1 /*
2 * Copyright (C) 2007 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #define TRACE_TAG TRANSPORT
18
19 #include "sysdeps.h"
20 #include "transport.h"
21
22 #include <errno.h>
23 #include <stdio.h>
24 #include <stdlib.h>
25 #include <string.h>
26 #include <sys/types.h>
27
28 #include <condition_variable>
29 #include <mutex>
30 #include <thread>
31 #include <vector>
32
33 #include <android-base/parsenetaddress.h>
34 #include <android-base/stringprintf.h>
35 #include <cutils/sockets.h>
36
37 #if !ADB_HOST
38 #include <android-base/properties.h>
39 #endif
40
41 #include "adb.h"
42 #include "adb_io.h"
43 #include "adb_utils.h"
44 #include "sysdeps/chrono.h"
45
46 #if ADB_HOST
47
48 // Android Wear has been using port 5601 in all of its documentation/tooling,
49 // but we search for emulators on ports [5554, 5555 + ADB_LOCAL_TRANSPORT_MAX].
50 // Avoid stomping on their port by limiting the number of emulators that can be
51 // connected.
52 #define ADB_LOCAL_TRANSPORT_MAX 16
53
54 static std::mutex& local_transports_lock = *new std::mutex();
55
56 /* we keep a list of opened transports. The atransport struct knows to which
57 * local transport it is connected. The list is used to detect when we're
58 * trying to connect twice to a given local transport.
59 */
60 static atransport* local_transports[ ADB_LOCAL_TRANSPORT_MAX ];
61 #endif /* ADB_HOST */
62
remote_read(apacket * p,atransport * t)63 static int remote_read(apacket *p, atransport *t)
64 {
65 if(!ReadFdExactly(t->sfd, &p->msg, sizeof(amessage))){
66 D("remote local: read terminated (message)");
67 return -1;
68 }
69
70 if(check_header(p, t)) {
71 D("bad header: terminated (data)");
72 return -1;
73 }
74
75 if(!ReadFdExactly(t->sfd, p->data, p->msg.data_length)){
76 D("remote local: terminated (data)");
77 return -1;
78 }
79
80 if(check_data(p)) {
81 D("bad data: terminated (data)");
82 return -1;
83 }
84
85 return 0;
86 }
87
remote_write(apacket * p,atransport * t)88 static int remote_write(apacket *p, atransport *t)
89 {
90 int length = p->msg.data_length;
91
92 if(!WriteFdExactly(t->sfd, &p->msg, sizeof(amessage) + length)) {
93 D("remote local: write terminated");
94 return -1;
95 }
96
97 return 0;
98 }
99
local_connect(int port)100 bool local_connect(int port) {
101 std::string dummy;
102 return local_connect_arbitrary_ports(port-1, port, &dummy) == 0;
103 }
104
connect_device(const std::string & address,std::string * response)105 void connect_device(const std::string& address, std::string* response) {
106 if (address.empty()) {
107 *response = "empty address";
108 return;
109 }
110
111 std::string serial;
112 std::string host;
113 int port = DEFAULT_ADB_LOCAL_TRANSPORT_PORT;
114 if (!android::base::ParseNetAddress(address, &host, &port, &serial, response)) {
115 return;
116 }
117
118 std::string error;
119 int fd = network_connect(host.c_str(), port, SOCK_STREAM, 10, &error);
120 if (fd == -1) {
121 *response = android::base::StringPrintf("unable to connect to %s: %s",
122 serial.c_str(), error.c_str());
123 return;
124 }
125
126 D("client: connected %s remote on fd %d", serial.c_str(), fd);
127 close_on_exec(fd);
128 disable_tcp_nagle(fd);
129
130 // Send a TCP keepalive ping to the device every second so we can detect disconnects.
