• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2007 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #define  TRACE_TAG   TRACE_ADB
18 
19 #include <stdio.h>
20 #include <stdlib.h>
21 #include <ctype.h>
22 #include <stdarg.h>
23 #include <errno.h>
24 #include <stddef.h>
25 #include <string.h>
26 #include <time.h>
27 #include <sys/time.h>
28 #include <stdint.h>
29 
30 #include "sysdeps.h"
31 #include "adb.h"
32 #include "adb_auth.h"
33 
34 #define ARRAY_SIZE(a) (sizeof(a) / sizeof((a)[0]))
35 
36 #if !ADB_HOST
37 #include <private/android_filesystem_config.h>
38 #include <sys/capability.h>
39 #include <linux/prctl.h>
40 #include <sys/mount.h>
41 #else
42 #include "usb_vendors.h"
43 #endif
44 
45 #if ADB_TRACE
46 ADB_MUTEX_DEFINE( D_lock );
47 #endif
48 
49 int HOST = 0;
50 int gListenAll = 0;
51 
52 static int auth_enabled = 0;
53 
54 #if !ADB_HOST
55 static const char *adb_device_banner = "device";
56 #endif
57 
fatal(const char * fmt,...)58 void fatal(const char *fmt, ...)
59 {
60     va_list ap;
61     va_start(ap, fmt);
62     fprintf(stderr, "error: ");
63     vfprintf(stderr, fmt, ap);
64     fprintf(stderr, "\n");
65     va_end(ap);
66     exit(-1);
67 }
68 
fatal_errno(const char * fmt,...)69 void fatal_errno(const char *fmt, ...)
70 {
71     va_list ap;
72     va_start(ap, fmt);
73     fprintf(stderr, "error: %s: ", strerror(errno));
74     vfprintf(stderr, fmt, ap);
75     fprintf(stderr, "\n");
76     va_end(ap);
77     exit(-1);
78 }
79 
80 int   adb_trace_mask;
81 
82 /* read a comma/space/colum/semi-column separated list of tags
83  * from the ADB_TRACE environment variable and build the trace
84  * mask from it. note that '1' and 'all' are special cases to
85  * enable all tracing
86  */
adb_trace_init(void)87 void  adb_trace_init(void)
88 {
89     const char*  p = getenv("ADB_TRACE");
90     const char*  q;
91 
92     static const struct {
93         const char*  tag;
94         int           flag;
95     } tags[] = {
96         { "1", 0 },
97         { "all", 0 },
98         { "adb", TRACE_ADB },
99         { "sockets", TRACE_SOCKETS },
100         { "packets", TRACE_PACKETS },
101         { "rwx", TRACE_RWX },
102         { "usb", TRACE_USB },
103         { "sync", TRACE_SYNC },
104         { "sysdeps", TRACE_SYSDEPS },
105         { "transport", TRACE_TRANSPORT },
106         { "jdwp", TRACE_JDWP },
107         { "services", TRACE_SERVICES },
108         { "auth", TRACE_AUTH },
109         { NULL, 0 }
110     };
111 
112     if (p == NULL)
113             return;
114 
115     /* use a comma/column/semi-colum/space separated list */
116     while (*p) {
117         int  len, tagn;
118 
119         q = strpbrk(p, " ,:;");
120         if (q == NULL) {
121             q = p + strlen(p);
122         }
123         len = q - p;
124 
125         for (tagn = 0; tags[tagn].tag != NULL; tagn++)
126         {
127             int  taglen = strlen(tags[tagn].tag);
128 
129             if (len == taglen && !memcmp(tags[tagn].tag, p, len) )
130             {
131                 int  flag = tags[tagn].flag;
132                 if (flag == 0) {
133                     adb_trace_mask = ~0;
134                     return;
135                 }
136                 adb_trace_mask |= (1 << flag);
137                 break;
138             }
139         }
140         p = q;
141         if (*p)
142             p++;
143     }
144 }
145 
146 #if !ADB_HOST
147 /*
148  * Implements ADB tracing inside the emulator.
149  */
150 
151 #include <stdarg.h>
152 
153 /*
154  * Redefine open and write for qemu_pipe.h that contains inlined references
155  * to those routines. We will redifine them back after qemu_pipe.h inclusion.
156  */
157 
158 #undef open
159 #undef write
160 #define open    adb_open
161 #define write   adb_write
162 #include <hardware/qemu_pipe.h>
163 #undef open
164 #undef write
165 #define open    ___xxx_open
166 #define write   ___xxx_write
167 
168 /* A handle to adb-debug qemud service in the emulator. */
169 int   adb_debug_qemu = -1;
170 
171 /* Initializes connection with the adb-debug qemud service in the emulator. */
adb_qemu_trace_init(void)172 static int adb_qemu_trace_init(void)
173 {
174     char con_name[32];
175 
176     if (adb_debug_qemu >= 0) {
177         return 0;
178     }
179 
180     /* adb debugging QEMUD service connection request. */
181     snprintf(con_name, sizeof(con_name), "qemud:adb-debug");
182     adb_debug_qemu = qemu_pipe_open(con_name);
183     return (adb_debug_qemu >= 0) ? 0 : -1;
184 }
185 
adb_qemu_trace(const char * fmt,...)186 void adb_qemu_trace(const char* fmt, ...)
187 {
188     va_list args;
189     va_start(args, fmt);
190     char msg[1024];
191 
192     if (adb_debug_qemu >= 0) {
193         vsnprintf(msg, sizeof(msg), fmt, args);
194         adb_write(adb_debug_qemu, msg, strlen(msg));
195     }
196 }
197 #endif  /* !ADB_HOST */
198 
get_apacket(void)199 apacket *get_apacket(void)
200 {
201     apacket *p = malloc(sizeof(apacket));
202     if(p == 0) fatal("failed to allocate an apacket");
203     memset(p, 0, sizeof(apacket) - MAX_PAYLOAD);
204     return p;
205 }
206 
put_apacket(apacket * p)207 void put_apacket(apacket *p)
208 {
209     free(p);
210 }
211 
handle_online(atransport * t)212 void handle_online(atransport *t)
213 {
214     D("adb: online\n");
215     t->online = 1;
216 }
217 
handle_offline(atransport * t)218 void handle_offline(atransport *t)
219 {
220     D("adb: offline\n");
221     //Close the associated usb
222     t->online = 0;
223     run_transport_disconnects(t);
224 }
225 
226 #if DEBUG_PACKETS
227 #define DUMPMAX 32
print_packet(const char * label,apacket * p)228 void print_packet(const char *label, apacket *p)
229 {
230     char *tag;
231     char *x;
232     unsigned count;
233 
234     switch(p->msg.command){
235     case A_SYNC: tag = "SYNC"; break;
236     case A_CNXN: tag = "CNXN" ; break;
237     case A_OPEN: tag = "OPEN"; break;
238     case A_OKAY: tag = "OKAY"; break;
239     case A_CLSE: tag = "CLSE"; break;
240     case A_WRTE: tag = "WRTE"; break;
241     case A_AUTH: tag = "AUTH"; break;
242     default: tag = "????"; break;
243     }
244 
245     fprintf(stderr, "%s: %s %08x %08x %04x \"",
246             label, tag, p->msg.arg0, p->msg.arg1, p->msg.data_length);
247     count = p->msg.data_length;
248     x = (char*) p->data;
249     if(count > DUMPMAX) {
250         count = DUMPMAX;
251         tag = "\n";
252     } else {
253         tag = "\"\n";
254     }
255     while(count-- > 0){
256         if((*x >= ' ') && (*x < 127)) {
257             fputc(*x, stderr);
258         } else {
259             fputc('.', stderr);
260         }
261         x++;
262     }
263     fputs(tag, stderr);
264 }
265 #endif
266 
send_ready(unsigned local,unsigned remote,atransport * t)267 static void send_ready(unsigned local, unsigned remote, atransport *t)
268 {
269     D("Calling send_ready \n");
270     apacket *p = get_apacket();
271     p->msg.command = A_OKAY;
272     p->msg.arg0 = local;
273     p->msg.arg1 = remote;
274     send_packet(p, t);
275 }
276 
send_close(unsigned local,unsigned remote,atransport * t)277 static void send_close(unsigned local, unsigned remote, atransport *t)
278 {
279     D("Calling send_close \n");
280     apacket *p = get_apacket();
281     p->msg.command = A_CLSE;
282     p->msg.arg0 = local;
283     p->msg.arg1 = remote;
284     send_packet(p, t);
285 }
286 
fill_connect_data(char * buf,size_t bufsize)287 static size_t fill_connect_data(char *buf, size_t bufsize)
288 {
289 #if ADB_HOST
