Set *Restrict USB* > *Deny USB connections*/*Allow USB connections when unlocked* with adb #22

New Issue

Benjamin_Loison · 2024-12-14T16:48:00+01:00

Benjamin_Loison commented

2024-12-14 16:48:00 +01:00

Related to Benjamin-Loison/android/issues/{139,140}.

+102

Related to [Benjamin-Loison/android/issues/](https://github.com/Benjamin-Loison/android/issues){[139](https://github.com/Benjamin-Loison/android/issues/139),[140](https://github.com/Benjamin-Loison/android/issues/140)}. +102

Benjamin_Loison changed title from ~~Set *Restrict USB* > *Deny USB connections* with `adb`~~ to Set *Restrict USB* > *Deny USB connections*/*Allow USB connections when unlocked* with `adb`

2024-12-31 00:39:46 +01:00

Benjamin_Loison commented

2024-12-31 01:17:36 +01:00

DuckDuckGo and Google search "adb" "Restrict USB" first page of results does not seem to help.

DuckDuckGo and Google search `"adb" "Restrict USB"` first page of results does not seem to help.

Benjamin_Loison commented

2025-05-09 14:40:54 +02:00

Related to Benjamin_Loison/Voice_assistant/issues/18#issuecomment-4414577.

Related to [Benjamin_Loison/Voice_assistant/issues/18#issuecomment-4414577](https://codeberg.org/Benjamin_Loison/Voice_assistant/issues/18#issuecomment-4414577).

Benjamin_Loison commented

2025-05-17 04:29:47 +02:00

Bash script:

for section in global system secure
do
    echo $section
    adb shell settings list $section | grep -iE 'restr|usb'
done

Output:

global
default_restrict_background_data=0
restricted_networking_mode=1
uids_allowed_on_restricted_networks=
usb_mass_storage_enabled=1
system
volume_music_usb_headset=3
volume_voice_usb_headset=15
secure
usb_audio_automatic_routing_disabled=0

<details> <summary>Bash script:</summary> ```bash for section in global system secure do echo $section adb shell settings list $section | grep -iE 'restr|usb' done ``` </details> <details> <summary>Output:</summary> ``` global default_restrict_background_data=0 restricted_networking_mode=1 uids_allowed_on_restricted_networks= usb_mass_storage_enabled=1 system volume_music_usb_headset=3 volume_voice_usb_headset=15 secure usb_audio_automatic_routing_disabled=0 ``` </details>

Benjamin_Loison commented

2025-05-17 04:31:48 +02:00

No matter Restrict USB I face usb_mass_storage_enabled=1.

No matter *Restrict USB* I face `usb_mass_storage_enabled=1`.

Benjamin_Loison commented

2025-05-17 05:42:03 +02:00

adb shell getprop | grep -E 'restr|usb'

Output:

[init.svc.usbd]: [stopped]
[persist.sys.usb.config]: []
[ro.boot.usbcontroller]: [a600000.dwc3]
[sys.usb.adb.disabled]: [0]
[sys.usb.configfs]: [2]
[sys.usb.controller]: [a600000.dwc3]
[sys.usb.mtp.batchcancel]: [1]
[sys.usb.mtp.device_type]: [3]

```bash adb shell getprop | grep -E 'restr|usb' ``` <details> <summary>Output:</summary> ``` [init.svc.usbd]: [stopped] [persist.sys.usb.config]: [] [ro.boot.usbcontroller]: [a600000.dwc3] [sys.usb.adb.disabled]: [0] [sys.usb.configfs]: [2] [sys.usb.controller]: [a600000.dwc3] [sys.usb.mtp.batchcancel]: [1] [sys.usb.mtp.device_type]: [3] ``` </details>

Benjamin_Loison commented

2025-05-17 05:53:48 +02:00

adb shell getprop | grep 'usb'

Output:

[init.svc.usbd]: [stopped]
[persist.sys.usb.config]: []
[ro.boot.usbcontroller]: [a600000.dwc3]
[sys.usb.adb.disabled]: [0]
[sys.usb.configfs]: [2]
[sys.usb.controller]: [a600000.dwc3]
[sys.usb.mtp.batchcancel]: [1]
[sys.usb.mtp.device_type]: [3]

does not help experimentally.

```bash adb shell getprop | grep 'usb' ``` <details> <summary>Output:</summary> ``` [init.svc.usbd]: [stopped] [persist.sys.usb.config]: [] [ro.boot.usbcontroller]: [a600000.dwc3] [sys.usb.adb.disabled]: [0] [sys.usb.configfs]: [2] [sys.usb.controller]: [a600000.dwc3] [sys.usb.mtp.batchcancel]: [1] [sys.usb.mtp.device_type]: [3] ``` </details> does not help experimentally.

