1 /*
2 * Copyright (C) 2007 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <stdio.h>
18 #include <stdlib.h>
19 #include <string.h>
20 #include <errno.h>
21
22 #include "sysdeps.h"
23 #include <sys/types.h>
24 #if !ADB_HOST
25 #include <cutils/properties.h>
26 #endif
27
28 #define TRACE_TAG TRACE_TRANSPORT
29 #include "adb.h"
30
31 #ifdef HAVE_BIG_ENDIAN
32 #define H4(x) (((x) & 0xFF000000) >> 24) | (((x) & 0x00FF0000) >> 8) | (((x) & 0x0000FF00) << 8) | (((x) & 0x000000FF) << 24)
fix_endians(apacket * p)33 static inline void fix_endians(apacket *p)
34 {
35 p->msg.command = H4(p->msg.command);
36 p->msg.arg0 = H4(p->msg.arg0);
37 p->msg.arg1 = H4(p->msg.arg1);
38 p->msg.data_length = H4(p->msg.data_length);
39 p->msg.data_check = H4(p->msg.data_check);
40 p->msg.magic = H4(p->msg.magic);
41 }
42 #else
43 #define fix_endians(p) do {} while (0)
44 #endif
45
46 #if ADB_HOST
47 /* we keep a list of opened transports. The atransport struct knows to which
48 * local transport it is connected. The list is used to detect when we're
49 * trying to connect twice to a given local transport.
50 */
51 #define ADB_LOCAL_TRANSPORT_MAX 16
52
53 ADB_MUTEX_DEFINE( local_transports_lock );
54
55 static atransport* local_transports[ ADB_LOCAL_TRANSPORT_MAX ];
56 #endif /* ADB_HOST */
57
remote_read(apacket * p,atransport * t)58 static int remote_read(apacket *p, atransport *t)
59 {
60 if(readx(t->sfd, &p->msg, sizeof(amessage))){
61 D("remote local: read terminated (message)\n");
62 return -1;
63 }
64
65 fix_endians(p);
66
67 #if 0 && defined HAVE_BIG_ENDIAN
68 D("read remote packet: %04x arg0=%0x arg1=%0x data_length=%0x data_check=%0x magic=%0x\n",
69 p->msg.command, p->msg.arg0, p->msg.arg1, p->msg.data_length, p->msg.data_check, p->msg.magic);
70 #endif
71 if(check_header(p)) {
72 D("bad header: terminated (data)\n");
73 return -1;
74 }
75
76 if(readx(t->sfd, p->data, p->msg.data_length)){
77 D("remote local: terminated (data)\n");
78 return -1;
79 }
80
81 if(check_data(p)) {
82 D("bad data: terminated (data)\n");
83 return -1;
84 }
85
86 return 0;
87 }
88
remote_write(apacket * p,atransport * t)89 static int remote_write(apacket *p, atransport *t)
90 {
91 int length = p->msg.data_length;
92
93 fix_endians(p);
94
95 #if 0 && defined HAVE_BIG_ENDIAN
96 D("write remote packet: %04x arg0=%0x arg1=%0x data_length=%0x data_check=%0x magic=%0x\n",
97 p->msg.command, p->msg.arg0, p->msg.arg1, p->msg.data_length, p->msg.data_check, p->msg.magic);
98 #endif
99 if(writex(t->sfd, &p->msg, sizeof(amessage) + length)) {
100 D("remote local: write terminated\n");
101 return -1;
102 }
103
104 return 0;
105 }
106
107
local_connect(int port)108 int local_connect(int port) {
109 return local_connect_arbitrary_ports(port-1, port);
110 }
111
local_connect_arbitrary_ports(int console_port,int adb_port)112 int local_connect_arbitrary_ports(int console_port, int adb_port)
113 {
114 char buf[64];
115 int fd = -1;
116
117 #if ADB_HOST
118 const char *host = getenv("ADBHOST");
119 if (host) {
120 fd = socket_network_client(host, adb_port, SOCK_STREAM);
121 }
122 #endif
123 if (fd < 0) {
124 fd = socket_loopback_client(adb_port, SOCK_STREAM);
125 }
126
127 if (fd >= 0) {
128 D("client: connected on remote on fd %d\n", fd);
129 close_on_exec(fd);
130 disable_tcp_nagle(fd);
131 snprintf(buf, sizeof buf, "%s%d", LOCAL_CLIENT_PREFIX, console_port);
