1 /*
2 * Copyright (C) 2007 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #define TRACE_TAG USB
18
19 #include "sysdeps.h"
20
21 #include <winsock2.h> // winsock.h *must* be included before windows.h.
22 #include <adb_api.h>
23 #include <errno.h>
24 #include <stdio.h>
25 #include <stdlib.h>
26 #include <usb100.h>
27 #include <windows.h>
28 #include <winerror.h>
29
30 #include <android-base/errors.h>
31
32 #include "adb.h"
33 #include "transport.h"
34
35 /** Structure usb_handle describes our connection to the usb device via
36 AdbWinApi.dll. This structure is returned from usb_open() routine and
37 is expected in each subsequent call that is accessing the device.
38
39 Most members are protected by usb_lock, except for adb_{read,write}_pipe which
40 rely on AdbWinApi.dll's handle validation and AdbCloseHandle(endpoint)'s
41 ability to break a thread out of pipe IO.
42 */
43 struct usb_handle {
44 /// Previous entry in the list of opened usb handles
45 usb_handle *prev;
46
47 /// Next entry in the list of opened usb handles
48 usb_handle *next;
49
50 /// Handle to USB interface
51 ADBAPIHANDLE adb_interface;
52
53 /// Handle to USB read pipe (endpoint)
54 ADBAPIHANDLE adb_read_pipe;
55
56 /// Handle to USB write pipe (endpoint)
57 ADBAPIHANDLE adb_write_pipe;
58
59 /// Interface name
60 wchar_t* interface_name;
61
62 /// Mask for determining when to use zero length packets
63 unsigned zero_mask;
64 };
65
66 /// Class ID assigned to the device by androidusb.sys
67 static const GUID usb_class_id = ANDROID_USB_CLASS_ID;
68
69 /// List of opened usb handles
70 static usb_handle handle_list = {
71 .prev = &handle_list,
72 .next = &handle_list,
73 };
74
75 /// Locker for the list of opened usb handles
76 ADB_MUTEX_DEFINE( usb_lock );
77
78 /// Checks if there is opened usb handle in handle_list for this device.
79 int known_device(const wchar_t* dev_name);
80
81 /// Checks if there is opened usb handle in handle_list for this device.
82 /// usb_lock mutex must be held before calling this routine.
83 int known_device_locked(const wchar_t* dev_name);
84
85 /// Registers opened usb handle (adds it to handle_list).
86 int register_new_device(usb_handle* handle);
87
88 /// Checks if interface (device) matches certain criteria
89 int recognized_device(usb_handle* handle);
90
91 /// Enumerates present and available interfaces (devices), opens new ones and
92 /// registers usb transport for them.
93 void find_devices();
94
95 /// Kicks all USB devices
96 static void kick_devices();
97
98 /// Entry point for thread that polls (every second) for new usb interfaces.
99 /// This routine calls find_devices in infinite loop.
100 static void device_poll_thread(void*);
101
102 /// Initializes this module
103 void usb_init();
104
105 /// Opens usb interface (device) by interface (device) name.
106 usb_handle* do_usb_open(const wchar_t* interface_name);
107
108 /// Writes data to the opened usb handle
109 int usb_write(usb_handle* handle, const void* data, int len);
110
111 /// Reads data using the opened usb handle
112 int usb_read(usb_handle *handle, void* data, int len);
113
114 /// Cleans up opened usb handle
115 void usb_cleanup_handle(usb_handle* handle);
116
117 /// Cleans up (but don't close) opened usb handle
118 void usb_kick(usb_handle* handle);
119
120 /// Closes opened usb handle
121 int usb_close(usb_handle* handle);
122
known_device_locked(const wchar_t * dev_name)123 int known_device_locked(const wchar_t* dev_name) {
124 usb_handle* usb;
125
126 if (NULL != dev_name) {
127 // Iterate through the list looking for the name match.
128 for(usb = handle_list.next; usb != &handle_list; usb = usb->next) {
129 // In Windows names are not case sensetive!