290     return snprintf(buf, bufsize, "host::") + 1;
291 #else
292     static const char *cnxn_props[] = {
293         "ro.product.name",
294         "ro.product.model",
295         "ro.product.device",
296     };
297     static const int num_cnxn_props = ARRAY_SIZE(cnxn_props);
298     int i;
299     size_t remaining = bufsize;
300     size_t len;
301 
302     len = snprintf(buf, remaining, "%s::", adb_device_banner);
303     remaining -= len;
304     buf += len;
305     for (i = 0; i < num_cnxn_props; i++) {
306         char value[PROPERTY_VALUE_MAX];
307         property_get(cnxn_props[i], value, "");
308         len = snprintf(buf, remaining, "%s=%s;", cnxn_props[i], value);
309         remaining -= len;
310         buf += len;
311     }
312 
313     return bufsize - remaining + 1;
314 #endif
315 }
316 
send_connect(atransport * t)317 static void send_connect(atransport *t)
318 {
319     D("Calling send_connect \n");
320     apacket *cp = get_apacket();
321     cp->msg.command = A_CNXN;
322     cp->msg.arg0 = A_VERSION;
323     cp->msg.arg1 = MAX_PAYLOAD;
324     cp->msg.data_length = fill_connect_data((char *)cp->data,
325                                             sizeof(cp->data));
326     send_packet(cp, t);
327 }
328 
send_auth_request(atransport * t)329 void send_auth_request(atransport *t)
330 {
331     D("Calling send_auth_request\n");
332     apacket *p;
333     int ret;
334 
335     ret = adb_auth_generate_token(t->token, sizeof(t->token));
336     if (ret != sizeof(t->token)) {
337         D("Error generating token ret=%d\n", ret);
338         return;
339     }
340 
341     p = get_apacket();
342     memcpy(p->data, t->token, ret);
343     p->msg.command = A_AUTH;
344     p->msg.arg0 = ADB_AUTH_TOKEN;
345     p->msg.data_length = ret;
346     send_packet(p, t);
347 }
348 
send_auth_response(uint8_t * token,size_t token_size,atransport * t)349 static void send_auth_response(uint8_t *token, size_t token_size, atransport *t)
350 {
351     D("Calling send_auth_response\n");
352     apacket *p = get_apacket();
353     int ret;
354 
355     ret = adb_auth_sign(t->key, token, token_size, p->data);
356     if (!ret) {
357         D("Error signing the token\n");
358         put_apacket(p);
359         return;
360     }
361 
362     p->msg.command = A_AUTH;
363     p->msg.arg0 = ADB_AUTH_SIGNATURE;
364     p->msg.data_length = ret;
365     send_packet(p, t);
366 }
367 
send_auth_publickey(atransport * t)368 static void send_auth_publickey(atransport *t)
369 {
370     D("Calling send_auth_publickey\n");
371     apacket *p = get_apacket();
372     int ret;
373 
374     ret = adb_auth_get_userkey(p->data, sizeof(p->data));
375     if (!ret) {
376         D("Failed to get user public key\n");
377         put_apacket(p);
378         return;
379     }
380 
381     p->msg.command = A_AUTH;
382     p->msg.arg0 = ADB_AUTH_RSAPUBLICKEY;
383     p->msg.data_length = ret;
384     send_packet(p, t);
385 }
386 
adb_auth_verified(atransport * t)387 void adb_auth_verified(atransport *t)
388 {
389     handle_online(t);
390     send_connect(t);
391 }
392 
connection_state_name(atransport * t)393 static char *connection_state_name(atransport *t)
394 {
395     if (t == NULL) {
396         return "unknown";
397     }
398 
399     switch(t->connection_state) {
400     case CS_BOOTLOADER:
401         return "bootloader";
402     case CS_DEVICE:
403         return "device";
404     case CS_OFFLINE:
405         return "offline";
406     case CS_UNAUTHORIZED:
407         return "unauthorized";
408     default:
409         return "unknown";
410     }
411 }
412 
413 /* qual_overwrite is used to overwrite a qualifier string.  dst is a
414  * pointer to a char pointer.  It is assumed that if *dst is non-NULL, it
415  * was malloc'ed and needs to freed.  *dst will be set to a dup of src.
416  */
qual_overwrite(char ** dst,const char * src)417 static void qual_overwrite(char **dst, const char *src)
418 {
419     if (!dst)
420         return;
421 
422     free(*dst);
423     *dst = NULL;
424 
425     if (!src || !*src)
426         return;
427 
428     *dst = strdup(src);
429 }
430 
parse_banner(char * banner,atransport * t)431 void parse_banner(char *banner, atransport *t)
432 {
433     static const char *prop_seps = ";";
434     static const char key_val_sep = '=';
435     char *cp;
436     char *type;
437 
438     D("parse_banner: %s\n", banner);
439     type = banner;
440     cp = strchr(type, ':');
441     if (cp) {
442         *cp++ = 0;
443         /* Nothing is done with second field. */
444         cp = strchr(cp, ':');
445         if (cp) {
446             char *save;
447             char *key;
448             key = adb_strtok_r(cp + 1, prop_seps, &save);
449             while (key) {
450                 cp = strchr(key, key_val_sep);
451                 if (cp) {
452                     *cp++ = '\0';
453                     if (!strcmp(key, "ro.product.name"))
454                         qual_overwrite(&t->product, cp);
455                     else if (!strcmp(key, "ro.product.model"))
456                         qual_overwrite(&t->model, cp);
457                     else if (!strcmp(key, "ro.product.device"))
458                         qual_overwrite(&t->device, cp);
459                 }
460                 key = adb_strtok_r(NULL, prop_seps, &save);
461             }
462         }
463     }
464 
465     if(!strcmp(type, "bootloader")){
466         D("setting connection_state to CS_BOOTLOADER\n");
467         t->connection_state = CS_BOOTLOADER;
468         update_transports();
469         return;
470     }
471 
472     if(!strcmp(type, "device")) {
473         D("setting connection_state to CS_DEVICE\n");
474         t->connection_state = CS_DEVICE;
475         update_transports();
476         return;
477     }
478 
479     if(!strcmp(type, "recovery")) {
480         D("setting connection_state to CS_RECOVERY\n");
481         t->connection_state = CS_RECOVERY;
482         update_transports();
483         return;
484     }
485 
486     if(!strcmp(type, "sideload")) {
487         D("setting connection_state to CS_SIDELOAD\n");
488         t->connection_state = CS_SIDELOAD;
489         update_transports();
490         return;
491     }
492 
493     t->connection_state = CS_HOST;
494 }
495 
handle_packet(apacket * p,atransport * t)496 void handle_packet(apacket *p, atransport *t)
497 {
498     asocket *s;
499 
500     D("handle_packet() %c%c%c%c\n", ((char*) (&(p->msg.command)))[0],
501             ((char*) (&(p->msg.command)))[1],
502             ((char*) (&(p->msg.command)))[2],
503             ((char*) (&(p->msg.command)))[3]);
504     print_packet("recv", p);
505 
506     switch(p->msg.command){
507     case A_SYNC:
508         if(p->msg.arg0){
509             send_packet(p, t);
510             if(HOST) send_connect(t);
511         } else {
512             t->connection_state = CS_OFFLINE;
513             handle_offline(t);
514             send_packet(p, t);
515         }
516         return;
517 
518     case A_CNXN: /* CONNECT(version, maxdata, "system-id-string") */
519             /* XXX verify version, etc */
520         if(t->connection_state != CS_OFFLINE) {
521             t->connection_state = CS_OFFLINE;
522             handle_offline(t);
523         }
524 
525         parse_banner((char*) p->data, t);
526 
527         if (HOST || !auth_enabled) {
528             handle_online(t);
529             if(!HOST) send_connect(t);
530         } else {
531             send_auth_request(t);
532         }
533         break;
