1 /*
2 * Copyright (C) 2007 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #define TRACE_TAG ADB
18
19 #include "sysdeps.h"
20 #include "adb.h"
21
22 #include <ctype.h>
23 #include <errno.h>
24 #include <stdarg.h>
25 #include <stddef.h>
26 #include <stdint.h>
27 #include <stdio.h>
28 #include <stdlib.h>
29 #include <string.h>
30 #include <sys/time.h>
31 #include <time.h>
32 #include <unistd.h>
33
34 #include <chrono>
35 #include <condition_variable>
36 #include <functional>
37 #include <mutex>
38 #include <string>
39 #include <string_view>
40 #include <thread>
41 #include <vector>
42
43 #include <android-base/errors.h>
44 #include <android-base/file.h>
45 #include <android-base/logging.h>
46 #include <android-base/macros.h>
47 #include <android-base/parsenetaddress.h>
48 #include <android-base/stringprintf.h>
49 #include <android-base/strings.h>
50 #include <android-base/utf8.h>
51 #include <diagnose_usb.h>
52
53 #include <build/version.h>
54 #include <platform_tools_version.h>
55
56 #include "adb_auth.h"
57 #include "adb_io.h"
58 #include "adb_listeners.h"
59 #include "adb_mdns.h"
60 #include "adb_unique_fd.h"
61 #include "adb_utils.h"
62 #include "socket_spec.h"
63 #include "sysdeps/chrono.h"
64 #include "transport.h"
65
66 #if !ADB_HOST
67 #include <sys/capability.h>
68 #include <sys/mount.h>
69 #include <android-base/properties.h>
70 using namespace std::chrono_literals;
71
72 #include "daemon/logging.h"
73 #endif
74
75 #if ADB_HOST
76 #include "adb_host.pb.h"
77 #include "client/detach.h"
78 #include "client/mdns_utils.h"
79 #include "client/usb.h"
80 #endif
81
82 #if !ADB_HOST && defined(__ANDROID__)
83 #include "daemon/watchdog.h"
84
85 static std::atomic<int> active_connections = 0;
86
IncrementActiveConnections()87 static void IncrementActiveConnections() {
88 if (active_connections++ == 0) {
89 watchdog::Stop();
90 }
91 }
92
DecrementActiveConnections()93 static void DecrementActiveConnections() {
94 if (--active_connections == 0) {
95 watchdog::Start();
96 }
97 }
98
99 #endif
100
adb_version()101 std::string adb_version() {
102 // Don't change the format of this --- it's parsed by ddmlib.
103 return android::base::StringPrintf(
104 "Android Debug Bridge version %d.%d.%d\n"
105 "Version %s-%s\n"
106 "Installed as %s\n"
107 "Running on %s\n",
108 ADB_VERSION_MAJOR, ADB_VERSION_MINOR, ADB_SERVER_VERSION, PLATFORM_TOOLS_VERSION,
109 android::build::GetBuildNumber().c_str(), android::base::GetExecutablePath().c_str(),
110 GetOSVersion().c_str());
111 }
112
calculate_apacket_checksum(const apacket * p)113 uint32_t calculate_apacket_checksum(const apacket* p) {
114 uint32_t sum = 0;
115 for (size_t i = 0; i < p->msg.data_length; ++i) {
116 sum += static_cast<uint8_t>(p->payload[i]);
117 }
118 return sum;
119 }
120
command_to_string(uint32_t cmd)121 std::string command_to_string(uint32_t cmd) {
122 switch (cmd) {
123 case A_SYNC:
124 return "A_SYNC";
125 case A_CNXN:
126 return "A_CNXN";
127 case A_OPEN:
128 return "A_OPEN";
129 case A_OKAY:
130 return "A_OKAY";
131 case A_CLSE:
132 return "A_CLSE";
133 case A_WRTE:
134 return "A_WRTE";
135 case A_AUTH:
136 return "A_AUTH";
137 case A_STLS:
138 return "A_STLS";
139 default:
140 return "UNKNOWN (" + std::to_string(cmd) + ")";
141 }
142 }
143
to_string(ConnectionState state)144 std::string to_string(ConnectionState state) {
145 switch (state) {
146 case kCsOffline:
147 return "offline";
148 case kCsBootloader:
149 return "bootloader";
150 case kCsDevice:
151 return "device";
152 case kCsHost:
153 return "host";
154 case kCsRecovery:
155 return "recovery";
156 case kCsRescue:
157 return "rescue";
158 case kCsNoPerm:
159 return UsbNoPermissionsShortHelpText();
160 case kCsSideload:
161 return "sideload";
162 case kCsUnauthorized:
163 return "unauthorized";
164 case kCsAuthorizing:
165 return "authorizing";
166 case kCsConnecting:
167 return "connecting";
168 case kCsDetached:
169 return "detached";
170 case kCsAny:
171 return "any";
172 }
173 }
174
get_apacket()175 apacket* get_apacket() {
176 apacket* p = new apacket();
177 if (p == nullptr) {
178 LOG(FATAL) << "failed to allocate an apacket";
179 }
180
181 memset(&p->msg, 0, sizeof(p->msg));
182 return p;
183 }
184
put_apacket(apacket * p)185 void put_apacket(apacket *p)
186 {
187 delete p;
188 }
189
handle_online(atransport * t)190 void handle_online(atransport *t)
191 {
192 D("adb: online");
193 t->online = 1;
194 #if ADB_HOST
195 t->SetConnectionEstablished(true);
196 #elif defined(__ANDROID__)
197 IncrementActiveConnections();
198 #endif
199 }
200
handle_offline(atransport * t)201 void handle_offline(atransport *t)
202 {
203 if (t->GetConnectionState() == kCsOffline) {
204 VLOG(ADB) << t->serial_name() << ": already offline";
205 return;
206 }
207
208 VLOG(ADB) << t->serial_name() << ": offline";
209
210 #if !ADB_HOST && defined(__ANDROID__)
211 DecrementActiveConnections();
212 #endif
213
214 t->SetConnectionState(kCsOffline);
215
216 // Close the associated usb
217 t->online = 0;
218
219 // This is necessary to avoid a race condition that occurred when a transport closes
220 // while a client socket is still active.
