1 /*
2 * Copyright (C) 2015 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #define TRACE_TAG ADB
18
19 #include "sysdeps.h"
20
21 #if defined(__BIONIC__)
22 #include <android/fdsan.h>
23 #endif
24
25 #include <errno.h>
26 #include <getopt.h>
27 #include <malloc.h>
28 #include <signal.h>
29 #include <stdio.h>
30 #include <stdlib.h>
31 #include <sys/capability.h>
32 #include <sys/prctl.h>
33
34 #include <memory>
35 #include <vector>
36
37 #include <android-base/logging.h>
38 #include <android-base/macros.h>
39 #include <android-base/properties.h>
40 #include <android-base/stringprintf.h>
41 #include <android-base/strings.h>
42
43 #if defined(__ANDROID__)
44 #include <libminijail.h>
45 #include <log/log_properties.h>
46 #include <scoped_minijail.h>
47
48 #include <private/android_filesystem_config.h>
49 #include "selinux/android.h"
50 #endif
51
52 #include "adb.h"
53 #include "adb_auth.h"
54 #include "adb_listeners.h"
55 #include "adb_utils.h"
56 #include "adb_wifi.h"
57 #include "socket_spec.h"
58 #include "transport.h"
59
60 #include "daemon/jdwp_service.h"
61 #include "daemon/mdns.h"
62 #include "daemon/watchdog.h"
63
64 #if defined(__ANDROID__)
65 static const char* root_seclabel = nullptr;
66
should_drop_privileges()67 static bool should_drop_privileges() {
68 // The properties that affect `adb root` and `adb unroot` are ro.secure and
69 // ro.debuggable. In this context the names don't make the expected behavior
70 // particularly obvious.
71 //
72 // ro.debuggable:
73 // Allowed to become root, but not necessarily the default. Set to 1 on
74 // eng and userdebug builds.
75 //
76 // ro.secure:
77 // Drop privileges by default. Set to 1 on userdebug and user builds.
78 bool ro_secure = android::base::GetBoolProperty("ro.secure", true);
79 bool ro_debuggable = __android_log_is_debuggable();
80
81 // Drop privileges if ro.secure is set...
82 bool drop = ro_secure;
83
84 // ... except "adb root" lets you keep privileges in a debuggable build.
85 std::string prop = android::base::GetProperty("service.adb.root", "");
86 bool adb_root = (prop == "1");
87 bool adb_unroot = (prop == "0");
88 if (ro_debuggable && adb_root) {
89 drop = false;
90 }
91 // ... and "adb unroot" lets you explicitly drop privileges.
92 if (adb_unroot) {
93 drop = true;
94 }
95
96 return drop;
97 }
98
drop_privileges(int server_port)99 static void drop_privileges(int server_port) {
100 ScopedMinijail jail(minijail_new());
101
102 // Add extra groups:
103 // AID_ADB to access the USB driver
104 // AID_LOG to read system logs (adb logcat)
105 // AID_INPUT to diagnose input issues (getevent)
106 // AID_INET to diagnose network issues (ping)
107 // AID_NET_BT and AID_NET_BT_ADMIN to diagnose bluetooth (hcidump)
108 // AID_SDCARD_R to allow reading from the SD card
109 // AID_SDCARD_RW to allow writing to the SD card
110 // AID_NET_BW_STATS to read out qtaguid statistics
111 // AID_READPROC for reading /proc entries across UID boundaries
112 // AID_UHID for using 'hid' command to read/write to /dev/uhid
113 // AID_EXT_DATA_RW for writing to /sdcard/Android/data (devices without sdcardfs)
114 // AID_EXT_OBB_RW for writing to /sdcard/Android/obb (devices without sdcardfs)
115 // AID_READTRACEFS for reading tracefs entries
116 gid_t groups[] = {AID_ADB, AID_LOG, AID_INPUT, AID_INET,
117 AID_NET_BT, AID_NET_BT_ADMIN, AID_SDCARD_R, AID_SDCARD_RW,
118 AID_NET_BW_STATS, AID_READPROC, AID_UHID, AID_EXT_DATA_RW,
119 AID_EXT_OBB_RW, AID_READTRACEFS};
120 minijail_set_supplementary_gids(jail.get(), arraysize(groups), groups);
121
122 // Don't listen on a port (default 5037) if running in secure mode.
123 // Don't run as root if running in secure mode.