Benjamin_Loison commented

2025-05-23 14:56:21 +02:00

adb root does not help, see #39#issuecomment-3991.

`adb root` does not help, see [#39#issuecomment-3991](https://gitea.lemnoslife.com/Benjamin_Loison/adb/issues/39#issuecomment-3991).

Benjamin_Loison commented

2025-05-25 00:42:18 +02:00

Could just proceed automatically graphically, see Benjamin_Loison/Voice_assistant/issues/46.

Could just proceed automatically graphically, see [Benjamin_Loison/Voice_assistant/issues/46](https://codeberg.org/Benjamin_Loison/Voice_assistant/issues/46).

Benjamin_Loison commented

2025-08-29 17:28:55 +02:00

Related to Benjamin_Loison/Backup_Android_apps/issues/40.

Related to [Benjamin_Loison/Backup_Android_apps/issues/40](https://codeberg.org/Benjamin_Loison/Backup_Android_apps/issues/40).

Benjamin_Loison commented

2026-02-14 23:06:17 +01:00

Related to Benjamin-Loison/android/issues/28#issuecomment-3902625664.

Related to [Benjamin-Loison/android/issues/28#issuecomment-3902625664](https://github.com/Benjamin-Loison/android/issues/28#issuecomment-3902625664).

Benjamin_Loison commented

2026-02-15 18:59:42 +01:00

https://chat.mistral.ai/chat/9ab408ba-dd8b-4454-aacf-db4d00ada110

adb shell settings list global

does not change, as mentioned in #issuecomment-3944. Especially as there are 3 states.

https://chat.mistral.ai/chat/9ab408ba-dd8b-4454-aacf-db4d00ada110 ```bash adb shell settings list global ``` does not change, as mentioned in [#issuecomment-3944](#issuecomment-3944). Especially as there are 3 states.

Benjamin_Loison commented

2026-02-15 19:00:46 +01:00

Same for:

adb shell settings list secure

Same for: ```bash adb shell settings list secure ```

Benjamin_Loison commented

2026-02-15 19:02:31 +01:00

adb shell settings

Output:

Settings provider (settings) commands:
  help
      Print this help text.
  get [--user <USER_ID> | current] [--deviceId <DEVICE_ID> | 0] [--lineage] NAMESPACE KEY
      Retrieve the current value of KEY.
  put [--user <USER_ID> | current] [--deviceId <DEVICE_ID> | 0] [--lineage] NAMESPACE KEY VALUE [TAG] [default] [overrideableByRestore]
      Change the contents of KEY to VALUE.
      TAG to associate with the setting (cannot be default or overrideableByRestore).
      {default} to set as the default, case-insensitive only for global/secure namespace
      {overrideableByRestore} to let the value be overridden by BackupManager on restore operations
  delete [--user <USER_ID> | current] [--deviceId <DEVICE_ID> | 0] [--lineage] NAMESPACE KEY
      Delete the entry for KEY.
  reset [--user <USER_ID> | current] [--deviceId <DEVICE_ID> | 0] [--lineage] NAMESPACE {PACKAGE_NAME | RESET_MODE}
      Reset the global/secure table for a package with mode.
      RESET_MODE is one of {untrusted_defaults, untrusted_clear, trusted_defaults}, case-insensitive
  list [--user <USER_ID> | current] [--lineage] NAMESPACE
      Print all defined keys.
      NAMESPACE is one of {system, secure, global}, case-insensitive