132 register_socket_transport(fd, buf, adb_port, 1);
133 return 0;
134 }
135 return -1;
136 }
137
138
client_socket_thread(void * x)139 static void *client_socket_thread(void *x)
140 {
141 #if ADB_HOST
142 int port = DEFAULT_ADB_LOCAL_TRANSPORT_PORT;
143 int count = ADB_LOCAL_TRANSPORT_MAX;
144
145 D("transport: client_socket_thread() starting\n");
146
147 /* try to connect to any number of running emulator instances */
148 /* this is only done when ADB starts up. later, each new emulator */
149 /* will send a message to ADB to indicate that is is starting up */
150 for ( ; count > 0; count--, port += 2 ) {
151 (void) local_connect(port);
152 }
153 #endif
154 return 0;
155 }
156
server_socket_thread(void * arg)157 static void *server_socket_thread(void * arg)
158 {
159 int serverfd, fd;
160 struct sockaddr addr;
161 socklen_t alen;
162 int port = (int)arg;
163
164 D("transport: server_socket_thread() starting\n");
165 serverfd = -1;
166 for(;;) {
167 if(serverfd == -1) {
168 serverfd = socket_inaddr_any_server(port, SOCK_STREAM);
169 if(serverfd < 0) {
170 D("server: cannot bind socket yet\n");
171 adb_sleep_ms(1000);
172 continue;
173 }
174 close_on_exec(serverfd);
175 }
176
177 alen = sizeof(addr);
178 D("server: trying to get new connection from %d\n", port);
179 fd = adb_socket_accept(serverfd, &addr, &alen);
180 if(fd >= 0) {
181 D("server: new connection on fd %d\n", fd);
182 close_on_exec(fd);
183 disable_tcp_nagle(fd);
184 register_socket_transport(fd, "host", port, 1);
185 }
186 }
187 D("transport: server_socket_thread() exiting\n");
188 return 0;
189 }
190
191 /* This is relevant only for ADB daemon running inside the emulator. */
192 #if !ADB_HOST
193 /*
194 * Redefine open and write for qemu_pipe.h that contains inlined references
195 * to those routines. We will redifine them back after qemu_pipe.h inclusion.
196 */
197 #undef open
198 #undef write
199 #define open adb_open
200 #define write adb_write
201 #include <hardware/qemu_pipe.h>
202 #undef open
203 #undef write
204 #define open ___xxx_open
205 #define write ___xxx_write
206
207 /* A worker thread that monitors host connections, and registers a transport for
208 * every new host connection. This thread replaces server_socket_thread on
209 * condition that adbd daemon runs inside the emulator, and emulator uses QEMUD
210 * pipe to communicate with adbd daemon inside the guest. This is done in order
211 * to provide more robust communication channel between ADB host and guest. The
212 * main issue with server_socket_thread approach is that it runs on top of TCP,
213 * and thus is sensitive to network disruptions. For instance, the
214 * ConnectionManager may decide to reset all network connections, in which case
215 * the connection between ADB host and guest will be lost. To make ADB traffic
216 * independent from the network, we use here 'adb' QEMUD service to transfer data
217 * between the host, and the guest. See external/qemu/android/adb-*.* that
218 * implements the emulator's side of the protocol. Another advantage of using
219 * QEMUD approach is that ADB will be up much sooner, since it doesn't depend
220 * anymore on network being set up.
221 * The guest side of the protocol contains the following phases:
222 * - Connect with adb QEMUD service. In this phase a handle to 'adb' QEMUD service
223 * is opened, and it becomes clear whether or not emulator supports that
224 * protocol.