221 close_all_sockets(t);
222
223 t->RunDisconnects();
224 }
225
226 #if DEBUG_PACKETS
227 #define DUMPMAX 32
print_packet(const char * label,apacket * p)228 void print_packet(const char *label, apacket *p)
229 {
230 const char* tag;
231 unsigned count;
232
233 switch(p->msg.command){
234 case A_SYNC: tag = "SYNC"; break;
235 case A_CNXN: tag = "CNXN" ; break;
236 case A_OPEN: tag = "OPEN"; break;
237 case A_OKAY: tag = "OKAY"; break;
238 case A_CLSE: tag = "CLSE"; break;
239 case A_WRTE: tag = "WRTE"; break;
240 case A_AUTH: tag = "AUTH"; break;
241 case A_STLS:
242 tag = "STLS";
243 break;
244 default: tag = "????"; break;
245 }
246
247 fprintf(stderr, "%s: %s %08x %08x %04x \"",
248 label, tag, p->msg.arg0, p->msg.arg1, p->msg.data_length);
249 count = p->msg.data_length;
250 const char* x = p->payload.data();
251 if (count > DUMPMAX) {
252 count = DUMPMAX;
253 tag = "\n";
254 } else {
255 tag = "\"\n";
256 }
257 while (count-- > 0) {
258 if ((*x >= ' ') && (*x < 127)) {
259 fputc(*x, stderr);
260 } else {
261 fputc('.', stderr);
262 }
263 x++;
264 }
265 fputs(tag, stderr);
266 }
267 #endif
268
send_ready(unsigned local,unsigned remote,atransport * t,uint32_t ack_bytes)269 void send_ready(unsigned local, unsigned remote, atransport* t, uint32_t ack_bytes) {
270 D("Calling send_ready");
271 apacket *p = get_apacket();
272 p->msg.command = A_OKAY;
273 p->msg.arg0 = local;
274 p->msg.arg1 = remote;
275 if (t->SupportsDelayedAck()) {
276 p->msg.data_length = sizeof(ack_bytes);
277 p->payload.resize(sizeof(ack_bytes));
278 memcpy(p->payload.data(), &ack_bytes, sizeof(ack_bytes));
279 }
280
281 send_packet(p, t);
282 }
283
send_close(unsigned local,unsigned remote,atransport * t)284 static void send_close(unsigned local, unsigned remote, atransport *t)
285 {
286 D("Calling send_close");
287 apacket *p = get_apacket();
288 p->msg.command = A_CLSE;
289 p->msg.arg0 = local;
290 p->msg.arg1 = remote;
291 send_packet(p, t);
292 }
293
get_connection_string()294 std::string get_connection_string() {
295 std::vector<std::string> connection_properties;
296
297 #if !ADB_HOST
298 static const char* cnxn_props[] = {
299 "ro.product.name",
300 "ro.product.model",
301 "ro.product.device",
302 };
303
304 for (const auto& prop : cnxn_props) {
305 std::string value = std::string(prop) + "=" + android::base::GetProperty(prop, "");
306 connection_properties.push_back(value);
307 }
308 #endif
309
310 connection_properties.push_back(android::base::StringPrintf(
311 "features=%s", FeatureSetToString(supported_features()).c_str()));
312
313 return android::base::StringPrintf(
314 "%s::%s", adb_device_banner,
315 android::base::Join(connection_properties, ';').c_str());
316 }
317
send_tls_request(atransport * t)318 void send_tls_request(atransport* t) {
319 D("Calling send_tls_request");
320 apacket* p = get_apacket();
321 p->msg.command = A_STLS;
322 p->msg.arg0 = A_STLS_VERSION;
323 p->msg.data_length = 0;
324 send_packet(p, t);
325 }
326
send_connect(atransport * t)327 void send_connect(atransport* t) {
328 D("Calling send_connect");
329 apacket* cp = get_apacket();
330 cp->msg.command = A_CNXN;
331 // Send the max supported version, but because the transport is
332 // initialized to A_VERSION_MIN, this will be compatible with every
333 // device.
334 cp->msg.arg0 = A_VERSION;
335 cp->msg.arg1 = t->get_max_payload();
336
337 std::string connection_str = get_connection_string();
338 // Connect and auth packets are limited to MAX_PAYLOAD_V1 because we don't
339 // yet know how much data the other size is willing to accept.
340 if (connection_str.length() > MAX_PAYLOAD_V1) {
341 LOG(FATAL) << "Connection banner is too long (length = "
342 << connection_str.length() << ")";
343 }
344
345 cp->payload.assign(connection_str.begin(), connection_str.end());
346 cp->msg.data_length = cp->payload.size();
347
348 send_packet(cp, t);
349 }
350
parse_banner(const std::string & banner,atransport * t)351 void parse_banner(const std::string& banner, atransport* t) {
352 D("parse_banner: %s", banner.c_str());
353
354 // The format is something like:
355 // "device::ro.product.name=x;ro.product.model=y;ro.product.device=z;".
356 std::vector<std::string> pieces = android::base::Split(banner, ":");
357
358 // Reset the features list or else if the server sends no features we may
359 // keep the existing feature set (http://b/24405971).
360 t->SetFeatures("");
361
362 if (pieces.size() > 2) {
363 const std::string& props = pieces[2];
364 for (const auto& prop : android::base::Split(props, ";")) {
365 // The list of properties was traditionally ;-terminated rather than ;-separated.
366 if (prop.empty()) continue;
367
368 std::vector<std::string> key_value = android::base::Split(prop, "=");
369 if (key_value.size() != 2) continue;
370
371 const std::string& key = key_value[0];
372 const std::string& value = key_value[1];
373 if (key == "ro.product.name") {
374 t->product = value;
375 } else if (key == "ro.product.model") {
376 t->model = value;
377 } else if (key == "ro.product.device") {
378 t->device = value;
379 } else if (key == "features") {
380 t->SetFeatures(value);
381 }
382 }
383 }
384
385 const std::string& type = pieces[0];
386 if (type == "bootloader") {
387 D("setting connection_state to kCsBootloader");
388 t->SetConnectionState(kCsBootloader);
389 } else if (type == "device") {
390 D("setting connection_state to kCsDevice");
391 t->SetConnectionState(kCsDevice);
392 } else if (type == "recovery") {
393 D("setting connection_state to kCsRecovery");
394 t->SetConnectionState(kCsRecovery);
395 } else if (type == "sideload") {
396 D("setting connection_state to kCsSideload");
397 t->SetConnectionState(kCsSideload);
398 } else if (type == "rescue") {
399 D("setting connection_state to kCsRescue");
400 t->SetConnectionState(kCsRescue);
401 } else {
402 D("setting connection_state to kCsHost");
403 t->SetConnectionState(kCsHost);
404 }
405 }
406
handle_new_connection(atransport * t,apacket * p)407 static void handle_new_connection(atransport* t, apacket* p) {
408 handle_offline(t);
409
410 t->update_version(p->msg.arg0, p->msg.arg1);
411 std::string banner(p->payload.begin(), p->payload.end());
412 parse_banner(banner, t);
413
414 #if ADB_HOST
415 handle_online(t);
416 #else
417 ADB_LOG(Connection) << "received CNXN: version=" << p->msg.arg0 << ", maxdata = " << p->msg.arg1
418 << ", banner = '" << banner << "'";
419
420 if (t->use_tls) {
421 // We still handshake in TLS mode. If auth_required is disabled,
422 // we'll just not verify the client's certificate. This should be the
423 // first packet the client receives to indicate the new protocol.
424 send_tls_request(t);
425 } else if (!auth_required) {
426 LOG(INFO) << "authentication not required";
427 handle_online(t);
428 send_connect(t);
429 } else {
430 send_auth_request(t);
431 }
432 #endif
433 }
434
handle_packet(apacket * p,atransport * t)435 void handle_packet(apacket *p, atransport *t)
436 {
437 D("handle_packet() %c%c%c%c", ((char*) (&(p->msg.command)))[0],
438 ((char*) (&(p->msg.command)))[1],
439 ((char*) (&(p->msg.command)))[2],
440 ((char*) (&(p->msg.command)))[3]);
441 print_packet("recv", p);
442 CHECK_EQ(p->payload.size(), p->msg.data_length);
443
444 switch(p->msg.command){
445 case A_CNXN: // CONNECT(version, maxdata, "system-id-string")
446 handle_new_connection(t, p);
447 break;
448 case A_STLS: // TLS(version, "")
449 t->use_tls = true;
450 #if ADB_HOST
451 send_tls_request(t);
452 adb_auth_tls_handshake(t);
453 #else
454 adbd_auth_tls_handshake(t);
455 #endif
456 break;
457
458 case A_AUTH:
459 // All AUTH commands are ignored in TLS mode
460 if (t->use_tls) {
461 break;
462 }
463 switch (p->msg.arg0) {
464 #if ADB_HOST
465 case ADB_AUTH_TOKEN:
466 if (t->GetConnectionState() != kCsAuthorizing) {
467 t->SetConnectionState(kCsAuthorizing);
468 }
469 send_auth_response(p->payload.data(), p->msg.data_length, t);
470 break;
471 #else
472 case ADB_AUTH_SIGNATURE: {
473 // TODO: Switch to string_view.
