1 /*
2 * Copyright (C) 2007 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #define TRACE_TAG TRACE_ADB
18
19 #include <stdio.h>
20 #include <stdlib.h>
21 #include <ctype.h>
22 #include <stdarg.h>
23 #include <errno.h>
24 #include <stddef.h>
25 #include <string.h>
26 #include <time.h>
27 #include <sys/time.h>
28 #include <stdint.h>
29
30 #include "sysdeps.h"
31 #include "adb.h"
32 #include "adb_auth.h"
33
34 #define ARRAY_SIZE(a) (sizeof(a) / sizeof((a)[0]))
35
36 #if !ADB_HOST
37 #include <private/android_filesystem_config.h>
38 #include <sys/capability.h>
39 #include <linux/prctl.h>
40 #include <sys/mount.h>
41 #else
42 #include "usb_vendors.h"
43 #endif
44
45 #if ADB_TRACE
46 ADB_MUTEX_DEFINE( D_lock );
47 #endif
48
49 int HOST = 0;
50 int gListenAll = 0;
51
52 static int auth_enabled = 0;
53
54 #if !ADB_HOST
55 static const char *adb_device_banner = "device";
56 #endif
57
fatal(const char * fmt,...)58 void fatal(const char *fmt, ...)
59 {
60 va_list ap;
61 va_start(ap, fmt);
62 fprintf(stderr, "error: ");
63 vfprintf(stderr, fmt, ap);
64 fprintf(stderr, "\n");
65 va_end(ap);
66 exit(-1);
67 }
68
fatal_errno(const char * fmt,...)69 void fatal_errno(const char *fmt, ...)
70 {
71 va_list ap;
72 va_start(ap, fmt);
73 fprintf(stderr, "error: %s: ", strerror(errno));
74 vfprintf(stderr, fmt, ap);
75 fprintf(stderr, "\n");
76 va_end(ap);
77 exit(-1);
78 }
79
80 int adb_trace_mask;
81
82 /* read a comma/space/colum/semi-column separated list of tags
83 * from the ADB_TRACE environment variable and build the trace
84 * mask from it. note that '1' and 'all' are special cases to
85 * enable all tracing
86 */
adb_trace_init(void)87 void adb_trace_init(void)
88 {
89 const char* p = getenv("ADB_TRACE");
90 const char* q;
91
92 static const struct {
93 const char* tag;
94 int flag;
95 } tags[] = {
96 { "1", 0 },
97 { "all", 0 },
98 { "adb", TRACE_ADB },
99 { "sockets", TRACE_SOCKETS },
100 { "packets", TRACE_PACKETS },
101 { "rwx", TRACE_RWX },
102 { "usb", TRACE_USB },
103 { "sync", TRACE_SYNC },
104 { "sysdeps", TRACE_SYSDEPS },
105 { "transport", TRACE_TRANSPORT },
106 { "jdwp", TRACE_JDWP },
107 { "services", TRACE_SERVICES },
108 { "auth", TRACE_AUTH },
109 { NULL, 0 }
110 };
111
112 if (p == NULL)
113 return;
114
115 /* use a comma/column/semi-colum/space separated list */
116 while (*p) {
117 int len, tagn;
118
119 q = strpbrk(p, " ,:;");
120 if (q == NULL) {
121 q = p + strlen(p);
122 }
123 len = q - p;
124
125 for (tagn = 0; tags[tagn].tag != NULL; tagn++)
126 {
127 int taglen = strlen(tags[tagn].tag);
128
129 if (len == taglen && !memcmp(tags[tagn].tag, p, len) )
130 {
131 int flag = tags[tagn].flag;
132 if (flag == 0) {
133 adb_trace_mask = ~0;
134 return;
135 }
136 adb_trace_mask |= (1 << flag);
137 break;
138 }
139 }
140 p = q;
141 if (*p)
142 p++;
143 }
144 }
145
146 #if !ADB_HOST
147 /*
148 * Implements ADB tracing inside the emulator.
149 */
150
151 #include <stdarg.h>
152
153 /*
154 * Redefine open and write for qemu_pipe.h that contains inlined references
155 * to those routines. We will redifine them back after qemu_pipe.h inclusion.
156 */
157
158 #undef open
159 #undef write
160 #define open adb_open
161 #define write adb_write
162 #include <hardware/qemu_pipe.h>
163 #undef open
164 #undef write
165 #define open ___xxx_open
166 #define write ___xxx_write
167
168 /* A handle to adb-debug qemud service in the emulator. */
169 int adb_debug_qemu = -1;
170
171 /* Initializes connection with the adb-debug qemud service in the emulator. */
adb_qemu_trace_init(void)172 static int adb_qemu_trace_init(void)
173 {
174 char con_name[32];
175
176 if (adb_debug_qemu >= 0) {
177 return 0;
178 }
179
180 /* adb debugging QEMUD service connection request. */
181 snprintf(con_name, sizeof(con_name), "qemud:adb-debug");
182 adb_debug_qemu = qemu_pipe_open(con_name);
183 return (adb_debug_qemu >= 0) ? 0 : -1;
184 }
185
adb_qemu_trace(const char * fmt,...)186 void adb_qemu_trace(const char* fmt, ...)
187 {
188 va_list args;
189 va_start(args, fmt);
190 char msg[1024];
191
192 if (adb_debug_qemu >= 0) {
193 vsnprintf(msg, sizeof(msg), fmt, args);
194 adb_write(adb_debug_qemu, msg, strlen(msg));
195 }
196 }
197 #endif /* !ADB_HOST */
198
get_apacket(void)199 apacket *get_apacket(void)
200 {
201 apacket *p = malloc(sizeof(apacket));
202 if(p == 0) fatal("failed to allocate an apacket");
203 memset(p, 0, sizeof(apacket) - MAX_PAYLOAD);
204 return p;
205 }
206
put_apacket(apacket * p)207 void put_apacket(apacket *p)
208 {
209 free(p);
210 }
211
handle_online(atransport * t)212 void handle_online(atransport *t)
213 {
214 D("adb: online\n");
215 t->online = 1;
216 }
217
handle_offline(atransport * t)218 void handle_offline(atransport *t)
219 {
220 D("adb: offline\n");
221 //Close the associated usb
222 t->online = 0;
223 run_transport_disconnects(t);
224 }
225
226 #if DEBUG_PACKETS
227 #define DUMPMAX 32
print_packet(const char * label,apacket * p)228 void print_packet(const char *label, apacket *p)
229 {
230 char *tag;
231 char *x;
232 unsigned count;
233
234 switch(p->msg.command){
235 case A_SYNC: tag = "SYNC"; break;
236 case A_CNXN: tag = "CNXN" ; break;
237 case A_OPEN: tag = "OPEN"; break;
238 case A_OKAY: tag = "OKAY"; break;
239 case A_CLSE: tag = "CLSE"; break;
240 case A_WRTE: tag = "WRTE"; break;
241 case A_AUTH: tag = "AUTH"; break;
242 default: tag = "????"; break;
243 }
244
245 fprintf(stderr, "%s: %s %08x %08x %04x \"",
246 label, tag, p->msg.arg0, p->msg.arg1, p->msg.data_length);
247 count = p->msg.data_length;
248 x = (char*) p->data;
249 if(count > DUMPMAX) {
250 count = DUMPMAX;
251 tag = "\n";
252 } else {
253 tag = "\"\n";
254 }
255 while(count-- > 0){
256 if((*x >= ' ') && (*x < 127)) {
257 fputc(*x, stderr);
258 } else {
259 fputc('.', stderr);
260 }
261 x++;
262 }
263 fputs(tag, stderr);
264 }
265 #endif
266
send_ready(unsigned local,unsigned remote,atransport * t)267 static void send_ready(unsigned local, unsigned remote, atransport *t)
268 {
269 D("Calling send_ready \n");
270 apacket *p = get_apacket();
271 p->msg.command = A_OKAY;
272 p->msg.arg0 = local;
273 p->msg.arg1 = remote;
274 send_packet(p, t);
275 }
276
send_close(unsigned local,unsigned remote,atransport * t)277 static void send_close(unsigned local, unsigned remote, atransport *t)
