1 /*
2 * Copyright (C) 2007 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include "minadbd_services.h"
18
19 #include <errno.h>
20 #include <inttypes.h>
21 #include <stdio.h>
22 #include <stdlib.h>
23 #include <string.h>
24 #include <unistd.h>
25
26 #include <chrono>
27 #include <functional>
28 #include <memory>
29 #include <set>
30 #include <string>
31 #include <string_view>
32 #include <thread>
33
34 #include <android-base/file.h>
35 #include <android-base/logging.h>
36 #include <android-base/memory.h>
37 #include <android-base/parseint.h>
38 #include <android-base/properties.h>
39 #include <android-base/stringprintf.h>
40 #include <android-base/strings.h>
41
42 #include "adb.h"
43 #include "adb_unique_fd.h"
44 #include "adb_utils.h"
45 #include "fuse_adb_provider.h"
46 #include "fuse_sideload.h"
47 #include "minadbd/types.h"
48 #include "recovery_utils/battery_utils.h"
49 #include "services.h"
50 #include "sysdeps.h"
51
52 static int minadbd_socket = -1;
53 static bool rescue_mode = false;
54 static std::string sideload_mount_point = FUSE_SIDELOAD_HOST_MOUNTPOINT;
55
SetMinadbdSocketFd(int socket_fd)56 void SetMinadbdSocketFd(int socket_fd) {
57 minadbd_socket = socket_fd;
58 }
59
SetMinadbdRescueMode(bool rescue)60 void SetMinadbdRescueMode(bool rescue) {
61 rescue_mode = rescue;
62 }
63
SetSideloadMountPoint(const std::string & path)64 void SetSideloadMountPoint(const std::string& path) {
65 sideload_mount_point = path;
66 }
67
WriteCommandToFd(MinadbdCommand cmd,int fd)68 static bool WriteCommandToFd(MinadbdCommand cmd, int fd) {
69 char message[kMinadbdMessageSize];
70 memcpy(message, kMinadbdCommandPrefix, strlen(kMinadbdStatusPrefix));
71 android::base::put_unaligned(message + strlen(kMinadbdStatusPrefix), cmd);
72
73 if (!android::base::WriteFully(fd, message, kMinadbdMessageSize)) {
74 PLOG(ERROR) << "Failed to write message " << message;
75 return false;
76 }
77 return true;
78 }
79
80 // Blocks and reads the command status from |fd|. Returns false if the received message has a
81 // format error.
WaitForCommandStatus(int fd,MinadbdCommandStatus * status)82 static bool WaitForCommandStatus(int fd, MinadbdCommandStatus* status) {
83 char buffer[kMinadbdMessageSize];
84 if (!android::base::ReadFully(fd, buffer, kMinadbdMessageSize)) {
85 PLOG(ERROR) << "Failed to response status from socket";
86 exit(kMinadbdSocketIOError);
87 }
88
89 std::string message(buffer, buffer + kMinadbdMessageSize);
90 if (!android::base::StartsWith(message, kMinadbdStatusPrefix)) {
91 LOG(ERROR) << "Failed to parse status in " << message;
92 return false;
93 }
94
95 *status = android::base::get_unaligned<MinadbdCommandStatus>(
96 message.substr(strlen(kMinadbdStatusPrefix)).c_str());
97 return true;
98 }
99
RunAdbFuseSideload(int sfd,const std::string & args,MinadbdCommandStatus * status)100 static MinadbdErrorCode RunAdbFuseSideload(int sfd, const std::string& args,
101 MinadbdCommandStatus* status) {
102 auto pieces = android::base::Split(args, ":");
103 int64_t file_size;
104 int block_size;
105 if (pieces.size() != 2 || !android::base::ParseInt(pieces[0], &file_size) || file_size <= 0 ||
106 !android::base::ParseInt(pieces[1], &block_size) || block_size <= 0) {
107 LOG(ERROR) << "bad sideload-host arguments: " << args;
108 return kMinadbdHostCommandArgumentError;
109 }
110
111 LOG(INFO) << "sideload-host file size " << file_size << ", block size " << block_size;
112
113 if (!WriteCommandToFd(MinadbdCommand::kInstall, minadbd_socket)) {
114 return kMinadbdSocketIOError;
115 }
116
117 auto adb_data_reader = std::make_unique<FuseAdbDataProvider>(sfd, file_size, block_size);
118 if (int result = run_fuse_sideload(std::move(adb_data_reader), sideload_mount_point.c_str());
119 result != 0) {
120 LOG(ERROR) << "Failed to start fuse";
121 return kMinadbdFuseStartError;
122 }
123
124 if (!WaitForCommandStatus(minadbd_socket, status)) {
125 return kMinadbdMessageFormatError;
126 }
127
128 // Signal host-side adb to stop. For sideload mode, we always send kMinadbdServicesExitSuccess
129 // (i.e. "DONEDONE") regardless of the install result. For rescue mode, we send failure message on
130 // install error.