474 std::string signature(p->payload.begin(), p->payload.end());
475 std::string auth_key;
476 if (adbd_auth_verify(t->token, sizeof(t->token), signature, &auth_key)) {
477 adbd_auth_verified(t);
478 t->failed_auth_attempts = 0;
479 t->auth_key = auth_key;
480 adbd_notify_framework_connected_key(t);
481 } else {
482 if (t->failed_auth_attempts++ > 256) std::this_thread::sleep_for(1s);
483 send_auth_request(t);
484 }
485 break;
486 }
487
488 case ADB_AUTH_RSAPUBLICKEY:
489 t->auth_key = std::string(p->payload.data());
490 adbd_auth_confirm_key(t);
491 break;
492 #endif
493 default:
494 t->SetConnectionState(kCsOffline);
495 handle_offline(t);
496 break;
497 }
498 break;
499
500 case A_OPEN: {
501 /* OPEN(local-id, [send-buffer], "destination") */
502 if (!t->online || p->msg.arg0 == 0) {
503 break;
504 }
505
506 uint32_t send_bytes = static_cast<uint32_t>(p->msg.arg1);
507 if (t->SupportsDelayedAck() != static_cast<bool>(send_bytes)) {
508 LOG(ERROR) << "unexpected value of A_OPEN arg1: " << send_bytes
509 << " (delayed acks = " << t->SupportsDelayedAck() << ")";
510 send_close(0, p->msg.arg0, t);
511 break;
512 }
513
514 std::string_view address(p->payload.begin(), p->payload.size());
515
516 // Historically, we received service names as a char*, and stopped at the first NUL
517 // byte. The client sent strings with null termination, which post-string_view, start
518 // being interpreted as part of the string, unless we explicitly strip them.
519 address = StripTrailingNulls(address);
520 #if ADB_HOST
521 // The incoming address (from the payload) might be some other
522 // target (e.g tcp:<ip>:8000), however we do not allow *any*
523 // such requests - namely, those from (a potentially compromised)
524 // adbd (reverse:forward: source) port transport.
525 if (!t->IsReverseConfigured(address.data())) {
526 LOG(FATAL) << __func__ << " disallowed connect to " << address << " from "
527 << t->serial_name();
528 }
529 #endif
530 asocket* s = create_local_service_socket(address, t);
531 if (s == nullptr) {
532 send_close(0, p->msg.arg0, t);
533 break;
534 }
535
536 s->peer = create_remote_socket(p->msg.arg0, t);
537 s->peer->peer = s;
538
539 if (t->SupportsDelayedAck()) {
540 VLOG(PACKETS) << "delayed ack available: send buffer = " << send_bytes;
541 s->available_send_bytes = send_bytes;
542
543 // TODO: Make this adjustable at connection time?
544 send_ready(s->id, s->peer->id, t, INITIAL_DELAYED_ACK_BYTES);
545 } else {
546 VLOG(PACKETS) << "delayed ack unavailable";
547 send_ready(s->id, s->peer->id, t, 0);
548 }
549
550 s->ready(s);
551 break;
552 }
553
554 case A_OKAY: /* READY(local-id, remote-id, "") */
555 if (t->online && p->msg.arg0 != 0 && p->msg.arg1 != 0) {
556 asocket* s = find_local_socket(p->msg.arg1, 0);
557 if (s) {
558 std::optional<int32_t> acked_bytes;
559 if (p->payload.size() == sizeof(int32_t)) {
560 int32_t value;
561 memcpy(&value, p->payload.data(), sizeof(value));
562 // acked_bytes can be negative!
563 //
564 // In the future, we can use this to preemptively supply backpressure, instead
565 // of waiting for the writer to hit its limit.
566 acked_bytes = value;
567 } else if (p->payload.size() != 0) {
568 LOG(ERROR) << "invalid A_OKAY payload size: " << p->payload.size();
569 return;
570 }
571
572 if (s->peer == nullptr) {
573 /* On first READY message, create the connection. */
574 s->peer = create_remote_socket(p->msg.arg0, t);
575 s->peer->peer = s;
576
577 local_socket_ack(s, acked_bytes);
578 } else if (s->peer->id == p->msg.arg0) {
579 /* Other READY messages must use the same local-id */
580 local_socket_ack(s, acked_bytes);
581 } else {
582 D("Invalid A_OKAY(%d,%d), expected A_OKAY(%d,%d) on transport %s", p->msg.arg0,
583 p->msg.arg1, s->peer->id, p->msg.arg1, t->serial.c_str());
584 }
585 } else {
586 // When receiving A_OKAY from device for A_OPEN request, the host server may
587 // have closed the local socket because of client disconnection. Then we need
588 // to send A_CLSE back to device to close the service on device.
589 send_close(p->msg.arg1, p->msg.arg0, t);
590 }
591 }
592 break;
593
594 case A_CLSE: /* CLOSE(local-id, remote-id, "") or CLOSE(0, remote-id, "") */
595 if (t->online && p->msg.arg1 != 0) {
596 asocket* s = find_local_socket(p->msg.arg1, p->msg.arg0);
597 if (s) {
598 /* According to protocol.txt, p->msg.arg0 might be 0 to indicate
599 * a failed OPEN only. However, due to a bug in previous ADB
600 * versions, CLOSE(0, remote-id, "") was also used for normal
601 * CLOSE() operations.
602 *
603 * This is bad because it means a compromised adbd could
604 * send packets to close connections between the host and
605 * other devices. To avoid this, only allow this if the local
606 * socket has a peer on the same transport.
607 */
608 if (p->msg.arg0 == 0 && s->peer && s->peer->transport != t) {
609 D("Invalid A_CLSE(0, %u) from transport %s, expected transport %s", p->msg.arg1,
610 t->serial.c_str(), s->peer->transport->serial.c_str());
611 } else {
612 s->close(s);
613 }
614 }
615 }
616 break;
617
618 case A_WRTE: /* WRITE(local-id, remote-id, <data>) */
619 if (t->online && p->msg.arg0 != 0 && p->msg.arg1 != 0) {
620 asocket* s = find_local_socket(p->msg.arg1, p->msg.arg0);
621 if (s) {
622 s->enqueue(s, std::move(p->payload));
623 }
624 }
625 break;
626
627 default:
628 printf("handle_packet: what is %08x?!\n", p->msg.command);
629 }
630
631 put_apacket(p);
632 }
633
634 #if ADB_HOST
635
636 #ifdef _WIN32
637
638 // Try to make a handle non-inheritable and if there is an error, don't output
639 // any error info, but leave GetLastError() for the caller to read. This is
640 // convenient if the caller is expecting that this may fail and they'd like to
641 // ignore such a failure.
_try_make_handle_noninheritable(HANDLE h)642 static bool _try_make_handle_noninheritable(HANDLE h) {
643 if (h != INVALID_HANDLE_VALUE && h != NULL) {
644 return SetHandleInformation(h, HANDLE_FLAG_INHERIT, 0) ? true : false;
645 }
646
647 return true;
648 }
649
650 // Try to make a handle non-inheritable with the expectation that this should
651 // succeed, so if this fails, output error info.
_make_handle_noninheritable(HANDLE h)652 static bool _make_handle_noninheritable(HANDLE h) {
653 if (!_try_make_handle_noninheritable(h)) {
654 // Show the handle value to give us a clue in case we have problems
655 // with pseudo-handle values.
656 fprintf(stderr, "adb: cannot make handle 0x%p non-inheritable: %s\n", h,
657 android::base::SystemErrorCodeToString(GetLastError()).c_str());
658 return false;
659 }
660
661 return true;
662 }
663
664 // Create anonymous pipe, preventing inheritance of the read pipe and setting
665 // security of the write pipe to sa.
_create_anonymous_pipe(unique_handle * pipe_read_out,unique_handle * pipe_write_out,SECURITY_ATTRIBUTES * sa)666 static bool _create_anonymous_pipe(unique_handle* pipe_read_out,
667 unique_handle* pipe_write_out,
668 SECURITY_ATTRIBUTES* sa) {
669 HANDLE pipe_read_raw = NULL;
670 HANDLE pipe_write_raw = NULL;
671 if (!CreatePipe(&pipe_read_raw, &pipe_write_raw, sa, 0)) {
672 fprintf(stderr, "adb: CreatePipe failed: %s\n",
673 android::base::SystemErrorCodeToString(GetLastError()).c_str());
674 return false;
675 }
676
677 unique_handle pipe_read(pipe_read_raw);
678 pipe_read_raw = NULL;
679 unique_handle pipe_write(pipe_write_raw);
680 pipe_write_raw = NULL;
681
682 if (!_make_handle_noninheritable(pipe_read.get())) {
683 return false;
684 }
685
686 *pipe_read_out = std::move(pipe_read);
687 *pipe_write_out = std::move(pipe_write);
688
689 return true;
690 }
691
692 // Read from a pipe (that we take ownership of) and write the result to stdout/stderr. Return on
693 // error or when the pipe is closed. Internally makes inheritable handles, so this should not be
694 // called if subprocesses may be started concurrently.