131 if (!set_tcp_keepalive(fd, 1)) {
132 D("warning: failed to configure TCP keepalives (%s)", strerror(errno));
133 }
134
135 int ret = register_socket_transport(fd, serial.c_str(), port, 0);
136 if (ret < 0) {
137 adb_close(fd);
138 *response = android::base::StringPrintf("already connected to %s", serial.c_str());
139 } else {
140 *response = android::base::StringPrintf("connected to %s", serial.c_str());
141 }
142 }
143
144
local_connect_arbitrary_ports(int console_port,int adb_port,std::string * error)145 int local_connect_arbitrary_ports(int console_port, int adb_port, std::string* error) {
146 int fd = -1;
147
148 #if ADB_HOST
149 if (find_emulator_transport_by_adb_port(adb_port) != nullptr ||
150 find_emulator_transport_by_console_port(console_port) != nullptr) {
151 return -1;
152 }
153
154 const char *host = getenv("ADBHOST");
155 if (host) {
156 fd = network_connect(host, adb_port, SOCK_STREAM, 0, error);
157 }
158 #endif
159 if (fd < 0) {
160 fd = network_loopback_client(adb_port, SOCK_STREAM, error);
161 }
162
163 if (fd >= 0) {
164 D("client: connected on remote on fd %d", fd);
165 close_on_exec(fd);
166 disable_tcp_nagle(fd);
167 std::string serial = getEmulatorSerialString(console_port);
168 if (register_socket_transport(fd, serial.c_str(), adb_port, 1) == 0) {
169 return 0;
170 }
171 adb_close(fd);
172 }
173 return -1;
174 }
175
176 #if ADB_HOST
177
PollAllLocalPortsForEmulator()178 static void PollAllLocalPortsForEmulator() {
179 int port = DEFAULT_ADB_LOCAL_TRANSPORT_PORT;
180 int count = ADB_LOCAL_TRANSPORT_MAX;
181
182 // Try to connect to any number of running emulator instances.
183 for ( ; count > 0; count--, port += 2 ) {
184 local_connect(port);
185 }
186 }
187
188 // Retry the disconnected local port for 60 times, and sleep 1 second between two retries.
189 constexpr uint32_t LOCAL_PORT_RETRY_COUNT = 60;
190 constexpr auto LOCAL_PORT_RETRY_INTERVAL = 1s;
191
192 struct RetryPort {
193 int port;
194 uint32_t retry_count;
195 };
196
197 // Retry emulators just kicked.
198 static std::vector<RetryPort>& retry_ports = *new std::vector<RetryPort>;
199 std::mutex &retry_ports_lock = *new std::mutex;
200 std::condition_variable &retry_ports_cond = *new std::condition_variable;
201
client_socket_thread(void * x)202 static void client_socket_thread(void* x) {
203 adb_thread_setname("client_socket_thread");
204 D("transport: client_socket_thread() starting");
205 PollAllLocalPortsForEmulator();
206 while (true) {
207 std::vector<RetryPort> ports;
208 // Collect retry ports.
209 {
210 std::unique_lock<std::mutex> lock(retry_ports_lock);
211 while (retry_ports.empty()) {
212 retry_ports_cond.wait(lock);
213 }
214 retry_ports.swap(ports);
215 }
216 // Sleep here instead of the end of loop, because if we immediately try to reconnect
217 // the emulator just kicked, the adbd on the emulator may not have time to remove the
218 // just kicked transport.
219 std::this_thread::sleep_for(LOCAL_PORT_RETRY_INTERVAL);
220
221 // Try connecting retry ports.
222 std::vector<RetryPort> next_ports;
223 for (auto& port : ports) {
224 VLOG(TRANSPORT) << "retry port " << port.port << ", last retry_count "
225 << port.retry_count;
226 if (local_connect(port.port)) {
227 VLOG(TRANSPORT) << "retry port " << port.port << " successfully";
228 continue;
229 }
230 if (--port.retry_count > 0) {
231 next_ports.push_back(port);
232 } else {
233 VLOG(TRANSPORT) << "stop retrying port " << port.port;
234 }
235 }
236
237 // Copy back left retry ports.