534 
535     case A_AUTH:
536         if (p->msg.arg0 == ADB_AUTH_TOKEN) {
537             t->connection_state = CS_UNAUTHORIZED;
538             t->key = adb_auth_nextkey(t->key);
539             if (t->key) {
540                 send_auth_response(p->data, p->msg.data_length, t);
541             } else {
542                 /* No more private keys to try, send the public key */
543                 send_auth_publickey(t);
544             }
545         } else if (p->msg.arg0 == ADB_AUTH_SIGNATURE) {
546             if (adb_auth_verify(t->token, p->data, p->msg.data_length)) {
547                 adb_auth_verified(t);
548                 t->failed_auth_attempts = 0;
549             } else {
550                 if (t->failed_auth_attempts++ > 10)
551                     adb_sleep_ms(1000);
552                 send_auth_request(t);
553             }
554         } else if (p->msg.arg0 == ADB_AUTH_RSAPUBLICKEY) {
555             adb_auth_confirm_key(p->data, p->msg.data_length, t);
556         }
557         break;
558 
559     case A_OPEN: /* OPEN(local-id, 0, "destination") */
560         if (t->online) {
561             char *name = (char*) p->data;
562             name[p->msg.data_length > 0 ? p->msg.data_length - 1 : 0] = 0;
563             s = create_local_service_socket(name);
564             if(s == 0) {
565                 send_close(0, p->msg.arg0, t);
566             } else {
567                 s->peer = create_remote_socket(p->msg.arg0, t);
568                 s->peer->peer = s;
569                 send_ready(s->id, s->peer->id, t);
570                 s->ready(s);
571             }
572         }
573         break;
574 
575     case A_OKAY: /* READY(local-id, remote-id, "") */
576         if (t->online) {
577             if((s = find_local_socket(p->msg.arg1))) {
578                 if(s->peer == 0) {
579                     s->peer = create_remote_socket(p->msg.arg0, t);
580                     s->peer->peer = s;
581                 }
582                 s->ready(s);
583             }
584         }
585         break;
586 
587     case A_CLSE: /* CLOSE(local-id, remote-id, "") */
588         if (t->online) {
589             if((s = find_local_socket(p->msg.arg1))) {
590                 s->close(s);
591             }
592         }
593         break;
594 
595     case A_WRTE:
596         if (t->online) {
597             if((s = find_local_socket(p->msg.arg1))) {
598                 unsigned rid = p->msg.arg0;
599                 p->len = p->msg.data_length;
600 
601                 if(s->enqueue(s, p) == 0) {
602                     D("Enqueue the socket\n");
603                     send_ready(s->id, rid, t);
604                 }
605                 return;
606             }
607         }
608         break;
609 
610     default:
611         printf("handle_packet: what is %08x?!\n", p->msg.command);
612     }
613 
614     put_apacket(p);
615 }
616 
617 alistener listener_list = {
618     .next = &listener_list,
619     .prev = &listener_list,
620 };
621 
ss_listener_event_func(int _fd,unsigned ev,void * _l)622 static void ss_listener_event_func(int _fd, unsigned ev, void *_l)
623 {
624     asocket *s;
625 
626     if(ev & FDE_READ) {
627         struct sockaddr addr;
628         socklen_t alen;
629         int fd;
630 
631         alen = sizeof(addr);
632         fd = adb_socket_accept(_fd, &addr, &alen);
633         if(fd < 0) return;
634 
635         adb_socket_setbufsize(fd, CHUNK_SIZE);
636 
637         s = create_local_socket(fd);
638         if(s) {
639             connect_to_smartsocket(s);
640             return;
641         }
642 
643         adb_close(fd);
644     }
645 }
646 
listener_event_func(int _fd,unsigned ev,void * _l)647 static void listener_event_func(int _fd, unsigned ev, void *_l)
648 {
649     alistener *l = _l;
650     asocket *s;
651 
652     if(ev & FDE_READ) {
653         struct sockaddr addr;
654         socklen_t alen;
655         int fd;
656 
657         alen = sizeof(addr);
658         fd = adb_socket_accept(_fd, &addr, &alen);
659         if(fd < 0) return;
660 
661         s = create_local_socket(fd);
662         if(s) {
663             s->transport = l->transport;
664             connect_to_remote(s, l->connect_to);
665             return;
666         }
667 
668         adb_close(fd);
669     }
670 }
671 
free_listener(alistener * l)672 static void  free_listener(alistener*  l)
673 {
674     if (l->next) {
675         l->next->prev = l->prev;
676         l->prev->next = l->next;
677         l->next = l->prev = l;
678     }
679 
680     // closes the corresponding fd
681     fdevent_remove(&l->fde);
682 
683     if (l->local_name)
684         free((char*)l->local_name);
685 
686     if (l->connect_to)
687         free((char*)l->connect_to);
688 
689     if (l->transport) {
690         remove_transport_disconnect(l->transport, &l->disconnect);
691     }
692     free(l);
693 }
694 
listener_disconnect(void * _l,atransport * t)695 static void listener_disconnect(void*  _l, atransport*  t)
696 {
697     alistener*  l = _l;
698 
699     free_listener(l);
700 }
701 
local_name_to_fd(const char * name)702 int local_name_to_fd(const char *name)
703 {
704     int port;
705 
706     if(!strncmp("tcp:", name, 4)){
707         int  ret;
708         port = atoi(name + 4);
709 
710         if (gListenAll > 0) {
711             ret = socket_inaddr_any_server(port, SOCK_STREAM);
712         } else {
713             ret = socket_loopback_server(port, SOCK_STREAM);
714         }
715 
716         return ret;
717     }
718 #ifndef HAVE_WIN32_IPC  /* no Unix-domain sockets on Win32 */
719     // It's non-sensical to support the "reserved" space on the adb host side
720     if(!strncmp(name, "local:", 6)) {
721         return socket_local_server(name + 6,
722                 ANDROID_SOCKET_NAMESPACE_ABSTRACT, SOCK_STREAM);
723     } else if(!strncmp(name, "localabstract:", 14)) {
724         return socket_local_server(name + 14,
725                 ANDROID_SOCKET_NAMESPACE_ABSTRACT, SOCK_STREAM);
726     } else if(!strncmp(name, "localfilesystem:", 16)) {
727         return socket_local_server(name + 16,
728                 ANDROID_SOCKET_NAMESPACE_FILESYSTEM, SOCK_STREAM);
729     }
730 
731 #endif
732     printf("unknown local portname '%s'\n", name);
733     return -1;
734 }
735 
736 // Write a single line describing a listener to a user-provided buffer.
737 // Appends a trailing zero, even in case of truncation, but the function
738 // returns the full line length.
739 // If |buffer| is NULL, does not write but returns required size.
format_listener(alistener * l,char * buffer,size_t buffer_len)740 static int format_listener(alistener* l, char* buffer, size_t buffer_len) {
741     // Format is simply:
742     //
743     //  <device-serial> " " <local-name> " " <remote-name> "\n"
744     //
745     int local_len = strlen(l->local_name);
746     int connect_len = strlen(l->connect_to);
747     int serial_len = strlen(l->transport->serial);
748 
749     if (buffer != NULL) {
750         snprintf(buffer, buffer_len, "%s %s %s\n",
751                 l->transport->serial, l->local_name, l->connect_to);
752     }
753     // NOTE: snprintf() on Windows returns -1 in case of truncation, so
754     // return the computed line length instead.
755     return local_len + connect_len + serial_len + 3;
756 }
757 
758 // Write the list of current listeners (network redirections) into a
759 // user-provided buffer. Appends a trailing zero, even in case of
760 // trunctaion, but return the full size in bytes.