_redirect_pipe_thread(HANDLE h,DWORD nStdHandle)695 static unsigned _redirect_pipe_thread(HANDLE h, DWORD nStdHandle) {
696 // Take ownership of the HANDLE and close when we're done.
697 unique_handle read_pipe(h);
698 const char* output_name = nStdHandle == STD_OUTPUT_HANDLE ? "stdout" : "stderr";
699 const int original_fd = fileno(nStdHandle == STD_OUTPUT_HANDLE ? stdout : stderr);
700 std::unique_ptr<FILE, decltype(&fclose)> stream(nullptr, fclose);
701
702 if (original_fd == -1) {
703 fprintf(stderr, "adb: failed to get file descriptor for %s: %s\n", output_name,
704 strerror(errno));
705 return EXIT_FAILURE;
706 }
707
708 // If fileno() is -2, stdout/stderr is not associated with an output stream, so we should read,
709 // but don't write. Otherwise, make a FILE* identical to stdout/stderr except that it is in
710 // binary mode with no CR/LR translation since we're reading raw.
711 if (original_fd >= 0) {
712 // This internally makes a duplicate file handle that is inheritable, so callers should not
713 // call this function if subprocesses may be started concurrently.
714 const int fd = dup(original_fd);
715 if (fd == -1) {
716 fprintf(stderr, "adb: failed to duplicate file descriptor for %s: %s\n", output_name,
717 strerror(errno));
718 return EXIT_FAILURE;
719 }
720
721 // Note that although we call fdopen() below with a binary flag, it may not adhere to that
722 // flag, so we have to set the mode manually.
723 if (_setmode(fd, _O_BINARY) == -1) {
724 fprintf(stderr, "adb: failed to set binary mode for duplicate of %s: %s\n", output_name,
725 strerror(errno));
726 unix_close(fd);
727 return EXIT_FAILURE;
728 }
729
730 stream.reset(fdopen(fd, "wb"));
731 if (stream.get() == nullptr) {
732 fprintf(stderr, "adb: failed to open duplicate stream for %s: %s\n", output_name,
733 strerror(errno));
734 unix_close(fd);
735 return EXIT_FAILURE;
736 }
737
738 // Unbuffer the stream because it will be buffered by default and we want subprocess output
739 // to be shown immediately.
740 if (setvbuf(stream.get(), NULL, _IONBF, 0) == -1) {
741 fprintf(stderr, "adb: failed to unbuffer %s: %s\n", output_name, strerror(errno));
742 return EXIT_FAILURE;
743 }
744
745 // fd will be closed when stream is closed.
746 }
747
748 while (true) {
749 char buf[64 * 1024];
750 DWORD bytes_read = 0;
751 if (!ReadFile(read_pipe.get(), buf, sizeof(buf), &bytes_read, NULL)) {
752 const DWORD err = GetLastError();
753 // ERROR_BROKEN_PIPE is expected when the subprocess closes
754 // the other end of the pipe.
755 if (err == ERROR_BROKEN_PIPE) {
756 return EXIT_SUCCESS;
757 } else {
758 fprintf(stderr, "adb: failed to read from %s: %s\n", output_name,
759 android::base::SystemErrorCodeToString(err).c_str());
760 return EXIT_FAILURE;
761 }
762 }
763
764 // Don't try to write if our stdout/stderr was not setup by the parent process.
765 if (stream) {
766 // fwrite() actually calls adb_fwrite() which can write UTF-8 to the console.
767 const size_t bytes_written = fwrite(buf, 1, bytes_read, stream.get());
768 if (bytes_written != bytes_read) {
769 fprintf(stderr, "adb: error: only wrote %zu of %lu bytes to %s\n", bytes_written,
770 bytes_read, output_name);
771 return EXIT_FAILURE;
772 }
773 }
774 }
775 }
776
_redirect_stdout_thread(HANDLE h)777 static unsigned __stdcall _redirect_stdout_thread(HANDLE h) {
778 adb_thread_setname("stdout redirect");
779 return _redirect_pipe_thread(h, STD_OUTPUT_HANDLE);
780 }
781
_redirect_stderr_thread(HANDLE h)782 static unsigned __stdcall _redirect_stderr_thread(HANDLE h) {
783 adb_thread_setname("stderr redirect");
784 return _redirect_pipe_thread(h, STD_ERROR_HANDLE);
785 }
786
787 #endif
788
ReportServerStartupFailure(pid_t pid)789 static void ReportServerStartupFailure(pid_t pid) {
790 fprintf(stderr, "ADB server didn't ACK\n");
791 fprintf(stderr, "Full server startup log: %s\n", GetLogFilePath().c_str());
792 fprintf(stderr, "Server had pid: %d\n", pid);
793
794 android::base::unique_fd fd(unix_open(GetLogFilePath(), O_RDONLY));
795 if (fd == -1) return;
796
797 // Let's not show more than 128KiB of log...
798 unix_lseek(fd, -128 * 1024, SEEK_END);
799 std::string content;
800 if (!android::base::ReadFdToString(fd, &content)) return;
801
802 std::string header = android::base::StringPrintf("--- adb starting (pid %d) ---", pid);
803 std::vector<std::string> lines = android::base::Split(content, "\n");
804 int i = lines.size() - 1;
805 while (i >= 0 && lines[i] != header) --i;
806 while (static_cast<size_t>(i) < lines.size()) fprintf(stderr, "%s\n", lines[i++].c_str());
807 }
808
is_one_device_mandatory()809 bool is_one_device_mandatory() {
810 return access("/etc/adb/one_device_required", F_OK) == 0;
811 }
812
launch_server(const std::string & socket_spec,const char * one_device)813 int launch_server(const std::string& socket_spec, const char* one_device) {
814 #if defined(_WIN32)
815 /* we need to start the server in the background */
816 /* we create a PIPE that will be used to wait for the server's "OK" */
817 /* message since the pipe handles must be inheritable, we use a */
818 /* security attribute */
819 SECURITY_ATTRIBUTES sa;
820 sa.nLength = sizeof(sa);
821 sa.lpSecurityDescriptor = NULL;
822 sa.bInheritHandle = TRUE;
823
824 // Redirect stdin to Windows /dev/null. If we instead pass an original
825 // stdin/stdout/stderr handle and it is a console handle, when the adb
826 // server starts up, the C Runtime will see a console handle for a process
827 // that isn't connected to a console and it will configure
828 // stdin/stdout/stderr to be closed. At that point, freopen() could be used
829 // to reopen stderr/out, but it would take more massaging to fixup the file
830 // descriptor number that freopen() uses. It's simplest to avoid all of this
831 // complexity by just redirecting stdin to `nul' and then the C Runtime acts
832 // as expected.
833 unique_handle nul_read(CreateFileW(L"nul", GENERIC_READ,
834 FILE_SHARE_READ | FILE_SHARE_WRITE, &sa, OPEN_EXISTING,
835 FILE_ATTRIBUTE_NORMAL, NULL));
836 if (nul_read.get() == INVALID_HANDLE_VALUE) {
837 fprintf(stderr, "adb: CreateFileW 'nul' failed: %s\n",
838 android::base::SystemErrorCodeToString(GetLastError()).c_str());
839 return -1;
840 }
841
842 // Create pipes with non-inheritable read handle, inheritable write handle. We need to connect
843 // the subprocess to pipes instead of just letting the subprocess inherit our existing
844 // stdout/stderr handles because a DETACHED_PROCESS cannot write to a console that it is not
845 // attached to.
846 unique_handle ack_read, ack_write;
847 if (!_create_anonymous_pipe(&ack_read, &ack_write, &sa)) {
848 return -1;
849 }
850 unique_handle stdout_read, stdout_write;
851 if (!_create_anonymous_pipe(&stdout_read, &stdout_write, &sa)) {
852 return -1;
853 }
854 unique_handle stderr_read, stderr_write;
855 if (!_create_anonymous_pipe(&stderr_read, &stderr_write, &sa)) {
856 return -1;
857 }
858
859 /* Some programs want to launch an adb command and collect its output by
860 * calling CreateProcess with inheritable stdout/stderr handles, then
861 * using read() to get its output. When this happens, the stdout/stderr
862 * handles passed to the adb client process will also be inheritable.