278 {
279 D("Calling send_close \n");
280 apacket *p = get_apacket();
281 p->msg.command = A_CLSE;
282 p->msg.arg0 = local;
283 p->msg.arg1 = remote;
284 send_packet(p, t);
285 }
286
fill_connect_data(char * buf,size_t bufsize)287 static size_t fill_connect_data(char *buf, size_t bufsize)
288 {
289 #if ADB_HOST
290 return snprintf(buf, bufsize, "host::") + 1;
291 #else
292 static const char *cnxn_props[] = {
293 "ro.product.name",
294 "ro.product.model",
295 "ro.product.device",
296 };
297 static const int num_cnxn_props = ARRAY_SIZE(cnxn_props);
298 int i;
299 size_t remaining = bufsize;
300 size_t len;
301
302 len = snprintf(buf, remaining, "%s::", adb_device_banner);
303 remaining -= len;
304 buf += len;
305 for (i = 0; i < num_cnxn_props; i++) {
306 char value[PROPERTY_VALUE_MAX];
307 property_get(cnxn_props[i], value, "");
308 len = snprintf(buf, remaining, "%s=%s;", cnxn_props[i], value);
309 remaining -= len;
310 buf += len;
311 }
312
313 return bufsize - remaining + 1;
314 #endif
315 }
316
send_connect(atransport * t)317 static void send_connect(atransport *t)
318 {
319 D("Calling send_connect \n");
320 apacket *cp = get_apacket();
321 cp->msg.command = A_CNXN;
322 cp->msg.arg0 = A_VERSION;
323 cp->msg.arg1 = MAX_PAYLOAD;
324 cp->msg.data_length = fill_connect_data((char *)cp->data,
325 sizeof(cp->data));
326 send_packet(cp, t);
327 }
328
send_auth_request(atransport * t)329 void send_auth_request(atransport *t)
330 {
331 D("Calling send_auth_request\n");
332 apacket *p;
333 int ret;
334
335 ret = adb_auth_generate_token(t->token, sizeof(t->token));
336 if (ret != sizeof(t->token)) {
337 D("Error generating token ret=%d\n", ret);
338 return;
339 }
340
341 p = get_apacket();
342 memcpy(p->data, t->token, ret);
343 p->msg.command = A_AUTH;
344 p->msg.arg0 = ADB_AUTH_TOKEN;
345 p->msg.data_length = ret;
346 send_packet(p, t);
347 }
348
send_auth_response(uint8_t * token,size_t token_size,atransport * t)349 static void send_auth_response(uint8_t *token, size_t token_size, atransport *t)
350 {
351 D("Calling send_auth_response\n");
352 apacket *p = get_apacket();
353 int ret;
354
355 ret = adb_auth_sign(t->key, token, token_size, p->data);
356 if (!ret) {
357 D("Error signing the token\n");
358 put_apacket(p);
359 return;
360 }
361
362 p->msg.command = A_AUTH;
363 p->msg.arg0 = ADB_AUTH_SIGNATURE;
364 p->msg.data_length = ret;
365 send_packet(p, t);
366 }
367
send_auth_publickey(atransport * t)368 static void send_auth_publickey(atransport *t)
369 {
370 D("Calling send_auth_publickey\n");
371 apacket *p = get_apacket();
372 int ret;
373
374 ret = adb_auth_get_userkey(p->data, sizeof(p->data));
375 if (!ret) {
376 D("Failed to get user public key\n");
377 put_apacket(p);
378 return;
379 }
380
381 p->msg.command = A_AUTH;
382 p->msg.arg0 = ADB_AUTH_RSAPUBLICKEY;
383 p->msg.data_length = ret;
384 send_packet(p, t);
385 }
386
adb_auth_verified(atransport * t)387 void adb_auth_verified(atransport *t)
388 {
389 handle_online(t);
390 send_connect(t);
391 }
392
connection_state_name(atransport * t)393 static char *connection_state_name(atransport *t)
394 {
395 if (t == NULL) {
396 return "unknown";
397 }
398
399 switch(t->connection_state) {
400 case CS_BOOTLOADER:
401 return "bootloader";
402 case CS_DEVICE:
403 return "device";
404 case CS_OFFLINE:
405 return "offline";
406 case CS_UNAUTHORIZED:
407 return "unauthorized";
408 default:
409 return "unknown";
410 }
411 }
412
413 /* qual_overwrite is used to overwrite a qualifier string. dst is a
414 * pointer to a char pointer. It is assumed that if *dst is non-NULL, it
415 * was malloc'ed and needs to freed. *dst will be set to a dup of src.
416 */
qual_overwrite(char ** dst,const char * src)417 static void qual_overwrite(char **dst, const char *src)
418 {
419 if (!dst)
420 return;
421
422 free(*dst);
423 *dst = NULL;
424
425 if (!src || !*src)
426 return;
427
428 *dst = strdup(src);
429 }
430
parse_banner(char * banner,atransport * t)431 void parse_banner(char *banner, atransport *t)
432 {
433 static const char *prop_seps = ";";
434 static const char key_val_sep = '=';
435 char *cp;
436 char *type;
437
438 D("parse_banner: %s\n", banner);
439 type = banner;
440 cp = strchr(type, ':');
441 if (cp) {
442 *cp++ = 0;
443 /* Nothing is done with second field. */
444 cp = strchr(cp, ':');
445 if (cp) {
446 char *save;
447 char *key;
448 key = adb_strtok_r(cp + 1, prop_seps, &save);
449 while (key) {
450 cp = strchr(key, key_val_sep);
451 if (cp) {
452 *cp++ = '\0';
453 if (!strcmp(key, "ro.product.name"))
454 qual_overwrite(&t->product, cp);
455 else if (!strcmp(key, "ro.product.model"))
456 qual_overwrite(&t->model, cp);
457 else if (!strcmp(key, "ro.product.device"))
458 qual_overwrite(&t->device, cp);
459 }
460 key = adb_strtok_r(NULL, prop_seps, &save);
461 }
462 }
463 }
464
465 if(!strcmp(type, "bootloader")){
466 D("setting connection_state to CS_BOOTLOADER\n");
467 t->connection_state = CS_BOOTLOADER;
468 update_transports();
469 return;
470 }
471
472 if(!strcmp(type, "device")) {
473 D("setting connection_state to CS_DEVICE\n");
474 t->connection_state = CS_DEVICE;
475 update_transports();
476 return;
477 }
478
479 if(!strcmp(type, "recovery")) {
480 D("setting connection_state to CS_RECOVERY\n");
481 t->connection_state = CS_RECOVERY;
482 update_transports();
483 return;
484 }
485
486 if(!strcmp(type, "sideload")) {
487 D("setting connection_state to CS_SIDELOAD\n");
488 t->connection_state = CS_SIDELOAD;
489 update_transports();
490 return;
491 }
492
493 t->connection_state = CS_HOST;
494 }
495
handle_packet(apacket * p,atransport * t)496 void handle_packet(apacket *p, atransport *t)
497 {
498 asocket *s;
499
500 D("handle_packet() %c%c%c%c\n", ((char*) (&(p->msg.command)))[0],
501 ((char*) (&(p->msg.command)))[1],
502 ((char*) (&(p->msg.command)))[2],
503 ((char*) (&(p->msg.command)))[3]);
504 print_packet("recv", p);
505
506 switch(p->msg.command){
507 case A_SYNC:
508 if(p->msg.arg0){
509 send_packet(p, t);
510 if(HOST) send_connect(t);
511 } else {
512 t->connection_state = CS_OFFLINE;
513 handle_offline(t);
514 send_packet(p, t);
515 }
516 return;
517
518 case A_CNXN: /* CONNECT(version, maxdata, "system-id-string") */
519 /* XXX verify version, etc */
520 if(t->connection_state != CS_OFFLINE) {