238 {
239 std::unique_lock<std::mutex> lock(retry_ports_lock);
240 retry_ports.insert(retry_ports.end(), next_ports.begin(), next_ports.end());
241 }
242 }
243 }
244
245 #else // ADB_HOST
246
server_socket_thread(void * arg)247 static void server_socket_thread(void* arg) {
248 int serverfd, fd;
249 int port = (int) (uintptr_t) arg;
250
251 adb_thread_setname("server socket");
252 D("transport: server_socket_thread() starting");
253 serverfd = -1;
254 for(;;) {
255 if(serverfd == -1) {
256 std::string error;
257 serverfd = network_inaddr_any_server(port, SOCK_STREAM, &error);
258 if(serverfd < 0) {
259 D("server: cannot bind socket yet: %s", error.c_str());
260 std::this_thread::sleep_for(1s);
261 continue;
262 }
263 close_on_exec(serverfd);
264 }
265
266 D("server: trying to get new connection from %d", port);
267 fd = adb_socket_accept(serverfd, nullptr, nullptr);
268 if(fd >= 0) {
269 D("server: new connection on fd %d", fd);
270 close_on_exec(fd);
271 disable_tcp_nagle(fd);
272 std::string serial = android::base::StringPrintf("host-%d", fd);
273 if (register_socket_transport(fd, serial.c_str(), port, 1) != 0) {
274 adb_close(fd);
275 }
276 }
277 }
278 D("transport: server_socket_thread() exiting");
279 }
280
281 /* This is relevant only for ADB daemon running inside the emulator. */
282 /*
283 * Redefine open and write for qemu_pipe.h that contains inlined references
284 * to those routines. We will redefine them back after qemu_pipe.h inclusion.
285 */
286 #undef open
287 #undef read
288 #undef write
289 #define open adb_open
290 #define read adb_read
291 #define write adb_write
292 #include <system/qemu_pipe.h>
293 #undef open
294 #undef read
295 #undef write
296 #define open ___xxx_open
297 #define read ___xxx_read
298 #define write ___xxx_write
299
300 /* A worker thread that monitors host connections, and registers a transport for
301 * every new host connection. This thread replaces server_socket_thread on
302 * condition that adbd daemon runs inside the emulator, and emulator uses QEMUD
303 * pipe to communicate with adbd daemon inside the guest. This is done in order
304 * to provide more robust communication channel between ADB host and guest. The
305 * main issue with server_socket_thread approach is that it runs on top of TCP,
306 * and thus is sensitive to network disruptions. For instance, the
307 * ConnectionManager may decide to reset all network connections, in which case
308 * the connection between ADB host and guest will be lost. To make ADB traffic
309 * independent from the network, we use here 'adb' QEMUD service to transfer data
310 * between the host, and the guest. See external/qemu/android/adb-*.* that
311 * implements the emulator's side of the protocol. Another advantage of using
312 * QEMUD approach is that ADB will be up much sooner, since it doesn't depend
313 * anymore on network being set up.
314 * The guest side of the protocol contains the following phases:
315 * - Connect with adb QEMUD service. In this phase a handle to 'adb' QEMUD service
316 * is opened, and it becomes clear whether or not emulator supports that
317 * protocol.
318 * - Wait for the ADB host to create connection with the guest. This is done by
319 * sending an 'accept' request to the adb QEMUD service, and waiting on
320 * response.
321 * - When new ADB host connection is accepted, the connection with adb QEMUD
322 * service is registered as the transport, and a 'start' request is sent to the
323 * adb QEMUD service, indicating that the guest is ready to receive messages.
324 * Note that the guest will ignore messages sent down from the emulator before
325 * the transport registration is completed. That's why we need to send the
326 * 'start' request after the transport is registered.