863 * When starting the adb server here, care must be taken to reset them
864 * to non-inheritable.
865 * Otherwise, something bad happens: even if the adb command completes,
866 * the calling process is stuck while read()-ing from the stdout/stderr
867 * descriptors, because they're connected to corresponding handles in the
868 * adb server process (even if the latter never uses/writes to them).
869 * Note that even if we don't pass these handles in the STARTUPINFO struct,
870 * if they're marked inheritable, they're still inherited, requiring us to
871 * deal with this.
872 *
873 * If we're still having problems with inheriting random handles in the
874 * future, consider using PROC_THREAD_ATTRIBUTE_HANDLE_LIST to explicitly
875 * specify which handles should be inherited: http://blogs.msdn.com/b/oldnewthing/archive/2011/12/16/10248328.aspx
876 *
877 * Older versions of Windows return console pseudo-handles that cannot be
878 * made non-inheritable, so ignore those failures.
879 */
880 _try_make_handle_noninheritable(GetStdHandle(STD_INPUT_HANDLE));
881 _try_make_handle_noninheritable(GetStdHandle(STD_OUTPUT_HANDLE));
882 _try_make_handle_noninheritable(GetStdHandle(STD_ERROR_HANDLE));
883
884 STARTUPINFOW startup;
885 ZeroMemory( &startup, sizeof(startup) );
886 startup.cb = sizeof(startup);
887 startup.hStdInput = nul_read.get();
888 startup.hStdOutput = stdout_write.get();
889 startup.hStdError = stderr_write.get();
890 startup.dwFlags = STARTF_USESTDHANDLES;
891
892 // Verify that the pipe_write handle value can be passed on the command line
893 // as %d and that the rest of adb code can pass it around in an int.
894 const int ack_write_as_int = cast_handle_to_int(ack_write.get());
895 if (cast_int_to_handle(ack_write_as_int) != ack_write.get()) {
896 // If this fires, either handle values are larger than 32-bits or else
897 // there is a bug in our casting.
898 // https://msdn.microsoft.com/en-us/library/windows/desktop/aa384203%28v=vs.85%29.aspx
899 fprintf(stderr, "adb: cannot fit pipe handle value into 32-bits: 0x%p\n", ack_write.get());
900 return -1;
901 }
902
903 // get path of current program
904 WCHAR program_path[MAX_PATH];
905 const DWORD module_result = GetModuleFileNameW(NULL, program_path,
906 arraysize(program_path));
907 if ((module_result >= arraysize(program_path)) || (module_result == 0)) {
908 // String truncation or some other error.
909 fprintf(stderr, "adb: cannot get executable path: %s\n",
910 android::base::SystemErrorCodeToString(GetLastError()).c_str());
911 return -1;
912 }
913
914 std::vector<std::string> child_argv = {"adb", "-L", socket_spec};
915 if (gListenAll) {
916 child_argv.push_back("-a");
917 }
918 child_argv.push_back("fork-server");
919 child_argv.push_back("server");
920 child_argv.push_back("--reply-fd");
921 child_argv.push_back(std::to_string(ack_write_as_int));
922 if (one_device) {
923 child_argv.push_back("--one-device");
924 child_argv.push_back(one_device);
925 }
926 // Ideally we'd do CommandLineToArgvW-like quoting, but this is probably
927 // sufficient for the arguments we have.
928 std::string cmdline = android::base::Join(child_argv, ' ');
929 std::wstring cmdline_wide;
930 if (!android::base::UTF8ToWide(cmdline, &cmdline_wide)) {
931 fprintf(stderr, "adb: could not convert cmdline from UTF-8 to UTF-16: %s\n",
932 cmdline.c_str());
933 return -1;
934 }
935
936 PROCESS_INFORMATION pinfo;
937 ZeroMemory(&pinfo, sizeof(pinfo));
938
939 if (!CreateProcessW(
940 program_path, /* program path */
941 cmdline_wide.data(),
942 /* the fork-server argument will set the
943 debug = 2 in the child */
944 NULL, /* process handle is not inheritable */
945 NULL, /* thread handle is not inheritable */
946 TRUE, /* yes, inherit some handles */
947 DETACHED_PROCESS, /* the new process doesn't have a console */
948 NULL, /* use parent's environment block */
949 NULL, /* use parent's starting directory */
950 &startup, /* startup info, i.e. std handles */
951 &pinfo )) {
952 fprintf(stderr, "adb: CreateProcessW failed: %s\n",
953 android::base::SystemErrorCodeToString(GetLastError()).c_str());
954 return -1;
955 }
956
957 unique_handle process_handle(pinfo.hProcess);
958 pinfo.hProcess = NULL;
959
960 // Close handles that we no longer need to complete the rest.
961 CloseHandle(pinfo.hThread);
962 pinfo.hThread = NULL;
963
964 nul_read.reset();
965 ack_write.reset();
966 stdout_write.reset();
967 stderr_write.reset();
968
969 // Start threads to read from subprocess stdout/stderr and write to ours to make subprocess
970 // errors easier to diagnose. Note that the threads internally create inheritable handles, but
971 // that is ok because we've already spawned the subprocess.
972
973 // In the past, reading from a pipe before the child process's C Runtime
974 // started up and called GetFileType() caused a hang: http://blogs.msdn.com/b/oldnewthing/archive/2011/12/02/10243553.aspx#10244216
975 // This is reportedly fixed in Windows Vista: https://support.microsoft.com/en-us/kb/2009703
976 // I was unable to reproduce the problem on Windows XP. It sounds like a
977 // Windows Update may have fixed this: https://www.duckware.com/tech/peeknamedpipe.html
978 unique_handle stdout_thread(reinterpret_cast<HANDLE>(
979 _beginthreadex(NULL, 0, _redirect_stdout_thread, stdout_read.get(),
980 0, NULL)));
981 if (stdout_thread.get() == nullptr) {
982 fprintf(stderr, "adb: cannot create thread: %s\n", strerror(errno));
983 return -1;
984 }
985 stdout_read.release(); // Transfer ownership to new thread
986
987 unique_handle stderr_thread(reinterpret_cast<HANDLE>(
988 _beginthreadex(NULL, 0, _redirect_stderr_thread, stderr_read.get(),
989 0, NULL)));
990 if (stderr_thread.get() == nullptr) {
991 fprintf(stderr, "adb: cannot create thread: %s\n", strerror(errno));
992 return -1;
993 }
994 stderr_read.release(); // Transfer ownership to new thread
995
996 bool got_ack = false;
997
998 // Wait for the "OK\n" message, for the pipe to be closed, or other error.
999 {
1000 char temp[3];
1001 DWORD count = 0;
1002
1003 if (ReadFile(ack_read.get(), temp, sizeof(temp), &count, NULL)) {
1004 const CHAR expected[] = "OK\n";
1005 const DWORD expected_length = arraysize(expected) - 1;
1006 if (count == expected_length &&
1007 memcmp(temp, expected, expected_length) == 0) {
1008 got_ack = true;
1009 } else {
1010 ReportServerStartupFailure(pinfo.dwProcessId);
1011 return -1;
1012 }
1013 } else {
1014 const DWORD err = GetLastError();
1015 // If the ACK was not written and the process exited, GetLastError()
1016 // is probably ERROR_BROKEN_PIPE, in which case that info is not
1017 // useful to the user.
1018 fprintf(stderr, "could not read ok from ADB Server%s\n",
1019 err == ERROR_BROKEN_PIPE ? "" :
1020 android::base::StringPrintf(": %s",
1021 android::base::SystemErrorCodeToString(err).c_str()).c_str());
1022 }
1023 }
1024
1025 // Always try to wait a bit for threads reading stdout/stderr to finish.