521 t->connection_state = CS_OFFLINE;
522 handle_offline(t);
523 }
524
525 parse_banner((char*) p->data, t);
526
527 if (HOST || !auth_enabled) {
528 handle_online(t);
529 if(!HOST) send_connect(t);
530 } else {
531 send_auth_request(t);
532 }
533 break;
534
535 case A_AUTH:
536 if (p->msg.arg0 == ADB_AUTH_TOKEN) {
537 t->connection_state = CS_UNAUTHORIZED;
538 t->key = adb_auth_nextkey(t->key);
539 if (t->key) {
540 send_auth_response(p->data, p->msg.data_length, t);
541 } else {
542 /* No more private keys to try, send the public key */
543 send_auth_publickey(t);
544 }
545 } else if (p->msg.arg0 == ADB_AUTH_SIGNATURE) {
546 if (adb_auth_verify(t->token, p->data, p->msg.data_length)) {
547 adb_auth_verified(t);
548 t->failed_auth_attempts = 0;
549 } else {
550 if (t->failed_auth_attempts++ > 10)
551 adb_sleep_ms(1000);
552 send_auth_request(t);
553 }
554 } else if (p->msg.arg0 == ADB_AUTH_RSAPUBLICKEY) {
555 adb_auth_confirm_key(p->data, p->msg.data_length, t);
556 }
557 break;
558
559 case A_OPEN: /* OPEN(local-id, 0, "destination") */
560 if (t->online) {
561 char *name = (char*) p->data;
562 name[p->msg.data_length > 0 ? p->msg.data_length - 1 : 0] = 0;
563 s = create_local_service_socket(name);
564 if(s == 0) {
565 send_close(0, p->msg.arg0, t);
566 } else {
567 s->peer = create_remote_socket(p->msg.arg0, t);
568 s->peer->peer = s;
569 send_ready(s->id, s->peer->id, t);
570 s->ready(s);
571 }
572 }
573 break;
574
575 case A_OKAY: /* READY(local-id, remote-id, "") */
576 if (t->online) {
577 if((s = find_local_socket(p->msg.arg1))) {
578 if(s->peer == 0) {
579 s->peer = create_remote_socket(p->msg.arg0, t);
580 s->peer->peer = s;
581 }
582 s->ready(s);
583 }
584 }
585 break;
586
587 case A_CLSE: /* CLOSE(local-id, remote-id, "") */
588 if (t->online) {
589 if((s = find_local_socket(p->msg.arg1))) {
590 s->close(s);
591 }
592 }
593 break;
594
595 case A_WRTE:
596 if (t->online) {
597 if((s = find_local_socket(p->msg.arg1))) {
598 unsigned rid = p->msg.arg0;
599 p->len = p->msg.data_length;
600
601 if(s->enqueue(s, p) == 0) {
602 D("Enqueue the socket\n");
603 send_ready(s->id, rid, t);
604 }
605 return;
606 }
607 }
608 break;
609
610 default:
611 printf("handle_packet: what is %08x?!\n", p->msg.command);
612 }
613
614 put_apacket(p);
615 }
616
617 alistener listener_list = {
618 .next = &listener_list,
619 .prev = &listener_list,
620 };
621
ss_listener_event_func(int _fd,unsigned ev,void * _l)622 static void ss_listener_event_func(int _fd, unsigned ev, void *_l)
623 {
624 asocket *s;
625
626 if(ev & FDE_READ) {
627 struct sockaddr addr;
628 socklen_t alen;
629 int fd;
630
631 alen = sizeof(addr);
632 fd = adb_socket_accept(_fd, &addr, &alen);
633 if(fd < 0) return;
634
635 adb_socket_setbufsize(fd, CHUNK_SIZE);
636
637 s = create_local_socket(fd);
638 if(s) {
639 connect_to_smartsocket(s);
640 return;
641 }
642
643 adb_close(fd);
644 }
645 }
646
listener_event_func(int _fd,unsigned ev,void * _l)647 static void listener_event_func(int _fd, unsigned ev, void *_l)
648 {
649 alistener *l = _l;
650 asocket *s;
651
652 if(ev & FDE_READ) {
653 struct sockaddr addr;
654 socklen_t alen;
655 int fd;
656
657 alen = sizeof(addr);
658 fd = adb_socket_accept(_fd, &addr, &alen);
659 if(fd < 0) return;
660
661 s = create_local_socket(fd);
662 if(s) {
663 s->transport = l->transport;
664 connect_to_remote(s, l->connect_to);
665 return;
666 }
667
668 adb_close(fd);
669 }
670 }
671
free_listener(alistener * l)672 static void free_listener(alistener* l)
673 {
674 if (l->next) {
675 l->next->prev = l->prev;
676 l->prev->next = l->next;
677 l->next = l->prev = l;
678 }
679
680 // closes the corresponding fd
681 fdevent_remove(&l->fde);
682
683 if (l->local_name)
684 free((char*)l->local_name);
685
686 if (l->connect_to)
687 free((char*)l->connect_to);
688
689 if (l->transport) {
690 remove_transport_disconnect(l->transport, &l->disconnect);
691 }
692 free(l);
693 }
694
listener_disconnect(void * _l,atransport * t)695 static void listener_disconnect(void* _l, atransport* t)
696 {
697 alistener* l = _l;
698
699 free_listener(l);
700 }
701
local_name_to_fd(const char * name)702 int local_name_to_fd(const char *name)
703 {
704 int port;
705
706 if(!strncmp("tcp:", name, 4)){
707 int ret;
708 port = atoi(name + 4);
709
710 if (gListenAll > 0) {
711 ret = socket_inaddr_any_server(port, SOCK_STREAM);
712 } else {
713 ret = socket_loopback_server(port, SOCK_STREAM);
714 }
715
716 return ret;
717 }
718 #ifndef HAVE_WIN32_IPC /* no Unix-domain sockets on Win32 */
719 // It's non-sensical to support the "reserved" space on the adb host side
720 if(!strncmp(name, "local:", 6)) {
721 return socket_local_server(name + 6,
722 ANDROID_SOCKET_NAMESPACE_ABSTRACT, SOCK_STREAM);
723 } else if(!strncmp(name, "localabstract:", 14)) {
724 return socket_local_server(name + 14,
725 ANDROID_SOCKET_NAMESPACE_ABSTRACT, SOCK_STREAM);
726 } else if(!strncmp(name, "localfilesystem:", 16)) {
727 return socket_local_server(name + 16,
728 ANDROID_SOCKET_NAMESPACE_FILESYSTEM, SOCK_STREAM);
729 }
730
731 #endif
732 printf("unknown local portname '%s'\n", name);
733 return -1;
734 }
735
736 // Write a single line describing a listener to a user-provided buffer.
737 // Appends a trailing zero, even in case of truncation, but the function
738 // returns the full line length.
739 // If |buffer| is NULL, does not write but returns required size.
format_listener(alistener * l,char * buffer,size_t buffer_len)740 static int format_listener(alistener* l, char* buffer, size_t buffer_len) {
741 // Format is simply:
742 //
743 // <device-serial> " " <local-name> " " <remote-name> "\n"
744 //
745 int local_len = strlen(l->local_name);
746 int connect_len = strlen(l->connect_to);
747 int serial_len = strlen(l->transport->serial);
748
749 if (buffer != NULL) {
750 snprintf(buffer, buffer_len, "%s %s %s\n",
751 l->transport->serial, l->local_name, l->connect_to);
752 }
753 // NOTE: snprintf() on Windows returns -1 in case of truncation, so
754 // return the computed line length instead.
755 return local_len + connect_len + serial_len + 3;
756 }
757
758 // Write the list of current listeners (network redirections) into a
759 // user-provided buffer. Appends a trailing zero, even in case of
760 // trunctaion, but return the full size in bytes.