130 if((NULL != usb->interface_name) &&
131 (0 == wcsicmp(usb->interface_name, dev_name))) {
132 return 1;
133 }
134 }
135 }
136
137 return 0;
138 }
139
known_device(const wchar_t * dev_name)140 int known_device(const wchar_t* dev_name) {
141 int ret = 0;
142
143 if (NULL != dev_name) {
144 adb_mutex_lock(&usb_lock);
145 ret = known_device_locked(dev_name);
146 adb_mutex_unlock(&usb_lock);
147 }
148
149 return ret;
150 }
151
register_new_device(usb_handle * handle)152 int register_new_device(usb_handle* handle) {
153 if (NULL == handle)
154 return 0;
155
156 adb_mutex_lock(&usb_lock);
157
158 // Check if device is already in the list
159 if (known_device_locked(handle->interface_name)) {
160 adb_mutex_unlock(&usb_lock);
161 return 0;
162 }
163
164 // Not in the list. Add this handle to the list.
165 handle->next = &handle_list;
166 handle->prev = handle_list.prev;
167 handle->prev->next = handle;
168 handle->next->prev = handle;
169
170 adb_mutex_unlock(&usb_lock);
171
172 return 1;
173 }
174
device_poll_thread(void *)175 void device_poll_thread(void*) {
176 adb_thread_setname("Device Poll");
177 D("Created device thread");
178
179 while(1) {
180 find_devices();
181 adb_sleep_ms(1000);
182 }
183 }
184
_power_window_proc(HWND hwnd,UINT uMsg,WPARAM wParam,LPARAM lParam)185 static LRESULT CALLBACK _power_window_proc(HWND hwnd, UINT uMsg, WPARAM wParam,
186 LPARAM lParam) {
187 switch (uMsg) {
188 case WM_POWERBROADCAST:
189 switch (wParam) {
190 case PBT_APMRESUMEAUTOMATIC:
191 // Resuming from sleep or hibernation, so kick all existing USB devices
192 // and then allow the device_poll_thread to redetect USB devices from
193 // scratch. If we don't do this, existing USB devices will never respond
194 // to us because they'll be waiting for the connect/auth handshake.
195 D("Received (WM_POWERBROADCAST, PBT_APMRESUMEAUTOMATIC) notification, "
196 "so kicking all USB devices\n");
197 kick_devices();
198 return TRUE;
199 }
200 }
201 return DefWindowProcW(hwnd, uMsg, wParam, lParam);
202 }
203
_power_notification_thread(void *)204 static void _power_notification_thread(void*) {
205 // This uses a thread with its own window message pump to get power
206 // notifications. If adb runs from a non-interactive service account, this
207 // might not work (not sure). If that happens to not work, we could use
208 // heavyweight WMI APIs to get power notifications. But for the common case
209 // of a developer's interactive session, a window message pump is more
210 // appropriate.
211 D("Created power notification thread");
212 adb_thread_setname("Power Notifier");
213
214 // Window class names are process specific.
215 static const WCHAR kPowerNotificationWindowClassName[] =
216 L"PowerNotificationWindow";
217
218 // Get the HINSTANCE corresponding to the module that _power_window_proc
219 // is in (the main module).
220 const HINSTANCE instance = GetModuleHandleW(NULL);
221 if (!instance) {
222 // This is such a common API call that this should never fail.
