Udev-rules for fastboot and adb

NeoTheThird · May 15, 2018, 11:42am

The UBports Installer is a tool for installing Ubuntu Touch on supported Android devices. This is achieved by wrapping adb and fastboot (shipped in the package) and auto-connecting them through the raw-usb interface.

When we made the decision to move to strict confinement, we overlooked a critical issue: Special udev-rules are required for adb and fastboot. Since most of our testers already had adb and fastboot installed, those rules already existed on their systems and the problem was not caught until recently.

In an earlier discussion, @jdstrand proposed creating an interface that includes these rules:

Is this the correct way to go forward? Am i understanding it correctly that this would be something we would have to get accepted in snappy? If there’s no other way, I would be willing to look into that, but i might need some hints on how to get started. Since other snaps are running into the same issue, makes sense to invest some time here.

zyga-snapd · May 15, 2018, 1:29pm

If you share the rules I can show you how to make an interface.

NeoTheThird · May 15, 2018, 2:13pm

That would be great, thank you! Here are the rules:

SUBSYSTEM=="usb", ATTRS{idVendor}=="0e79", MODE="0666", GROUP="plugdev"
SUBSYSTEM=="usb", ATTRS{idVendor}=="0502", MODE="0666", GROUP="plugdev"
SUBSYSTEM=="usb", ATTRS{idVendor}=="0b05", MODE="0666", GROUP="plugdev"
SUBSYSTEM=="usb", ATTRS{idVendor}=="413c", MODE="0666", GROUP="plugdev"
SUBSYSTEM=="usb", ATTRS{idVendor}=="0489", MODE="0666", GROUP="plugdev"
SUBSYSTEM=="usb", ATTRS{idVendor}=="091e", MODE="0666", GROUP="plugdev"
SUBSYSTEM=="usb", ATTRS{idVendor}=="18d1", MODE="0666", GROUP="plugdev"
SUBSYSTEM=="usb", ATTRS{idVendor}=="0bb4", MODE="0666", GROUP="plugdev"
SUBSYSTEM=="usb", ATTRS{idVendor}=="12d1", MODE="0666", GROUP="plugdev"
SUBSYSTEM=="usb", ATTRS{idVendor}=="24e3", MODE="0666", GROUP="plugdev"
SUBSYSTEM=="usb", ATTRS{idVendor}=="2116", MODE="0666", GROUP="plugdev"
SUBSYSTEM=="usb", ATTRS{idVendor}=="0482", MODE="0666", GROUP="plugdev"
SUBSYSTEM=="usb", ATTRS{idVendor}=="17ef", MODE="0666", GROUP="plugdev"
SUBSYSTEM=="usb", ATTRS{idVendor}=="1004", MODE="0666", GROUP="plugdev"
SUBSYSTEM=="usb", ATTRS{idVendor}=="22b8", MODE="0666", GROUP="plugdev"
SUBSYSTEM=="usb", ATTRS{idVendor}=="0409", MODE="0666", GROUP="plugdev"
SUBSYSTEM=="usb", ATTRS{idVendor}=="2080", MODE="0666", GROUP="plugdev"
SUBSYSTEM=="usb", ATTRS{idVendor}=="0955", MODE="0666", GROUP="plugdev"
SUBSYSTEM=="usb", ATTRS{idVendor}=="2257", MODE="0666", GROUP="plugdev"
SUBSYSTEM=="usb", ATTRS{idVendor}=="10a9", MODE="0666", GROUP="plugdev"
SUBSYSTEM=="usb", ATTRS{idVendor}=="1d4d", MODE="0666", GROUP="plugdev"
SUBSYSTEM=="usb", ATTRS{idVendor}=="0471", MODE="0666", GROUP="plugdev"
SUBSYSTEM=="usb", ATTRS{idVendor}=="04da", MODE="0666", GROUP="plugdev"
SUBSYSTEM=="usb", ATTRS{idVendor}=="05c6", MODE="0666", GROUP="plugdev"
SUBSYSTEM=="usb", ATTRS{idVendor}=="1f53", MODE="0666", GROUP="plugdev"
SUBSYSTEM=="usb", ATTRS{idVendor}=="04e8", MODE="0666", GROUP="plugdev"
SUBSYSTEM=="usb", ATTRS{idVendor}=="04dd", MODE="0666", GROUP="plugdev"
SUBSYSTEM=="usb", ATTRS{idVendor}=="0fce", MODE="0666", GROUP="plugdev"
SUBSYSTEM=="usb", ATTRS{idVendor}=="0930", MODE="0666", GROUP="plugdev"
SUBSYSTEM=="usb", ATTRS{idVendor}=="19d2", MODE="0666", GROUP="plugdev"
SUBSYSTEM=="usb", ATTRS{idVendor}=="2ae5", MODE="0666", GROUP="plugdev"
SUBSYSTEM=="usb", ATTRS{idVendor}=="2a45", MODE="0666", GROUP="plugdev"