761 // If |buffer| is NULL, does not write but returns required size.
format_listeners(char * buf,size_t buflen)762 static int format_listeners(char* buf, size_t buflen)
763 {
764 alistener* l;
765 int result = 0;
766 for (l = listener_list.next; l != &listener_list; l = l->next) {
767 // Ignore special listeners like those for *smartsocket*
768 if (l->connect_to[0] == '*')
769 continue;
770 int len = format_listener(l, buf, buflen);
771 // Ensure there is space for the trailing zero.
772 result += len;
773 if (buf != NULL) {
774 buf += len;
775 buflen -= len;
776 if (buflen <= 0)
777 break;
778 }
779 }
780 return result;
781 }
782
remove_listener(const char * local_name,atransport * transport)783 static int remove_listener(const char *local_name, atransport* transport)
784 {
785 alistener *l;
786
787 for (l = listener_list.next; l != &listener_list; l = l->next) {
788 if (!strcmp(local_name, l->local_name)) {
789 listener_disconnect(l, l->transport);
790 return 0;
791 }
792 }
793 return -1;
794 }
795
remove_all_listeners(void)796 static void remove_all_listeners(void)
797 {
798 alistener *l, *l_next;
799 for (l = listener_list.next; l != &listener_list; l = l_next) {
800 l_next = l->next;
801 // Never remove smart sockets.
802 if (l->connect_to[0] == '*')
803 continue;
804 listener_disconnect(l, l->transport);
805 }
806 }
807
808 // error/status codes for install_listener.
809 typedef enum {
810 INSTALL_STATUS_OK = 0,
811 INSTALL_STATUS_INTERNAL_ERROR = -1,
812 INSTALL_STATUS_CANNOT_BIND = -2,
813 INSTALL_STATUS_CANNOT_REBIND = -3,
814 } install_status_t;
815
install_listener(const char * local_name,const char * connect_to,atransport * transport,int no_rebind)816 static install_status_t install_listener(const char *local_name,
817 const char *connect_to,
818 atransport* transport,
819 int no_rebind)
820 {
821 alistener *l;
822
823 //printf("install_listener('%s','%s')\n", local_name, connect_to);
824
825 for(l = listener_list.next; l != &listener_list; l = l->next){
826 if(strcmp(local_name, l->local_name) == 0) {
827 char *cto;
828
829 /* can't repurpose a smartsocket */
830 if(l->connect_to[0] == '*') {
831 return INSTALL_STATUS_INTERNAL_ERROR;
832 }
833
834 /* can't repurpose a listener if 'no_rebind' is true */
835 if (no_rebind) {
836 return INSTALL_STATUS_CANNOT_REBIND;
837 }
838
839 cto = strdup(connect_to);
840 if(cto == 0) {
841 return INSTALL_STATUS_INTERNAL_ERROR;
842 }
843
844 //printf("rebinding '%s' to '%s'\n", local_name, connect_to);
845 free((void*) l->connect_to);
846 l->connect_to = cto;
847 if (l->transport != transport) {
848 remove_transport_disconnect(l->transport, &l->disconnect);
849 l->transport = transport;
850 add_transport_disconnect(l->transport, &l->disconnect);
851 }
852 return INSTALL_STATUS_OK;
853 }
854 }
855
856 if((l = calloc(1, sizeof(alistener))) == 0) goto nomem;
857 if((l->local_name = strdup(local_name)) == 0) goto nomem;
858 if((l->connect_to = strdup(connect_to)) == 0) goto nomem;
859
860
861 l->fd = local_name_to_fd(local_name);
862 if(l->fd < 0) {
863 free((void*) l->local_name);
864 free((void*) l->connect_to);
865 free(l);
866 printf("cannot bind '%s'\n", local_name);
867 return -2;
868 }
869
870 close_on_exec(l->fd);
871 if(!strcmp(l->connect_to, "*smartsocket*")) {
872 fdevent_install(&l->fde, l->fd, ss_listener_event_func, l);
873 } else {
874 fdevent_install(&l->fde, l->fd, listener_event_func, l);
875 }
876 fdevent_set(&l->fde, FDE_READ);
877
878 l->next = &listener_list;
879 l->prev = listener_list.prev;
880 l->next->prev = l;
881 l->prev->next = l;
882 l->transport = transport;
883
884 if (transport) {
885 l->disconnect.opaque = l;
886 l->disconnect.func = listener_disconnect;
887 add_transport_disconnect(transport, &l->disconnect);
888 }
889 return INSTALL_STATUS_OK;
890
891 nomem:
892 fatal("cannot allocate listener");
893 return INSTALL_STATUS_INTERNAL_ERROR;
894 }
895
896 #ifdef HAVE_WIN32_PROC
ctrlc_handler(DWORD type)897 static BOOL WINAPI ctrlc_handler(DWORD type)
898 {
899 exit(STATUS_CONTROL_C_EXIT);
900 return TRUE;
901 }
902 #endif
903
adb_cleanup(void)904 static void adb_cleanup(void)
905 {
906 usb_cleanup();
907 }
908
start_logging(void)909 void start_logging(void)
910 {
911 #ifdef HAVE_WIN32_PROC
912 char temp[ MAX_PATH ];
913 FILE* fnul;
914 FILE* flog;
915
916 GetTempPath( sizeof(temp) - 8, temp );
917 strcat( temp, "adb.log" );
918
919 /* Win32 specific redirections */
920 fnul = fopen( "NUL", "rt" );
921 if (fnul != NULL)
922 stdin[0] = fnul[0];
923
924 flog = fopen( temp, "at" );
925 if (flog == NULL)
926 flog = fnul;
927
928 setvbuf( flog, NULL, _IONBF, 0 );
929
930 stdout[0] = flog[0];
931 stderr[0] = flog[0];
932 fprintf(stderr,"--- adb starting (pid %d) ---\n", getpid());
933 #else
934 int fd;
935
936 fd = unix_open("/dev/null", O_RDONLY);
937 dup2(fd, 0);
938 adb_close(fd);
939
940 fd = unix_open("/tmp/adb.log", O_WRONLY | O_CREAT | O_APPEND, 0640);
941 if(fd < 0) {
942 fd = unix_open("/dev/null", O_WRONLY);
943 }
944 dup2(fd, 1);
945 dup2(fd, 2);
946 adb_close(fd);
947 fprintf(stderr,"--- adb starting (pid %d) ---\n", getpid());
948 #endif
949 }
950
951 #if !ADB_HOST
start_device_log(void)952 void start_device_log(void)
953 {
954 int fd;
955 char path[PATH_MAX];
956 struct tm now;
957 time_t t;
958 char value[PROPERTY_VALUE_MAX];
959
960 // read the trace mask from persistent property persist.adb.trace_mask
961 // give up if the property is not set or cannot be parsed
962 property_get("persist.adb.trace_mask", value, "");
963 if (sscanf(value, "%x", &adb_trace_mask) != 1)
964 return;
965
966 adb_mkdir("/data/adb", 0775);
967 tzset();
968 time(&t);
969 localtime_r(&t, &now);
970 strftime(path, sizeof(path),
971 "/data/adb/adb-%Y-%m-%d-%H-%M-%S.txt",
972 &now);
973 fd = unix_open(path, O_WRONLY | O_CREAT | O_TRUNC, 0640);
974 if (fd < 0)
975 return;
976
977 // redirect stdout and stderr to the log file
978 dup2(fd, 1);
979 dup2(fd, 2);
980 fprintf(stderr,"--- adb starting (pid %d) ---\n", getpid());
981 adb_close(fd);
982
983 fd = unix_open("/dev/null", O_RDONLY);
984 dup2(fd, 0);
985 adb_close(fd);
986 }
987 #endif
988
989 #if ADB_HOST
990
991 #ifdef WORKAROUND_BUG6558362
992 #include <sched.h>
993 #define AFFINITY_ENVVAR "ADB_CPU_AFFINITY_BUG6558362"
adb_set_affinity(void)994 void adb_set_affinity(void)
