• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2007 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #define TRACE_TAG USB
18 
19 #include "sysdeps.h"
20 
21 #include <winsock2.h>  // winsock.h *must* be included before windows.h.
22 #include <adb_api.h>
23 #include <errno.h>
24 #include <stdio.h>
25 #include <stdlib.h>
26 #include <usb100.h>
27 #include <windows.h>
28 #include <winerror.h>
29 
30 #include <android-base/errors.h>
31 
32 #include "adb.h"
33 #include "transport.h"
34 
35 /** Structure usb_handle describes our connection to the usb device via
36   AdbWinApi.dll. This structure is returned from usb_open() routine and
37   is expected in each subsequent call that is accessing the device.
38 
39   Most members are protected by usb_lock, except for adb_{read,write}_pipe which
40   rely on AdbWinApi.dll's handle validation and AdbCloseHandle(endpoint)'s
41   ability to break a thread out of pipe IO.
42 */
43 struct usb_handle {
44   /// Previous entry in the list of opened usb handles
45   usb_handle *prev;
46 
47   /// Next entry in the list of opened usb handles
48   usb_handle *next;
49 
50   /// Handle to USB interface
51   ADBAPIHANDLE  adb_interface;
52 
53   /// Handle to USB read pipe (endpoint)
54   ADBAPIHANDLE  adb_read_pipe;
55 
56   /// Handle to USB write pipe (endpoint)
57   ADBAPIHANDLE  adb_write_pipe;
58 
59   /// Interface name
60   wchar_t*      interface_name;
61 
62   /// Mask for determining when to use zero length packets
63   unsigned zero_mask;
64 };
65 
66 /// Class ID assigned to the device by androidusb.sys
67 static const GUID usb_class_id = ANDROID_USB_CLASS_ID;
68 
69 /// List of opened usb handles
70 static usb_handle handle_list = {
71   .prev = &handle_list,
72   .next = &handle_list,
73 };
74 
75 /// Locker for the list of opened usb handles
76 ADB_MUTEX_DEFINE( usb_lock );
77 
78 /// Checks if there is opened usb handle in handle_list for this device.
79 int known_device(const wchar_t* dev_name);
80 
81 /// Checks if there is opened usb handle in handle_list for this device.
82 /// usb_lock mutex must be held before calling this routine.
83 int known_device_locked(const wchar_t* dev_name);
84 
85 /// Registers opened usb handle (adds it to handle_list).
86 int register_new_device(usb_handle* handle);
87 
88 /// Checks if interface (device) matches certain criteria
89 int recognized_device(usb_handle* handle);
90 
91 /// Enumerates present and available interfaces (devices), opens new ones and
92 /// registers usb transport for them.
93 void find_devices();
94 
95 /// Kicks all USB devices
96 static void kick_devices();
97 
98 /// Entry point for thread that polls (every second) for new usb interfaces.
99 /// This routine calls find_devices in infinite loop.
100 static void device_poll_thread(void*);
101 
102 /// Initializes this module
103 void usb_init();
104 
105 /// Opens usb interface (device) by interface (device) name.
106 usb_handle* do_usb_open(const wchar_t* interface_name);
107 
108 /// Writes data to the opened usb handle
109 int usb_write(usb_handle* handle, const void* data, int len);
110 
111 /// Reads data using the opened usb handle
112 int usb_read(usb_handle *handle, void* data, int len);
113 
114 /// Cleans up opened usb handle
115 void usb_cleanup_handle(usb_handle* handle);
116 
117 /// Cleans up (but don't close) opened usb handle
118 void usb_kick(usb_handle* handle);
119 
120 /// Closes opened usb handle
121 int usb_close(usb_handle* handle);
122 
known_device_locked(const wchar_t * dev_name)123 int known_device_locked(const wchar_t* dev_name) {
124   usb_handle* usb;
125 
126   if (NULL != dev_name) {
127     // Iterate through the list looking for the name match.
128     for(usb = handle_list.next; usb != &handle_list; usb = usb->next) {
129       // In Windows names are not case sensetive!