761 // If |buffer| is NULL, does not write but returns required size.
format_listeners(char * buf,size_t buflen)762 static int format_listeners(char* buf, size_t buflen)
763 {
764     alistener* l;
765     int result = 0;
766     for (l = listener_list.next; l != &listener_list; l = l->next) {
767         // Ignore special listeners like those for *smartsocket*
768         if (l->connect_to[0] == '*')
769           continue;
770         int len = format_listener(l, buf, buflen);
771         // Ensure there is space for the trailing zero.
772         result += len;
773         if (buf != NULL) {
774           buf += len;
775           buflen -= len;
776           if (buflen <= 0)
777               break;
778         }
779     }
780     return result;
781 }
782 
remove_listener(const char * local_name,atransport * transport)783 static int remove_listener(const char *local_name, atransport* transport)
784 {
785     alistener *l;
786 
787     for (l = listener_list.next; l != &listener_list; l = l->next) {
788         if (!strcmp(local_name, l->local_name)) {
789             listener_disconnect(l, l->transport);
790             return 0;
791         }
792     }
793     return -1;
794 }
795 
remove_all_listeners(void)796 static void remove_all_listeners(void)
797 {
798     alistener *l, *l_next;
799     for (l = listener_list.next; l != &listener_list; l = l_next) {
800         l_next = l->next;
801         // Never remove smart sockets.
802         if (l->connect_to[0] == '*')
803             continue;
804         listener_disconnect(l, l->transport);
805     }
806 }
807 
808 // error/status codes for install_listener.
809 typedef enum {
810   INSTALL_STATUS_OK = 0,
811   INSTALL_STATUS_INTERNAL_ERROR = -1,
812   INSTALL_STATUS_CANNOT_BIND = -2,
813   INSTALL_STATUS_CANNOT_REBIND = -3,
814 } install_status_t;
815 
install_listener(const char * local_name,const char * connect_to,atransport * transport,int no_rebind)816 static install_status_t install_listener(const char *local_name,
817                                          const char *connect_to,
818                                          atransport* transport,
819                                          int no_rebind)
820 {
821     alistener *l;
822 
823     //printf("install_listener('%s','%s')\n", local_name, connect_to);
824 
825     for(l = listener_list.next; l != &listener_list; l = l->next){
826         if(strcmp(local_name, l->local_name) == 0) {
827             char *cto;
828 
829                 /* can't repurpose a smartsocket */
830             if(l->connect_to[0] == '*') {
831                 return INSTALL_STATUS_INTERNAL_ERROR;
832             }
833 
834                 /* can't repurpose a listener if 'no_rebind' is true */
835             if (no_rebind) {
836                 return INSTALL_STATUS_CANNOT_REBIND;
837             }
838 
839             cto = strdup(connect_to);
840             if(cto == 0) {
841                 return INSTALL_STATUS_INTERNAL_ERROR;
842             }
843 
844             //printf("rebinding '%s' to '%s'\n", local_name, connect_to);
845             free((void*) l->connect_to);
846             l->connect_to = cto;
847             if (l->transport != transport) {
848                 remove_transport_disconnect(l->transport, &l->disconnect);
849                 l->transport = transport;
850                 add_transport_disconnect(l->transport, &l->disconnect);
851             }
852             return INSTALL_STATUS_OK;
853         }
854     }
855 
856     if((l = calloc(1, sizeof(alistener))) == 0) goto nomem;
857     if((l->local_name = strdup(local_name)) == 0) goto nomem;
858     if((l->connect_to = strdup(connect_to)) == 0) goto nomem;
859 
860 
861     l->fd = local_name_to_fd(local_name);
862     if(l->fd < 0) {
863         free((void*) l->local_name);
864         free((void*) l->connect_to);
865         free(l);
866         printf("cannot bind '%s'\n", local_name);
867         return -2;
868     }
869 
870     close_on_exec(l->fd);
871     if(!strcmp(l->connect_to, "*smartsocket*")) {
872         fdevent_install(&l->fde, l->fd, ss_listener_event_func, l);
873     } else {
874         fdevent_install(&l->fde, l->fd, listener_event_func, l);
875     }
876     fdevent_set(&l->fde, FDE_READ);
877 
878     l->next = &listener_list;
879     l->prev = listener_list.prev;
880     l->next->prev = l;
881     l->prev->next = l;
882     l->transport = transport;
883 
884     if (transport) {
885         l->disconnect.opaque = l;
886         l->disconnect.func   = listener_disconnect;
887         add_transport_disconnect(transport, &l->disconnect);
888     }
889     return INSTALL_STATUS_OK;
890 
891 nomem:
892     fatal("cannot allocate listener");
893     return INSTALL_STATUS_INTERNAL_ERROR;
894 }
895 
896 #ifdef HAVE_WIN32_PROC
ctrlc_handler(DWORD type)897 static BOOL WINAPI ctrlc_handler(DWORD type)
898 {
899     exit(STATUS_CONTROL_C_EXIT);
900     return TRUE;
901 }
902 #endif
903 
adb_cleanup(void)904 static void adb_cleanup(void)
905 {
906     usb_cleanup();
907 }
908 
start_logging(void)909 void start_logging(void)
910 {
911 #ifdef HAVE_WIN32_PROC
912     char    temp[ MAX_PATH ];
913     FILE*   fnul;
914     FILE*   flog;
915 
916     GetTempPath( sizeof(temp) - 8, temp );
917     strcat( temp, "adb.log" );
918 
919     /* Win32 specific redirections */
920     fnul = fopen( "NUL", "rt" );
921     if (fnul != NULL)
922         stdin[0] = fnul[0];
923 
924     flog = fopen( temp, "at" );
925     if (flog == NULL)
926         flog = fnul;
927 
928     setvbuf( flog, NULL, _IONBF, 0 );
929 
930     stdout[0] = flog[0];
931     stderr[0] = flog[0];
932     fprintf(stderr,"--- adb starting (pid %d) ---\n", getpid());
933 #else
934     int fd;
935 
936     fd = unix_open("/dev/null", O_RDONLY);
937     dup2(fd, 0);
938     adb_close(fd);
939 
940     fd = unix_open("/tmp/adb.log", O_WRONLY | O_CREAT | O_APPEND, 0640);
941     if(fd < 0) {
942         fd = unix_open("/dev/null", O_WRONLY);
943     }
944     dup2(fd, 1);
945     dup2(fd, 2);
946     adb_close(fd);
947     fprintf(stderr,"--- adb starting (pid %d) ---\n", getpid());
948 #endif
949 }
950 
951 #if !ADB_HOST
start_device_log(void)952 void start_device_log(void)
953 {
954     int fd;
955     char    path[PATH_MAX];
956     struct tm now;
957     time_t t;
958     char value[PROPERTY_VALUE_MAX];
959 
960     // read the trace mask from persistent property persist.adb.trace_mask
961     // give up if the property is not set or cannot be parsed
962     property_get("persist.adb.trace_mask", value, "");
963     if (sscanf(value, "%x", &adb_trace_mask) != 1)
964         return;
965 
966     adb_mkdir("/data/adb", 0775);
967     tzset();
968     time(&t);
969     localtime_r(&t, &now);
970     strftime(path, sizeof(path),
971                 "/data/adb/adb-%Y-%m-%d-%H-%M-%S.txt",
972                 &now);
973     fd = unix_open(path, O_WRONLY | O_CREAT | O_TRUNC, 0640);
974     if (fd < 0)
975         return;
976 
977     // redirect stdout and stderr to the log file
978     dup2(fd, 1);
979     dup2(fd, 2);
980     fprintf(stderr,"--- adb starting (pid %d) ---\n", getpid());
981     adb_close(fd);
982 
983     fd = unix_open("/dev/null", O_RDONLY);
984     dup2(fd, 0);
985     adb_close(fd);
986 }
987 #endif
988 
989 #if ADB_HOST
990 
991 #ifdef WORKAROUND_BUG6558362
992 #include <sched.h>
993 #define AFFINITY_ENVVAR "ADB_CPU_AFFINITY_BUG6558362"
adb_set_affinity(void)994 void adb_set_affinity(void)
995 {
996    cpu_set_t cpu_set;