327 */
qemu_socket_thread(void * arg)328 static void qemu_socket_thread(void* arg) {
329 /* 'accept' request to the adb QEMUD service. */
330 static const char _accept_req[] = "accept";
331 /* 'start' request to the adb QEMUD service. */
332 static const char _start_req[] = "start";
333 /* 'ok' reply from the adb QEMUD service. */
334 static const char _ok_resp[] = "ok";
335
336 const int port = (int) (uintptr_t) arg;
337 int fd;
338 char tmp[256];
339 char con_name[32];
340
341 adb_thread_setname("qemu socket");
342 D("transport: qemu_socket_thread() starting");
343
344 /* adb QEMUD service connection request. */
345 snprintf(con_name, sizeof(con_name), "pipe:qemud:adb:%d", port);
346
347 /* Connect to the adb QEMUD service. */
348 fd = qemu_pipe_open(con_name);
349 if (fd < 0) {
350 /* This could be an older version of the emulator, that doesn't
351 * implement adb QEMUD service. Fall back to the old TCP way. */
352 D("adb service is not available. Falling back to TCP socket.");
353 adb_thread_create(server_socket_thread, arg);
354 return;
355 }
356
357 for(;;) {
358 /*
359 * Wait till the host creates a new connection.
360 */
361
362 /* Send the 'accept' request. */
363 if (WriteFdExactly(fd, _accept_req, strlen(_accept_req))) {
364 /* Wait for the response. In the response we expect 'ok' on success,
365 * or 'ko' on failure. */
366 if (!ReadFdExactly(fd, tmp, 2) || memcmp(tmp, _ok_resp, 2)) {
367 D("Accepting ADB host connection has failed.");
368 adb_close(fd);
369 } else {
370 /* Host is connected. Register the transport, and start the
371 * exchange. */
372 std::string serial = android::base::StringPrintf("host-%d", fd);
373 if (register_socket_transport(fd, serial.c_str(), port, 1) != 0 ||
374 !WriteFdExactly(fd, _start_req, strlen(_start_req))) {
375 adb_close(fd);
376 }
377 }
378
379 /* Prepare for accepting of the next ADB host connection. */
380 fd = qemu_pipe_open(con_name);
381 if (fd < 0) {
382 D("adb service become unavailable.");
383 return;
384 }
385 } else {
386 D("Unable to send the '%s' request to ADB service.", _accept_req);
387 return;
388 }
389 }
390 D("transport: qemu_socket_thread() exiting");
391 return;
392 }
393 #endif // !ADB_HOST
394
local_init(int port)395 void local_init(int port)
396 {
397 adb_thread_func_t func;
398 const char* debug_name = "";
399
400 #if ADB_HOST
401 func = client_socket_thread;
402 debug_name = "client";
403 #else
404 // For the adbd daemon in the system image we need to distinguish
405 // between the device, and the emulator.
406 if (android::base::GetBoolProperty("ro.kernel.qemu", false)) {
407 // Running inside the emulator: use QEMUD pipe as the transport.
408 func = qemu_socket_thread;
409 } else {
410 // Running inside the device: use TCP socket as the transport.