223 fatal("GetModuleHandleW failed: %s",
224 android::base::SystemErrorCodeToString(GetLastError()).c_str());
225 }
226
227 WNDCLASSEXW wndclass;
228 memset(&wndclass, 0, sizeof(wndclass));
229 wndclass.cbSize = sizeof(wndclass);
230 wndclass.lpfnWndProc = _power_window_proc;
231 wndclass.hInstance = instance;
232 wndclass.lpszClassName = kPowerNotificationWindowClassName;
233 if (!RegisterClassExW(&wndclass)) {
234 fatal("RegisterClassExW failed: %s",
235 android::base::SystemErrorCodeToString(GetLastError()).c_str());
236 }
237
238 if (!CreateWindowExW(WS_EX_NOACTIVATE, kPowerNotificationWindowClassName,
239 L"ADB Power Notification Window", WS_POPUP, 0, 0, 0, 0,
240 NULL, NULL, instance, NULL)) {
241 fatal("CreateWindowExW failed: %s",
242 android::base::SystemErrorCodeToString(GetLastError()).c_str());
243 }
244
245 MSG msg;
246 while (GetMessageW(&msg, NULL, 0, 0)) {
247 TranslateMessage(&msg);
248 DispatchMessageW(&msg);
249 }
250
251 // GetMessageW() will return false if a quit message is posted. We don't
252 // do that, but it might be possible for that to occur when logging off or
253 // shutting down. Not a big deal since the whole process will be going away
254 // soon anyway.
255 D("Power notification thread exiting");
256 }
257
usb_init()258 void usb_init() {
259 if (!adb_thread_create(device_poll_thread, nullptr)) {
260 fatal_errno("cannot create device poll thread");
261 }
262 if (!adb_thread_create(_power_notification_thread, nullptr)) {
263 fatal_errno("cannot create power notification thread");
264 }
265 }
266
do_usb_open(const wchar_t * interface_name)267 usb_handle* do_usb_open(const wchar_t* interface_name) {
268 unsigned long name_len = 0;
269
270 // Allocate our handle
271 usb_handle* ret = (usb_handle*)calloc(1, sizeof(usb_handle));
272 if (NULL == ret) {
273 D("Could not allocate %u bytes for usb_handle: %s", sizeof(usb_handle),
274 strerror(errno));
275 goto fail;
276 }
277
278 // Set linkers back to the handle
279 ret->next = ret;
280 ret->prev = ret;
281
282 // Create interface.
283 ret->adb_interface = AdbCreateInterfaceByName(interface_name);
284 if (NULL == ret->adb_interface) {
285 D("AdbCreateInterfaceByName failed: %s",
286 android::base::SystemErrorCodeToString(GetLastError()).c_str());
287 goto fail;
288 }
289
290 // Open read pipe (endpoint)
291 ret->adb_read_pipe =
292 AdbOpenDefaultBulkReadEndpoint(ret->adb_interface,
293 AdbOpenAccessTypeReadWrite,
294 AdbOpenSharingModeReadWrite);
295 if (NULL == ret->adb_read_pipe) {
296 D("AdbOpenDefaultBulkReadEndpoint failed: %s",
297 android::base::SystemErrorCodeToString(GetLastError()).c_str());
298 goto fail;
299 }
300
301 // Open write pipe (endpoint)
302 ret->adb_write_pipe =
303 AdbOpenDefaultBulkWriteEndpoint(ret->adb_interface,
304 AdbOpenAccessTypeReadWrite,
305 AdbOpenSharingModeReadWrite);
306 if (NULL == ret->adb_write_pipe) {
307 D("AdbOpenDefaultBulkWriteEndpoint failed: %s",
308 android::base::SystemErrorCodeToString(GetLastError()).c_str());
309 goto fail;
310 }
311
312 // Save interface name
313 // First get expected name length
314 AdbGetInterfaceName(ret->adb_interface,
315 NULL,
316 &name_len,
317 false);
318 if (0 == name_len) {
319 D("AdbGetInterfaceName returned name length of zero: %s",
320 android::base::SystemErrorCodeToString(GetLastError()).c_str());
321 goto fail;
322 }
323
324 ret->interface_name = (wchar_t*)malloc(name_len * sizeof(ret->interface_name[0]));