1026 // If the process started ok, it should close the pipes causing the threads
1027 // to finish. If the process had an error, it should exit, also causing
1028 // the pipes to be closed. In that case we want to read all of the output
1029 // and write it out so that the user can diagnose failures.
1030 const DWORD thread_timeout_ms = 15 * 1000;
1031 const HANDLE threads[] = { stdout_thread.get(), stderr_thread.get() };
1032 const DWORD wait_result = WaitForMultipleObjects(arraysize(threads),
1033 threads, TRUE, thread_timeout_ms);
1034 if (wait_result == WAIT_TIMEOUT) {
1035 // Threads did not finish after waiting a little while. Perhaps the
1036 // server didn't close pipes, or it is hung.
1037 fprintf(stderr, "adb: timed out waiting for threads to finish reading from ADB server\n");
1038 // Process handles are signaled when the process exits, so if we wait
1039 // on the handle for 0 seconds and it returns 'timeout', that means that
1040 // the process is still running.
1041 if (WaitForSingleObject(process_handle.get(), 0) == WAIT_TIMEOUT) {
1042 // We could TerminateProcess(), but that seems somewhat presumptive.
1043 fprintf(stderr, "adb: server is running with process id %lu\n", pinfo.dwProcessId);
1044 }
1045 return -1;
1046 }
1047
1048 if (wait_result != WAIT_OBJECT_0) {
1049 fprintf(stderr, "adb: unexpected result waiting for threads: %lu: %s\n", wait_result,
1050 android::base::SystemErrorCodeToString(GetLastError()).c_str());
1051 return -1;
1052 }
1053
1054 // For now ignore the thread exit codes and assume they worked properly.
1055
1056 if (!got_ack) {
1057 return -1;
1058 }
1059 #else /* !defined(_WIN32) */
1060 // set up a pipe so the child can tell us when it is ready.
1061 unique_fd pipe_read, pipe_write;
1062 if (!Pipe(&pipe_read, &pipe_write)) {
1063 fprintf(stderr, "pipe failed in launch_server, errno: %d\n", errno);
1064 return -1;
1065 }
1066
1067 std::string path = android::base::GetExecutablePath();
1068
1069 std::string reply_fd = std::to_string(pipe_write.get());
1070 // child process arguments
1071 std::vector<const char*> child_argv = {"adb", "-L", socket_spec.c_str()};
1072 if (gListenAll) {
1073 child_argv.push_back("-a");
1074 }
1075 child_argv.push_back("fork-server");
1076 child_argv.push_back("server");
1077 child_argv.push_back("--reply-fd");
1078 child_argv.push_back(reply_fd.c_str());
1079 if (one_device) {
1080 child_argv.push_back("--one-device");
1081 child_argv.push_back(one_device);
1082 } else if (is_one_device_mandatory()) {
1083 fprintf(stderr,
1084 "adb: cannot start server: --one-device option is required for this system in "
1085 "order to start adb.\n");
1086 return -1;
1087 }
1088 child_argv.push_back(nullptr);
1089
1090 pid_t pid = fork();
1091 if (pid < 0) return -1;
1092
1093 if (pid == 0) {
1094 // child side of the fork
1095 pipe_read.reset();
1096
1097 // android::base::Pipe unconditionally opens the pipe with O_CLOEXEC.
1098 // Undo this manually.
1099 fcntl(pipe_write.get(), F_SETFD, 0);
1100
1101 int result = execv(path.c_str(), const_cast<char* const*>(child_argv.data()));
1102 // this should not return
1103 fprintf(stderr, "adb: execl returned %d: %s\n", result, strerror(errno));
1104 _exit(127);
1105 } else {
1106 // parent side of the fork
1107 char temp[3] = {};
1108 // wait for the "OK\n" message
1109 pipe_write.reset();
1110 int ret = adb_read(pipe_read.get(), temp, 3);
1111 int saved_errno = errno;
1112 pipe_read.reset();
1113 if (ret < 0) {
1114 fprintf(stderr, "could not read ok from ADB Server, errno = %d\n", saved_errno);
1115 return -1;
1116 }
1117 if (ret != 3 || temp[0] != 'O' || temp[1] != 'K' || temp[2] != '\n') {
1118 ReportServerStartupFailure(pid);
1119 return -1;
1120 }
1121 }
1122 #endif /* !defined(_WIN32) */
1123 return 0;
1124 }
1125 #endif /* ADB_HOST */
1126
handle_forward_request(const char * service,atransport * transport,int reply_fd)1127 bool handle_forward_request(const char* service, atransport* transport, int reply_fd) {
1128 return handle_forward_request(service, [transport](std::string*) { return transport; },
1129 reply_fd);
1130 }
1131
1132 // Try to handle a network forwarding request.
handle_forward_request(const char * service,std::function<atransport * (std::string * error)> transport_acquirer,int reply_fd)1133 bool handle_forward_request(const char* service,
1134 std::function<atransport*(std::string* error)> transport_acquirer,
1135 int reply_fd) {
1136 if (!strcmp(service, "list-forward")) {
1137 // Create the list of forward redirections.
1138 std::string listeners = format_listeners();
1139 #if ADB_HOST
1140 SendOkay(reply_fd);
1141 #endif
1142 SendProtocolString(reply_fd, listeners);
1143 return true;
1144 }
1145
1146 if (!strcmp(service, "killforward-all")) {
1147 remove_all_listeners();
1148 #if ADB_HOST
1149 /* On the host: 1st OKAY is connect, 2nd OKAY is status */
1150 SendOkay(reply_fd);
1151 #endif
1152 SendOkay(reply_fd);
1153 return true;
1154 }
1155
1156 if (!strncmp(service, "forward:", 8) || !strncmp(service, "killforward:", 12)) {
1157 // killforward:local
1158 // forward:(norebind:)?local;remote
1159 std::string error;
1160 atransport* transport = transport_acquirer(&error);
1161 if (!transport) {
1162 SendFail(reply_fd, error);
1163 return true;
1164 }
1165
1166 bool kill_forward = false;
1167 bool no_rebind = false;
1168 if (android::base::StartsWith(service, "killforward:")) {
1169 kill_forward = true;
1170 service += 12;
1171 } else {
1172 service += 8; // skip past "forward:"
1173 if (android::base::StartsWith(service, "norebind:")) {
1174 no_rebind = true;
1175 service += 9;
1176 }
1177 }
1178
1179 std::vector<std::string> pieces = android::base::Split(service, ";");
1180
1181 if (kill_forward) {
1182 // Check killforward: parameter format: '<local>'
1183 if (pieces.size() != 1 || pieces[0].empty()) {
1184 SendFail(reply_fd, android::base::StringPrintf("bad killforward: %s", service));
1185 return true;
1186 }
1187 } else {
1188 // Check forward: parameter format: '<local>;<remote>'
1189 if (pieces.size() != 2 || pieces[0].empty() || pieces[1].empty() || pieces[1][0] == '*') {
1190 SendFail(reply_fd, android::base::StringPrintf("bad forward: %s", service));
1191 return true;
1192 }
1193 }
1194
1195 InstallStatus r;
1196 int resolved_tcp_port = 0;
1197 if (kill_forward) {
1198 r = remove_listener(pieces[0].c_str(), transport);
1199 } else {
1200 int flags = 0;
1201 if (no_rebind) {
1202 flags |= INSTALL_LISTENER_NO_REBIND;
1203 }
1204 r = install_listener(pieces[0], pieces[1].c_str(), transport, flags, &resolved_tcp_port,
1205 &error);
1206 }
1207 if (r == INSTALL_STATUS_OK) {
1208 #if ADB_HOST
1209 // On the host: 1st OKAY is connect, 2nd OKAY is status.
1210 SendOkay(reply_fd);
1211 #endif
1212 SendOkay(reply_fd);
1213
1214 // If a TCP port was resolved, send the actual port number back.