411 func = server_socket_thread;
412 }
413 debug_name = "server";
414 #endif // !ADB_HOST
415
416 D("transport: local %s init", debug_name);
417 if (!adb_thread_create(func, (void *) (uintptr_t) port)) {
418 fatal_errno("cannot create local socket %s thread", debug_name);
419 }
420 }
421
remote_kick(atransport * t)422 static void remote_kick(atransport *t)
423 {
424 int fd = t->sfd;
425 t->sfd = -1;
426 adb_shutdown(fd);
427 adb_close(fd);
428
429 #if ADB_HOST
430 int nn;
431 std::lock_guard<std::mutex> lock(local_transports_lock);
432 for (nn = 0; nn < ADB_LOCAL_TRANSPORT_MAX; nn++) {
433 if (local_transports[nn] == t) {
434 local_transports[nn] = NULL;
435 break;
436 }
437 }
438 #endif
439 }
440
remote_close(atransport * t)441 static void remote_close(atransport *t)
442 {
443 int fd = t->sfd;
444 if (fd != -1) {
445 t->sfd = -1;
446 adb_close(fd);
447 }
448 #if ADB_HOST
449 int local_port;
450 if (t->GetLocalPortForEmulator(&local_port)) {
451 VLOG(TRANSPORT) << "remote_close, local_port = " << local_port;
452 std::unique_lock<std::mutex> lock(retry_ports_lock);
453 RetryPort port;
454 port.port = local_port;
455 port.retry_count = LOCAL_PORT_RETRY_COUNT;
456 retry_ports.push_back(port);
457 retry_ports_cond.notify_one();
458 }
459 #endif
460 }
461
462
463 #if ADB_HOST
464 /* Only call this function if you already hold local_transports_lock. */
find_emulator_transport_by_adb_port_locked(int adb_port)465 static atransport* find_emulator_transport_by_adb_port_locked(int adb_port)
466 {
467 int i;
468 for (i = 0; i < ADB_LOCAL_TRANSPORT_MAX; i++) {
469 int local_port;
470 if (local_transports[i] && local_transports[i]->GetLocalPortForEmulator(&local_port)) {
471 if (local_port == adb_port) {
472 return local_transports[i];
473 }
474 }
475 }
476 return NULL;
477 }
478
getEmulatorSerialString(int console_port)479 std::string getEmulatorSerialString(int console_port)
480 {
481 return android::base::StringPrintf("emulator-%d", console_port);
482 }
483
find_emulator_transport_by_adb_port(int adb_port)484 atransport* find_emulator_transport_by_adb_port(int adb_port)
485 {
486 std::lock_guard<std::mutex> lock(local_transports_lock);
487 atransport* result = find_emulator_transport_by_adb_port_locked(adb_port);
488 return result;
489 }
490
find_emulator_transport_by_console_port(int console_port)491 atransport* find_emulator_transport_by_console_port(int console_port)
492 {
493 return find_transport(getEmulatorSerialString(console_port).c_str());
494 }
495
496
497 /* Only call this function if you already hold local_transports_lock. */
get_available_local_transport_index_locked()498 int get_available_local_transport_index_locked()
499 {
500 int i;
501 for (i = 0; i < ADB_LOCAL_TRANSPORT_MAX; i++) {
502 if (local_transports[i] == NULL) {
503 return i;
504 }
505 }
506 return -1;
507 }
508
get_available_local_transport_index()509 int get_available_local_transport_index()
510 {
511 std::lock_guard<std::mutex> lock(local_transports_lock);
512 int result = get_available_local_transport_index_locked();
513 return result;
514 }
515 #endif
516
init_socket_transport(atransport * t,int s,int adb_port,int local)517 int init_socket_transport(atransport *t, int s, int adb_port, int local)
518 {
519 int fail = 0;
520
521 t->SetKickFunction(remote_kick);
522 t->close = remote_close;
523 t->read_from_remote = remote_read;
524 t->write_to_remote = remote_write;
525 t->sfd = s;
526 t->sync_token = 1;
527 t->connection_state = kCsOffline;
528 t->type = kTransportLocal;
529
530 #if ADB_HOST
531 if (local) {
532 std::lock_guard<std::mutex> lock(local_transports_lock);
533 t->SetLocalPortForEmulator(adb_port);
534 atransport* existing_transport = find_emulator_transport_by_adb_port_locked(adb_port);
535 int index = get_available_local_transport_index_locked();
536 if (existing_transport != NULL) {
537 D("local transport for port %d already registered (%p)?", adb_port, existing_transport);
538 fail = -1;
539 } else if (index < 0) {
540 // Too many emulators.
541 D("cannot register more emulators. Maximum is %d", ADB_LOCAL_TRANSPORT_MAX);
542 fail = -1;
543 } else {
544 local_transports[index] = t;
545 }
546 }
547 #endif
548 return fail;
549 }
550