zyga-snapd · May 15, 2018, 4:26pm

Those rules are interesting. The mode is not a problem (perhaps) but I wonder about the group. Is plugdev something that universally exists across distributions? What’s the purpose of setting the group if the mode is “anyone can write anyway”.

Lastly, the list of vendors could be sorted (please) and documented as to what they are.

jdstrand · May 15, 2018, 5:29pm

No, it isn’t:

and it’s original purpose is not used any more. In fact, Debian is considering removing it: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897916. Note that the above UDEV rules are explicitly about allowing non-root users access to these devices and what we really need is Multiple users and groups in snaps so snapd can add the group specified in the interface (eg, ‘snap_adb’), then add udev rules using this group, with MODE=0660, then the admin can add users to snap_adb which will then have access.

All that said, the above udev rules use MODE="0666", GROUP="plugdev" so we could technically just drop the , GROUP="plugdev" since the mode is 0666 and the group is unknown and achieve the same result. On general principle, I don’t care for this since we should be using 0660; why should every user on the system have write access to these devices? However, one could argue it is ok because Android devices correctly have their own defense mechanism that does not rely on the computer-that-is-connecting-to-it for security (ie prompts, host checks, etc).

Considering all of the above, I suggest keeping MODE="0666", dropping GROUP="plugdev" and having a very clear comment in the interface what the interface allows. The interface would ideally also have adb-specific apparmor rules (and if needed, cgroup/udev tagging) for the access rather than relying on the raw-usb interface.

zyga-snapd · May 15, 2018, 5:33pm

Let’s just agree on a name and I will propose this.

NeoTheThird · May 15, 2018, 6:19pm

Ok, so here’s an ordered sanitized list, I also added some new ones, since the ones i posted before are only the rules we need for UBports. Since this is supposed to become a general android thing, it makes sense to have all (i probably still missed some) android vendors:

