1 /*
2 * Copyright (C) 2007 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #define TRACE_TAG USB
18
19 #include "sysdeps.h"
20
21 #include <CoreFoundation/CoreFoundation.h>
22
23 #include <IOKit/IOKitLib.h>
24 #include <IOKit/IOCFPlugIn.h>
25 #include <IOKit/usb/IOUSBLib.h>
26 #include <IOKit/IOMessage.h>
27 #include <mach/mach_port.h>
28
29 #include <inttypes.h>
30 #include <stdio.h>
31
32 #include <atomic>
33 #include <chrono>
34 #include <memory>
35 #include <mutex>
36 #include <thread>
37 #include <vector>
38
39 #include <android-base/logging.h>
40 #include <android-base/stringprintf.h>
41 #include <android-base/thread_annotations.h>
42
43 #include "adb.h"
44 #include "transport.h"
45
46 using namespace std::chrono_literals;
47
48 namespace native {
49 struct usb_handle
50 {
51 UInt8 bulkIn;
52 UInt8 bulkOut;
53 IOUSBInterfaceInterface190** interface;
54 unsigned int zero_mask;
55 size_t max_packet_size;
56
57 // For garbage collecting disconnected devices.
58 bool mark;
59 std::string devpath;
60 std::atomic<bool> dead;
61
usb_handlenative::usb_handle62 usb_handle()
63 : bulkIn(0),
64 bulkOut(0),
65 interface(nullptr),
66 zero_mask(0),
67 max_packet_size(0),
68 mark(false),
69 dead(false) {}
70 };
71
72 static std::atomic<bool> usb_inited_flag;
73
74 static auto& g_usb_handles_mutex = *new std::mutex();
75 static auto& g_usb_handles = *new std::vector<std::unique_ptr<usb_handle>>();
76
IsKnownDevice(const std::string & devpath)77 static bool IsKnownDevice(const std::string& devpath) {
78 std::lock_guard<std::mutex> lock_guard(g_usb_handles_mutex);
79 for (auto& usb : g_usb_handles) {
80 if (usb->devpath == devpath) {
81 // Set mark flag to indicate this device is still alive.
82 usb->mark = true;
83 return true;
84 }
85 }
86 return false;
87 }
88
89 static void usb_kick_locked(usb_handle* handle);
90
KickDisconnectedDevices()91 static void KickDisconnectedDevices() {
92 std::lock_guard<std::mutex> lock_guard(g_usb_handles_mutex);
93 for (auto& usb : g_usb_handles) {
94 if (!usb->mark) {
95 usb_kick_locked(usb.get());
96 } else {
97 usb->mark = false;
98 }
99 }
100 }
101
AddDevice(std::unique_ptr<usb_handle> handle)102 static void AddDevice(std::unique_ptr<usb_handle> handle) {
103 handle->mark = true;
104 std::lock_guard<std::mutex> lock(g_usb_handles_mutex);
105 g_usb_handles.push_back(std::move(handle));
106 }
107
108 static void AndroidInterfaceAdded(io_iterator_t iterator);
109 static std::unique_ptr<usb_handle> CheckInterface(IOUSBInterfaceInterface190 **iface,
110 UInt16 vendor, UInt16 product);
111
FindUSBDevices()112 static bool FindUSBDevices() {
113 // Create the matching dictionary to find the Android device's adb interface.
114 CFMutableDictionaryRef matchingDict = IOServiceMatching(kIOUSBInterfaceClassName);
115 if (!matchingDict) {
116 LOG(ERROR) << "couldn't create USB matching dictionary";
117 return false;
118 }
119 // Create an iterator for all I/O Registry objects that match the dictionary.
120 io_iterator_t iter = 0;
121 kern_return_t kr = IOServiceGetMatchingServices(kIOMasterPortDefault, matchingDict, &iter);
122 if (kr != KERN_SUCCESS) {
123 LOG(ERROR) << "failed to get matching services";
124 return false;
125 }
126 // Iterate over all matching objects.
