1 /*
2 * Copyright (C) 2007 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #define TRACE_TAG USB
18
19 #include "sysdeps.h"
20
21 #include <CoreFoundation/CoreFoundation.h>
22
23 #include <IOKit/IOKitLib.h>
24 #include <IOKit/IOCFPlugIn.h>
25 #include <IOKit/usb/IOUSBLib.h>
26 #include <IOKit/IOMessage.h>
27 #include <mach/mach_port.h>
28
29 #include <inttypes.h>
30 #include <stdio.h>
31
32 #include <atomic>
33 #include <chrono>
34 #include <memory>
35 #include <mutex>
36 #include <thread>
37 #include <vector>
38
39 #include <android-base/logging.h>
40 #include <android-base/stringprintf.h>
41
42 #include "adb.h"
43 #include "transport.h"
44
45 using namespace std::chrono_literals;
46
47 namespace native {
48 struct usb_handle
49 {
50 UInt8 bulkIn;
51 UInt8 bulkOut;
52 IOUSBInterfaceInterface190** interface;
53 unsigned int zero_mask;
54
55 // For garbage collecting disconnected devices.
56 bool mark;
57 std::string devpath;
58 std::atomic<bool> dead;
59
usb_handlenative::usb_handle60 usb_handle() : bulkIn(0), bulkOut(0), interface(nullptr),
61 zero_mask(0), mark(false), dead(false) {
62 }
63 };
64
65 static std::atomic<bool> usb_inited_flag;
66
67 static auto& g_usb_handles_mutex = *new std::mutex();
68 static auto& g_usb_handles = *new std::vector<std::unique_ptr<usb_handle>>();
69
IsKnownDevice(const std::string & devpath)70 static bool IsKnownDevice(const std::string& devpath) {
71 std::lock_guard<std::mutex> lock_guard(g_usb_handles_mutex);
72 for (auto& usb : g_usb_handles) {
73 if (usb->devpath == devpath) {
74 // Set mark flag to indicate this device is still alive.
75 usb->mark = true;
76 return true;
77 }
78 }
79 return false;
80 }
81
82 static void usb_kick_locked(usb_handle* handle);
83
KickDisconnectedDevices()84 static void KickDisconnectedDevices() {
85 std::lock_guard<std::mutex> lock_guard(g_usb_handles_mutex);
86 for (auto& usb : g_usb_handles) {
87 if (!usb->mark) {
88 usb_kick_locked(usb.get());
89 } else {
90 usb->mark = false;
91 }
92 }
93 }
94
AddDevice(std::unique_ptr<usb_handle> handle)95 static void AddDevice(std::unique_ptr<usb_handle> handle) {
96 handle->mark = true;
97 std::lock_guard<std::mutex> lock(g_usb_handles_mutex);
98 g_usb_handles.push_back(std::move(handle));
99 }
100
101 static void AndroidInterfaceAdded(io_iterator_t iterator);
102 static std::unique_ptr<usb_handle> CheckInterface(IOUSBInterfaceInterface190 **iface,
103 UInt16 vendor, UInt16 product);
104
FindUSBDevices()105 static bool FindUSBDevices() {
106 // Create the matching dictionary to find the Android device's adb interface.
107 CFMutableDictionaryRef matchingDict = IOServiceMatching(kIOUSBInterfaceClassName);
108 if (!matchingDict) {
109 LOG(ERROR) << "couldn't create USB matching dictionary";
110 return false;
111 }
112 // Create an iterator for all I/O Registry objects that match the dictionary.
113 io_iterator_t iter = 0;
114 kern_return_t kr = IOServiceGetMatchingServices(kIOMasterPortDefault, matchingDict, &iter);
115 if (kr != KERN_SUCCESS) {
116 LOG(ERROR) << "failed to get matching services";
117 return false;
118 }
119 // Iterate over all matching objects.
