config.txt
@@ -0,0 +1,51 @@
+# Copyright (C) 2019 The Android Open Source Project
+#
+# Bionic loader config file for the adbd APEX.
+
+dir.adbd = /apex/com.android.adbd/bin/
+
+[adbd]
+additional.namespaces = platform,art,adbd
+
+namespace.default.isolated = true
+namespace.default.links = art,adbd,platform
+namespace.default.link.art.shared_libs = libadbconnection_server.so
+namespace.default.link.platform.allow_all_shared_libs = true
+namespace.default.link.adbd.allow_all_shared_libs = true
+
+###############################################################################
+# "adbd" APEX namespace
+###############################################################################
+namespace.adbd.isolated = true
+namespace.adbd.search.paths = /apex/com.android.adbd/${LIB}
+namespace.adbd.asan.search.paths = /apex/com.android.adbd/${LIB}
+namespace.adbd.links = platform
+namespace.adbd.link.platform.allow_all_shared_libs = true
+
+###############################################################################
+# "art" APEX namespace: used for libadbdconnection_server
+###############################################################################
+namespace.art.isolated = true
+namespace.art.search.paths = /apex/com.android.art/${LIB}
+namespace.art.asan.search.paths = /apex/com.android.art/${LIB}
+namespace.art.links = platform
+namespace.art.link.platform.allow_all_shared_libs = true
+
+###############################################################################
+# "platform" namespace: used for NDK libraries, and libadbd_auth
+###############################################################################
+namespace.platform.isolated = true
+namespace.platform.search.paths = /system/${LIB}
+namespace.platform.asan.search.paths = /data/asan/system/${LIB}
+
+# /system/lib/libc.so, etc are symlinks to
+# /apex/com.android.runtime/lib/bionic/libc.so, etc. Add the path to the
+# permitted paths because linker uses realpath(3) to check the accessibility
+# of the lib. We could add this to search.paths instead but that makes the
+# resolution of bionic libs be dependent on the order of /system/lib and
+# /apex/.../lib/bionic in search.paths. If the latter is after the former,
+# then the latter is never tried because libc.so is always found in
+# /system/lib but fails to pass the accessibility test because of its realpath.
+# It's better to not depend on the ordering if possible.
+namespace.platform.permitted.paths = /apex/com.android.runtime/${LIB}/bionic
+namespace.platform.asan.permitted.paths = /apex/com.android.runtime/${LIB}/bionic
diff --git a/liblog/liblog.map.txt b/liblog/liblog.map.txt
index ce4c53c82..aea33507f 100644
--- a/liblog/liblog.map.txt
+++ b/liblog/liblog.map.txt
@@ -51,7 +51,7 @@ LIBLOG_M {
 LIBLOG_O {
   global:
     __android_log_is_loggable_len;
-    __android_log_is_debuggable; # vndk
+    __android_log_is_debuggable; # apex vndk
 };
 
 LIBLOG_Q {
@@ -61,15 +61,15 @@ LIBLOG_Q {
     __android_log_bwrite; # apex
     __android_log_close; # apex
     __android_log_security; # apex
-    android_log_reset; #vndk
-    android_log_parser_reset; #vndk
+    __android_log_security_bswrite; # apex
+    android_log_reset; # vndk
+    android_log_parser_reset; # vndk
 };
 
 LIBLOG_PRIVATE {
   global:
     __android_log_pmsg_file_read;
     __android_log_pmsg_file_write;
-    __android_log_security_bswrite;
     __android_logger_get_buffer_size;
     __android_logger_property_get_bool;
     android_openEventTagMap;
diff --git a/rootdir/init.usb.rc b/rootdir/init.usb.rc
index b6cba901e..688d9ad08 100644
--- a/rootdir/init.usb.rc
+++ b/rootdir/init.usb.rc
@@ -16,6 +16,7 @@ service adbd /system/bin/adbd --root_seclabel=u:r:su:s0
     class core
     socket adbd seqpacket 660 system system
     disabled
+    updatable
     seclabel u:r:adbd:s0
 
 on boot