1215 if (resolved_tcp_port != 0) {
1216 SendProtocolString(reply_fd, android::base::StringPrintf("%d", resolved_tcp_port));
1217 }
1218
1219 return true;
1220 }
1221
1222 std::string message;
1223 switch (r) {
1224 case INSTALL_STATUS_OK: message = "success (!)"; break;
1225 case INSTALL_STATUS_INTERNAL_ERROR: message = "internal error"; break;
1226 case INSTALL_STATUS_CANNOT_BIND:
1227 message = android::base::StringPrintf("cannot bind listener: %s",
1228 error.c_str());
1229 break;
1230 case INSTALL_STATUS_CANNOT_REBIND:
1231 message = android::base::StringPrintf("cannot rebind existing socket");
1232 break;
1233 case INSTALL_STATUS_LISTENER_NOT_FOUND:
1234 message = android::base::StringPrintf("listener '%s' not found", service);
1235 break;
1236 }
1237 SendFail(reply_fd, message);
1238 return true;
1239 }
1240
1241 return false;
1242 }
1243
1244 #if ADB_HOST
SendOkay(int fd,const std::string & s)1245 static int SendOkay(int fd, const std::string& s) {
1246 SendOkay(fd);
1247 SendProtocolString(fd, s);
1248 return 0;
1249 }
1250
1251 static bool g_reject_kill_server = false;
adb_set_reject_kill_server(bool value)1252 void adb_set_reject_kill_server(bool value) {
1253 g_reject_kill_server = value;
1254 }
1255
handle_mdns_request(std::string_view service,int reply_fd)1256 static bool handle_mdns_request(std::string_view service, int reply_fd) {
1257 if (!android::base::ConsumePrefix(&service, "mdns:")) {
1258 return false;
1259 }
1260
1261 if (service == "check") {
1262 std::string check = mdns_check();
1263 SendOkay(reply_fd, check);
1264 return true;
1265 }
1266 if (service == "services") {
1267 std::string services_list = mdns_list_discovered_services();
1268 SendOkay(reply_fd, services_list);
1269 return true;
1270 }
1271
1272 return false;
1273 }
1274
handle_host_request(std::string_view service,TransportType type,const char * serial,TransportId transport_id,int reply_fd,asocket * s)1275 HostRequestResult handle_host_request(std::string_view service, TransportType type,
1276 const char* serial, TransportId transport_id, int reply_fd,
1277 asocket* s) {
1278 if (service == "kill") {
1279 if (g_reject_kill_server) {
1280 LOG(WARNING) << "adb server ignoring kill-server";
1281 SendFail(reply_fd, "kill-server rejected by remote server");
1282 } else {
1283 fprintf(stderr, "adb server killed by remote request\n");
1284 SendOkay(reply_fd);
1285
1286 // Rely on process exit to close the socket for us.
1287 exit(0);
1288 }
1289 }
1290
1291 VLOG(SERVICES) << "handle_host_request(" << service << ")";
1292
1293 // Transport selection:
1294 if (service.starts_with("transport") || service.starts_with("tport:")) {
1295 TransportType type = kTransportAny;
1296
1297 std::string serial_storage;
1298 bool legacy = true;
1299
1300 // New transport selection protocol:
1301 // This is essentially identical to the previous version, except it returns the selected
1302 // transport id to the caller as well.
1303 if (android::base::ConsumePrefix(&service, "tport:")) {
1304 legacy = false;
1305 if (android::base::ConsumePrefix(&service, "serial:")) {
1306 serial_storage = service;
1307 serial = serial_storage.c_str();
1308 } else if (service == "usb") {
1309 type = kTransportUsb;
1310 } else if (service == "local") {
1311 type = kTransportLocal;
1312 } else if (service == "any") {
1313 type = kTransportAny;
1314 }
1315
1316 // Selection by id is unimplemented, since you obviously already know the transport id
1317 // you're connecting to.
1318 } else {
1319 if (android::base::ConsumePrefix(&service, "transport-id:")) {
1320 if (!ParseUint(&transport_id, service)) {
1321 SendFail(reply_fd, "invalid transport id");
1322 return HostRequestResult::Handled;
1323 }
1324 } else if (service == "transport-usb") {
1325 type = kTransportUsb;
1326 } else if (service == "transport-local") {
1327 type = kTransportLocal;
1328 } else if (service == "transport-any") {
1329 type = kTransportAny;
1330 } else if (android::base::ConsumePrefix(&service, "transport:")) {
1331 serial_storage = service;
1332 serial = serial_storage.c_str();
1333 }
1334 }
1335
1336 std::string error;
1337 atransport* t = acquire_one_transport(type, serial, transport_id, nullptr, &error);
1338 if (t != nullptr) {
1339 s->transport = t;
1340 SendOkay(reply_fd);
1341
1342 if (!legacy) {
1343 // Nothing we can do if this fails.
1344 WriteFdExactly(reply_fd, &t->id, sizeof(t->id));
1345 }
1346
1347 return HostRequestResult::SwitchedTransport;
1348 } else {
1349 SendFail(reply_fd, error);
1350 return HostRequestResult::Handled;
1351 }
1352 }
1353
1354 if (service == "server-status") {
1355 adb::proto::AdbServerStatus status;
1356 if (is_libusb_enabled()) {
1357 status.set_usb_backend(adb::proto::AdbServerStatus::LIBUSB);
1358 } else {
1359 status.set_usb_backend(adb::proto::AdbServerStatus::NATIVE);
1360 }
1361 status.set_usb_backend_forced(getenv("ADB_LIBUSB") != nullptr);
1362
1363 if (using_bonjour()) {
1364 status.set_mdns_backend(adb::proto::AdbServerStatus::BONJOUR);
1365 } else {
1366 status.set_mdns_backend(adb::proto::AdbServerStatus::OPENSCREEN);
1367 }
1368 status.set_mdns_backend_forced(getenv("ADB_MDNS_OPENSCREEN") != nullptr);
1369
1370 status.set_version(std::string(PLATFORM_TOOLS_VERSION));
1371 status.set_build(android::build::GetBuildNumber());
1372 status.set_executable_absolute_path(android::base::GetExecutablePath());
1373 status.set_log_absolute_path(GetLogFilePath());
1374 status.set_os(GetOSVersion());
1375 status.set_burst_mode(burst_mode_enabled());
1376 status.set_trace_level(get_trace_setting());
1377 status.set_mdns_enabled(mdns::is_enabled());
1378
1379 std::string server_status_string;
1380 status.SerializeToString(&server_status_string);
1381 SendOkay(reply_fd, server_status_string);
1382 return HostRequestResult::Handled;
1383 }
1384
1385 // return a list of all connected devices
1386 if (service == "devices" || service == "devices-l") {
1387 TrackerOutputType output_type;
1388 if (service == "devices-l") {
1389 output_type = LONG_TEXT;
1390 } else {
1391 output_type = SHORT_TEXT;
1392 }
1393 D("Getting device list...");
1394 std::string device_list = list_transports(output_type);
1395 D("Sending device list...");
1396 SendOkay(reply_fd, device_list);
1397 return HostRequestResult::Handled;
1398 }
1399
1400 if (service == "reconnect-offline") {
1401 std::string response;
1402 close_usb_devices([&response](const atransport* transport) {
1403 if (!ConnectionStateIsOnline(transport->GetConnectionState())) {
1404 response += "reconnecting " + transport->serial_name() + "\n";
1405 return true;
1406 }
1407 return false;
1408 }, true);
1409 if (!response.empty()) {
1410 response.resize(response.size() - 1);
1411 }
1412 SendOkay(reply_fd, response);
1413 return HostRequestResult::Handled;
1414 }
1415
1416 if (service == "features") {
1417 std::string error;
1418 atransport* t =
1419 s->transport ? s->transport
1420 : acquire_one_transport(type, serial, transport_id, nullptr, &error);
1421 if (t != nullptr) {
1422 SendOkay(reply_fd, FeatureSetToString(t->features()));
1423 } else {
1424 SendFail(reply_fd, error);
1425 }
1426 return HostRequestResult::Handled;
1427 }
1428
1429 if (service == "host-features") {
1430 FeatureSet features = supported_features();
1431 // Abuse features to report libusb status.