127 AndroidInterfaceAdded(iter);
128 IOObjectRelease(iter);
129 return true;
130 }
131
132 static void
AndroidInterfaceAdded(io_iterator_t iterator)133 AndroidInterfaceAdded(io_iterator_t iterator)
134 {
135 kern_return_t kr;
136 io_service_t usbDevice;
137 io_service_t usbInterface;
138 IOCFPlugInInterface **plugInInterface = NULL;
139 IOUSBInterfaceInterface220 **iface = NULL;
140 IOUSBDeviceInterface197 **dev = NULL;
141 HRESULT result;
142 SInt32 score;
143 uint32_t locationId;
144 UInt8 if_class, subclass, protocol;
145 UInt16 vendor;
146 UInt16 product;
147 UInt8 serialIndex;
148 char serial[256];
149 std::string devpath;
150
151 while ((usbInterface = IOIteratorNext(iterator))) {
152 //* Create an intermediate interface plugin
153 kr = IOCreatePlugInInterfaceForService(usbInterface,
154 kIOUSBInterfaceUserClientTypeID,
155 kIOCFPlugInInterfaceID,
156 &plugInInterface, &score);
157 IOObjectRelease(usbInterface);
158 if ((kIOReturnSuccess != kr) || (!plugInInterface)) {
159 LOG(ERROR) << "Unable to create an interface plug-in (" << std::hex << kr << ")";
160 continue;
161 }
162
163 //* This gets us the interface object
164 result = (*plugInInterface)->QueryInterface(
165 plugInInterface,
166 CFUUIDGetUUIDBytes(kIOUSBInterfaceInterfaceID), (LPVOID*)&iface);
167 //* We only needed the plugin to get the interface, so discard it
168 (*plugInInterface)->Release(plugInInterface);
169 if (result || !iface) {
170 LOG(ERROR) << "Couldn't query the interface (" << std::hex << result << ")";
171 continue;
172 }
173
174 kr = (*iface)->GetInterfaceClass(iface, &if_class);
175 kr = (*iface)->GetInterfaceSubClass(iface, &subclass);
176 kr = (*iface)->GetInterfaceProtocol(iface, &protocol);
177 if(if_class != ADB_CLASS || subclass != ADB_SUBCLASS || protocol != ADB_PROTOCOL) {
178 // Ignore non-ADB devices.
179 LOG(DEBUG) << "Ignoring interface with incorrect class/subclass/protocol - " << if_class
180 << ", " << subclass << ", " << protocol;
181 (*iface)->Release(iface);
182 continue;
183 }
184
185 //* this gets us an ioservice, with which we will find the actual
186 //* device; after getting a plugin, and querying the interface, of
187 //* course.
188 //* Gotta love OS X
189 kr = (*iface)->GetDevice(iface, &usbDevice);
190 if (kIOReturnSuccess != kr || !usbDevice) {
191 LOG(ERROR) << "Couldn't grab device from interface (" << std::hex << kr << ")";
192 (*iface)->Release(iface);
193 continue;
194 }
195
196 plugInInterface = NULL;
197 score = 0;
198 //* create an intermediate device plugin
199 kr = IOCreatePlugInInterfaceForService(usbDevice,
200 kIOUSBDeviceUserClientTypeID,
201 kIOCFPlugInInterfaceID,
202 &plugInInterface, &score);
203 //* only needed this to find the plugin
204 (void)IOObjectRelease(usbDevice);
205 if ((kIOReturnSuccess != kr) || (!plugInInterface)) {
206 LOG(ERROR) << "Unable to create a device plug-in (" << std::hex << kr << ")";
207 (*iface)->Release(iface);
208 continue;
209 }
210
211 result = (*plugInInterface)->QueryInterface(plugInInterface,
212 CFUUIDGetUUIDBytes(kIOUSBDeviceInterfaceID), (LPVOID*)&dev);
213 //* only needed this to query the plugin