997    const char* cpunum_str = getenv(AFFINITY_ENVVAR);
998    char* strtol_res;
999    int cpu_num;
1000 
1001    if (!cpunum_str || !*cpunum_str)
1002        return;
1003    cpu_num = strtol(cpunum_str, &strtol_res, 0);
1004    if (*strtol_res != '\0')
1005      fatal("bad number (%s) in env var %s. Expecting 0..n.\n", cpunum_str, AFFINITY_ENVVAR);
1006 
1007    sched_getaffinity(0, sizeof(cpu_set), &cpu_set);
1008    D("orig cpu_set[0]=0x%08lx\n", cpu_set.__bits[0]);
1009    CPU_ZERO(&cpu_set);
1010    CPU_SET(cpu_num, &cpu_set);
1011    sched_setaffinity(0, sizeof(cpu_set), &cpu_set);
1012    sched_getaffinity(0, sizeof(cpu_set), &cpu_set);
1013    D("new cpu_set[0]=0x%08lx\n", cpu_set.__bits[0]);
1014 }
1015 #endif
1016 
launch_server(int server_port)1017 int launch_server(int server_port)
1018 {
1019 #ifdef HAVE_WIN32_PROC
1020     /* we need to start the server in the background                    */
1021     /* we create a PIPE that will be used to wait for the server's "OK" */
1022     /* message since the pipe handles must be inheritable, we use a     */
1023     /* security attribute                                               */
1024     HANDLE                pipe_read, pipe_write;
1025     HANDLE                stdout_handle, stderr_handle;
1026     SECURITY_ATTRIBUTES   sa;
1027     STARTUPINFO           startup;
1028     PROCESS_INFORMATION   pinfo;
1029     char                  program_path[ MAX_PATH ];
1030     int                   ret;
1031 
1032     sa.nLength = sizeof(sa);
1033     sa.lpSecurityDescriptor = NULL;
1034     sa.bInheritHandle = TRUE;
1035 
1036     /* create pipe, and ensure its read handle isn't inheritable */
1037     ret = CreatePipe( &pipe_read, &pipe_write, &sa, 0 );
1038     if (!ret) {
1039         fprintf(stderr, "CreatePipe() failure, error %ld\n", GetLastError() );
1040         return -1;
1041     }
1042 
1043     SetHandleInformation( pipe_read, HANDLE_FLAG_INHERIT, 0 );
1044 
1045     /* Some programs want to launch an adb command and collect its output by
1046      * calling CreateProcess with inheritable stdout/stderr handles, then
1047      * using read() to get its output. When this happens, the stdout/stderr
1048      * handles passed to the adb client process will also be inheritable.
1049      * When starting the adb server here, care must be taken to reset them
1050      * to non-inheritable.
1051      * Otherwise, something bad happens: even if the adb command completes,
1052      * the calling process is stuck while read()-ing from the stdout/stderr
1053      * descriptors, because they're connected to corresponding handles in the
1054      * adb server process (even if the latter never uses/writes to them).
1055      */
1056     stdout_handle = GetStdHandle( STD_OUTPUT_HANDLE );
1057     stderr_handle = GetStdHandle( STD_ERROR_HANDLE );
1058     if (stdout_handle != INVALID_HANDLE_VALUE) {
1059         SetHandleInformation( stdout_handle, HANDLE_FLAG_INHERIT, 0 );
1060     }
1061     if (stderr_handle != INVALID_HANDLE_VALUE) {
1062         SetHandleInformation( stderr_handle, HANDLE_FLAG_INHERIT, 0 );
1063     }
1064 
1065     ZeroMemory( &startup, sizeof(startup) );
1066     startup.cb = sizeof(startup);
1067     startup.hStdInput  = GetStdHandle( STD_INPUT_HANDLE );
1068     startup.hStdOutput = pipe_write;
1069     startup.hStdError  = GetStdHandle( STD_ERROR_HANDLE );
1070     startup.dwFlags    = STARTF_USESTDHANDLES;
1071 
1072     ZeroMemory( &pinfo, sizeof(pinfo) );
1073 
1074     /* get path of current program */
1075     GetModuleFileName( NULL, program_path, sizeof(program_path) );
1076 
1077     ret = CreateProcess(
1078             program_path,                              /* program path  */
1079             "adb fork-server server",
1080                                     /* the fork-server argument will set the
1081                                        debug = 2 in the child           */
1082             NULL,                   /* process handle is not inheritable */
1083             NULL,                    /* thread handle is not inheritable */
1084             TRUE,                          /* yes, inherit some handles */
1085             DETACHED_PROCESS, /* the new process doesn't have a console */
1086             NULL,                     /* use parent's environment block */
1087             NULL,                    /* use parent's starting directory */
1088             &startup,                 /* startup info, i.e. std handles */
1089             &pinfo );
1090 
1091     CloseHandle( pipe_write );
1092 
1093     if (!ret) {
1094         fprintf(stderr, "CreateProcess failure, error %ld\n", GetLastError() );
1095         CloseHandle( pipe_read );
1096         return -1;
1097     }
1098 
1099     CloseHandle( pinfo.hProcess );
1100     CloseHandle( pinfo.hThread );
1101 
1102     /* wait for the "OK\n" message */
1103     {
1104         char  temp[3];
1105         DWORD  count;
1106 
1107         ret = ReadFile( pipe_read, temp, 3, &count, NULL );
1108         CloseHandle( pipe_read );
1109         if ( !ret ) {
1110             fprintf(stderr, "could not read ok from ADB Server, error = %ld\n", GetLastError() );
1111             return -1;
1112         }
1113         if (count != 3 || temp[0] != 'O' || temp[1] != 'K' || temp[2] != '\n') {
1114             fprintf(stderr, "ADB server didn't ACK\n" );
1115             return -1;
1116         }
1117     }
1118 #elif defined(HAVE_FORKEXEC)
1119     char    path[PATH_MAX];
1120     int     fd[2];
1121 
1122     // set up a pipe so the child can tell us when it is ready.
1123     // fd[0] will be parent's end, and fd[1] will get mapped to stderr in the child.
1124     if (pipe(fd)) {
1125         fprintf(stderr, "pipe failed in launch_server, errno: %d\n", errno);
1126         return -1;
1127     }
1128     get_my_path(path, PATH_MAX);
1129     pid_t pid = fork();
1130     if(pid < 0) return -1;
1131 
1132     if (pid == 0) {
1133         // child side of the fork
1134 
1135         // redirect stderr to the pipe
1136         // we use stderr instead of stdout due to stdout's buffering behavior.
1137         adb_close(fd[0]);
1138         dup2(fd[1], STDERR_FILENO);
1139         adb_close(fd[1]);
1140 
1141         char str_port[30];
1142         snprintf(str_port, sizeof(str_port), "%d",  server_port);
1143         // child process
1144         int result = execl(path, "adb", "-P", str_port, "fork-server", "server", NULL);
1145         // this should not return
1146         fprintf(stderr, "OOPS! execl returned %d, errno: %d\n", result, errno);
1147     } else  {
1148         // parent side of the fork
1149 
1150         char  temp[3];
1151 
1152         temp[0] = 'A'; temp[1] = 'B'; temp[2] = 'C';
1153         // wait for the "OK\n" message
1154         adb_close(fd[1]);
1155         int ret = adb_read(fd[0], temp, 3);
1156         int saved_errno = errno;
1157         adb_close(fd[0]);
1158         if (ret < 0) {
1159             fprintf(stderr, "could not read ok from ADB Server, errno = %d\n", saved_errno);
1160             return -1;
1161         }
1162         if (ret != 3 || temp[0] != 'O' || temp[1] != 'K' || temp[2] != '\n') {
1163             fprintf(stderr, "ADB server didn't ACK\n" );
1164             return -1;
1165         }
1166 
1167         setsid();
1168     }
1169 #else
1170 #error "cannot implement background server start on this platform"
1171 #endif
1172     return 0;
1173 }
1174 #endif
1175 
1176 /* Constructs a local name of form tcp:port.