124 if (should_drop_privileges()) {
125 const bool should_drop_caps = !__android_log_is_debuggable();
126
127 if (should_drop_caps) {
128 minijail_use_caps(jail.get(), CAP_TO_MASK(CAP_SETUID) | CAP_TO_MASK(CAP_SETGID));
129 }
130
131 minijail_change_gid(jail.get(), AID_SHELL);
132 minijail_change_uid(jail.get(), AID_SHELL);
133 // minijail_enter() will abort if any priv-dropping step fails.
134 minijail_enter(jail.get());
135
136 // Whenever ambient capabilities are being used, minijail cannot
137 // simultaneously drop the bounding capability set to just
138 // CAP_SETUID|CAP_SETGID while clearing the inheritable, effective,
139 // and permitted sets. So we need to do that in two steps.
140 using ScopedCaps =
141 std::unique_ptr<std::remove_pointer<cap_t>::type, std::function<void(cap_t)>>;
142 ScopedCaps caps(cap_get_proc(), &cap_free);
143 if (cap_clear_flag(caps.get(), CAP_INHERITABLE) == -1) {
144 PLOG(FATAL) << "cap_clear_flag(INHERITABLE) failed";
145 }
146 if (cap_clear_flag(caps.get(), CAP_EFFECTIVE) == -1) {
147 PLOG(FATAL) << "cap_clear_flag(PEMITTED) failed";
148 }
149 if (cap_clear_flag(caps.get(), CAP_PERMITTED) == -1) {
150 PLOG(FATAL) << "cap_clear_flag(PEMITTED) failed";
151 }
152 if (cap_set_proc(caps.get()) != 0) {
153 PLOG(FATAL) << "cap_set_proc() failed";
154 }
155
156 D("Local port disabled");
157 } else {
158 // minijail_enter() will abort if any priv-dropping step fails.
159 minijail_enter(jail.get());
160
161 if (root_seclabel != nullptr) {
162 if (selinux_android_setcon(root_seclabel) < 0) {
163 // If we failed to become root, don't try again to avoid a
164 // restart loop.
165 android::base::SetProperty("service.adb.root", "0");
166 LOG(FATAL) << "Could not set SELinux context";
167 }
168 }
169 }
170 }
171 #endif
172
setup_adb(const std::vector<std::string> & addrs)173 static void setup_adb(const std::vector<std::string>& addrs) {
174 #if defined(__ANDROID__)
175 // Get the first valid port from addrs and setup mDNS.
176 int port = -1;
177 std::string error;
178 for (const auto& addr : addrs) {
179 port = get_host_socket_spec_port(addr, &error);
180 if (port != -1) {
181 break;
182 }
183 }
184 if (port == -1) {
185 port = DEFAULT_ADB_LOCAL_TRANSPORT_PORT;
186 }
187 LOG(INFO) << "Setup mdns on port= " << port;
188 setup_mdns(port);
189 #endif
190 for (const auto& addr : addrs) {
191 LOG(INFO) << "adbd listening on " << addr;
192 local_init(addr);
193 }
194 }
195
adbd_main(int server_port)196 int adbd_main(int server_port) {
197 umask(0);
198
199 signal(SIGPIPE, SIG_IGN);
200
201 #if defined(__BIONIC__)
202 auto fdsan_level = android_fdsan_get_error_level();
203 if (fdsan_level == ANDROID_FDSAN_ERROR_LEVEL_DISABLED) {
204 android_fdsan_set_error_level(ANDROID_FDSAN_ERROR_LEVEL_WARN_ONCE);
205 }
206 #endif
207
208 init_transport_registration();
209
210 // We need to call this even if auth isn't enabled because the file
211 // descriptor will always be open.
212 adbd_cloexec_auth_socket();
213
214 #if defined(__ANDROID__)
215 bool device_unlocked = android::base::GetProperty("ro.boot.verifiedbootstate", "") == "orange";
216 if (device_unlocked || __android_log_is_debuggable()) {
217 #if defined(__ANDROID_RECOVERY__)
218 auth_required = false; // Bypass authorization when the device transitions to
219 // fastbootd (from recovery). A corrupt userdata image can potentially
220 // result in the device falling into rescue, and a subsequent fastboot
221 // state should not require authorization - otherwise, it will force the
222 // need for manual intervention(b/188703874).
223 #else
224 // If we're on userdebug/eng or the device is unlocked, permit no-authentication.
225 auth_required = android::base::GetBoolProperty("ro.adb.secure", false);
226 #endif
227 }
228 #endif
229
230 // Our external storage path may be different than apps, since
231 // we aren't able to bind mount after dropping root.
