ubuntu-phone team mailing list archive

[Oliver Grawert <ogra@xxxxxxxxxx>]

hi,

Am Dienstag, den 25.11.2014, 10:19 -0800 schrieb Steve Langasek:
> On Tue, Nov 25, 2014 at 10:30:17AM +0100, Oliver Grawert wrote:
> 
> > Am Dienstag, den 25.11.2014, 10:17 +0100 schrieb Martin Pitt:
> > > Oliver Grawert [2014-11-24 19:13 +0100]:
> > > > if you try to connect while the screen is locked adb will return 
> > > > "error: closed"
> 
> > > This would again mean that we can't run unattended tests on devices,
> > > as adb is our one and only foot into the door, and we need it in order
> > > to automatically unlock Unity. So chicken - egg again.
> 
> > > Since adb doesn't run by default anyway, and one has to explicitly
> > > enable it with "developer mode", what's the thing that we are trying
> > > to prevent here?
> 
> > please see
> > https://wiki.ubuntu.com/SecurityAndPrivacySettings/ProtectingUserData
> 
> > (it is also linked from the bug i pointed to)
> 
> As we discussed at the last client sprint, however, it is *not* a
> requirement that the screen be unlocked to connect over adb.  The
> requirement is that unknown hosts, when connecting, get approved (via the
> certificate path) before they're allowed in.  That requires the phone to be
> unlocked in the interactive case, because the user needs to get past the
> lock screen to approve the connection.  But denying adb connections
> /because/ the screen is locked is not a requirement, and is not actually a
> stepping stone towards the target solution.

yes, this was planned at the last sprint with all stakeholders in the
meeting (as sergio pointed out above) the solution demanded from
security until we have cert handling in place (which is supposed to be
ready by vivid feature freeze with the new android-tools upstream
version etc) is that the screen state gets checked before establishing
the shell connection though ... so for RTM this is the solution we
have ...

ciao
	oli

Attachment: signature.asc
Description: This is a digitally signed message part