1177  * target_str points to the target string, it's content will be overwritten.
1178  * target_size is the capacity of the target string.
1179  * server_port is the port number to use for the local name.
1180  */
build_local_name(char * target_str,size_t target_size,int server_port)1181 void build_local_name(char* target_str, size_t target_size, int server_port)
1182 {
1183   snprintf(target_str, target_size, "tcp:%d", server_port);
1184 }
1185 
1186 #if !ADB_HOST
1187 
drop_capabilities_bounding_set_if_needed()1188 static void drop_capabilities_bounding_set_if_needed() {
1189 #ifdef ALLOW_ADBD_ROOT
1190     char value[PROPERTY_VALUE_MAX];
1191     property_get("ro.debuggable", value, "");
1192     if (strcmp(value, "1") == 0) {
1193         return;
1194     }
1195 #endif
1196     int i;
1197     for (i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >= 0; i++) {
1198         if ((i == CAP_SETUID) || (i == CAP_SETGID)) {
1199             // CAP_SETUID CAP_SETGID needed by /system/bin/run-as
1200             continue;
1201         }
1202         int err = prctl(PR_CAPBSET_DROP, i, 0, 0, 0);
1203 
1204         // Some kernels don't have file capabilities compiled in, and
1205         // prctl(PR_CAPBSET_DROP) returns EINVAL. Don't automatically
1206         // die when we see such misconfigured kernels.
1207         if ((err < 0) && (errno != EINVAL)) {
1208             exit(1);
1209         }
1210     }
1211 }
1212 
should_drop_privileges()1213 static int should_drop_privileges() {
1214 #ifndef ALLOW_ADBD_ROOT
1215     return 1;
1216 #else /* ALLOW_ADBD_ROOT */
1217     int secure = 0;
1218     char value[PROPERTY_VALUE_MAX];
1219 
1220    /* run adbd in secure mode if ro.secure is set and
1221     ** we are not in the emulator
1222     */
1223     property_get("ro.kernel.qemu", value, "");
1224     if (strcmp(value, "1") != 0) {
1225         property_get("ro.secure", value, "1");
1226         if (strcmp(value, "1") == 0) {
1227             // don't run as root if ro.secure is set...
1228             secure = 1;
1229 
1230             // ... except we allow running as root in userdebug builds if the
1231             // service.adb.root property has been set by the "adb root" command
1232             property_get("ro.debuggable", value, "");
1233             if (strcmp(value, "1") == 0) {
1234                 property_get("service.adb.root", value, "");
1235                 if (strcmp(value, "1") == 0) {
1236                     secure = 0;
1237                 }
1238             }
1239         }
1240     }
1241     return secure;
1242 #endif /* ALLOW_ADBD_ROOT */
1243 }
1244 #endif /* !ADB_HOST */
1245 
adb_main(int is_daemon,int server_port)1246 int adb_main(int is_daemon, int server_port)
1247 {
1248 #if !ADB_HOST
1249     int port;
1250     char value[PROPERTY_VALUE_MAX];
1251 
1252     umask(000);
1253 #endif
1254 
1255     atexit(adb_cleanup);
1256 #ifdef HAVE_WIN32_PROC
1257     SetConsoleCtrlHandler( ctrlc_handler, TRUE );
1258 #elif defined(HAVE_FORKEXEC)
1259     // No SIGCHLD. Let the service subproc handle its children.
1260     signal(SIGPIPE, SIG_IGN);
1261 #endif
1262 
1263     init_transport_registration();
1264 
1265 #if ADB_HOST
1266     HOST = 1;
1267 
1268 #ifdef WORKAROUND_BUG6558362
1269     if(is_daemon) adb_set_affinity();
1270 #endif
1271     usb_vendors_init();
1272     usb_init();
1273     local_init(DEFAULT_ADB_LOCAL_TRANSPORT_PORT);
1274     adb_auth_init();
1275 
1276     char local_name[30];
1277     build_local_name(local_name, sizeof(local_name), server_port);
1278     if(install_listener(local_name, "*smartsocket*", NULL, 0)) {
1279         exit(1);
1280     }
1281 #else
1282     property_get("ro.adb.secure", value, "0");
1283     auth_enabled = !strcmp(value, "1");
1284     if (auth_enabled)
1285         adb_auth_init();
1286 
1287     // Our external storage path may be different than apps, since
1288     // we aren't able to bind mount after dropping root.
1289     const char* adb_external_storage = getenv("ADB_EXTERNAL_STORAGE");
1290     if (NULL != adb_external_storage) {
1291         setenv("EXTERNAL_STORAGE", adb_external_storage, 1);
1292     } else {
1293         D("Warning: ADB_EXTERNAL_STORAGE is not set.  Leaving EXTERNAL_STORAGE"
1294           " unchanged.\n");
1295     }
1296 
1297     /* don't listen on a port (default 5037) if running in secure mode */
1298     /* don't run as root if we are running in secure mode */
1299     if (should_drop_privileges()) {
1300         struct __user_cap_header_struct header;
1301         struct __user_cap_data_struct cap[2];
1302 
1303         if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) != 0) {
1304             exit(1);
1305         }
1306 
1307         drop_capabilities_bounding_set_if_needed();
1308 
1309         /* add extra groups:
1310         ** AID_ADB to access the USB driver
1311         ** AID_LOG to read system logs (adb logcat)
1312         ** AID_INPUT to diagnose input issues (getevent)
1313         ** AID_INET to diagnose network issues (netcfg, ping)
1314         ** AID_GRAPHICS to access the frame buffer
1315         ** AID_NET_BT and AID_NET_BT_ADMIN to diagnose bluetooth (hcidump)
1316         ** AID_SDCARD_R to allow reading from the SD card
1317         ** AID_SDCARD_RW to allow writing to the SD card
1318         ** AID_MOUNT to allow unmounting the SD card before rebooting
1319         ** AID_NET_BW_STATS to read out qtaguid statistics
1320         */
1321         gid_t groups[] = { AID_ADB, AID_LOG, AID_INPUT, AID_INET, AID_GRAPHICS,
1322                            AID_NET_BT, AID_NET_BT_ADMIN, AID_SDCARD_R, AID_SDCARD_RW,
1323                            AID_MOUNT, AID_NET_BW_STATS };
1324         if (setgroups(sizeof(groups)/sizeof(groups[0]), groups) != 0) {
1325             exit(1);
1326         }
1327 
1328         /* then switch user and group to "shell" */
1329         if (setgid(AID_SHELL) != 0) {
1330             exit(1);
1331         }
1332         if (setuid(AID_SHELL) != 0) {
1333             exit(1);
1334         }
1335 
1336         memset(&header, 0, sizeof(header));
1337         memset(cap, 0, sizeof(cap));
1338 
1339         /* set CAP_SYS_BOOT capability, so "adb reboot" will succeed */
1340         header.version = _LINUX_CAPABILITY_VERSION_3;
1341         header.pid = 0;
1342         cap[CAP_TO_INDEX(CAP_SYS_BOOT)].effective |= CAP_TO_MASK(CAP_SYS_BOOT);
1343         cap[CAP_TO_INDEX(CAP_SYS_BOOT)].permitted |= CAP_TO_MASK(CAP_SYS_BOOT);
1344         capset(&header, cap);
1345 
1346         D("Local port disabled\n");
1347     } else {
1348         char local_name[30];
1349         build_local_name(local_name, sizeof(local_name), server_port);
1350         if(install_listener(local_name, "*smartsocket*", NULL, 0)) {
1351             exit(1);
1352         }
1353     }
1354 
1355     int usb = 0;
1356     if (access(USB_ADB_PATH, F_OK) == 0 || access(USB_FFS_ADB_EP0, F_OK) == 0) {
1357         // listen on USB
1358         usb_init();
1359         usb = 1;
1360     }
1361 
1362     // If one of these properties is set, also listen on that port
1363     // If one of the properties isn't set and we couldn't listen on usb,
1364     // listen on the default port.