adb shell settings delete secure usb_restrict

Deleted 1 rows

```bash adb shell settings ``` <details> <summary>Output:</summary> ``` Settings provider (settings) commands: help Print this help text. get [--user <USER_ID> | current] [--deviceId <DEVICE_ID> | 0] [--lineage] NAMESPACE KEY Retrieve the current value of KEY. put [--user <USER_ID> | current] [--deviceId <DEVICE_ID> | 0] [--lineage] NAMESPACE KEY VALUE [TAG] [default] [overrideableByRestore] Change the contents of KEY to VALUE. TAG to associate with the setting (cannot be default or overrideableByRestore). {default} to set as the default, case-insensitive only for global/secure namespace {overrideableByRestore} to let the value be overridden by BackupManager on restore operations delete [--user <USER_ID> | current] [--deviceId <DEVICE_ID> | 0] [--lineage] NAMESPACE KEY Delete the entry for KEY. reset [--user <USER_ID> | current] [--deviceId <DEVICE_ID> | 0] [--lineage] NAMESPACE {PACKAGE_NAME | RESET_MODE} Reset the global/secure table for a package with mode. RESET_MODE is one of {untrusted_defaults, untrusted_clear, trusted_defaults}, case-insensitive list [--user <USER_ID> | current] [--lineage] NAMESPACE Print all defined keys. NAMESPACE is one of {system, secure, global}, case-insensitive ``` </details> ```bash adb shell settings delete secure usb_restrict ``` ``` Deleted 1 rows ```

Benjamin_Loison commented

2026-02-15 19:04:18 +01:00

I verified that both global usb_restricted_mode and secure usb_restrict 0 and 1 do not disconnect me with adb shell whoami contrarily to manually setting to Deny USB connections.

I verified that both `global` `usb_restricted_mode` and `secure` `usb_restrict` `0` and `1` do not disconnect me with `adb shell whoami` contrarily to manually setting to *Deny USB connections*.

Benjamin_Loison commented

2026-02-18 00:24:44 +01:00

https://chat.mistral.ai/chat/159c960e-e7e1-4d67-a4ea-f7eba642e291

does not help.

https://chatgpt.com/share/6994f885-148c-8002-b3b1-c042967a9823

solved my issue, parentheses are needed.

Otherwise I would have used:

get_field_value()
{
    ui=$1
    xpath=$2
    field=$3
    index=${4:-1}
    #echo $index >&2
    #echo "$xpath/@$field" >&2
    #exit 1
    echo "$ui" | xmlstarlet select --template --value-of "$xpath/@$field" # | sed "${index}q;d" #>&2
    #exit 1
    #| sed "${index}q;d"
}

get_middle()
{
    ui=$1
    xpath=$2
    bounds=`get_field_value "$ui" "$xpath" bounds $3`
    REGEX="\[([0-9]+),([0-9]+)\]\[([0-9]+),([0-9]+)\]"
    if [[ $bounds =~ $REGEX ]]
    then
        middleX=$(((BASH_REMATCH[1] + BASH_REMATCH[3]) / 2))
        middleY=$(((BASH_REMATCH[2] + BASH_REMATCH[4]) / 2))
        echo $middleX $middleY
    fi
}

https://chat.mistral.ai/chat/159c960e-e7e1-4d67-a4ea-f7eba642e291 does not help. https://chatgpt.com/share/6994f885-148c-8002-b3b1-c042967a9823 solved my issue, parentheses are needed. <details> <summary>Otherwise I would have used:</summary> ```bash get_field_value() { ui=$1 xpath=$2 field=$3 index=${4:-1} #echo $index >&2 #echo "$xpath/@$field" >&2 #exit 1 echo "$ui" | xmlstarlet select --template --value-of "$xpath/@$field" # | sed "${index}q;d" #>&2 #exit 1 #| sed "${index}q;d" } get_middle() { ui=$1 xpath=$2 bounds=`get_field_value "$ui" "$xpath" bounds $3` REGEX="\[([0-9]+),([0-9]+)\]\[([0-9]+),([0-9]+)\]" if [[ $bounds =~ $REGEX ]] then middleX=$(((BASH_REMATCH[1] + BASH_REMATCH[3]) / 2)) middleY=$(((BASH_REMATCH[2] + BASH_REMATCH[4]) / 2)) echo $middleX $middleY fi } ``` </details>

Benjamin_Loison commented

2026-02-18 00:37:54 +01:00

DuckDuckGo search Bash execute string.

The Stack Overflow answer 2005201 helps.

DuckDuckGo search *Bash execute string*. [The Stack Overflow answer 2005201](https://stackoverflow.com/a/2005201) helps.

Benjamin_Loison commented

2026-02-18 00:49:00 +01:00

~/.bashrc excerpt:

get_click_ui_xpath_command()
{
    ui=$1
    xpath=$2
    middle=`get_middle "$ui" "$xpath"`
    echo input tap $middle
}

click_ui_xpath()
{
    ui=$1
    xpath=$2
    eval adb shell $(get_click_ui_xpath_command "$ui" "$xpath")
}

get_ui_xpath()
{
    text=$1
    echo "//node[@text=\"$text\"]"
}

click_ui()
{
    ui=$1
    text=$2
    click_ui_xpath "$ui" "$(get_ui_xpath "$text")"
}

# [Benjamin_Loison/adb/issues/22](https://gitea.lemnoslife.com/Benjamin_Loison/adb/issues/22)
stopADBAndRestrictUSB()
{
    adb shell am force-stop com.android.settings
    adb shell am start -n com.android.settings/.Settings > /dev/null
    ui=`get_ui`
    click_ui "$ui" 'Search settings'
    get_ui > /dev/null
    adb shell "input text 'Restrict USB'"