120 AndroidInterfaceAdded(iter);
121 IOObjectRelease(iter);
122 return true;
123 }
124
125 static void
AndroidInterfaceAdded(io_iterator_t iterator)126 AndroidInterfaceAdded(io_iterator_t iterator)
127 {
128 kern_return_t kr;
129 io_service_t usbDevice;
130 io_service_t usbInterface;
131 IOCFPlugInInterface **plugInInterface = NULL;
132 IOUSBInterfaceInterface220 **iface = NULL;
133 IOUSBDeviceInterface197 **dev = NULL;
134 HRESULT result;
135 SInt32 score;
136 uint32_t locationId;
137 UInt8 if_class, subclass, protocol;
138 UInt16 vendor;
139 UInt16 product;
140 UInt8 serialIndex;
141 char serial[256];
142 std::string devpath;
143
144 while ((usbInterface = IOIteratorNext(iterator))) {
145 //* Create an intermediate interface plugin
146 kr = IOCreatePlugInInterfaceForService(usbInterface,
147 kIOUSBInterfaceUserClientTypeID,
148 kIOCFPlugInInterfaceID,
149 &plugInInterface, &score);
150 IOObjectRelease(usbInterface);
151 if ((kIOReturnSuccess != kr) || (!plugInInterface)) {
152 LOG(ERROR) << "Unable to create an interface plug-in (" << std::hex << kr << ")";
153 continue;
154 }
155
156 //* This gets us the interface object
157 result = (*plugInInterface)->QueryInterface(
158 plugInInterface,
159 CFUUIDGetUUIDBytes(kIOUSBInterfaceInterfaceID), (LPVOID*)&iface);
160 //* We only needed the plugin to get the interface, so discard it
161 (*plugInInterface)->Release(plugInInterface);
162 if (result || !iface) {
163 LOG(ERROR) << "Couldn't query the interface (" << std::hex << result << ")";
164 continue;
165 }
166
167 kr = (*iface)->GetInterfaceClass(iface, &if_class);
168 kr = (*iface)->GetInterfaceSubClass(iface, &subclass);
169 kr = (*iface)->GetInterfaceProtocol(iface, &protocol);
170 if(if_class != ADB_CLASS || subclass != ADB_SUBCLASS || protocol != ADB_PROTOCOL) {
171 // Ignore non-ADB devices.
172 LOG(DEBUG) << "Ignoring interface with incorrect class/subclass/protocol - " << if_class
173 << ", " << subclass << ", " << protocol;
174 (*iface)->Release(iface);
175 continue;
176 }
177
178 //* this gets us an ioservice, with which we will find the actual
179 //* device; after getting a plugin, and querying the interface, of
180 //* course.
181 //* Gotta love OS X
182 kr = (*iface)->GetDevice(iface, &usbDevice);
183 if (kIOReturnSuccess != kr || !usbDevice) {
184 LOG(ERROR) << "Couldn't grab device from interface (" << std::hex << kr << ")";
185 (*iface)->Release(iface);
186 continue;
187 }
188
189 plugInInterface = NULL;
190 score = 0;
191 //* create an intermediate device plugin
192 kr = IOCreatePlugInInterfaceForService(usbDevice,
193 kIOUSBDeviceUserClientTypeID,
194 kIOCFPlugInInterfaceID,
195 &plugInInterface, &score);
196 //* only needed this to find the plugin
197 (void)IOObjectRelease(usbDevice);
198 if ((kIOReturnSuccess != kr) || (!plugInInterface)) {
199 LOG(ERROR) << "Unable to create a device plug-in (" << std::hex << kr << ")";
200 (*iface)->Release(iface);
201 continue;
202 }
203
204 result = (*plugInInterface)->QueryInterface(plugInInterface,
205 CFUUIDGetUUIDBytes(kIOUSBDeviceInterfaceID), (LPVOID*)&dev);
206 //* only needed this to query the plugin