# ACER
SUBSYSTEM=="usb", ATTR{idVendor}=="0502", MODE="0666"
# ALLWINNER
SUBSYSTEM=="usb", ATTR{idVendor}=="1f3a", MODE="0666"
# AMLOGIC
SUBSYSTEM=="usb", ATTR{idVendor}=="1b8e", MODE="0666"
# ANYDATA
SUBSYSTEM=="usb", ATTR{idVendor}=="16d5", MODE="0666"
# ARCHOS
SUBSYSTEM=="usb", ATTR{idVendor}=="0e79", MODE="0666"
# ASUS
SUBSYSTEM=="usb", ATTR{idVendor}=="0b05", MODE="0666"
# BYD
SUBSYSTEM=="usb", ATTR{idVendor}=="1d91", MODE="0666"
# COMPAL
SUBSYSTEM=="usb", ATTR{idVendor}=="04b7", MODE="0666"
# COMPALCOMM
SUBSYSTEM=="usb", ATTR{idVendor}=="1219", MODE="0666"
# DELL
SUBSYSTEM=="usb", ATTR{idVendor}=="413c", MODE="0666"
# ECS
SUBSYSTEM=="usb", ATTR{idVendor}=="03fc", MODE="0666"
# EMERGING_TECH
SUBSYSTEM=="usb", ATTR{idVendor}=="297f", MODE="0666"
# EMERSON
SUBSYSTEM=="usb", ATTR{idVendor}=="2207", MODE="0666"
# FAIRPHONE
SUBSYSTEM=="usb", ATTR{idVendor}=="2ae5", MODE="0666"
# FOXCONN
SUBSYSTEM=="usb", ATTR{idVendor}=="0489", MODE="0666"
# FUJITSU
SUBSYSTEM=="usb", ATTR{idVendor}=="04c5", MODE="0666"
# FUNAI
SUBSYSTEM=="usb", ATTR{idVendor}=="0f1c", MODE="0666"
# GARMIN-ASUS
SUBSYSTEM=="usb", ATTR{idVendor}=="091e", MODE="0666"
# GIGABYTE
SUBSYSTEM=="usb", ATTR{idVendor}=="0414", MODE="0666"
# GIGASET
SUBSYSTEM=="usb", ATTR{idVendor}=="1e85", MODE="0666"
# GIONEE
SUBSYSTEM=="usb", ATTR{idVendor}=="271d", MODE="0666"
# GOOGLE
SUBSYSTEM=="usb", ATTR{idVendor}=="18d1", MODE="0666"
# HAIER
SUBSYSTEM=="usb", ATTR{idVendor}=="201e", MODE="0666"
# HARRIS
SUBSYSTEM=="usb", ATTR{idVendor}=="19a5", MODE="0666"
# HISENSE
SUBSYSTEM=="usb", ATTR{idVendor}=="109b", MODE="0666"
# HONEYWELL
SUBSYSTEM=="usb", ATTR{idVendor}=="0c2e", MODE="0666"
# HP
SUBSYSTEM=="usb", ATTR{idVendor}=="03f0", MODE="0666"
# HTC
SUBSYSTEM=="usb", ATTR{idVendor}=="0bb4", MODE="0666"
# HUAWEI
SUBSYSTEM=="usb", ATTR{idVendor}=="12d1", MODE="0666"
# INQ_MOBILE
SUBSYSTEM=="usb", ATTR{idVendor}=="2314", MODE="0666"
# INTEL
SUBSYSTEM=="usb", ATTR{idVendor}=="8087", MODE="0666"
# INTERMEC
SUBSYSTEM=="usb", ATTR{idVendor}=="067e", MODE="0666"
# IRIVER
SUBSYSTEM=="usb", ATTR{idVendor}=="2420", MODE="0666"
# K-TOUCH
SUBSYSTEM=="usb", ATTR{idVendor}=="24e3", MODE="0666"
# KT TECH
SUBSYSTEM=="usb", ATTR{idVendor}=="2116", MODE="0666"
# KOBO
SUBSYSTEM=="usb", ATTR{idVendor}=="2237", MODE="0666"
# KYOCERA
SUBSYSTEM=="usb", ATTR{idVendor}=="0482", MODE="0666" 
# LAB126
SUBSYSTEM=="usb", ATTR{idVendor}=="1949", MODE="0666"
# LENOVO
SUBSYSTEM=="usb", ATTR{idVendor}=="17ef", MODE="0666"
# LENOVOMOBILE
SUBSYSTEM=="usb", ATTR{idVendor}=="2006", MODE="0666"
# LGE
SUBSYSTEM=="usb", ATTR{idVendor}=="1004", MODE="0666"
# LUMIGON
SUBSYSTEM=="usb", ATTR{idVendor}=="25e3", MODE="0666"
# MEIZU
SUBSYSTEM=="usb", ATTR{idVendor}=="2a45", MODE="0666"
# MOTOROLA
SUBSYSTEM=="usb", ATTR{idVendor}=="22b8", MODE="0666"
# MSI
SUBSYSTEM=="usb", ATTR{idVendor}=="0db0", MODE="0666"
# MTK
SUBSYSTEM=="usb", ATTR{idVendor}=="0e8d", MODE="0666"