214 (*plugInInterface)->Release(plugInInterface);
215 if (result || !dev) {
216 LOG(ERROR) << "Couldn't create a device interface (" << std::hex << result << ")";
217 (*iface)->Release(iface);
218 continue;
219 }
220
221 //* Now after all that, we actually have a ref to the device and
222 //* the interface that matched our criteria
223 kr = (*dev)->GetDeviceVendor(dev, &vendor);
224 kr = (*dev)->GetDeviceProduct(dev, &product);
225 kr = (*dev)->GetLocationID(dev, &locationId);
226 if (kr == KERN_SUCCESS) {
227 devpath = android::base::StringPrintf("usb:%" PRIu32 "X", locationId);
228 if (IsKnownDevice(devpath)) {
229 (*dev)->Release(dev);
230 (*iface)->Release(iface);
231 continue;
232 }
233 }
234 kr = (*dev)->USBGetSerialNumberStringIndex(dev, &serialIndex);
235
236 if (serialIndex > 0) {
237 IOUSBDevRequest req;
238 UInt16 buffer[256];
239 UInt16 languages[128];
240
241 memset(languages, 0, sizeof(languages));
242
243 req.bmRequestType =
244 USBmakebmRequestType(kUSBIn, kUSBStandard, kUSBDevice);
245 req.bRequest = kUSBRqGetDescriptor;
246 req.wValue = (kUSBStringDesc << 8) | 0;
247 req.wIndex = 0;
248 req.pData = languages;
249 req.wLength = sizeof(languages);
250 kr = (*dev)->DeviceRequest(dev, &req);
251
252 if (kr == kIOReturnSuccess && req.wLenDone > 0) {
253
254 int langCount = (req.wLenDone - 2) / 2, lang;
255
256 for (lang = 1; lang <= langCount; lang++) {
257
258 memset(buffer, 0, sizeof(buffer));
259 memset(&req, 0, sizeof(req));
260
261 req.bmRequestType =
262 USBmakebmRequestType(kUSBIn, kUSBStandard, kUSBDevice);
263 req.bRequest = kUSBRqGetDescriptor;
264 req.wValue = (kUSBStringDesc << 8) | serialIndex;
265 req.wIndex = languages[lang];
266 req.pData = buffer;
267 req.wLength = sizeof(buffer);
268 kr = (*dev)->DeviceRequest(dev, &req);
269
270 if (kr == kIOReturnSuccess && req.wLenDone > 0) {
271 int i, count;
272
273 // skip first word, and copy the rest to the serial string,
274 // changing shorts to bytes.
275 count = (req.wLenDone - 1) / 2;
276 for (i = 0; i < count; i++)
277 serial[i] = buffer[i + 1];
278 serial[i] = 0;
279 break;
280 }
281 }
282 }
283 }
284
285 (*dev)->Release(dev);
286
287 VLOG(USB) << android::base::StringPrintf("Found vid=%04x pid=%04x serial=%s\n",
288 vendor, product, serial);
289 if (devpath.empty()) {
290 devpath = serial;
291 }
292 if (IsKnownDevice(devpath)) {
293 (*iface)->USBInterfaceClose(iface);
294 (*iface)->Release(iface);
295 continue;
296 }
297
298 std::unique_ptr<usb_handle> handle = CheckInterface((IOUSBInterfaceInterface190**)iface,
299 vendor, product);
300 if (handle == nullptr) {
301 LOG(ERROR) << "Could not find device interface";
302 (*iface)->Release(iface);
303 continue;
304 }
305 handle->devpath = devpath;
306 usb_handle* handle_p = handle.get();
307 VLOG(USB) << "Add usb device " << serial;
308 AddDevice(std::move(handle));
309 register_usb_transport(reinterpret_cast<::usb_handle*>(handle_p), serial, devpath.c_str(),
310 1);
311 }
312 }
313
314 // Used to clear both the endpoints before starting.
315 // When adb quits, we might clear the host endpoint but not the device.
316 // So we make sure both sides are clear before starting up.