1365     property_get("service.adb.tcp.port", value, "");
1366     if (!value[0]) {
1367         property_get("persist.adb.tcp.port", value, "");
1368     }
1369     if (sscanf(value, "%d", &port) == 1 && port > 0) {
1370         printf("using port=%d\n", port);
1371         // listen on TCP port specified by service.adb.tcp.port property
1372         local_init(port);
1373     } else if (!usb) {
1374         // listen on default port
1375         local_init(DEFAULT_ADB_LOCAL_TRANSPORT_PORT);
1376     }
1377 
1378     D("adb_main(): pre init_jdwp()\n");
1379     init_jdwp();
1380     D("adb_main(): post init_jdwp()\n");
1381 #endif
1382 
1383     if (is_daemon)
1384     {
1385         // inform our parent that we are up and running.
1386 #ifdef HAVE_WIN32_PROC
1387         DWORD  count;
1388         WriteFile( GetStdHandle( STD_OUTPUT_HANDLE ), "OK\n", 3, &count, NULL );
1389 #elif defined(HAVE_FORKEXEC)
1390         fprintf(stderr, "OK\n");
1391 #endif
1392         start_logging();
1393     }
1394     D("Event loop starting\n");
1395 
1396     fdevent_loop();
1397 
1398     usb_cleanup();
1399 
1400     return 0;
1401 }
1402 
1403 #if ADB_HOST
connect_device(char * host,char * buffer,int buffer_size)1404 void connect_device(char* host, char* buffer, int buffer_size)
1405 {
1406     int port, fd;
1407     char* portstr = strchr(host, ':');
1408     char hostbuf[100];
1409     char serial[100];
1410 
1411     strncpy(hostbuf, host, sizeof(hostbuf) - 1);
1412     if (portstr) {
1413         if (portstr - host >= (ptrdiff_t)sizeof(hostbuf)) {
1414             snprintf(buffer, buffer_size, "bad host name %s", host);
1415             return;
1416         }
1417         // zero terminate the host at the point we found the colon
1418         hostbuf[portstr - host] = 0;
1419         if (sscanf(portstr + 1, "%d", &port) == 0) {
1420             snprintf(buffer, buffer_size, "bad port number %s", portstr);
1421             return;
1422         }
1423     } else {
1424         port = DEFAULT_ADB_LOCAL_TRANSPORT_PORT;
1425     }
1426 
1427     snprintf(serial, sizeof(serial), "%s:%d", hostbuf, port);
1428     if (find_transport(serial)) {
1429         snprintf(buffer, buffer_size, "already connected to %s", serial);
1430         return;
1431     }
1432 
1433     fd = socket_network_client(hostbuf, port, SOCK_STREAM);
1434     if (fd < 0) {
1435         snprintf(buffer, buffer_size, "unable to connect to %s:%d", host, port);
1436         return;
1437     }
1438 
1439     D("client: connected on remote on fd %d\n", fd);
1440     close_on_exec(fd);
1441     disable_tcp_nagle(fd);
1442     register_socket_transport(fd, serial, port, 0);
1443     snprintf(buffer, buffer_size, "connected to %s", serial);
1444 }
1445 
connect_emulator(char * port_spec,char * buffer,int buffer_size)1446 void connect_emulator(char* port_spec, char* buffer, int buffer_size)
1447 {
1448     char* port_separator = strchr(port_spec, ',');
1449     if (!port_separator) {
1450         snprintf(buffer, buffer_size,
1451                 "unable to parse '%s' as <console port>,<adb port>",
1452                 port_spec);
1453         return;
1454     }
1455 
1456     // Zero-terminate console port and make port_separator point to 2nd port.
1457     *port_separator++ = 0;
1458     int console_port = strtol(port_spec, NULL, 0);
1459     int adb_port = strtol(port_separator, NULL, 0);
1460     if (!(console_port > 0 && adb_port > 0)) {
1461         *(port_separator - 1) = ',';
1462         snprintf(buffer, buffer_size,
1463                 "Invalid port numbers: Expected positive numbers, got '%s'",
1464                 port_spec);
1465         return;
1466     }
1467 
1468     /* Check if the emulator is already known.
1469      * Note: There's a small but harmless race condition here: An emulator not
1470      * present just yet could be registered by another invocation right
1471      * after doing this check here. However, local_connect protects
1472      * against double-registration too. From here, a better error message
1473      * can be produced. In the case of the race condition, the very specific
1474      * error message won't be shown, but the data doesn't get corrupted. */
1475     atransport* known_emulator = find_emulator_transport_by_adb_port(adb_port);
1476     if (known_emulator != NULL) {
1477         snprintf(buffer, buffer_size,
1478                 "Emulator on port %d already registered.", adb_port);
1479         return;
1480     }
1481 
1482     /* Check if more emulators can be registered. Similar unproblematic
1483      * race condition as above. */
1484     int candidate_slot = get_available_local_transport_index();
1485     if (candidate_slot < 0) {
1486         snprintf(buffer, buffer_size, "Cannot accept more emulators.");
1487         return;
1488     }
1489 
1490     /* Preconditions met, try to connect to the emulator. */
1491     if (!local_connect_arbitrary_ports(console_port, adb_port)) {
1492         snprintf(buffer, buffer_size,
1493                 "Connected to emulator on ports %d,%d", console_port, adb_port);
1494     } else {
1495         snprintf(buffer, buffer_size,
1496                 "Could not connect to emulator on ports %d,%d",
1497                 console_port, adb_port);
1498     }
1499 }
1500 #endif
1501 
handle_host_request(char * service,transport_type ttype,char * serial,int reply_fd,asocket * s)1502 int handle_host_request(char *service, transport_type ttype, char* serial, int reply_fd, asocket *s)
1503 {
1504     atransport *transport = NULL;
1505     char buf[4096];
1506 
1507     if(!strcmp(service, "kill")) {
1508         fprintf(stderr,"adb server killed by remote request\n");
1509         fflush(stdout);
1510         adb_write(reply_fd, "OKAY", 4);
1511         usb_cleanup();
1512         exit(0);
1513     }
1514 
1515 #if ADB_HOST
1516     // "transport:" is used for switching transport with a specified serial number
1517     // "transport-usb:" is used for switching transport to the only USB transport
1518     // "transport-local:" is used for switching transport to the only local transport
1519     // "transport-any:" is used for switching transport to the only transport
1520     if (!strncmp(service, "transport", strlen("transport"))) {
1521         char* error_string = "unknown failure";
1522         transport_type type = kTransportAny;
1523 
1524         if (!strncmp(service, "transport-usb", strlen("transport-usb"))) {
1525             type = kTransportUsb;
1526         } else if (!strncmp(service, "transport-local", strlen("transport-local"))) {
1527             type = kTransportLocal;
1528         } else if (!strncmp(service, "transport-any", strlen("transport-any"))) {
1529             type = kTransportAny;
1530         } else if (!strncmp(service, "transport:", strlen("transport:"))) {
1531             service += strlen("transport:");
1532             serial = service;
1533         }
1534 
1535         transport = acquire_one_transport(CS_ANY, type, serial, &error_string);
1536 
1537         if (transport) {
1538             s->transport = transport;
1539             adb_write(reply_fd, "OKAY", 4);
1540         } else {
1541             sendfailmsg(reply_fd, error_string);
1542         }
1543         return 1;
1544     }
1545 
1546     // return a list of all connected devices
1547     if (!strncmp(service, "devices", 7)) {
1548         char buffer[4096];
1549         int use_long = !strcmp(service+7, "-l");
1550         if (use_long || service[7] == 0) {
1551             memset(buf, 0, sizeof(buf));
1552             memset(buffer, 0, sizeof(buffer));
1553             D("Getting device list \n");
1554             list_transports(buffer, sizeof(buffer), use_long);
1555             snprintf(buf, sizeof(buf), "OKAY%04x%s",(unsigned)strlen(buffer),buffer);
1556             D("Wrote device list \n");
1557             writex(reply_fd, buf, strlen(buf));
1558             return 0;