130       if((NULL != usb->interface_name) &&
131          (0 == wcsicmp(usb->interface_name, dev_name))) {
132         return 1;
133       }
134     }
135   }
136 
137   return 0;
138 }
139 
known_device(const wchar_t * dev_name)140 int known_device(const wchar_t* dev_name) {
141   int ret = 0;
142 
143   if (NULL != dev_name) {
144     adb_mutex_lock(&usb_lock);
145     ret = known_device_locked(dev_name);
146     adb_mutex_unlock(&usb_lock);
147   }
148 
149   return ret;
150 }
151 
register_new_device(usb_handle * handle)152 int register_new_device(usb_handle* handle) {
153   if (NULL == handle)
154     return 0;
155 
156   adb_mutex_lock(&usb_lock);
157 
158   // Check if device is already in the list
159   if (known_device_locked(handle->interface_name)) {
160     adb_mutex_unlock(&usb_lock);
161     return 0;
162   }
163 
164   // Not in the list. Add this handle to the list.
165   handle->next = &handle_list;
166   handle->prev = handle_list.prev;
167   handle->prev->next = handle;
168   handle->next->prev = handle;
169 
170   adb_mutex_unlock(&usb_lock);
171 
172   return 1;
173 }
174 
device_poll_thread(void *)175 void device_poll_thread(void*) {
176   adb_thread_setname("Device Poll");
177   D("Created device thread");
178 
179   while(1) {
180     find_devices();
181     adb_sleep_ms(1000);
182   }
183 }
184 
_power_window_proc(HWND hwnd,UINT uMsg,WPARAM wParam,LPARAM lParam)185 static LRESULT CALLBACK _power_window_proc(HWND hwnd, UINT uMsg, WPARAM wParam,
186                                            LPARAM lParam) {
187   switch (uMsg) {
188   case WM_POWERBROADCAST:
189     switch (wParam) {
190     case PBT_APMRESUMEAUTOMATIC:
191       // Resuming from sleep or hibernation, so kick all existing USB devices
192       // and then allow the device_poll_thread to redetect USB devices from
193       // scratch. If we don't do this, existing USB devices will never respond
194       // to us because they'll be waiting for the connect/auth handshake.
195       D("Received (WM_POWERBROADCAST, PBT_APMRESUMEAUTOMATIC) notification, "
196         "so kicking all USB devices\n");
197       kick_devices();
198       return TRUE;
199     }
200   }
201   return DefWindowProcW(hwnd, uMsg, wParam, lParam);
202 }
203 
_power_notification_thread(void *)204 static void _power_notification_thread(void*) {
205   // This uses a thread with its own window message pump to get power
206   // notifications. If adb runs from a non-interactive service account, this
207   // might not work (not sure). If that happens to not work, we could use
208   // heavyweight WMI APIs to get power notifications. But for the common case
209   // of a developer's interactive session, a window message pump is more
210   // appropriate.
211   D("Created power notification thread");
212   adb_thread_setname("Power Notifier");
213 
214   // Window class names are process specific.
215   static const WCHAR kPowerNotificationWindowClassName[] =
216     L"PowerNotificationWindow";
217 
218   // Get the HINSTANCE corresponding to the module that _power_window_proc
219   // is in (the main module).
220   const HINSTANCE instance = GetModuleHandleW(NULL);
221   if (!instance) {
222     // This is such a common API call that this should never fail.