# NEC
SUBSYSTEM=="usb", ATTR{idVendor}=="0409", MODE="0666"
# NOOK
SUBSYSTEM=="usb", ATTR{idVendor}=="2080", MODE="0666"
# NVIDIA
SUBSYSTEM=="usb", ATTR{idVendor}=="0955", MODE="0666"
# OPPO
SUBSYSTEM=="usb", ATTR{idVendor}=="22d9", MODE="0666"
# OTGV
SUBSYSTEM=="usb", ATTR{idVendor}=="2257", MODE="0666"
# OUYA
SUBSYSTEM=="usb", ATTR{idVendor}=="2836", MODE="0666"
# PANTECH
SUBSYSTEM=="usb", ATTR{idVendor}=="10a9", MODE="0666" 
# PEGATRON
SUBSYSTEM=="usb", ATTR{idVendor}=="1d4d", MODE="0666"
# PHILPS
SUBSYSTEM=="usb", ATTR{idVendor}=="0471", MODE="0666"
# PMC-SIERRA
SUBSYSTEM=="usb", ATTR{idVendor}=="04da", MODE="0666"
# POSITIVO
SUBSYSTEM=="usb", ATTR{idVendor}=="1662", MODE="0666"
# PRESTIGIO
SUBSYSTEM=="usb", ATTR{idVendor}=="29e4", MODE="0666"
# QISDA
SUBSYSTEM=="usb", ATTR{idVendor}=="1d45", MODE="0666"
# Qualcomm
SUBSYSTEM=="usb", ATTR{idVendor}=="05c6", MODE="0666"
# QUANTA
SUBSYSTEM=="usb", ATTR{idVendor}=="0408", MODE="0666"
# ROCKCHIP
SUBSYSTEM=="usb", ATTR{idVendor}=="2207", MODE="0666"
# SAMSUNG
SUBSYSTEM=="usb", ATTR{idVendor}=="04e8", MODE="0666"
# SHARP
SUBSYSTEM=="usb", ATTR{idVendor}=="04dd", MODE="0666"
# SK TELESYS
SUBSYSTEM=="usb", ATTR{idVendor}=="1f53", MODE="0666"
# SMARTISAN
SUBSYSTEM=="usb", ATTR{idVendor}=="29a9", MODE="0666"
# SONY
SUBSYSTEM=="usb", ATTR{idVendor}=="054c", MODE="0666"
# SONY ERICSSON
SUBSYSTEM=="usb", ATTR{idVendor}=="0fce", MODE="0666"
# T_AND_A
SUBSYSTEM=="usb", ATTR{idVendor}=="1bbb", MODE="0666"
# TECHFAITH
SUBSYSTEM=="usb", ATTR{idVendor}=="1d09", MODE="0666"
# TELEEPOCH
SUBSYSTEM=="usb", ATTR{idVendor}=="2340", MODE="0666"
# TI
SUBSYSTEM=="usb", ATTR{idVendor}=="0451", MODE="0666"
# TOSHIBA
SUBSYSTEM=="usb", ATTR{idVendor}=="0930", MODE="0666"
# UNOWHY
SUBSYSTEM=="usb", ATTR{idVendor}=="2a49", MODE="0666"
# VIZIO
SUBSYSTEM=="usb", ATTR{idVendor}=="E040", MODE="0666"
# WACOM
SUBSYSTEM=="usb", ATTR{idVendor}=="0531", MODE="0666"
# XIAOMI
SUBSYSTEM=="usb", ATTR{idVendor}=="2717", MODE="0666"
# YOTADEVICES
SUBSYSTEM=="usb", ATTR{idVendor}=="2916", MODE="0666"
# YULONG_COOLPAD
SUBSYSTEM=="usb", ATTR{idVendor}=="1ebf", MODE="0666"
# ZTE
SUBSYSTEM=="usb", ATTR{idVendor}=="19d2", MODE="0666"

For a name I would suggest adb or adb_usb.

jdstrand · May 15, 2018, 6:22pm

I think adb-support is most appropriate and suggest you start with that. It would be easy to change if we decide to go with something else.

NeoTheThird · May 15, 2018, 6:23pm

We could also think about making this interface auto-connectable.

jdstrand · May 15, 2018, 7:06pm

Actually, I think it should be manually connected, but we can always add a snap declaration for snaps that need it.

zyga-snapd · May 16, 2018, 10:40am

This is now available as https://github.com/snapcore/snapd/pull/5170

NeoTheThird · May 16, 2018, 10:53am

You guys are awesome!

zyga-snapd · September 20, 2018, 7:38am

The pull request was refreshed and needs another round of review.