131 if (!rescue_mode || *status == MinadbdCommandStatus::kSuccess) {
132 if (!android::base::WriteFully(sfd, kMinadbdServicesExitSuccess,
133 strlen(kMinadbdServicesExitSuccess))) {
134 return kMinadbdHostSocketIOError;
135 }
136 } else {
137 if (!android::base::WriteFully(sfd, kMinadbdServicesExitFailure,
138 strlen(kMinadbdServicesExitFailure))) {
139 return kMinadbdHostSocketIOError;
140 }
141 }
142
143 return kMinadbdSuccess;
144 }
145
WaitForSocketClose(int fd,std::chrono::milliseconds timeout)146 static bool WaitForSocketClose(int fd, std::chrono::milliseconds timeout) {
147 const auto begin = std::chrono::steady_clock::now();
148 const auto end = begin + timeout;
149 while (std::chrono::steady_clock::now() < end) {
150 // We don't care about reading the socket, we just want to wait until
151 // socket closes. In this case .events = 0 will tell the kernel to wait
152 // for close events.
153 struct pollfd pfd = { .fd = fd, .events = 0 };
154 auto timeout_ms = std::chrono::duration_cast<std::chrono::milliseconds>(
155 end - std::chrono::steady_clock::now())
156 .count();
157 int rc = TEMP_FAILURE_RETRY(adb_poll(&pfd, 1, timeout_ms));
158 if (rc == 1) {
159 LOG(INFO) << "revents: " << pfd.revents;
160 if (pfd.revents & (POLLHUP | POLLRDHUP)) {
161 return true;
162 }
163 } else {
164 PLOG(ERROR) << "poll() failed";
165 // poll failed, almost definitely due to timeout
166 // If not, you're screwed anyway, because it probably means the kernel ran
167 // out of memory.
168 return false;
169 }
170 }
171 return false;
172 }
173
174 // Sideload service always exits after serving an install command.
SideloadHostService(unique_fd sfd,const std::string & args)175 static void SideloadHostService(unique_fd sfd, const std::string& args) {
176 using namespace std::chrono_literals;
177 MinadbdCommandStatus status;
178 auto error = RunAdbFuseSideload(sfd.get(), args, &status);
179 // No need to wait if the socket is already closed, meaning the other end
180 // already exited for some reason.
181 if (error != kMinadbdHostSocketIOError) {
182 // We sleep for a little bit just to wait for the host to receive last
183 // "DONEDONE" message. However minadbd process is likely to get terminated
184 // early due to exit_on_close
185 WaitForSocketClose(sfd, 3000ms);
186 }
187 exit(error);
188 }
189
190 // Rescue service waits for the next command after an install command.
RescueInstallHostService(unique_fd sfd,const std::string & args)191 static void RescueInstallHostService(unique_fd sfd, const std::string& args) {
192 MinadbdCommandStatus status;
193 if (auto result = RunAdbFuseSideload(sfd.get(), args, &status); result != kMinadbdSuccess) {
194 exit(result);
195 }
196 }
197
198 // Answers the query on a given property |prop|, by writing the result to the given |sfd|. The
199 // result will be newline-terminated, so nonexistent or nonallowed query will be answered with "\n".
200 // If given an empty string, dumps all the supported properties (analogous to `adb shell getprop`)
201 // in lines, e.g. "[prop]: [value]".
RescueGetpropHostService(unique_fd sfd,const std::string & prop)202 static void RescueGetpropHostService(unique_fd sfd, const std::string& prop) {
203 constexpr const char* kRescueBatteryLevelProp = "rescue.battery_level";
204 static const std::set<std::string> kGetpropAllowedProps = {
205 // clang-format off
206 kRescueBatteryLevelProp,
207 "ro.build.date.utc",
208 "ro.build.fingerprint",
209 "ro.build.flavor",
210 "ro.build.id",
211 "ro.build.product",
212 "ro.build.tags",
213 "ro.build.version.incremental",
214 "ro.product.device",
215 "ro.product.vendor.device",
216 // clang-format on
217 };
218
219 auto query_prop = [](const std::string& key) {
220 if (key == kRescueBatteryLevelProp) {
221 auto battery_info = GetBatteryInfo();
222 return std::to_string(battery_info.capacity);
223 }
224 return android::base::GetProperty(key, "");
225 };
226
227 std::string result;
228 if (prop.empty()) {
229 for (const auto& key : kGetpropAllowedProps) {
230 auto value = query_prop(key);
231 if (value.empty()) {
232 continue;
233 }
234 result += "[" + key + "]: [" + value + "]\n";
235 }
236 } else if (kGetpropAllowedProps.find(prop) != kGetpropAllowedProps.end()) {
237 result = query_prop(prop) + "\n";
238 }
239 if (result.empty()) {
240 result = "\n";
241 }
242 if (!android::base::WriteFully(sfd, result.data(), result.size())) {
243 exit(kMinadbdHostSocketIOError);
244 }
245
246 // Send heartbeat signal to keep the rescue service alive.