223     fatal("GetModuleHandleW failed: %s",
224           android::base::SystemErrorCodeToString(GetLastError()).c_str());
225   }
226 
227   WNDCLASSEXW wndclass;
228   memset(&wndclass, 0, sizeof(wndclass));
229   wndclass.cbSize = sizeof(wndclass);
230   wndclass.lpfnWndProc = _power_window_proc;
231   wndclass.hInstance = instance;
232   wndclass.lpszClassName = kPowerNotificationWindowClassName;
233   if (!RegisterClassExW(&wndclass)) {
234     fatal("RegisterClassExW failed: %s",
235           android::base::SystemErrorCodeToString(GetLastError()).c_str());
236   }
237 
238   if (!CreateWindowExW(WS_EX_NOACTIVATE, kPowerNotificationWindowClassName,
239                        L"ADB Power Notification Window", WS_POPUP, 0, 0, 0, 0,
240                        NULL, NULL, instance, NULL)) {
241     fatal("CreateWindowExW failed: %s",
242           android::base::SystemErrorCodeToString(GetLastError()).c_str());
243   }
244 
245   MSG msg;
246   while (GetMessageW(&msg, NULL, 0, 0)) {
247     TranslateMessage(&msg);
248     DispatchMessageW(&msg);
249   }
250 
251   // GetMessageW() will return false if a quit message is posted. We don't
252   // do that, but it might be possible for that to occur when logging off or
253   // shutting down. Not a big deal since the whole process will be going away
254   // soon anyway.
255   D("Power notification thread exiting");
256 }
257 
usb_init()258 void usb_init() {
259   if (!adb_thread_create(device_poll_thread, nullptr)) {
260     fatal_errno("cannot create device poll thread");
261   }
262   if (!adb_thread_create(_power_notification_thread, nullptr)) {
263     fatal_errno("cannot create power notification thread");
264   }
265 }
266 
do_usb_open(const wchar_t * interface_name)267 usb_handle* do_usb_open(const wchar_t* interface_name) {
268   unsigned long name_len = 0;
269 
270   // Allocate our handle
271   usb_handle* ret = (usb_handle*)calloc(1, sizeof(usb_handle));
272   if (NULL == ret) {
273     D("Could not allocate %u bytes for usb_handle: %s", sizeof(usb_handle),
274       strerror(errno));
275     goto fail;
276   }
277 
278   // Set linkers back to the handle
279   ret->next = ret;
280   ret->prev = ret;
281 
282   // Create interface.
283   ret->adb_interface = AdbCreateInterfaceByName(interface_name);
284   if (NULL == ret->adb_interface) {
285     D("AdbCreateInterfaceByName failed: %s",
286       android::base::SystemErrorCodeToString(GetLastError()).c_str());
287     goto fail;
288   }
289 
290   // Open read pipe (endpoint)
291   ret->adb_read_pipe =
292     AdbOpenDefaultBulkReadEndpoint(ret->adb_interface,
293                                    AdbOpenAccessTypeReadWrite,
294                                    AdbOpenSharingModeReadWrite);
295   if (NULL == ret->adb_read_pipe) {
296     D("AdbOpenDefaultBulkReadEndpoint failed: %s",
297       android::base::SystemErrorCodeToString(GetLastError()).c_str());
298     goto fail;
299   }
300 
301   // Open write pipe (endpoint)
302   ret->adb_write_pipe =
303     AdbOpenDefaultBulkWriteEndpoint(ret->adb_interface,
304                                     AdbOpenAccessTypeReadWrite,
305                                     AdbOpenSharingModeReadWrite);
306   if (NULL == ret->adb_write_pipe) {
307     D("AdbOpenDefaultBulkWriteEndpoint failed: %s",
308       android::base::SystemErrorCodeToString(GetLastError()).c_str());
309     goto fail;
310   }
311 
312   // Save interface name
313   // First get expected name length
314   AdbGetInterfaceName(ret->adb_interface,
315                       NULL,
316                       &name_len,
317                       false);
318   if (0 == name_len) {
319     D("AdbGetInterfaceName returned name length of zero: %s",
320       android::base::SystemErrorCodeToString(GetLastError()).c_str());
321     goto fail;
322   }
323 
324   ret->interface_name = (wchar_t*)malloc(name_len * sizeof(ret->interface_name[0]));
325   if (NULL == ret->interface_name) {
326     D("Could not allocate %lu characters for interface_name: %s", name_len, strerror(errno));