ClearPipeStallBothEnds(IOUSBInterfaceInterface190 ** interface,UInt8 bulkEp)317 static bool ClearPipeStallBothEnds(IOUSBInterfaceInterface190** interface, UInt8 bulkEp) {
318 IOReturn rc = (*interface)->ClearPipeStallBothEnds(interface, bulkEp);
319 if (rc != kIOReturnSuccess) {
320 LOG(ERROR) << "Could not clear pipe stall both ends: " << std::hex << rc;
321 return false;
322 }
323 return true;
324 }
325
326 //* TODO: simplify this further since we only register to get ADB interface
327 //* subclass+protocol events
328 static std::unique_ptr<usb_handle>
CheckInterface(IOUSBInterfaceInterface190 ** interface,UInt16 vendor,UInt16 product)329 CheckInterface(IOUSBInterfaceInterface190 **interface, UInt16 vendor, UInt16 product)
330 {
331 std::unique_ptr<usb_handle> handle;
332 IOReturn kr;
333 UInt8 interfaceNumEndpoints, interfaceClass, interfaceSubClass, interfaceProtocol;
334 UInt8 endpoint;
335
336 //* Now open the interface. This will cause the pipes associated with
337 //* the endpoints in the interface descriptor to be instantiated
338 kr = (*interface)->USBInterfaceOpen(interface);
339 if (kr != kIOReturnSuccess) {
340 LOG(ERROR) << "Could not open interface: " << std::hex << kr;
341 return NULL;
342 }
343
344 //* Get the number of endpoints associated with this interface
345 kr = (*interface)->GetNumEndpoints(interface, &interfaceNumEndpoints);
346 if (kr != kIOReturnSuccess) {
347 LOG(ERROR) << "Unable to get number of endpoints: " << std::hex << kr;
348 goto err_get_num_ep;
349 }
350
351 //* Get interface class, subclass and protocol
352 if ((*interface)->GetInterfaceClass(interface, &interfaceClass) != kIOReturnSuccess ||
353 (*interface)->GetInterfaceSubClass(interface, &interfaceSubClass) != kIOReturnSuccess ||
354 (*interface)->GetInterfaceProtocol(interface, &interfaceProtocol) != kIOReturnSuccess) {
355 LOG(ERROR) << "Unable to get interface class, subclass and protocol";
356 goto err_get_interface_class;
357 }
358
359 //* check to make sure interface class, subclass and protocol match ADB
360 //* avoid opening mass storage endpoints
361 if (!is_adb_interface(interfaceClass, interfaceSubClass, interfaceProtocol)) {
362 goto err_bad_adb_interface;
363 }
364
365 handle.reset(new usb_handle);
366 if (handle == nullptr) {
367 goto err_bad_adb_interface;
368 }
369
370 //* Iterate over the endpoints for this interface and find the first
371 //* bulk in/out pipes available. These will be our read/write pipes.
372 for (endpoint = 1; endpoint <= interfaceNumEndpoints; endpoint++) {
373 UInt8 transferType;
374 UInt16 maxPacketSize;
375 UInt8 interval;
376 UInt8 number;
377 UInt8 direction;
378
379 kr = (*interface)->GetPipeProperties(interface, endpoint, &direction,
380 &number, &transferType, &maxPacketSize, &interval);
381 if (kr != kIOReturnSuccess) {
382 LOG(ERROR) << "FindDeviceInterface - could not get pipe properties: "
383 << std::hex << kr;
384 goto err_get_pipe_props;
385 }
386
387 if (kUSBBulk != transferType) continue;
388
389 if (kUSBIn == direction) {
390 handle->bulkIn = endpoint;
391 if (!ClearPipeStallBothEnds(interface, handle->bulkIn)) goto err_get_pipe_props;
392 }
393
394 if (kUSBOut == direction) {
395 handle->bulkOut = endpoint;
396 if (!ClearPipeStallBothEnds(interface, handle->bulkOut)) goto err_get_pipe_props;
397 }
398
399 handle->zero_mask = maxPacketSize - 1;
400 handle->max_packet_size = maxPacketSize;
401 }
402
403 handle->interface = interface;
404 return handle;
405
406 err_get_pipe_props:
407 err_bad_adb_interface:
408 err_get_interface_class:
409 err_get_num_ep:
410 (*interface)->USBInterfaceClose(interface);
411 return nullptr;
412 }
413
414 std::mutex& operate_device_lock = *new std::mutex();
415
RunLoopThread()416 static void RunLoopThread() {
417 adb_thread_setname("RunLoop");
418
419 VLOG(USB) << "RunLoopThread started";
420 while (true) {
421 {
422 std::lock_guard<std::mutex> lock_guard(operate_device_lock);
423 FindUSBDevices();
424 KickDisconnectedDevices();
425 }
426 // Signal the parent that we are running
427 usb_inited_flag = true;
428 std::this_thread::sleep_for(1s);
429 }
430 VLOG(USB) << "RunLoopThread done";
431 }
432
usb_cleanup()433 void usb_cleanup() NO_THREAD_SAFETY_ANALYSIS {
434 VLOG(USB) << "usb_cleanup";
435 // Wait until usb operations in RunLoopThread finish, and prevent further operations.