325 if (NULL == ret->interface_name) {
326 D("Could not allocate %lu characters for interface_name: %s", name_len, strerror(errno));
327 goto fail;
328 }
329
330 // Now save the name
331 if (!AdbGetInterfaceName(ret->adb_interface,
332 ret->interface_name,
333 &name_len,
334 false)) {
335 D("AdbGetInterfaceName failed: %s",
336 android::base::SystemErrorCodeToString(GetLastError()).c_str());
337 goto fail;
338 }
339
340 // We're done at this point
341 return ret;
342
343 fail:
344 if (NULL != ret) {
345 usb_cleanup_handle(ret);
346 free(ret);
347 }
348
349 return NULL;
350 }
351
usb_write(usb_handle * handle,const void * data,int len)352 int usb_write(usb_handle* handle, const void* data, int len) {
353 unsigned long time_out = 5000;
354 unsigned long written = 0;
355 int err = 0;
356
357 D("usb_write %d", len);
358 if (NULL == handle) {
359 D("usb_write was passed NULL handle");
360 err = EINVAL;
361 goto fail;
362 }
363
364 // Perform write
365 if (!AdbWriteEndpointSync(handle->adb_write_pipe,
366 (void*)data,
367 (unsigned long)len,
368 &written,
369 time_out)) {
370 D("AdbWriteEndpointSync failed: %s",
371 android::base::SystemErrorCodeToString(GetLastError()).c_str());
372 err = EIO;
373 goto fail;
374 }
375
376 // Make sure that we've written what we were asked to write
377 D("usb_write got: %ld, expected: %d", written, len);
378 if (written != (unsigned long)len) {
379 // If this occurs, this code should be changed to repeatedly call
380 // AdbWriteEndpointSync() until all bytes are written.
381 D("AdbWriteEndpointSync was supposed to write %d, but only wrote %ld",
382 len, written);
383 err = EIO;
384 goto fail;
385 }
386
387 if (handle->zero_mask && (len & handle->zero_mask) == 0) {
388 // Send a zero length packet
389 if (!AdbWriteEndpointSync(handle->adb_write_pipe,
390 (void*)data,
391 0,
392 &written,
393 time_out)) {
394 D("AdbWriteEndpointSync of zero length packet failed: %s",
395 android::base::SystemErrorCodeToString(GetLastError()).c_str());
396 err = EIO;
397 goto fail;
398 }
399 }
400
401 return 0;
402
403 fail:
404 // Any failure should cause us to kick the device instead of leaving it a
405 // zombie state with potential to hang.
406 if (NULL != handle) {
407 D("Kicking device due to error in usb_write");
408 usb_kick(handle);
409 }
410
411 D("usb_write failed");
412 errno = err;
413 return -1;
414 }
415
usb_read(usb_handle * handle,void * data,int len)416 int usb_read(usb_handle *handle, void* data, int len) {
417 unsigned long time_out = 0;
418 unsigned long read = 0;
419 int err = 0;
420
421 D("usb_read %d", len);
422 if (NULL == handle) {
423 D("usb_read was passed NULL handle");
424 err = EINVAL;
425 goto fail;
426 }
427
428 while (len > 0) {
429 if (!AdbReadEndpointSync(handle->adb_read_pipe, data, len, &read,
430 time_out)) {
431 D("AdbReadEndpointSync failed: %s",
432 android::base::SystemErrorCodeToString(GetLastError()).c_str());
433 err = EIO;
434 goto fail;
435 }
436 D("usb_read got: %ld, expected: %d", read, len);
437
438 data = (char *)data + read;
439 len -= read;
440 }
441
442 return 0;
443
444 fail:
445 // Any failure should cause us to kick the device instead of leaving it a
446 // zombie state with potential to hang.
447 if (NULL != handle) {
448 D("Kicking device due to error in usb_read");
449 usb_kick(handle);
450 }
451
452 D("usb_read failed");
453 errno = err;
454 return -1;
455 }
456
457 // Wrapper around AdbCloseHandle() that logs diagnostics.