225 * - Wait for the ADB host to create connection with the guest. This is done by
226 * sending an 'accept' request to the adb QEMUD service, and waiting on
227 * response.
228 * - When new ADB host connection is accepted, the connection with adb QEMUD
229 * service is registered as the transport, and a 'start' request is sent to the
230 * adb QEMUD service, indicating that the guest is ready to receive messages.
231 * Note that the guest will ignore messages sent down from the emulator before
232 * the transport registration is completed. That's why we need to send the
233 * 'start' request after the transport is registered.
234 */
qemu_socket_thread(void * arg)235 static void *qemu_socket_thread(void * arg)
236 {
237 /* 'accept' request to the adb QEMUD service. */
238 static const char _accept_req[] = "accept";
239 /* 'start' request to the adb QEMUD service. */
240 static const char _start_req[] = "start";
241 /* 'ok' reply from the adb QEMUD service. */
242 static const char _ok_resp[] = "ok";
243
244 const int port = (int)arg;
245 int res, fd;
246 char tmp[256];
247 char con_name[32];
248
249 D("transport: qemu_socket_thread() starting\n");
250
251 /* adb QEMUD service connection request. */
252 snprintf(con_name, sizeof(con_name), "qemud:adb:%d", port);
253
254 /* Connect to the adb QEMUD service. */
255 fd = qemu_pipe_open(con_name);
256 if (fd < 0) {
257 /* This could be an older version of the emulator, that doesn't
258 * implement adb QEMUD service. Fall back to the old TCP way. */
259 adb_thread_t thr;
260 D("adb service is not available. Falling back to TCP socket.\n");
261 adb_thread_create(&thr, server_socket_thread, arg);
262 return 0;
263 }
264
265 for(;;) {
266 /*
267 * Wait till the host creates a new connection.
268 */
269
270 /* Send the 'accept' request. */
271 res = adb_write(fd, _accept_req, strlen(_accept_req));
272 if ((size_t)res == strlen(_accept_req)) {
273 /* Wait for the response. In the response we expect 'ok' on success,
274 * or 'ko' on failure. */
275 res = adb_read(fd, tmp, sizeof(tmp));
276 if (res != 2 || memcmp(tmp, _ok_resp, 2)) {
277 D("Accepting ADB host connection has failed.\n");
278 adb_close(fd);
279 } else {
280 /* Host is connected. Register the transport, and start the
281 * exchange. */
282 register_socket_transport(fd, "host", port, 1);
283 adb_write(fd, _start_req, strlen(_start_req));
284 }
285
286 /* Prepare for accepting of the next ADB host connection. */
287 fd = qemu_pipe_open(con_name);
288 if (fd < 0) {
289 D("adb service become unavailable.\n");
290 return 0;
291 }
292 } else {
293 D("Unable to send the '%s' request to ADB service.\n", _accept_req);
294 return 0;
295 }
296 }
297 D("transport: qemu_socket_thread() exiting\n");
298 return 0;
299 }
300 #endif // !ADB_HOST
301
local_init(int port)302 void local_init(int port)
303 {
304 adb_thread_t thr;
305 void* (*func)(void *);
306
307 if(HOST) {
308 func = client_socket_thread;
309 } else {
310 #if ADB_HOST
311 func = server_socket_thread;
312 #else
313 /* For the adbd daemon in the system image we need to distinguish
314 * between the device, and the emulator. */
315 char is_qemu[PROPERTY_VALUE_MAX];
316 property_get("ro.kernel.qemu", is_qemu, "");
317 if (!strcmp(is_qemu, "1")) {
318 /* Running inside the emulator: use QEMUD pipe as the transport. */
319 func = qemu_socket_thread;
320 } else {
321 /* Running inside the device: use TCP socket as the transport. */