247 if (!WriteCommandToFd(MinadbdCommand::kNoOp, minadbd_socket)) {
248 exit(kMinadbdSocketIOError);
249 }
250 if (MinadbdCommandStatus status; !WaitForCommandStatus(minadbd_socket, &status)) {
251 exit(kMinadbdMessageFormatError);
252 }
253 }
254
255 // Reboots into the given target. We don't reboot directly from minadbd, but going through recovery
256 // instead. This allows recovery to finish all the pending works (clear BCB, save logs etc) before
257 // the reboot.
RebootHostService(unique_fd,const std::string & target)258 static void RebootHostService(unique_fd /* sfd */, const std::string& target) {
259 MinadbdCommand command;
260 if (target == "bootloader") {
261 command = MinadbdCommand::kRebootBootloader;
262 } else if (target == "rescue") {
263 command = MinadbdCommand::kRebootRescue;
264 } else if (target == "recovery") {
265 command = MinadbdCommand::kRebootRecovery;
266 } else if (target == "fastboot") {
267 command = MinadbdCommand::kRebootFastboot;
268 } else {
269 command = MinadbdCommand::kRebootAndroid;
270 }
271 if (!WriteCommandToFd(command, minadbd_socket)) {
272 exit(kMinadbdSocketIOError);
273 }
274 MinadbdCommandStatus status;
275 if (!WaitForCommandStatus(minadbd_socket, &status)) {
276 exit(kMinadbdMessageFormatError);
277 }
278 }
279
WipeDeviceService(unique_fd fd,const std::string & args)280 static void WipeDeviceService(unique_fd fd, const std::string& args) {
281 auto pieces = android::base::Split(args, ":");
282 if (pieces.size() != 2 || pieces[0] != "userdata") {
283 LOG(ERROR) << "Failed to parse wipe device command arguments " << args;
284 exit(kMinadbdHostCommandArgumentError);
285 }
286
287 size_t message_size;
288 if (!android::base::ParseUint(pieces[1], &message_size) ||
289 message_size < strlen(kMinadbdServicesExitSuccess)) {
290 LOG(ERROR) << "Failed to parse wipe device message size in " << args;
291 exit(kMinadbdHostCommandArgumentError);
292 }
293
294 WriteCommandToFd(MinadbdCommand::kWipeData, minadbd_socket);
295 MinadbdCommandStatus status;
296 if (!WaitForCommandStatus(minadbd_socket, &status)) {
297 exit(kMinadbdMessageFormatError);
298 }
299
300 std::string response = (status == MinadbdCommandStatus::kSuccess) ? kMinadbdServicesExitSuccess
301 : kMinadbdServicesExitFailure;
302 response += std::string(message_size - response.size(), '\0');
303 if (!android::base::WriteFully(fd, response.c_str(), response.size())) {
304 exit(kMinadbdHostSocketIOError);
305 }
306 }
307
daemon_service_to_socket(std::string_view)308 asocket* daemon_service_to_socket(std::string_view) {
309 return nullptr;
310 }
311
daemon_service_to_fd(std::string_view name,atransport *)312 unique_fd daemon_service_to_fd(std::string_view name, atransport* /* transport */) {
313 // Common services that are supported both in sideload and rescue modes.
314 if (android::base::ConsumePrefix(&name, "reboot:")) {
315 // "reboot:<target>", where target must be one of the following.
316 std::string args(name);
317 if (args.empty() || args == "bootloader" || args == "rescue" || args == "recovery" ||
318 args == "fastboot") {
319 return create_service_thread("reboot",
320 std::bind(RebootHostService, std::placeholders::_1, args));
321 }
322 return unique_fd{};
323 }
324
325 // Rescue-specific services.
326 if (rescue_mode) {
327 if (android::base::ConsumePrefix(&name, "rescue-install:")) {
328 // rescue-install:<file-size>:<block-size>
329 std::string args(name);
330 return create_service_thread(
331 "rescue-install", std::bind(RescueInstallHostService, std::placeholders::_1, args));
332 } else if (android::base::ConsumePrefix(&name, "rescue-getprop:")) {
333 // rescue-getprop:<prop>
334 std::string args(name);
335 return create_service_thread(
336 "rescue-getprop", std::bind(RescueGetpropHostService, std::placeholders::_1, args));
337 } else if (android::base::ConsumePrefix(&name, "rescue-wipe:")) {
338 // rescue-wipe:target:<message-size>
339 std::string args(name);
340 return create_service_thread("rescue-wipe",
341 std::bind(WipeDeviceService, std::placeholders::_1, args));
342 }
343
344 return unique_fd{};
345 }
346
347 // Sideload-specific services.
348 if (name.starts_with("sideload:")) {
349 // This exit status causes recovery to print a special error message saying to use a newer adb
350 // (that supports sideload-host).
351 exit(kMinadbdAdbVersionError);
352 } else if (android::base::ConsumePrefix(&name, "sideload-host:")) {
353 // sideload-host:<file-size>:<block-size>
354 std::string args(name);
355 return create_service_thread("sideload-host",
356 std::bind(SideloadHostService, std::placeholders::_1, args));
357 }
358 return unique_fd{};
359 }
360