995 {
996 cpu_set_t cpu_set;
997 const char* cpunum_str = getenv(AFFINITY_ENVVAR);
998 char* strtol_res;
999 int cpu_num;
1000
1001 if (!cpunum_str || !*cpunum_str)
1002 return;
1003 cpu_num = strtol(cpunum_str, &strtol_res, 0);
1004 if (*strtol_res != '\0')
1005 fatal("bad number (%s) in env var %s. Expecting 0..n.\n", cpunum_str, AFFINITY_ENVVAR);
1006
1007 sched_getaffinity(0, sizeof(cpu_set), &cpu_set);
1008 D("orig cpu_set[0]=0x%08lx\n", cpu_set.__bits[0]);
1009 CPU_ZERO(&cpu_set);
1010 CPU_SET(cpu_num, &cpu_set);
1011 sched_setaffinity(0, sizeof(cpu_set), &cpu_set);
1012 sched_getaffinity(0, sizeof(cpu_set), &cpu_set);
1013 D("new cpu_set[0]=0x%08lx\n", cpu_set.__bits[0]);
1014 }
1015 #endif
1016
launch_server(int server_port)1017 int launch_server(int server_port)
1018 {
1019 #ifdef HAVE_WIN32_PROC
1020 /* we need to start the server in the background */
1021 /* we create a PIPE that will be used to wait for the server's "OK" */
1022 /* message since the pipe handles must be inheritable, we use a */
1023 /* security attribute */
1024 HANDLE pipe_read, pipe_write;
1025 HANDLE stdout_handle, stderr_handle;
1026 SECURITY_ATTRIBUTES sa;
1027 STARTUPINFO startup;
1028 PROCESS_INFORMATION pinfo;
1029 char program_path[ MAX_PATH ];
1030 int ret;
1031
1032 sa.nLength = sizeof(sa);
1033 sa.lpSecurityDescriptor = NULL;
1034 sa.bInheritHandle = TRUE;
1035
1036 /* create pipe, and ensure its read handle isn't inheritable */
1037 ret = CreatePipe( &pipe_read, &pipe_write, &sa, 0 );
1038 if (!ret) {
1039 fprintf(stderr, "CreatePipe() failure, error %ld\n", GetLastError() );
1040 return -1;
1041 }
1042
1043 SetHandleInformation( pipe_read, HANDLE_FLAG_INHERIT, 0 );
1044
1045 /* Some programs want to launch an adb command and collect its output by
1046 * calling CreateProcess with inheritable stdout/stderr handles, then
1047 * using read() to get its output. When this happens, the stdout/stderr
1048 * handles passed to the adb client process will also be inheritable.
1049 * When starting the adb server here, care must be taken to reset them
1050 * to non-inheritable.
1051 * Otherwise, something bad happens: even if the adb command completes,
1052 * the calling process is stuck while read()-ing from the stdout/stderr
1053 * descriptors, because they're connected to corresponding handles in the
1054 * adb server process (even if the latter never uses/writes to them).
1055 */
1056 stdout_handle = GetStdHandle( STD_OUTPUT_HANDLE );
1057 stderr_handle = GetStdHandle( STD_ERROR_HANDLE );
1058 if (stdout_handle != INVALID_HANDLE_VALUE) {
1059 SetHandleInformation( stdout_handle, HANDLE_FLAG_INHERIT, 0 );
1060 }
1061 if (stderr_handle != INVALID_HANDLE_VALUE) {
1062 SetHandleInformation( stderr_handle, HANDLE_FLAG_INHERIT, 0 );
1063 }
1064
1065 ZeroMemory( &startup, sizeof(startup) );
1066 startup.cb = sizeof(startup);
1067 startup.hStdInput = GetStdHandle( STD_INPUT_HANDLE );
1068 startup.hStdOutput = pipe_write;
1069 startup.hStdError = GetStdHandle( STD_ERROR_HANDLE );
1070 startup.dwFlags = STARTF_USESTDHANDLES;
1071
1072 ZeroMemory( &pinfo, sizeof(pinfo) );
1073
1074 /* get path of current program */
1075 GetModuleFileName( NULL, program_path, sizeof(program_path) );
1076
1077 ret = CreateProcess(
1078 program_path, /* program path */
1079 "adb fork-server server",
1080 /* the fork-server argument will set the
1081 debug = 2 in the child */
1082 NULL, /* process handle is not inheritable */
1083 NULL, /* thread handle is not inheritable */
1084 TRUE, /* yes, inherit some handles */
1085 DETACHED_PROCESS, /* the new process doesn't have a console */
1086 NULL, /* use parent's environment block */
1087 NULL, /* use parent's starting directory */
1088 &startup, /* startup info, i.e. std handles */
1089 &pinfo );
1090
1091 CloseHandle( pipe_write );
1092
1093 if (!ret) {
1094 fprintf(stderr, "CreateProcess failure, error %ld\n", GetLastError() );
1095 CloseHandle( pipe_read );
1096 return -1;
1097 }
1098
1099 CloseHandle( pinfo.hProcess );
1100 CloseHandle( pinfo.hThread );
1101
1102 /* wait for the "OK\n" message */
1103 {
1104 char temp[3];
1105 DWORD count;
1106
1107 ret = ReadFile( pipe_read, temp, 3, &count, NULL );
1108 CloseHandle( pipe_read );
1109 if ( !ret ) {
1110 fprintf(stderr, "could not read ok from ADB Server, error = %ld\n", GetLastError() );
1111 return -1;
1112 }
1113 if (count != 3 || temp[0] != 'O' || temp[1] != 'K' || temp[2] != '\n') {
1114 fprintf(stderr, "ADB server didn't ACK\n" );
1115 return -1;
1116 }
1117 }
1118 #elif defined(HAVE_FORKEXEC)
1119 char path[PATH_MAX];
1120 int fd[2];
1121
1122 // set up a pipe so the child can tell us when it is ready.
1123 // fd[0] will be parent's end, and fd[1] will get mapped to stderr in the child.
1124 if (pipe(fd)) {
1125 fprintf(stderr, "pipe failed in launch_server, errno: %d\n", errno);
1126 return -1;
1127 }
1128 get_my_path(path, PATH_MAX);
1129 pid_t pid = fork();
1130 if(pid < 0) return -1;
1131
1132 if (pid == 0) {
1133 // child side of the fork
1134
1135 // redirect stderr to the pipe
1136 // we use stderr instead of stdout due to stdout's buffering behavior.
1137 adb_close(fd[0]);
1138 dup2(fd[1], STDERR_FILENO);
1139 adb_close(fd[1]);
1140
1141 char str_port[30];
1142 snprintf(str_port, sizeof(str_port), "%d", server_port);
1143 // child process
1144 int result = execl(path, "adb", "-P", str_port, "fork-server", "server", NULL);
1145 // this should not return
1146 fprintf(stderr, "OOPS! execl returned %d, errno: %d\n", result, errno);
1147 } else {
1148 // parent side of the fork
1149
1150 char temp[3];
1151
1152 temp[0] = 'A'; temp[1] = 'B'; temp[2] = 'C';
1153 // wait for the "OK\n" message
1154 adb_close(fd[1]);
1155 int ret = adb_read(fd[0], temp, 3);
1156 int saved_errno = errno;
1157 adb_close(fd[0]);
1158 if (ret < 0) {
1159 fprintf(stderr, "could not read ok from ADB Server, errno = %d\n", saved_errno);
1160 return -1;
1161 }
1162 if (ret != 3 || temp[0] != 'O' || temp[1] != 'K' || temp[2] != '\n') {
1163 fprintf(stderr, "ADB server didn't ACK\n" );
1164 return -1;
1165 }
1166
1167 setsid();
1168 }
1169 #else
1170 #error "cannot implement background server start on this platform"
1171 #endif
1172 return 0;
1173 }
1174 #endif
1175
1176 /* Constructs a local name of form tcp:port.
