Dear Maintainer,

I would like to propose an optional security hardening feature for adbd
in android-platform-tools.

On Debian-based embedded and production systems, adb shell currently
provides an unauthenticated interactive shell once adb transport is
available. In some deployments, this is undesirable because it bypasses
the system’s standard authentication, auditing, and account policy
mechanisms.

I implemented an optional build-time feature (guarded by
-DADBD_PAM_LOGIN) that changes the behavior of interactive adb shell
sessions (PTY-backed only) to exec /bin/login instead of spawning a
shell directly.

This causes the system’s existing PAM policy (e.g. /etc/pam.d/login) to
be enforced for adb shell access. Non-interactive adb shell invocations
(e.g. “adb shell <cmd>”) are explicitly rejected when this option is
enabled, since PAM login requires a controlling TTY.

The default behavior remains unchanged unless the feature is explicitly
enabled at build time.

With this option enabled:
 * adb shell becomes a PAM-authenticated login session
 * existing PAM mechanisms (passwords, lockout, auditing, limits) apply
 * no additional PAM libraries are linked into adbd
 * non-interactive adb shell usage is intentionally disallowed

The goal is to allow Debian users who need hardened adb access (e.g.
embedded, kiosk, or production environments) to opt into PAM-enforced
authentication, without changing the default adb behavior for typical
development workflows.

I believe this is best suited as an optional, opt-in Debian feature and
should not be enabled by default.

A git-format-patch implementing this change is attached for review.

I am happy to adjust the approach if there is a preferred Debian-specific
integration or policy mechanism.

Thank you for your time and consideration.

Best regards,
Jaihind Yadav