_adb_close_handle(ADBAPIHANDLE adb_handle)458 static void _adb_close_handle(ADBAPIHANDLE adb_handle) {
459 if (!AdbCloseHandle(adb_handle)) {
460 D("AdbCloseHandle(%p) failed: %s", adb_handle,
461 android::base::SystemErrorCodeToString(GetLastError()).c_str());
462 }
463 }
464
usb_cleanup_handle(usb_handle * handle)465 void usb_cleanup_handle(usb_handle* handle) {
466 D("usb_cleanup_handle");
467 if (NULL != handle) {
468 if (NULL != handle->interface_name)
469 free(handle->interface_name);
470 // AdbCloseHandle(pipe) will break any threads out of pending IO calls and
471 // wait until the pipe no longer uses the interface. Then we can
472 // AdbCloseHandle() the interface.
473 if (NULL != handle->adb_write_pipe)
474 _adb_close_handle(handle->adb_write_pipe);
475 if (NULL != handle->adb_read_pipe)
476 _adb_close_handle(handle->adb_read_pipe);
477 if (NULL != handle->adb_interface)
478 _adb_close_handle(handle->adb_interface);
479
480 handle->interface_name = NULL;
481 handle->adb_write_pipe = NULL;
482 handle->adb_read_pipe = NULL;
483 handle->adb_interface = NULL;
484 }
485 }
486
usb_kick_locked(usb_handle * handle)487 static void usb_kick_locked(usb_handle* handle) {
488 // The reason the lock must be acquired before calling this function is in
489 // case multiple threads are trying to kick the same device at the same time.
490 usb_cleanup_handle(handle);
491 }
492
usb_kick(usb_handle * handle)493 void usb_kick(usb_handle* handle) {
494 D("usb_kick");
495 if (NULL != handle) {
496 adb_mutex_lock(&usb_lock);
497
498 usb_kick_locked(handle);
499
500 adb_mutex_unlock(&usb_lock);
501 } else {
502 errno = EINVAL;
503 }
504 }
505
usb_close(usb_handle * handle)506 int usb_close(usb_handle* handle) {
507 D("usb_close");
508
509 if (NULL != handle) {
510 // Remove handle from the list
511 adb_mutex_lock(&usb_lock);
512
513 if ((handle->next != handle) && (handle->prev != handle)) {
514 handle->next->prev = handle->prev;
515 handle->prev->next = handle->next;
516 handle->prev = handle;
517 handle->next = handle;
518 }
519
520 adb_mutex_unlock(&usb_lock);
521
522 // Cleanup handle
523 usb_cleanup_handle(handle);
524 free(handle);
525 }
526
527 return 0;
528 }
529
recognized_device(usb_handle * handle)530 int recognized_device(usb_handle* handle) {
531 if (NULL == handle)
532 return 0;
533
534 // Check vendor and product id first
535 USB_DEVICE_DESCRIPTOR device_desc;
536
537 if (!AdbGetUsbDeviceDescriptor(handle->adb_interface,
538 &device_desc)) {
539 D("AdbGetUsbDeviceDescriptor failed: %s",
540 android::base::SystemErrorCodeToString(GetLastError()).c_str());
541 return 0;
542 }
543
544 // Then check interface properties
545 USB_INTERFACE_DESCRIPTOR interf_desc;
546
547 if (!AdbGetUsbInterfaceDescriptor(handle->adb_interface,
548 &interf_desc)) {
549 D("AdbGetUsbInterfaceDescriptor failed: %s",
550 android::base::SystemErrorCodeToString(GetLastError()).c_str());
551 return 0;
552 }
553
554 // Must have two endpoints
555 if (2 != interf_desc.bNumEndpoints) {
556 return 0;
557 }
558
559 if (is_adb_interface(device_desc.idVendor, device_desc.idProduct,
560 interf_desc.bInterfaceClass, interf_desc.bInterfaceSubClass, interf_desc.bInterfaceProtocol)) {
561
562 if(interf_desc.bInterfaceProtocol == 0x01) {
563 AdbEndpointInformation endpoint_info;
564 // assuming zero is a valid bulk endpoint ID
565 if (AdbGetEndpointInformation(handle->adb_interface, 0, &endpoint_info)) {
566 handle->zero_mask = endpoint_info.max_packet_size - 1;
567 D("device zero_mask: 0x%x", handle->zero_mask);
568 } else {
569 D("AdbGetEndpointInformation failed: %s",
570 android::base::SystemErrorCodeToString(GetLastError()).c_str());
571 }
572 }
573
574 return 1;
575 }
576
577 return 0;
578 }
579
find_devices()580 void find_devices() {
581 usb_handle* handle = NULL;
582 char entry_buffer[2048];
583 AdbInterfaceInfo* next_interface = (AdbInterfaceInfo*)(&entry_buffer[0]);
584 unsigned long entry_buffer_size = sizeof(entry_buffer);
585
586 // Enumerate all present and active interfaces.
