To remove an onerous startup requirement, the remoteshell service (which is used solely for device provisioning) is not started with the app. Unfortunately, without an intent, it is not possible to launch the service via ADB.
Expected behavior
The Android App should provide an intent that can be triggered via ADB to launch the remoteshell service. If possible, it should require some sort of elevated permissions, to prevent malicious apps prompting the same intent.
With this in place, we can probably also remove the FacilityUser based authentication from the remoteshell service, and instead rely entirely on a shared shibboleth put directly into the data directory of the app (which only someone with elevated permissions would be able to do).
Observed behavior
To remove an onerous startup requirement, the remoteshell service (which is used solely for device provisioning) is not started with the app. Unfortunately, without an intent, it is not possible to launch the service via ADB.
Expected behavior
The Android App should provide an intent that can be triggered via ADB to launch the remoteshell service. If possible, it should require some sort of elevated permissions, to prevent malicious apps prompting the same intent.
With this in place, we can probably also remove the FacilityUser based authentication from the remoteshell service, and instead rely entirely on a shared shibboleth put directly into the data directory of the app (which only someone with elevated permissions would be able to do).