1559         }
1560     }
1561 
1562     // add a new TCP transport, device or emulator
1563     if (!strncmp(service, "connect:", 8)) {
1564         char buffer[4096];
1565         char* host = service + 8;
1566         if (!strncmp(host, "emu:", 4)) {
1567             connect_emulator(host + 4, buffer, sizeof(buffer));
1568         } else {
1569             connect_device(host, buffer, sizeof(buffer));
1570         }
1571         // Send response for emulator and device
1572         snprintf(buf, sizeof(buf), "OKAY%04x%s",(unsigned)strlen(buffer), buffer);
1573         writex(reply_fd, buf, strlen(buf));
1574         return 0;
1575     }
1576 
1577     // remove TCP transport
1578     if (!strncmp(service, "disconnect:", 11)) {
1579         char buffer[4096];
1580         memset(buffer, 0, sizeof(buffer));
1581         char* serial = service + 11;
1582         if (serial[0] == 0) {
1583             // disconnect from all TCP devices
1584             unregister_all_tcp_transports();
1585         } else {
1586             char hostbuf[100];
1587             // assume port 5555 if no port is specified
1588             if (!strchr(serial, ':')) {
1589                 snprintf(hostbuf, sizeof(hostbuf) - 1, "%s:5555", serial);
1590                 serial = hostbuf;
1591             }
1592             atransport *t = find_transport(serial);
1593 
1594             if (t) {
1595                 unregister_transport(t);
1596             } else {
1597                 snprintf(buffer, sizeof(buffer), "No such device %s", serial);
1598             }
1599         }
1600 
1601         snprintf(buf, sizeof(buf), "OKAY%04x%s",(unsigned)strlen(buffer), buffer);
1602         writex(reply_fd, buf, strlen(buf));
1603         return 0;
1604     }
1605 
1606     // returns our value for ADB_SERVER_VERSION
1607     if (!strcmp(service, "version")) {
1608         char version[12];
1609         snprintf(version, sizeof version, "%04x", ADB_SERVER_VERSION);
1610         snprintf(buf, sizeof buf, "OKAY%04x%s", (unsigned)strlen(version), version);
1611         writex(reply_fd, buf, strlen(buf));
1612         return 0;
1613     }
1614 
1615     if(!strncmp(service,"get-serialno",strlen("get-serialno"))) {
1616         char *out = "unknown";
1617          transport = acquire_one_transport(CS_ANY, ttype, serial, NULL);
1618        if (transport && transport->serial) {
1619             out = transport->serial;
1620         }
1621         snprintf(buf, sizeof buf, "OKAY%04x%s",(unsigned)strlen(out),out);
1622         writex(reply_fd, buf, strlen(buf));
1623         return 0;
1624     }
1625     if(!strncmp(service,"get-devpath",strlen("get-devpath"))) {
1626         char *out = "unknown";
1627          transport = acquire_one_transport(CS_ANY, ttype, serial, NULL);
1628        if (transport && transport->devpath) {
1629             out = transport->devpath;
1630         }
1631         snprintf(buf, sizeof buf, "OKAY%04x%s",(unsigned)strlen(out),out);
1632         writex(reply_fd, buf, strlen(buf));
1633         return 0;
1634     }
1635     // indicates a new emulator instance has started
1636     if (!strncmp(service,"emulator:",9)) {
1637         int  port = atoi(service+9);
1638         local_connect(port);
1639         /* we don't even need to send a reply */
1640         return 0;
1641     }
1642 #endif // ADB_HOST
1643 
1644     if(!strcmp(service,"list-forward")) {
1645         // Create the list of forward redirections.
1646         char header[9];
1647         int buffer_size = format_listeners(NULL, 0);
1648         // Add one byte for the trailing zero.
1649         char* buffer = malloc(buffer_size+1);
1650         (void) format_listeners(buffer, buffer_size+1);
1651         snprintf(header, sizeof header, "OKAY%04x", buffer_size);
1652         writex(reply_fd, header, 8);
1653         writex(reply_fd, buffer, buffer_size);
1654         free(buffer);
1655         return 0;
1656     }
1657 
1658     if (!strcmp(service,"killforward-all")) {
1659         remove_all_listeners();
1660         adb_write(reply_fd, "OKAYOKAY", 8);
1661         return 0;
1662     }
1663 
1664     if(!strncmp(service,"forward:",8) ||
1665        !strncmp(service,"killforward:",12)) {
1666         char *local, *remote, *err;
1667         int r;
1668         atransport *transport;
1669 
1670         int createForward = strncmp(service,"kill",4);
1671         int no_rebind = 0;
1672 
1673         local = strchr(service, ':') + 1;
1674 
1675         // Handle forward:norebind:<local>... here
1676         if (createForward && !strncmp(local, "norebind:", 9)) {
1677             no_rebind = 1;
1678             local = strchr(local, ':') + 1;
1679         }
1680 
1681         remote = strchr(local,';');
1682 
1683         if (createForward) {
1684             // Check forward: parameter format: '<local>;<remote>'
1685             if(remote == 0) {
1686                 sendfailmsg(reply_fd, "malformed forward spec");
1687                 return 0;
1688             }
1689 
1690             *remote++ = 0;
1691             if((local[0] == 0) || (remote[0] == 0) || (remote[0] == '*')){
1692                 sendfailmsg(reply_fd, "malformed forward spec");
1693                 return 0;
1694             }
1695         } else {
1696             // Check killforward: parameter format: '<local>'
1697             if (local[0] == 0) {
1698                 sendfailmsg(reply_fd, "malformed forward spec");
1699                 return 0;
1700             }
1701         }
1702 
1703         transport = acquire_one_transport(CS_ANY, ttype, serial, &err);
1704         if (!transport) {
1705             sendfailmsg(reply_fd, err);
1706             return 0;
1707         }
1708 
1709         if (createForward) {
1710             r = install_listener(local, remote, transport, no_rebind);
1711         } else {
1712             r = remove_listener(local, transport);
1713         }
1714         if(r == 0) {
1715                 /* 1st OKAY is connect, 2nd OKAY is status */
1716             writex(reply_fd, "OKAYOKAY", 8);
1717             return 0;
1718         }
1719 
1720         if (createForward) {
1721             const char* message;
1722             switch (r) {
1723               case INSTALL_STATUS_CANNOT_BIND:
1724                 message = "cannot bind to socket";
1725                 break;
1726               case INSTALL_STATUS_CANNOT_REBIND:
1727                 message = "cannot rebind existing socket";
1728                 break;
1729               default:
1730                 message = "internal error";
1731             }
1732             sendfailmsg(reply_fd, message);
1733         } else {
1734             sendfailmsg(reply_fd, "cannot remove listener");
1735         }
1736         return 0;
1737     }
1738 
1739     if(!strncmp(service,"get-state",strlen("get-state"))) {
1740         transport = acquire_one_transport(CS_ANY, ttype, serial, NULL);
1741         char *state = connection_state_name(transport);
1742         snprintf(buf, sizeof buf, "OKAY%04x%s",(unsigned)strlen(state),state);
1743         writex(reply_fd, buf, strlen(buf));
1744         return 0;
1745     }
1746     return -1;
1747 }
1748 
1749 #if !ADB_HOST
1750 int recovery_mode = 0;
1751 #endif
1752 
main(int argc,char ** argv)1753 int main(int argc, char **argv)
1754 {
1755 #if ADB_HOST
1756     adb_sysdeps_init();
1757     adb_trace_init();
1758     D("Handling commandline()\n");
1759     return adb_commandline(argc - 1, argv + 1);
1760 #else
1761     /* If adbd runs inside the emulator this will enable adb tracing via
1762      * adb-debug qemud service in the emulator. */
1763     adb_qemu_trace_init();
1764     if((argc > 1) && (!strcmp(argv[1],"recovery"))) {
1765         adb_device_banner = "recovery";
1766         recovery_mode = 1;
1767     }
1768 
1769     start_device_log();
1770     D("Handling main()\n");
1771     return adb_main(0, DEFAULT_ADB_PORT);
1772 #endif
1773 }
1774