1177 * target_str points to the target string, it's content will be overwritten.
1178 * target_size is the capacity of the target string.
1179 * server_port is the port number to use for the local name.
1180 */
build_local_name(char * target_str,size_t target_size,int server_port)1181 void build_local_name(char* target_str, size_t target_size, int server_port)
1182 {
1183 snprintf(target_str, target_size, "tcp:%d", server_port);
1184 }
1185
1186 #if !ADB_HOST
1187
drop_capabilities_bounding_set_if_needed()1188 static void drop_capabilities_bounding_set_if_needed() {
1189 #ifdef ALLOW_ADBD_ROOT
1190 char value[PROPERTY_VALUE_MAX];
1191 property_get("ro.debuggable", value, "");
1192 if (strcmp(value, "1") == 0) {
1193 return;
1194 }
1195 #endif
1196 int i;
1197 for (i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >= 0; i++) {
1198 if ((i == CAP_SETUID) || (i == CAP_SETGID)) {
1199 // CAP_SETUID CAP_SETGID needed by /system/bin/run-as
1200 continue;
1201 }
1202 int err = prctl(PR_CAPBSET_DROP, i, 0, 0, 0);
1203
1204 // Some kernels don't have file capabilities compiled in, and
1205 // prctl(PR_CAPBSET_DROP) returns EINVAL. Don't automatically
1206 // die when we see such misconfigured kernels.
1207 if ((err < 0) && (errno != EINVAL)) {
1208 exit(1);
1209 }
1210 }
1211 }
1212
should_drop_privileges()1213 static int should_drop_privileges() {
1214 #ifndef ALLOW_ADBD_ROOT
1215 return 1;
1216 #else /* ALLOW_ADBD_ROOT */
1217 int secure = 0;
1218 char value[PROPERTY_VALUE_MAX];
1219
1220 /* run adbd in secure mode if ro.secure is set and
1221 ** we are not in the emulator
1222 */
1223 property_get("ro.kernel.qemu", value, "");
1224 if (strcmp(value, "1") != 0) {
1225 property_get("ro.secure", value, "1");
1226 if (strcmp(value, "1") == 0) {
1227 // don't run as root if ro.secure is set...
1228 secure = 1;
1229
1230 // ... except we allow running as root in userdebug builds if the
1231 // service.adb.root property has been set by the "adb root" command
1232 property_get("ro.debuggable", value, "");
1233 if (strcmp(value, "1") == 0) {
1234 property_get("service.adb.root", value, "");
1235 if (strcmp(value, "1") == 0) {
1236 secure = 0;
1237 }
1238 }
1239 }
1240 }
1241 return secure;
1242 #endif /* ALLOW_ADBD_ROOT */
1243 }
1244 #endif /* !ADB_HOST */
1245
adb_main(int is_daemon,int server_port)1246 int adb_main(int is_daemon, int server_port)
1247 {
1248 #if !ADB_HOST
1249 int port;
1250 char value[PROPERTY_VALUE_MAX];
1251
1252 umask(000);
1253 #endif
1254
1255 atexit(adb_cleanup);
1256 #ifdef HAVE_WIN32_PROC
1257 SetConsoleCtrlHandler( ctrlc_handler, TRUE );
1258 #elif defined(HAVE_FORKEXEC)
1259 // No SIGCHLD. Let the service subproc handle its children.
1260 signal(SIGPIPE, SIG_IGN);
1261 #endif
1262
1263 init_transport_registration();
1264
1265 #if ADB_HOST
1266 HOST = 1;
1267
1268 #ifdef WORKAROUND_BUG6558362
1269 if(is_daemon) adb_set_affinity();
1270 #endif
1271 usb_vendors_init();
1272 usb_init();
1273 local_init(DEFAULT_ADB_LOCAL_TRANSPORT_PORT);
1274 adb_auth_init();
1275
1276 char local_name[30];
1277 build_local_name(local_name, sizeof(local_name), server_port);
1278 if(install_listener(local_name, "*smartsocket*", NULL, 0)) {
1279 exit(1);
1280 }
1281 #else
1282 property_get("ro.adb.secure", value, "0");
1283 auth_enabled = !strcmp(value, "1");
1284 if (auth_enabled)
1285 adb_auth_init();
1286
1287 // Our external storage path may be different than apps, since
1288 // we aren't able to bind mount after dropping root.
1289 const char* adb_external_storage = getenv("ADB_EXTERNAL_STORAGE");
1290 if (NULL != adb_external_storage) {
1291 setenv("EXTERNAL_STORAGE", adb_external_storage, 1);
1292 } else {
1293 D("Warning: ADB_EXTERNAL_STORAGE is not set. Leaving EXTERNAL_STORAGE"
1294 " unchanged.\n");
1295 }
1296
1297 /* don't listen on a port (default 5037) if running in secure mode */
1298 /* don't run as root if we are running in secure mode */
1299 if (should_drop_privileges()) {
1300 struct __user_cap_header_struct header;
1301 struct __user_cap_data_struct cap[2];
1302
1303 if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) != 0) {
1304 exit(1);
1305 }
1306
1307 drop_capabilities_bounding_set_if_needed();
1308
1309 /* add extra groups:
1310 ** AID_ADB to access the USB driver
1311 ** AID_LOG to read system logs (adb logcat)
1312 ** AID_INPUT to diagnose input issues (getevent)
1313 ** AID_INET to diagnose network issues (netcfg, ping)
1314 ** AID_GRAPHICS to access the frame buffer
1315 ** AID_NET_BT and AID_NET_BT_ADMIN to diagnose bluetooth (hcidump)
1316 ** AID_SDCARD_R to allow reading from the SD card
1317 ** AID_SDCARD_RW to allow writing to the SD card
1318 ** AID_MOUNT to allow unmounting the SD card before rebooting
1319 ** AID_NET_BW_STATS to read out qtaguid statistics
1320 */
1321 gid_t groups[] = { AID_ADB, AID_LOG, AID_INPUT, AID_INET, AID_GRAPHICS,
1322 AID_NET_BT, AID_NET_BT_ADMIN, AID_SDCARD_R, AID_SDCARD_RW,
1323 AID_MOUNT, AID_NET_BW_STATS };
1324 if (setgroups(sizeof(groups)/sizeof(groups[0]), groups) != 0) {
1325 exit(1);
1326 }
1327
1328 /* then switch user and group to "shell" */
1329 if (setgid(AID_SHELL) != 0) {
1330 exit(1);
1331 }
1332 if (setuid(AID_SHELL) != 0) {
1333 exit(1);
1334 }
1335
1336 memset(&header, 0, sizeof(header));
1337 memset(cap, 0, sizeof(cap));
1338
1339 /* set CAP_SYS_BOOT capability, so "adb reboot" will succeed */
1340 header.version = _LINUX_CAPABILITY_VERSION_3;
1341 header.pid = 0;
1342 cap[CAP_TO_INDEX(CAP_SYS_BOOT)].effective |= CAP_TO_MASK(CAP_SYS_BOOT);
1343 cap[CAP_TO_INDEX(CAP_SYS_BOOT)].permitted |= CAP_TO_MASK(CAP_SYS_BOOT);
1344 capset(&header, cap);
1345
1346 D("Local port disabled\n");
1347 } else {
1348 char local_name[30];
1349 build_local_name(local_name, sizeof(local_name), server_port);
1350 if(install_listener(local_name, "*smartsocket*", NULL, 0)) {
1351 exit(1);
1352 }
1353 }
1354
1355 int usb = 0;
1356 if (access(USB_ADB_PATH, F_OK) == 0 || access(USB_FFS_ADB_EP0, F_OK) == 0) {
1357 // listen on USB
1358 usb_init();
1359 usb = 1;
1360 }
1361
1362 // If one of these properties is set, also listen on that port
1363 // If one of the properties isn't set and we couldn't listen on usb,
1364 // listen on the default port.