232 const char* adb_external_storage = getenv("ADB_EXTERNAL_STORAGE");
233 if (adb_external_storage != nullptr) {
234 setenv("EXTERNAL_STORAGE", adb_external_storage, 1);
235 } else {
236 D("Warning: ADB_EXTERNAL_STORAGE is not set. Leaving EXTERNAL_STORAGE"
237 " unchanged.\n");
238 }
239
240 #if defined(__ANDROID__)
241 drop_privileges(server_port);
242 #endif
243
244 #if defined(__ANDROID__)
245 // A thread gets spawned as a side-effect of initializing the watchdog, so it needs to happen
246 // after we drop privileges.
247 watchdog::Initialize();
248 #endif
249
250 // adbd_auth_init will spawn a thread, so we need to defer it until after selinux transitions.
251 adbd_auth_init();
252
253 bool is_usb = false;
254
255 #if defined(__ANDROID__)
256 if (access(USB_FFS_ADB_EP0, F_OK) == 0) {
257 // Listen on USB.
258 usb_init();
259 is_usb = true;
260 }
261 #endif
262
263 // If one of these properties is set, also listen on that port.
264 // If one of the properties isn't set and we couldn't listen on usb, listen
265 // on the default port.
266 std::vector<std::string> addrs;
267 std::string prop_addr = android::base::GetProperty("service.adb.listen_addrs", "");
268 if (prop_addr.empty()) {
269 std::string prop_port = android::base::GetProperty("service.adb.tcp.port", "");
270 if (prop_port.empty()) {
271 prop_port = android::base::GetProperty("persist.adb.tcp.port", "");
272 }
273
274 #if !defined(__ANDROID__)
275 if (prop_port.empty() && getenv("ADBD_PORT")) {
276 prop_port = getenv("ADBD_PORT");
277 }
278 #endif
279
280 int port;
281 if (sscanf(prop_port.c_str(), "%d", &port) == 1 && port > 0) {
282 D("using tcp port=%d", port);
283 // Listen on TCP and VSOCK port specified by service.adb.tcp.port property.
284 addrs.push_back(android::base::StringPrintf("tcp:%d", port));
285 addrs.push_back(android::base::StringPrintf("vsock:%d", port));
286 setup_adb(addrs);
287 } else if (!is_usb) {
288 // Listen on default port.
289 addrs.push_back(
290 android::base::StringPrintf("tcp:%d", DEFAULT_ADB_LOCAL_TRANSPORT_PORT));
291 addrs.push_back(
292 android::base::StringPrintf("vsock:%d", DEFAULT_ADB_LOCAL_TRANSPORT_PORT));
293 setup_adb(addrs);
294 }
295 } else {
296 addrs = android::base::Split(prop_addr, ",");
297 setup_adb(addrs);
298 }
299
300 LOG(INFO) << "adbd started";
301
302 D("adbd_main(): pre init_jdwp()");
303 init_jdwp();
304 D("adbd_main(): post init_jdwp()");
305
306 D("Event loop starting");
307 fdevent_loop();
308
309 return 0;
310 }
311
main(int argc,char ** argv)312 int main(int argc, char** argv) {
313 #if defined(__BIONIC__)
314 // Set M_DECAY_TIME so that our allocations aren't immediately purged on free.
315 mallopt(M_DECAY_TIME, 1);
316 #endif
317
318 while (true) {
319 static struct option opts[] = {
320 {"root_seclabel", required_argument, nullptr, 's'},
321 {"device_banner", required_argument, nullptr, 'b'},
322 {"version", no_argument, nullptr, 'v'},
323 {"logpostfsdata", no_argument, nullptr, 'l'},
324 {nullptr, no_argument, nullptr, 0},
325 };
326
327 int option_index = 0;
328 int c = getopt_long(argc, argv, "", opts, &option_index);
329 if (c == -1) {
330 break;
331 }
332
333 switch (c) {
334 #if defined(__ANDROID__)
335 case 's':
336 root_seclabel = optarg;
337 break;
338 #endif
339 case 'b':
340 adb_device_banner = optarg;
341 break;
342 case 'v':
343 printf("Android Debug Bridge Daemon version %d.%d.%d\n", ADB_VERSION_MAJOR,
344 ADB_VERSION_MINOR, ADB_SERVER_VERSION);
345 return 0;
346 case 'l':
347 LOG(ERROR) << "post-fs-data triggered";
348 return 0;
349 default:
350 // getopt already prints "adbd: invalid option -- %c" for us.
351 return 1;
352 }
353 }
354
355 close_stdin();
356
357 adb_trace_init(argv);
358
359 D("Handling main()");
360 return adbd_main(DEFAULT_ADB_PORT);
361 }
362