207 (*plugInInterface)->Release(plugInInterface);
208 if (result || !dev) {
209 LOG(ERROR) << "Couldn't create a device interface (" << std::hex << result << ")";
210 (*iface)->Release(iface);
211 continue;
212 }
213
214 //* Now after all that, we actually have a ref to the device and
215 //* the interface that matched our criteria
216 kr = (*dev)->GetDeviceVendor(dev, &vendor);
217 kr = (*dev)->GetDeviceProduct(dev, &product);
218 kr = (*dev)->GetLocationID(dev, &locationId);
219 if (kr == KERN_SUCCESS) {
220 devpath = android::base::StringPrintf("usb:%" PRIu32 "X", locationId);
221 if (IsKnownDevice(devpath)) {
222 (*dev)->Release(dev);
223 (*iface)->Release(iface);
224 continue;
225 }
226 }
227 kr = (*dev)->USBGetSerialNumberStringIndex(dev, &serialIndex);
228
229 if (serialIndex > 0) {
230 IOUSBDevRequest req;
231 UInt16 buffer[256];
232 UInt16 languages[128];
233
234 memset(languages, 0, sizeof(languages));
235
236 req.bmRequestType =
237 USBmakebmRequestType(kUSBIn, kUSBStandard, kUSBDevice);
238 req.bRequest = kUSBRqGetDescriptor;
239 req.wValue = (kUSBStringDesc << 8) | 0;
240 req.wIndex = 0;
241 req.pData = languages;
242 req.wLength = sizeof(languages);
243 kr = (*dev)->DeviceRequest(dev, &req);
244
245 if (kr == kIOReturnSuccess && req.wLenDone > 0) {
246
247 int langCount = (req.wLenDone - 2) / 2, lang;
248
249 for (lang = 1; lang <= langCount; lang++) {
250
251 memset(buffer, 0, sizeof(buffer));
252 memset(&req, 0, sizeof(req));
253
254 req.bmRequestType =
255 USBmakebmRequestType(kUSBIn, kUSBStandard, kUSBDevice);
256 req.bRequest = kUSBRqGetDescriptor;
257 req.wValue = (kUSBStringDesc << 8) | serialIndex;
258 req.wIndex = languages[lang];
259 req.pData = buffer;
260 req.wLength = sizeof(buffer);
261 kr = (*dev)->DeviceRequest(dev, &req);
262
263 if (kr == kIOReturnSuccess && req.wLenDone > 0) {
264 int i, count;
265
266 // skip first word, and copy the rest to the serial string,
267 // changing shorts to bytes.
268 count = (req.wLenDone - 1) / 2;
269 for (i = 0; i < count; i++)
270 serial[i] = buffer[i + 1];
271 serial[i] = 0;
272 break;
273 }
274 }
275 }
276 }
277
278 (*dev)->Release(dev);
279
280 VLOG(USB) << android::base::StringPrintf("Found vid=%04x pid=%04x serial=%s\n",
281 vendor, product, serial);
282 if (devpath.empty()) {
283 devpath = serial;
284 }
285 if (IsKnownDevice(devpath)) {
286 (*iface)->USBInterfaceClose(iface);
287 (*iface)->Release(iface);
288 continue;
289 }
290
291 std::unique_ptr<usb_handle> handle = CheckInterface((IOUSBInterfaceInterface190**)iface,
292 vendor, product);
293 if (handle == nullptr) {
294 LOG(ERROR) << "Could not find device interface";
295 (*iface)->Release(iface);
296 continue;
297 }
298 handle->devpath = devpath;
299 usb_handle* handle_p = handle.get();
300 VLOG(USB) << "Add usb device " << serial;
301 AddDevice(std::move(handle));
302 register_usb_transport(reinterpret_cast<::usb_handle*>(handle_p), serial, devpath.c_str(),
303 1);
304 }
305 }
306
307 // Used to clear both the endpoints before starting.
308 // When adb quits, we might clear the host endpoint but not the device.
309 // So we make sure both sides are clear before starting up.