1365 property_get("service.adb.tcp.port", value, "");
1366 if (!value[0]) {
1367 property_get("persist.adb.tcp.port", value, "");
1368 }
1369 if (sscanf(value, "%d", &port) == 1 && port > 0) {
1370 printf("using port=%d\n", port);
1371 // listen on TCP port specified by service.adb.tcp.port property
1372 local_init(port);
1373 } else if (!usb) {
1374 // listen on default port
1375 local_init(DEFAULT_ADB_LOCAL_TRANSPORT_PORT);
1376 }
1377
1378 D("adb_main(): pre init_jdwp()\n");
1379 init_jdwp();
1380 D("adb_main(): post init_jdwp()\n");
1381 #endif
1382
1383 if (is_daemon)
1384 {
1385 // inform our parent that we are up and running.
1386 #ifdef HAVE_WIN32_PROC
1387 DWORD count;
1388 WriteFile( GetStdHandle( STD_OUTPUT_HANDLE ), "OK\n", 3, &count, NULL );
1389 #elif defined(HAVE_FORKEXEC)
1390 fprintf(stderr, "OK\n");
1391 #endif
1392 start_logging();
1393 }
1394 D("Event loop starting\n");
1395
1396 fdevent_loop();
1397
1398 usb_cleanup();
1399
1400 return 0;
1401 }
1402
1403 #if ADB_HOST
connect_device(char * host,char * buffer,int buffer_size)1404 void connect_device(char* host, char* buffer, int buffer_size)
1405 {
1406 int port, fd;
1407 char* portstr = strchr(host, ':');
1408 char hostbuf[100];
1409 char serial[100];
1410
1411 strncpy(hostbuf, host, sizeof(hostbuf) - 1);
1412 if (portstr) {
1413 if (portstr - host >= (ptrdiff_t)sizeof(hostbuf)) {
1414 snprintf(buffer, buffer_size, "bad host name %s", host);
1415 return;
1416 }
1417 // zero terminate the host at the point we found the colon
1418 hostbuf[portstr - host] = 0;
1419 if (sscanf(portstr + 1, "%d", &port) == 0) {
1420 snprintf(buffer, buffer_size, "bad port number %s", portstr);
1421 return;
1422 }
1423 } else {
1424 port = DEFAULT_ADB_LOCAL_TRANSPORT_PORT;
1425 }
1426
1427 snprintf(serial, sizeof(serial), "%s:%d", hostbuf, port);
1428 if (find_transport(serial)) {
1429 snprintf(buffer, buffer_size, "already connected to %s", serial);
1430 return;
1431 }
1432
1433 fd = socket_network_client(hostbuf, port, SOCK_STREAM);
1434 if (fd < 0) {
1435 snprintf(buffer, buffer_size, "unable to connect to %s:%d", host, port);
1436 return;
1437 }
1438
1439 D("client: connected on remote on fd %d\n", fd);
1440 close_on_exec(fd);
1441 disable_tcp_nagle(fd);
1442 register_socket_transport(fd, serial, port, 0);
1443 snprintf(buffer, buffer_size, "connected to %s", serial);
1444 }
1445
connect_emulator(char * port_spec,char * buffer,int buffer_size)1446 void connect_emulator(char* port_spec, char* buffer, int buffer_size)
1447 {
1448 char* port_separator = strchr(port_spec, ',');
1449 if (!port_separator) {
1450 snprintf(buffer, buffer_size,
1451 "unable to parse '%s' as <console port>,<adb port>",
1452 port_spec);
1453 return;
1454 }
1455
1456 // Zero-terminate console port and make port_separator point to 2nd port.
1457 *port_separator++ = 0;
1458 int console_port = strtol(port_spec, NULL, 0);
1459 int adb_port = strtol(port_separator, NULL, 0);
1460 if (!(console_port > 0 && adb_port > 0)) {
1461 *(port_separator - 1) = ',';
1462 snprintf(buffer, buffer_size,
1463 "Invalid port numbers: Expected positive numbers, got '%s'",
1464 port_spec);
1465 return;
1466 }
1467
1468 /* Check if the emulator is already known.
1469 * Note: There's a small but harmless race condition here: An emulator not
1470 * present just yet could be registered by another invocation right
1471 * after doing this check here. However, local_connect protects
1472 * against double-registration too. From here, a better error message
1473 * can be produced. In the case of the race condition, the very specific
1474 * error message won't be shown, but the data doesn't get corrupted. */
1475 atransport* known_emulator = find_emulator_transport_by_adb_port(adb_port);
1476 if (known_emulator != NULL) {
1477 snprintf(buffer, buffer_size,
1478 "Emulator on port %d already registered.", adb_port);
1479 return;
1480 }
1481
1482 /* Check if more emulators can be registered. Similar unproblematic
1483 * race condition as above. */
1484 int candidate_slot = get_available_local_transport_index();
1485 if (candidate_slot < 0) {
1486 snprintf(buffer, buffer_size, "Cannot accept more emulators.");
1487 return;
1488 }
1489
1490 /* Preconditions met, try to connect to the emulator. */
1491 if (!local_connect_arbitrary_ports(console_port, adb_port)) {
1492 snprintf(buffer, buffer_size,
1493 "Connected to emulator on ports %d,%d", console_port, adb_port);
1494 } else {
1495 snprintf(buffer, buffer_size,
1496 "Could not connect to emulator on ports %d,%d",
1497 console_port, adb_port);
1498 }
1499 }
1500 #endif
1501
handle_host_request(char * service,transport_type ttype,char * serial,int reply_fd,asocket * s)1502 int handle_host_request(char *service, transport_type ttype, char* serial, int reply_fd, asocket *s)
1503 {
1504 atransport *transport = NULL;
1505 char buf[4096];
1506
1507 if(!strcmp(service, "kill")) {
1508 fprintf(stderr,"adb server killed by remote request\n");
1509 fflush(stdout);
1510 adb_write(reply_fd, "OKAY", 4);
1511 usb_cleanup();
1512 exit(0);
1513 }
1514
1515 #if ADB_HOST
1516 // "transport:" is used for switching transport with a specified serial number
1517 // "transport-usb:" is used for switching transport to the only USB transport
1518 // "transport-local:" is used for switching transport to the only local transport
1519 // "transport-any:" is used for switching transport to the only transport
1520 if (!strncmp(service, "transport", strlen("transport"))) {
1521 char* error_string = "unknown failure";
1522 transport_type type = kTransportAny;
1523
1524 if (!strncmp(service, "transport-usb", strlen("transport-usb"))) {
1525 type = kTransportUsb;
1526 } else if (!strncmp(service, "transport-local", strlen("transport-local"))) {
1527 type = kTransportLocal;
1528 } else if (!strncmp(service, "transport-any", strlen("transport-any"))) {
1529 type = kTransportAny;
1530 } else if (!strncmp(service, "transport:", strlen("transport:"))) {
1531 service += strlen("transport:");
1532 serial = service;
1533 }
1534
1535 transport = acquire_one_transport(CS_ANY, type, serial, &error_string);
1536
1537 if (transport) {
1538 s->transport = transport;
1539 adb_write(reply_fd, "OKAY", 4);
1540 } else {
1541 sendfailmsg(reply_fd, error_string);
1542 }
1543 return 1;
1544 }
1545
1546 // return a list of all connected devices
1547 if (!strncmp(service, "devices", 7)) {
1548 char buffer[4096];
1549 int use_long = !strcmp(service+7, "-l");
1550 if (use_long || service[7] == 0) {
1551 memset(buf, 0, sizeof(buf));
1552 memset(buffer, 0, sizeof(buffer));