327     goto fail;
328   }
329 
330   // Now save the name
331   if (!AdbGetInterfaceName(ret->adb_interface,
332                            ret->interface_name,
333                            &name_len,
334                            false)) {
335     D("AdbGetInterfaceName failed: %s",
336       android::base::SystemErrorCodeToString(GetLastError()).c_str());
337     goto fail;
338   }
339 
340   // We're done at this point
341   return ret;
342 
343 fail:
344   if (NULL != ret) {
345     usb_cleanup_handle(ret);
346     free(ret);
347   }
348 
349   return NULL;
350 }
351 
usb_write(usb_handle * handle,const void * data,int len)352 int usb_write(usb_handle* handle, const void* data, int len) {
353   unsigned long time_out = 5000;
354   unsigned long written = 0;
355   int err = 0;
356 
357   D("usb_write %d", len);
358   if (NULL == handle) {
359     D("usb_write was passed NULL handle");
360     err = EINVAL;
361     goto fail;
362   }
363 
364   // Perform write
365   if (!AdbWriteEndpointSync(handle->adb_write_pipe,
366                             (void*)data,
367                             (unsigned long)len,
368                             &written,
369                             time_out)) {
370     D("AdbWriteEndpointSync failed: %s",
371       android::base::SystemErrorCodeToString(GetLastError()).c_str());
372     err = EIO;
373     goto fail;
374   }
375 
376   // Make sure that we've written what we were asked to write
377   D("usb_write got: %ld, expected: %d", written, len);
378   if (written != (unsigned long)len) {
379     // If this occurs, this code should be changed to repeatedly call
380     // AdbWriteEndpointSync() until all bytes are written.
381     D("AdbWriteEndpointSync was supposed to write %d, but only wrote %ld",
382       len, written);
383     err = EIO;
384     goto fail;
385   }
386 
387   if (handle->zero_mask && (len & handle->zero_mask) == 0) {
388     // Send a zero length packet
389     if (!AdbWriteEndpointSync(handle->adb_write_pipe,
390                               (void*)data,
391                               0,
392                               &written,
393                               time_out)) {
394       D("AdbWriteEndpointSync of zero length packet failed: %s",
395         android::base::SystemErrorCodeToString(GetLastError()).c_str());
396       err = EIO;
397       goto fail;
398     }
399   }
400 
401   return 0;
402 
403 fail:
404   // Any failure should cause us to kick the device instead of leaving it a
405   // zombie state with potential to hang.
406   if (NULL != handle) {
407     D("Kicking device due to error in usb_write");
408     usb_kick(handle);
409   }
410 
411   D("usb_write failed");
412   errno = err;
413   return -1;
414 }
415 
usb_read(usb_handle * handle,void * data,int len)416 int usb_read(usb_handle *handle, void* data, int len) {
417   unsigned long time_out = 0;
418   unsigned long read = 0;
419   int err = 0;
420 
421   D("usb_read %d", len);
422   if (NULL == handle) {
423     D("usb_read was passed NULL handle");
424     err = EINVAL;
425     goto fail;
426   }
427 
428   while (len > 0) {
429     if (!AdbReadEndpointSync(handle->adb_read_pipe, data, len, &read,
430                              time_out)) {
431       D("AdbReadEndpointSync failed: %s",
432         android::base::SystemErrorCodeToString(GetLastError()).c_str());
433       err = EIO;
434       goto fail;
435     }
436     D("usb_read got: %ld, expected: %d", read, len);
437 
438     data = (char *)data + read;
439     len -= read;
440   }
441 
442   return 0;
443 
444 fail:
445   // Any failure should cause us to kick the device instead of leaving it a
446   // zombie state with potential to hang.
447   if (NULL != handle) {
448     D("Kicking device due to error in usb_read");
449     usb_kick(handle);
450   }
451 
452   D("usb_read failed");
453   errno = err;
454   return -1;
455 }
456 
457 // Wrapper around AdbCloseHandle() that logs diagnostics.