322 func = server_socket_thread;
323 }
324 #endif // !ADB_HOST
325 }
326
327 D("transport: local %s init\n", HOST ? "client" : "server");
328
329 if(adb_thread_create(&thr, func, (void *)port)) {
330 fatal_errno("cannot create local socket %s thread",
331 HOST ? "client" : "server");
332 }
333 }
334
remote_kick(atransport * t)335 static void remote_kick(atransport *t)
336 {
337 int fd = t->sfd;
338 t->sfd = -1;
339 adb_shutdown(fd);
340 adb_close(fd);
341
342 #if ADB_HOST
343 if(HOST) {
344 int nn;
345 adb_mutex_lock( &local_transports_lock );
346 for (nn = 0; nn < ADB_LOCAL_TRANSPORT_MAX; nn++) {
347 if (local_transports[nn] == t) {
348 local_transports[nn] = NULL;
349 break;
350 }
351 }
352 adb_mutex_unlock( &local_transports_lock );
353 }
354 #endif
355 }
356
remote_close(atransport * t)357 static void remote_close(atransport *t)
358 {
359 adb_close(t->fd);
360 }
361
362
363 #if ADB_HOST
364 /* Only call this function if you already hold local_transports_lock. */
find_emulator_transport_by_adb_port_locked(int adb_port)365 atransport* find_emulator_transport_by_adb_port_locked(int adb_port)
366 {
367 int i;
368 for (i = 0; i < ADB_LOCAL_TRANSPORT_MAX; i++) {
369 if (local_transports[i] && local_transports[i]->adb_port == adb_port) {
370 return local_transports[i];
371 }
372 }
373 return NULL;
374 }
375
find_emulator_transport_by_adb_port(int adb_port)376 atransport* find_emulator_transport_by_adb_port(int adb_port)
377 {
378 adb_mutex_lock( &local_transports_lock );
379 atransport* result = find_emulator_transport_by_adb_port_locked(adb_port);
380 adb_mutex_unlock( &local_transports_lock );
381 return result;
382 }
383
384 /* Only call this function if you already hold local_transports_lock. */
get_available_local_transport_index_locked()385 int get_available_local_transport_index_locked()
386 {
387 int i;
388 for (i = 0; i < ADB_LOCAL_TRANSPORT_MAX; i++) {
389 if (local_transports[i] == NULL) {
390 return i;
391 }
392 }
393 return -1;
394 }
395
get_available_local_transport_index()396 int get_available_local_transport_index()
397 {
398 adb_mutex_lock( &local_transports_lock );
399 int result = get_available_local_transport_index_locked();
400 adb_mutex_unlock( &local_transports_lock );
401 return result;
402 }
403 #endif
404
init_socket_transport(atransport * t,int s,int adb_port,int local)405 int init_socket_transport(atransport *t, int s, int adb_port, int local)
406 {
407 int fail = 0;
408
409 t->kick = remote_kick;
410 t->close = remote_close;
411 t->read_from_remote = remote_read;
412 t->write_to_remote = remote_write;
413 t->sfd = s;
414 t->sync_token = 1;
415 t->connection_state = CS_OFFLINE;
416 t->type = kTransportLocal;
417 t->adb_port = 0;
418
419 #if ADB_HOST
420 if (HOST && local) {
421 adb_mutex_lock( &local_transports_lock );
422 {
423 t->adb_port = adb_port;
424 atransport* existing_transport =
425 find_emulator_transport_by_adb_port_locked(adb_port);
426 int index = get_available_local_transport_index_locked();
427 if (existing_transport != NULL) {
428 D("local transport for port %d already registered (%p)?\n",
429 adb_port, existing_transport);
430 fail = -1;
431 } else if (index < 0) {
432 // Too many emulators.
433 D("cannot register more emulators. Maximum is %d\n",
434 ADB_LOCAL_TRANSPORT_MAX);
435 fail = -1;
436 } else {
437 local_transports[index] = t;
438 }
439 }
440 adb_mutex_unlock( &local_transports_lock );
441 }
442 #endif
443 return fail;
444 }
445