ClearPipeStallBothEnds(IOUSBInterfaceInterface190 ** interface,UInt8 bulkEp)310 static bool ClearPipeStallBothEnds(IOUSBInterfaceInterface190** interface, UInt8 bulkEp) {
311 IOReturn rc = (*interface)->ClearPipeStallBothEnds(interface, bulkEp);
312 if (rc != kIOReturnSuccess) {
313 LOG(ERROR) << "Could not clear pipe stall both ends: " << std::hex << rc;
314 return false;
315 }
316 return true;
317 }
318
319 //* TODO: simplify this further since we only register to get ADB interface
320 //* subclass+protocol events
321 static std::unique_ptr<usb_handle>
CheckInterface(IOUSBInterfaceInterface190 ** interface,UInt16 vendor,UInt16 product)322 CheckInterface(IOUSBInterfaceInterface190 **interface, UInt16 vendor, UInt16 product)
323 {
324 std::unique_ptr<usb_handle> handle;
325 IOReturn kr;
326 UInt8 interfaceNumEndpoints, interfaceClass, interfaceSubClass, interfaceProtocol;
327 UInt8 endpoint;
328
329 //* Now open the interface. This will cause the pipes associated with
330 //* the endpoints in the interface descriptor to be instantiated
331 kr = (*interface)->USBInterfaceOpen(interface);
332 if (kr != kIOReturnSuccess) {
333 LOG(ERROR) << "Could not open interface: " << std::hex << kr;
334 return NULL;
335 }
336
337 //* Get the number of endpoints associated with this interface
338 kr = (*interface)->GetNumEndpoints(interface, &interfaceNumEndpoints);
339 if (kr != kIOReturnSuccess) {
340 LOG(ERROR) << "Unable to get number of endpoints: " << std::hex << kr;
341 goto err_get_num_ep;
342 }
343
344 //* Get interface class, subclass and protocol
345 if ((*interface)->GetInterfaceClass(interface, &interfaceClass) != kIOReturnSuccess ||
346 (*interface)->GetInterfaceSubClass(interface, &interfaceSubClass) != kIOReturnSuccess ||
347 (*interface)->GetInterfaceProtocol(interface, &interfaceProtocol) != kIOReturnSuccess) {
348 LOG(ERROR) << "Unable to get interface class, subclass and protocol";
349 goto err_get_interface_class;
350 }
351
352 //* check to make sure interface class, subclass and protocol match ADB
353 //* avoid opening mass storage endpoints
354 if (!is_adb_interface(interfaceClass, interfaceSubClass, interfaceProtocol)) {
355 goto err_bad_adb_interface;
356 }
357
358 handle.reset(new usb_handle);
359 if (handle == nullptr) {
360 goto err_bad_adb_interface;
361 }
362
363 //* Iterate over the endpoints for this interface and find the first
364 //* bulk in/out pipes available. These will be our read/write pipes.
365 for (endpoint = 1; endpoint <= interfaceNumEndpoints; endpoint++) {
366 UInt8 transferType;
367 UInt16 maxPacketSize;
368 UInt8 interval;
369 UInt8 number;
370 UInt8 direction;
371
372 kr = (*interface)->GetPipeProperties(interface, endpoint, &direction,
373 &number, &transferType, &maxPacketSize, &interval);
374 if (kr != kIOReturnSuccess) {
375 LOG(ERROR) << "FindDeviceInterface - could not get pipe properties: "
376 << std::hex << kr;
377 goto err_get_pipe_props;
378 }
379
380 if (kUSBBulk != transferType) continue;
381
382 if (kUSBIn == direction) {
383 handle->bulkIn = endpoint;
384 if (!ClearPipeStallBothEnds(interface, handle->bulkIn)) goto err_get_pipe_props;
385 }
386
387 if (kUSBOut == direction) {
388 handle->bulkOut = endpoint;
389 if (!ClearPipeStallBothEnds(interface, handle->bulkOut)) goto err_get_pipe_props;
390 }
391
392 handle->zero_mask = maxPacketSize - 1;
393 }
394
395 handle->interface = interface;
396 return handle;
397
398 err_get_pipe_props:
399 err_bad_adb_interface:
400 err_get_interface_class:
401 err_get_num_ep:
402 (*interface)->USBInterfaceClose(interface);
403 return nullptr;
404 }
405
406 std::mutex& operate_device_lock = *new std::mutex();
407
RunLoopThread(void * unused)408 static void RunLoopThread(void* unused) {
409 adb_thread_setname("RunLoop");
410
411 VLOG(USB) << "RunLoopThread started";
412 while (true) {
413 {
414 std::lock_guard<std::mutex> lock_guard(operate_device_lock);
415 FindUSBDevices();
416 KickDisconnectedDevices();
417 }
418 // Signal the parent that we are running
419 usb_inited_flag = true;
420 std::this_thread::sleep_for(1s);
421 }
422 VLOG(USB) << "RunLoopThread done";
423 }
424
usb_cleanup()425 static void usb_cleanup() {
426 VLOG(USB) << "usb_cleanup";
427 // Wait until usb operations in RunLoopThread finish, and prevent further operations.