436 operate_device_lock.lock();
437 close_usb_devices();
438 }
439
usb_init()440 void usb_init() {
441 static bool initialized = false;
442 if (!initialized) {
443 usb_inited_flag = false;
444
445 std::thread(RunLoopThread).detach();
446
447 // Wait for initialization to finish
448 while (!usb_inited_flag) {
449 std::this_thread::sleep_for(100ms);
450 }
451
452 initialized = true;
453 }
454 }
455
usb_write(usb_handle * handle,const void * buf,int len)456 int usb_write(usb_handle *handle, const void *buf, int len)
457 {
458 IOReturn result;
459
460 if (!len)
461 return 0;
462
463 if (!handle || handle->dead)
464 return -1;
465
466 if (NULL == handle->interface) {
467 LOG(ERROR) << "usb_write interface was null";
468 return -1;
469 }
470
471 if (0 == handle->bulkOut) {
472 LOG(ERROR) << "bulkOut endpoint not assigned";
473 return -1;
474 }
475
476 result =
477 (*handle->interface)->WritePipe(handle->interface, handle->bulkOut, (void *)buf, len);
478
479 if ((result == 0) && (handle->zero_mask)) {
480 /* we need 0-markers and our transfer */
481 if(!(len & handle->zero_mask)) {
482 result =
483 (*handle->interface)->WritePipe(
484 handle->interface, handle->bulkOut, (void *)buf, 0);
485 }
486 }
487
488 if (0 == result)
489 return 0;
490
491 LOG(ERROR) << "usb_write failed with status: " << std::hex << result;
492 return -1;
493 }
494
usb_read(usb_handle * handle,void * buf,int len)495 int usb_read(usb_handle *handle, void *buf, int len)
496 {
497 IOReturn result;
498 UInt32 numBytes = len;
499
500 if (!len) {
501 return 0;
502 }
503
504 if (!handle || handle->dead) {
505 return -1;
506 }
507
508 if (NULL == handle->interface) {
509 LOG(ERROR) << "usb_read interface was null";
510 return -1;
511 }
512
513 if (0 == handle->bulkIn) {
514 LOG(ERROR) << "bulkIn endpoint not assigned";
515 return -1;
516 }
517
518 result = (*handle->interface)->ReadPipe(handle->interface, handle->bulkIn, buf, &numBytes);
519
520 if (kIOUSBPipeStalled == result) {
521 LOG(ERROR) << "Pipe stalled, clearing stall.\n";
522 (*handle->interface)->ClearPipeStall(handle->interface, handle->bulkIn);
523 result = (*handle->interface)->ReadPipe(handle->interface, handle->bulkIn, buf, &numBytes);
524 }
525
526 if (kIOReturnSuccess == result)
527 return numBytes;
528 else {
529 LOG(ERROR) << "usb_read failed with status: " << std::hex << result;
530 }
531
532 return -1;
533 }
534
usb_close(usb_handle * handle)535 int usb_close(usb_handle *handle)
536 {
537 std::lock_guard<std::mutex> lock(g_usb_handles_mutex);
538 for (auto it = g_usb_handles.begin(); it != g_usb_handles.end(); ++it) {
539 if ((*it).get() == handle) {
540 g_usb_handles.erase(it);
541 break;
542 }
543 }
544 return 0;
545 }
546
usb_kick_locked(usb_handle * handle)547 static void usb_kick_locked(usb_handle *handle)
548 {
549 LOG(INFO) << "Kicking handle";
550 /* release the interface */
551 if (!handle)
552 return;
553
554 if (!handle->dead)
555 {
556 handle->dead = true;
557 (*handle->interface)->USBInterfaceClose(handle->interface);
558 (*handle->interface)->Release(handle->interface);
559 }
560 }
561
usb_kick(usb_handle * handle)562 void usb_kick(usb_handle *handle) {
563 // Use the lock to avoid multiple thread kicking the device at the same time.
564 std::lock_guard<std::mutex> lock_guard(g_usb_handles_mutex);
565 usb_kick_locked(handle);
566 }
567
usb_get_max_packet_size(usb_handle * handle)568 size_t usb_get_max_packet_size(usb_handle* handle) {
569 return handle->max_packet_size;
570 }
571
572 } // namespace native
573