_adb_close_handle(ADBAPIHANDLE adb_handle)458 static void _adb_close_handle(ADBAPIHANDLE adb_handle) {
459   if (!AdbCloseHandle(adb_handle)) {
460     D("AdbCloseHandle(%p) failed: %s", adb_handle,
461       android::base::SystemErrorCodeToString(GetLastError()).c_str());
462   }
463 }
464 
usb_cleanup_handle(usb_handle * handle)465 void usb_cleanup_handle(usb_handle* handle) {
466   D("usb_cleanup_handle");
467   if (NULL != handle) {
468     if (NULL != handle->interface_name)
469       free(handle->interface_name);
470     // AdbCloseHandle(pipe) will break any threads out of pending IO calls and
471     // wait until the pipe no longer uses the interface. Then we can
472     // AdbCloseHandle() the interface.
473     if (NULL != handle->adb_write_pipe)
474       _adb_close_handle(handle->adb_write_pipe);
475     if (NULL != handle->adb_read_pipe)
476       _adb_close_handle(handle->adb_read_pipe);
477     if (NULL != handle->adb_interface)
478       _adb_close_handle(handle->adb_interface);
479 
480     handle->interface_name = NULL;
481     handle->adb_write_pipe = NULL;
482     handle->adb_read_pipe = NULL;
483     handle->adb_interface = NULL;
484   }
485 }
486 
usb_kick_locked(usb_handle * handle)487 static void usb_kick_locked(usb_handle* handle) {
488   // The reason the lock must be acquired before calling this function is in
489   // case multiple threads are trying to kick the same device at the same time.
490   usb_cleanup_handle(handle);
491 }
492 
usb_kick(usb_handle * handle)493 void usb_kick(usb_handle* handle) {
494   D("usb_kick");
495   if (NULL != handle) {
496     adb_mutex_lock(&usb_lock);
497 
498     usb_kick_locked(handle);
499 
500     adb_mutex_unlock(&usb_lock);
501   } else {
502     errno = EINVAL;
503   }
504 }
505 
usb_close(usb_handle * handle)506 int usb_close(usb_handle* handle) {
507   D("usb_close");
508 
509   if (NULL != handle) {
510     // Remove handle from the list
511     adb_mutex_lock(&usb_lock);
512 
513     if ((handle->next != handle) && (handle->prev != handle)) {
514       handle->next->prev = handle->prev;
515       handle->prev->next = handle->next;
516       handle->prev = handle;
517       handle->next = handle;
518     }
519 
520     adb_mutex_unlock(&usb_lock);
521 
522     // Cleanup handle
523     usb_cleanup_handle(handle);
524     free(handle);
525   }
526 
527   return 0;
528 }
529 
recognized_device(usb_handle * handle)530 int recognized_device(usb_handle* handle) {
531   if (NULL == handle)
532     return 0;
533 
534   // Check vendor and product id first
535   USB_DEVICE_DESCRIPTOR device_desc;
536 
537   if (!AdbGetUsbDeviceDescriptor(handle->adb_interface,
538                                  &device_desc)) {
539     D("AdbGetUsbDeviceDescriptor failed: %s",
540       android::base::SystemErrorCodeToString(GetLastError()).c_str());
541     return 0;
542   }
543 
544   // Then check interface properties
545   USB_INTERFACE_DESCRIPTOR interf_desc;
546 
547   if (!AdbGetUsbInterfaceDescriptor(handle->adb_interface,
548                                     &interf_desc)) {
549     D("AdbGetUsbInterfaceDescriptor failed: %s",
550       android::base::SystemErrorCodeToString(GetLastError()).c_str());
551     return 0;
552   }
553 
554   // Must have two endpoints
555   if (2 != interf_desc.bNumEndpoints) {
556     return 0;
557   }
558 
559   if (is_adb_interface(device_desc.idVendor, device_desc.idProduct,
560       interf_desc.bInterfaceClass, interf_desc.bInterfaceSubClass, interf_desc.bInterfaceProtocol)) {
561 
562     if(interf_desc.bInterfaceProtocol == 0x01) {
563       AdbEndpointInformation endpoint_info;
564       // assuming zero is a valid bulk endpoint ID
565       if (AdbGetEndpointInformation(handle->adb_interface, 0, &endpoint_info)) {
566         handle->zero_mask = endpoint_info.max_packet_size - 1;
567         D("device zero_mask: 0x%x", handle->zero_mask);
568       } else {
569         D("AdbGetEndpointInformation failed: %s",
570           android::base::SystemErrorCodeToString(GetLastError()).c_str());
571       }
572     }
573 
574     return 1;
575   }
576 
577   return 0;
578 }
579 
find_devices()580 void find_devices() {
581   usb_handle* handle = NULL;
582   char entry_buffer[2048];
583   AdbInterfaceInfo* next_interface = (AdbInterfaceInfo*)(&entry_buffer[0]);
584   unsigned long entry_buffer_size = sizeof(entry_buffer);
585 
586   // Enumerate all present and active interfaces.