    ui=`get_ui` 
    click_ui_xpath "$ui" '(//node[@text="Restrict USB"])[2]'
    ui=`get_ui` 
    click_ui "$ui" 'Restrict USB'
    ui=`get_ui`
    xpath="$(get_ui_xpath 'Deny USB connections')"
    adbCommand=`get_click_ui_xpath_command "$ui" "$xpath"`
    adb shell "$adbCommand && settings put global adb_enabled 0"
}

always worked fine from my multiple tests.

<details> <summary><code>~/.bashrc</code> excerpt:</summary> ```bash get_click_ui_xpath_command() { ui=$1 xpath=$2 middle=`get_middle "$ui" "$xpath"` echo input tap $middle } click_ui_xpath() { ui=$1 xpath=$2 eval adb shell $(get_click_ui_xpath_command "$ui" "$xpath") } get_ui_xpath() { text=$1 echo "//node[@text=\"$text\"]" } click_ui() { ui=$1 text=$2 click_ui_xpath "$ui" "$(get_ui_xpath "$text")" } # [Benjamin_Loison/adb/issues/22](https://gitea.lemnoslife.com/Benjamin_Loison/adb/issues/22) stopADBAndRestrictUSB() { adb shell am force-stop com.android.settings adb shell am start -n com.android.settings/.Settings > /dev/null ui=`get_ui` click_ui "$ui" 'Search settings' get_ui > /dev/null adb shell "input text 'Restrict USB'" ui=`get_ui` click_ui_xpath "$ui" '(//node[@text="Restrict USB"])[2]' ui=`get_ui` click_ui "$ui" 'Restrict USB' ui=`get_ui` xpath="$(get_ui_xpath 'Deny USB connections')" adbCommand=`get_click_ui_xpath_command "$ui" "$xpath"` adb shell "$adbCommand && settings put global adb_enabled 0" } ``` </details> always worked fine from my multiple tests.

Benjamin_Loison commented

2026-02-19 17:54:54 +01:00

None of:

adb shell 'settings put --lineage global trust_restrict_usb 2 && settings put global adb_enabled 0'

and

adb shell 'settings put global adb_enabled 0 && settings put --lineage global trust_restrict_usb 2'

achieve executing the second command while:

adb shell 'whoami && whoami'

Output:

shell
shell

works as wanted.

None of: ```bash adb shell 'settings put --lineage global trust_restrict_usb 2 && settings put global adb_enabled 0' ``` and ```bash adb shell 'settings put global adb_enabled 0 && settings put --lineage global trust_restrict_usb 2' ``` achieve executing the second command while: ```bash adb shell 'whoami && whoami' ``` <details> <summary>Output:</summary> ``` shell shell ``` </details> works as wanted.

Benjamin_Loison commented

2026-02-19 23:34:51 +01:00

DuckDuckGo search ADB disable Rooted debugging.

Alex4SSB/ADB-Explorer/issues/181

adb shell setprop service.adb.root 0

does not return anything and does not block adb shell whoami root.

Google search ADB disable Rooted debugging.

https://chat.mistral.ai/chat/c31140fc-ec5f-4430-8c77-f0674e4a9115

disable-verity and setenforce is not explained and looks suspicious to me.

https://chatgpt.com/share/699790fb-49a8-8002-9113-d3b855fbb0e1

adb shell stop adbd
adb shell whoami

adb: no devices/emulators found

adb shell start adbd

adb: no devices/emulators found

adb unroot

restarting adbd as non root

does not help.

Bash script:

for category in global secure system
do
    adb shell settings list $category
done | grep root

does not return anything as root.

Disabling graphically does not seem trivial notably due to temporary:

adb shell whoami

adb: no devices/emulators found

after disabling graphically.

DuckDuckGo search *ADB disable Rooted debugging*. [Alex4SSB/ADB-Explorer/issues/181](https://github.com/Alex4SSB/ADB-Explorer/issues/181) ```bash adb shell setprop service.adb.root 0 ``` does not return anything and does not block `adb shell whoami` `root`. Google search *ADB disable Rooted debugging*. https://chat.mistral.ai/chat/c31140fc-ec5f-4430-8c77-f0674e4a9115 `disable-verity` and `setenforce` is not explained and looks suspicious to me. https://chatgpt.com/share/699790fb-49a8-8002-9113-d3b855fbb0e1 ```bash adb shell stop adbd adb shell whoami ``` ``` adb: no devices/emulators found ``` ```bash adb shell start adbd ``` ``` adb: no devices/emulators found ``` ```bash adb unroot ``` ``` restarting adbd as non root ``` does not help. <details> <summary>Bash script:</summary> ```bash for category in global secure system do adb shell settings list $category done | grep root ``` </details> does not return anything as `root`. Disabling graphically does not seem trivial notably due to temporary: ```bash adb shell whoami ``` ``` adb: no devices/emulators found ``` after disabling graphically.

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: Benjamin_Loison/adb#22

Set *Restrict USB* > *Deny USB connections*/*Allow USB connections when unlocked* with adb #22

Set Restrict USB > Deny USB connections/Allow USB connections when unlocked with `adb` #22