428 operate_device_lock.lock();
429 close_usb_devices();
430 }
431
usb_init()432 void usb_init() {
433 static bool initialized = false;
434 if (!initialized) {
435 atexit(usb_cleanup);
436
437 usb_inited_flag = false;
438
439 if (!adb_thread_create(RunLoopThread, nullptr)) {
440 fatal_errno("cannot create RunLoop thread");
441 }
442
443 // Wait for initialization to finish
444 while (!usb_inited_flag) {
445 std::this_thread::sleep_for(100ms);
446 }
447
448 initialized = true;
449 }
450 }
451
usb_write(usb_handle * handle,const void * buf,int len)452 int usb_write(usb_handle *handle, const void *buf, int len)
453 {
454 IOReturn result;
455
456 if (!len)
457 return 0;
458
459 if (!handle || handle->dead)
460 return -1;
461
462 if (NULL == handle->interface) {
463 LOG(ERROR) << "usb_write interface was null";
464 return -1;
465 }
466
467 if (0 == handle->bulkOut) {
468 LOG(ERROR) << "bulkOut endpoint not assigned";
469 return -1;
470 }
471
472 result =
473 (*handle->interface)->WritePipe(handle->interface, handle->bulkOut, (void *)buf, len);
474
475 if ((result == 0) && (handle->zero_mask)) {
476 /* we need 0-markers and our transfer */
477 if(!(len & handle->zero_mask)) {
478 result =
479 (*handle->interface)->WritePipe(
480 handle->interface, handle->bulkOut, (void *)buf, 0);
481 }
482 }
483
484 if (0 == result)
485 return 0;
486
487 LOG(ERROR) << "usb_write failed with status: " << std::hex << result;
488 return -1;
489 }
490
usb_read(usb_handle * handle,void * buf,int len)491 int usb_read(usb_handle *handle, void *buf, int len)
492 {
493 IOReturn result;
494 UInt32 numBytes = len;
495
496 if (!len) {
497 return 0;
498 }
499
500 if (!handle || handle->dead) {
501 return -1;
502 }
503
504 if (NULL == handle->interface) {
505 LOG(ERROR) << "usb_read interface was null";
506 return -1;
507 }
508
509 if (0 == handle->bulkIn) {
510 LOG(ERROR) << "bulkIn endpoint not assigned";
511 return -1;
512 }
513
514 result = (*handle->interface)->ReadPipe(handle->interface, handle->bulkIn, buf, &numBytes);
515
516 if (kIOUSBPipeStalled == result) {
517 LOG(ERROR) << "Pipe stalled, clearing stall.\n";
518 (*handle->interface)->ClearPipeStall(handle->interface, handle->bulkIn);
519 result = (*handle->interface)->ReadPipe(handle->interface, handle->bulkIn, buf, &numBytes);
520 }
521
522 if (kIOReturnSuccess == result)
523 return 0;
524 else {
525 LOG(ERROR) << "usb_read failed with status: " << std::hex << result;
526 }
527
528 return -1;
529 }
530
usb_close(usb_handle * handle)531 int usb_close(usb_handle *handle)
532 {
533 std::lock_guard<std::mutex> lock(g_usb_handles_mutex);
534 for (auto it = g_usb_handles.begin(); it != g_usb_handles.end(); ++it) {
535 if ((*it).get() == handle) {
536 g_usb_handles.erase(it);
537 break;
538 }
539 }
540 return 0;
541 }
542
usb_kick_locked(usb_handle * handle)543 static void usb_kick_locked(usb_handle *handle)
544 {
545 LOG(INFO) << "Kicking handle";
546 /* release the interface */
547 if (!handle)
548 return;
549
550 if (!handle->dead)
551 {
552 handle->dead = true;
553 (*handle->interface)->USBInterfaceClose(handle->interface);
554 (*handle->interface)->Release(handle->interface);
555 }
556 }
557
usb_kick(usb_handle * handle)558 void usb_kick(usb_handle *handle) {
559 // Use the lock to avoid multiple thread kicking the device at the same time.
560 std::lock_guard<std::mutex> lock_guard(g_usb_handles_mutex);
561 usb_kick_locked(handle);
562 }
563 } // namespace native
564