587 ADBAPIHANDLE enum_handle =
588 AdbEnumInterfaces(usb_class_id, true, true, true);
589
590 if (NULL == enum_handle) {
591 D("AdbEnumInterfaces failed: %s",
592 android::base::SystemErrorCodeToString(GetLastError()).c_str());
593 return;
594 }
595
596 while (AdbNextInterface(enum_handle, next_interface, &entry_buffer_size)) {
597 // Lets see if we already have this device in the list
598 if (!known_device(next_interface->device_name)) {
599 // This seems to be a new device. Open it!
600 handle = do_usb_open(next_interface->device_name);
601 if (NULL != handle) {
602 // Lets see if this interface (device) belongs to us
603 if (recognized_device(handle)) {
604 D("adding a new device %ls", next_interface->device_name);
605
606 // We don't request a wchar_t string from AdbGetSerialNumber() because of a bug in
607 // adb_winusb_interface.cpp:CopyMemory(buffer, ser_num->bString, bytes_written) where the
608 // last parameter should be (str_len * sizeof(wchar_t)). The bug reads 2 bytes past the
609 // end of a stack buffer in the best case, and in the unlikely case of a long serial
610 // number, it will read 2 bytes past the end of a heap allocation. This doesn't affect the
611 // resulting string, but we should avoid the bad reads in the first place.
612 char serial_number[512];
613 unsigned long serial_number_len = sizeof(serial_number);
614 if (AdbGetSerialNumber(handle->adb_interface,
615 serial_number,
616 &serial_number_len,
617 true)) {
618 // Lets make sure that we don't duplicate this device
619 if (register_new_device(handle)) {
620 register_usb_transport(handle, serial_number, NULL, 1);
621 } else {
622 D("register_new_device failed for %ls", next_interface->device_name);
623 usb_cleanup_handle(handle);
624 free(handle);
625 }
626 } else {
627 D("cannot get serial number: %s",
628 android::base::SystemErrorCodeToString(GetLastError()).c_str());
629 usb_cleanup_handle(handle);
630 free(handle);
631 }
632 } else {
633 usb_cleanup_handle(handle);
634 free(handle);
635 }
636 }
637 }
638
639 entry_buffer_size = sizeof(entry_buffer);
640 }
641
642 if (GetLastError() != ERROR_NO_MORE_ITEMS) {
643 // Only ERROR_NO_MORE_ITEMS is expected at the end of enumeration.
644 D("AdbNextInterface failed: %s",
645 android::base::SystemErrorCodeToString(GetLastError()).c_str());
646 }
647
648 _adb_close_handle(enum_handle);
649 }
650
kick_devices()651 static void kick_devices() {
652 // Need to acquire lock to safely walk the list which might be modified
653 // by another thread.
654 adb_mutex_lock(&usb_lock);
655 for (usb_handle* usb = handle_list.next; usb != &handle_list; usb = usb->next) {
656 usb_kick_locked(usb);
657 }
658 adb_mutex_unlock(&usb_lock);
659 }
660