587   ADBAPIHANDLE enum_handle =
588     AdbEnumInterfaces(usb_class_id, true, true, true);
589 
590   if (NULL == enum_handle) {
591     D("AdbEnumInterfaces failed: %s",
592       android::base::SystemErrorCodeToString(GetLastError()).c_str());
593     return;
594   }
595 
596   while (AdbNextInterface(enum_handle, next_interface, &entry_buffer_size)) {
597     // Lets see if we already have this device in the list
598     if (!known_device(next_interface->device_name)) {
599       // This seems to be a new device. Open it!
600       handle = do_usb_open(next_interface->device_name);
601       if (NULL != handle) {
602         // Lets see if this interface (device) belongs to us
603         if (recognized_device(handle)) {
604           D("adding a new device %ls", next_interface->device_name);
605 
606           // We don't request a wchar_t string from AdbGetSerialNumber() because of a bug in
607           // adb_winusb_interface.cpp:CopyMemory(buffer, ser_num->bString, bytes_written) where the
608           // last parameter should be (str_len * sizeof(wchar_t)). The bug reads 2 bytes past the
609           // end of a stack buffer in the best case, and in the unlikely case of a long serial
610           // number, it will read 2 bytes past the end of a heap allocation. This doesn't affect the
611           // resulting string, but we should avoid the bad reads in the first place.
612           char serial_number[512];
613           unsigned long serial_number_len = sizeof(serial_number);
614           if (AdbGetSerialNumber(handle->adb_interface,
615                                 serial_number,
616                                 &serial_number_len,
617                                 true)) {
618             // Lets make sure that we don't duplicate this device
619             if (register_new_device(handle)) {
620               register_usb_transport(handle, serial_number, NULL, 1);
621             } else {
622               D("register_new_device failed for %ls", next_interface->device_name);
623               usb_cleanup_handle(handle);
624               free(handle);
625             }
626           } else {
627             D("cannot get serial number: %s",
628               android::base::SystemErrorCodeToString(GetLastError()).c_str());
629             usb_cleanup_handle(handle);
630             free(handle);
631           }
632         } else {
633           usb_cleanup_handle(handle);
634           free(handle);
635         }
636       }
637     }
638 
639     entry_buffer_size = sizeof(entry_buffer);
640   }
641 
642   if (GetLastError() != ERROR_NO_MORE_ITEMS) {
643     // Only ERROR_NO_MORE_ITEMS is expected at the end of enumeration.
644     D("AdbNextInterface failed: %s",
645       android::base::SystemErrorCodeToString(GetLastError()).c_str());
646   }
647 
648   _adb_close_handle(enum_handle);
649 }
650 
kick_devices()651 static void kick_devices() {
652   // Need to acquire lock to safely walk the list which might be modified
653   // by another thread.
654   adb_mutex_lock(&usb_lock);
655   for (usb_handle* usb = handle_list.next; usb != &handle_list; usb = usb->next) {
656     usb_kick_locked(usb);
657   }
658   adb_mutex_unlock(&usb_lock);
659 }
660