1432 if (is_libusb_enabled()) {
1433 features.emplace_back(kFeatureLibusb);
1434 }
1435 features.emplace_back(kFeaturePushSync);
1436 SendOkay(reply_fd, FeatureSetToString(features));
1437 return HostRequestResult::Handled;
1438 }
1439
1440 // remove TCP transport
1441 if (service.starts_with("disconnect:")) {
1442 std::string address(service.substr(11));
1443 if (address.empty()) {
1444 kick_all_tcp_devices();
1445 SendOkay(reply_fd, "disconnected everything");
1446 return HostRequestResult::Handled;
1447 }
1448
1449 // Mdns instance named device
1450 atransport* t = find_transport(address.c_str());
1451 if (t != nullptr) {
1452 kick_transport(t);
1453 SendOkay(reply_fd, android::base::StringPrintf("disconnected %s", address.c_str()));
1454 return HostRequestResult::Handled;
1455 }
1456
1457 std::string serial;
1458 std::string host;
1459 int port = DEFAULT_ADB_LOCAL_TRANSPORT_PORT;
1460 std::string error;
1461 if (address.starts_with("vsock:") || address.starts_with("localfilesystem:")) {
1462 serial = address;
1463 } else if (!android::base::ParseNetAddress(address, &host, &port, &serial, &error)) {
1464 SendFail(reply_fd, android::base::StringPrintf("couldn't parse '%s': %s",
1465 address.c_str(), error.c_str()));
1466 return HostRequestResult::Handled;
1467 }
1468 t = find_transport(serial.c_str());
1469 if (t == nullptr) {
1470 SendFail(reply_fd, android::base::StringPrintf("no such device '%s'", serial.c_str()));
1471 return HostRequestResult::Handled;
1472 }
1473 kick_transport(t);
1474 SendOkay(reply_fd, android::base::StringPrintf("disconnected %s", address.c_str()));
1475 return HostRequestResult::Handled;
1476 }
1477
1478 // Returns our value for ADB_SERVER_VERSION.
1479 if (service == "version") {
1480 SendOkay(reply_fd, android::base::StringPrintf("%04x", ADB_SERVER_VERSION));
1481 return HostRequestResult::Handled;
1482 }
1483
1484 // These always report "unknown" rather than the actual error, for scripts.
1485 if (service == "get-serialno") {
1486 std::string error;
1487 atransport* t =
1488 s->transport ? s->transport
1489 : acquire_one_transport(type, serial, transport_id, nullptr, &error);
1490 if (t) {
1491 SendOkay(reply_fd, !t->serial.empty() ? t->serial : "unknown");
1492 } else {
1493 SendFail(reply_fd, error);
1494 }
1495 return HostRequestResult::Handled;
1496 }
1497 if (service == "get-devpath") {
1498 std::string error;
1499 atransport* t =
1500 s->transport ? s->transport
1501 : acquire_one_transport(type, serial, transport_id, nullptr, &error);
1502 if (t) {
1503 SendOkay(reply_fd, !t->devpath.empty() ? t->devpath : "unknown");
1504 } else {
1505 SendFail(reply_fd, error);
1506 }
1507 return HostRequestResult::Handled;
1508 }
1509 if (service == "get-state") {
1510 std::string error;
1511 atransport* t =
1512 s->transport ? s->transport
1513 : acquire_one_transport(type, serial, transport_id, nullptr, &error);
1514 if (t) {
1515 SendOkay(reply_fd, to_string(t->GetConnectionState()));
1516 } else {
1517 SendFail(reply_fd, error);
1518 }
1519 return HostRequestResult::Handled;
1520 }
1521
1522 // Indicates a new emulator instance has started.
1523 if (android::base::ConsumePrefix(&service, "emulator:")) {
1524 unsigned int port;
1525 if (!ParseUint(&port, service)) {
1526 LOG(ERROR) << "received invalid port for emulator: " << service;
1527 } else {
1528 connect_emulator(port);
1529 }
1530
1531 /* we don't even need to send a reply */
1532 return HostRequestResult::Handled;
1533 }
1534
1535 if (service == "reconnect") {
1536 std::string response;
1537 atransport* t = s->transport ? s->transport
1538 : acquire_one_transport(type, serial, transport_id, nullptr,
1539 &response, true);
1540 if (t != nullptr) {
1541 kick_transport(t, true);
1542 response = "reconnecting " + t->serial_name() + " [" +
1543 to_string(t->GetConnectionState()) + "]\n";
1544 }
1545 SendOkay(reply_fd, response);
1546 return HostRequestResult::Handled;
1547 }
1548
1549 if (service == "attach") {
1550 std::string error;
1551 atransport* t = s->transport ? s->transport
1552 : acquire_one_transport(type, serial, transport_id, nullptr,
1553 &error, true);
1554 if (!t) {
1555 SendFail(reply_fd, error);
1556 return HostRequestResult::Handled;
1557 }
1558
1559 attached_devices.RegisterAttach(t->serial_name());
1560 if (t->Attach(&error)) {
1561 SendOkay(reply_fd,
1562 android::base::StringPrintf("%s attached", t->serial_name().c_str()));
1563 } else {
1564 SendFail(reply_fd, error);
1565 }
1566 return HostRequestResult::Handled;
1567 }
1568
1569 if (service == "detach") {
1570 std::string error;
1571 atransport* t = s->transport ? s->transport
1572 : acquire_one_transport(type, serial, transport_id, nullptr,
1573 &error, true);
1574 if (!t) {
1575 SendFail(reply_fd, error);
1576 return HostRequestResult::Handled;
1577 }
1578
1579 // HACK:
1580 // Detaching the transport will lead to all of its sockets being closed,
1581 // but we're handling one of those sockets right now!
1582 //
1583 // Mark the socket as not having a transport, knowing that it'll be cleaned up by the
1584 // function that called us.
1585 s->transport = nullptr;
1586
1587 attached_devices.RegisterDetach(t->serial_name());
1588 if (t->Detach(&error)) {
1589 SendOkay(reply_fd,
1590 android::base::StringPrintf("%s detached", t->serial_name().c_str()));
1591 } else {
1592 SendFail(reply_fd, error);
1593 }
1594 return HostRequestResult::Handled;
1595 }
1596
1597 // TODO: Switch handle_forward_request to string_view.
1598 std::string service_str(service);
1599 auto transport_acquirer = [=](std::string* error) {
1600 if (s->transport) {
1601 return s->transport;
1602 } else {
1603 std::string error;
1604 return acquire_one_transport(type, serial, transport_id, nullptr, &error);
1605 }
1606 };
1607 if (handle_forward_request(service_str.c_str(), transport_acquirer, reply_fd)) {
1608 return HostRequestResult::Handled;
1609 }
1610
1611 if (handle_mdns_request(service, reply_fd)) {
1612 return HostRequestResult::Handled;
1613 }
1614
1615 return HostRequestResult::Unhandled;
1616 }
1617
1618 static auto& init_mutex = *new std::mutex();
1619 static auto& init_cv = *new std::condition_variable();
1620 static bool device_scan_complete = false;
1621 static bool transports_ready = false;
1622
update_transport_status()1623 void update_transport_status() {
1624 bool result = iterate_transports([](const atransport* t) {
1625 if (t->type == kTransportUsb && t->online != 1) {
1626 return false;
1627 }
1628 return true;
1629 });
1630
1631 bool ready;
1632 {
1633 std::lock_guard<std::mutex> lock(init_mutex);
1634 transports_ready = result;
1635 ready = transports_ready && device_scan_complete;
1636 }
1637
1638 if (ready) {
1639 init_cv.notify_all();
1640 }
1641 }
1642
adb_notify_device_scan_complete()1643 void adb_notify_device_scan_complete() {
1644 {
1645 std::lock_guard<std::mutex> lock(init_mutex);
1646 if (device_scan_complete) {
1647 return;
1648 }
1649
1650 device_scan_complete = true;
1651 }
1652
1653 update_transport_status();
1654 }
1655
adb_wait_for_device_initialization()1656 void adb_wait_for_device_initialization() {
1657 std::unique_lock<std::mutex> lock(init_mutex);
1658 init_cv.wait_for(lock, 3s, []() { return device_scan_complete && transports_ready; });
1659 }
1660
1661 #endif // ADB_HOST
1662