1553 D("Getting device list \n");
1554 list_transports(buffer, sizeof(buffer), use_long);
1555 snprintf(buf, sizeof(buf), "OKAY%04x%s",(unsigned)strlen(buffer),buffer);
1556 D("Wrote device list \n");
1557 writex(reply_fd, buf, strlen(buf));
1558 return 0;
1559 }
1560 }
1561
1562 // add a new TCP transport, device or emulator
1563 if (!strncmp(service, "connect:", 8)) {
1564 char buffer[4096];
1565 char* host = service + 8;
1566 if (!strncmp(host, "emu:", 4)) {
1567 connect_emulator(host + 4, buffer, sizeof(buffer));
1568 } else {
1569 connect_device(host, buffer, sizeof(buffer));
1570 }
1571 // Send response for emulator and device
1572 snprintf(buf, sizeof(buf), "OKAY%04x%s",(unsigned)strlen(buffer), buffer);
1573 writex(reply_fd, buf, strlen(buf));
1574 return 0;
1575 }
1576
1577 // remove TCP transport
1578 if (!strncmp(service, "disconnect:", 11)) {
1579 char buffer[4096];
1580 memset(buffer, 0, sizeof(buffer));
1581 char* serial = service + 11;
1582 if (serial[0] == 0) {
1583 // disconnect from all TCP devices
1584 unregister_all_tcp_transports();
1585 } else {
1586 char hostbuf[100];
1587 // assume port 5555 if no port is specified
1588 if (!strchr(serial, ':')) {
1589 snprintf(hostbuf, sizeof(hostbuf) - 1, "%s:5555", serial);
1590 serial = hostbuf;
1591 }
1592 atransport *t = find_transport(serial);
1593
1594 if (t) {
1595 unregister_transport(t);
1596 } else {
1597 snprintf(buffer, sizeof(buffer), "No such device %s", serial);
1598 }
1599 }
1600
1601 snprintf(buf, sizeof(buf), "OKAY%04x%s",(unsigned)strlen(buffer), buffer);
1602 writex(reply_fd, buf, strlen(buf));
1603 return 0;
1604 }
1605
1606 // returns our value for ADB_SERVER_VERSION
1607 if (!strcmp(service, "version")) {
1608 char version[12];
1609 snprintf(version, sizeof version, "%04x", ADB_SERVER_VERSION);
1610 snprintf(buf, sizeof buf, "OKAY%04x%s", (unsigned)strlen(version), version);
1611 writex(reply_fd, buf, strlen(buf));
1612 return 0;
1613 }
1614
1615 if(!strncmp(service,"get-serialno",strlen("get-serialno"))) {
1616 char *out = "unknown";
1617 transport = acquire_one_transport(CS_ANY, ttype, serial, NULL);
1618 if (transport && transport->serial) {
1619 out = transport->serial;
1620 }
1621 snprintf(buf, sizeof buf, "OKAY%04x%s",(unsigned)strlen(out),out);
1622 writex(reply_fd, buf, strlen(buf));
1623 return 0;
1624 }
1625 if(!strncmp(service,"get-devpath",strlen("get-devpath"))) {
1626 char *out = "unknown";
1627 transport = acquire_one_transport(CS_ANY, ttype, serial, NULL);
1628 if (transport && transport->devpath) {
1629 out = transport->devpath;
1630 }
1631 snprintf(buf, sizeof buf, "OKAY%04x%s",(unsigned)strlen(out),out);
1632 writex(reply_fd, buf, strlen(buf));
1633 return 0;
1634 }
1635 // indicates a new emulator instance has started
1636 if (!strncmp(service,"emulator:",9)) {
1637 int port = atoi(service+9);
1638 local_connect(port);
1639 /* we don't even need to send a reply */
1640 return 0;
1641 }
1642 #endif // ADB_HOST
1643
1644 if(!strcmp(service,"list-forward")) {
1645 // Create the list of forward redirections.
1646 char header[9];
1647 int buffer_size = format_listeners(NULL, 0);
1648 // Add one byte for the trailing zero.
1649 char* buffer = malloc(buffer_size+1);
1650 (void) format_listeners(buffer, buffer_size+1);
1651 snprintf(header, sizeof header, "OKAY%04x", buffer_size);
1652 writex(reply_fd, header, 8);
1653 writex(reply_fd, buffer, buffer_size);
1654 free(buffer);
1655 return 0;
1656 }
1657
1658 if (!strcmp(service,"killforward-all")) {
1659 remove_all_listeners();
1660 adb_write(reply_fd, "OKAYOKAY", 8);
1661 return 0;
1662 }
1663
1664 if(!strncmp(service,"forward:",8) ||
1665 !strncmp(service,"killforward:",12)) {
1666 char *local, *remote, *err;
1667 int r;
1668 atransport *transport;
1669
1670 int createForward = strncmp(service,"kill",4);
1671 int no_rebind = 0;
1672
1673 local = strchr(service, ':') + 1;
1674
1675 // Handle forward:norebind:<local>... here
1676 if (createForward && !strncmp(local, "norebind:", 9)) {
1677 no_rebind = 1;
1678 local = strchr(local, ':') + 1;
1679 }
1680
1681 remote = strchr(local,';');
1682
1683 if (createForward) {
1684 // Check forward: parameter format: '<local>;<remote>'
1685 if(remote == 0) {
1686 sendfailmsg(reply_fd, "malformed forward spec");
1687 return 0;
1688 }
1689
1690 *remote++ = 0;
1691 if((local[0] == 0) || (remote[0] == 0) || (remote[0] == '*')){
1692 sendfailmsg(reply_fd, "malformed forward spec");
1693 return 0;
1694 }
1695 } else {
1696 // Check killforward: parameter format: '<local>'
1697 if (local[0] == 0) {
1698 sendfailmsg(reply_fd, "malformed forward spec");
1699 return 0;
1700 }
1701 }
1702
1703 transport = acquire_one_transport(CS_ANY, ttype, serial, &err);
1704 if (!transport) {
1705 sendfailmsg(reply_fd, err);
1706 return 0;
1707 }
1708
1709 if (createForward) {
1710 r = install_listener(local, remote, transport, no_rebind);
1711 } else {
1712 r = remove_listener(local, transport);
1713 }
1714 if(r == 0) {
1715 /* 1st OKAY is connect, 2nd OKAY is status */
1716 writex(reply_fd, "OKAYOKAY", 8);
1717 return 0;
1718 }
1719
1720 if (createForward) {
1721 const char* message;
1722 switch (r) {
1723 case INSTALL_STATUS_CANNOT_BIND:
1724 message = "cannot bind to socket";
1725 break;
1726 case INSTALL_STATUS_CANNOT_REBIND:
1727 message = "cannot rebind existing socket";
1728 break;
1729 default:
1730 message = "internal error";
1731 }
1732 sendfailmsg(reply_fd, message);
1733 } else {
1734 sendfailmsg(reply_fd, "cannot remove listener");
1735 }
1736 return 0;
1737 }
1738
1739 if(!strncmp(service,"get-state",strlen("get-state"))) {
1740 transport = acquire_one_transport(CS_ANY, ttype, serial, NULL);
1741 char *state = connection_state_name(transport);
1742 snprintf(buf, sizeof buf, "OKAY%04x%s",(unsigned)strlen(state),state);
1743 writex(reply_fd, buf, strlen(buf));
1744 return 0;
1745 }
1746 return -1;
1747 }
1748
1749 #if !ADB_HOST
1750 int recovery_mode = 0;
1751 #endif
1752
main(int argc,char ** argv)1753 int main(int argc, char **argv)
1754 {
1755 #if ADB_HOST
1756 adb_sysdeps_init();
1757 adb_trace_init();
1758 D("Handling commandline()\n");
1759 return adb_commandline(argc - 1, argv + 1);
1760 #else
1761 /* If adbd runs inside the emulator this will enable adb tracing via
1762 * adb-debug qemud service in the emulator. */
1763 adb_qemu_trace_init();
1764 if((argc > 1) && (!strcmp(argv[1],"recovery"))) {
1765 adb_device_banner = "recovery";
1766 recovery_mode = 1;
1767 }
1768
1769 start_device_log();
1770 D("Handling main()\n");
1771 return adb_main(0, DEFAULT_ADB_PORT);
1772 #endif
1773 }
1774