1 /*
2 * Copyright (C) 2007 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #define TRACE_TAG ADB
18
19 #include "sysdeps.h"
20 #include "adb.h"
21
22 #include <ctype.h>
23 #include <errno.h>
24 #include <stdarg.h>
25 #include <stddef.h>
26 #include <stdint.h>
27 #include <stdio.h>
28 #include <stdlib.h>
29 #include <string.h>
30 #include <sys/time.h>
31 #include <time.h>
32 #include <unistd.h>
33
34 #include <chrono>
35 #include <condition_variable>
36 #include <functional>
37 #include <mutex>
38 #include <string>
39 #include <string_view>
40 #include <thread>
41 #include <vector>
42
43 #include <android-base/errors.h>
44 #include <android-base/file.h>
45 #include <android-base/logging.h>
46 #include <android-base/macros.h>
47 #include <android-base/parsenetaddress.h>
48 #include <android-base/stringprintf.h>
49 #include <android-base/strings.h>
50 #include <android-base/utf8.h>
51 #include <diagnose_usb.h>
52
53 #include <build/version.h>
54 #include <platform_tools_version.h>
55
56 #include "adb_auth.h"
57 #include "adb_io.h"
58 #include "adb_listeners.h"
59 #include "adb_mdns.h"
60 #include "adb_unique_fd.h"
61 #include "adb_utils.h"
62 #include "socket_spec.h"
63 #include "sysdeps/chrono.h"
64 #include "transport.h"
65
66 #if !ADB_HOST
67 #include <sys/capability.h>
68 #include <sys/mount.h>
69 #include <android-base/properties.h>
70 using namespace std::chrono_literals;
71
72 #include "daemon/logging.h"
73 #endif
74
75 #if ADB_HOST
76 #include "adb_host.pb.h"
77 #include "client/usb.h"
78 #endif
79
80 #if !ADB_HOST && defined(__ANDROID__)
81 #include "daemon/watchdog.h"
82
83 static std::atomic<int> active_connections = 0;
84
IncrementActiveConnections()85 static void IncrementActiveConnections() {
86 if (active_connections++ == 0) {
87 watchdog::Stop();
88 }
89 }
90
DecrementActiveConnections()91 static void DecrementActiveConnections() {
92 if (--active_connections == 0) {
93 watchdog::Start();
94 }
95 }
96
97 #endif
98
adb_version()99 std::string adb_version() {
100 // Don't change the format of this --- it's parsed by ddmlib.
101 return android::base::StringPrintf(
102 "Android Debug Bridge version %d.%d.%d\n"
103 "Version %s-%s\n"
104 "Installed as %s\n"
105 "Running on %s\n",
106 ADB_VERSION_MAJOR, ADB_VERSION_MINOR, ADB_SERVER_VERSION, PLATFORM_TOOLS_VERSION,
107 android::build::GetBuildNumber().c_str(), android::base::GetExecutablePath().c_str(),
108 GetOSVersion().c_str());
109 }
110
calculate_apacket_checksum(const apacket * p)111 uint32_t calculate_apacket_checksum(const apacket* p) {
112 uint32_t sum = 0;
113 for (size_t i = 0; i < p->msg.data_length; ++i) {
114 sum += static_cast<uint8_t>(p->payload[i]);
115 }
116 return sum;
117 }
118
command_to_string(uint32_t cmd)119 std::string command_to_string(uint32_t cmd) {
120 switch (cmd) {
121 case A_SYNC:
122 return "A_SYNC";
123 case A_CNXN:
124 return "A_CNXN";
125 case A_OPEN:
126 return "A_OPEN";
127 case A_OKAY:
128 return "A_OKAY";
129 case A_CLSE:
130 return "A_CLSE";
131 case A_WRTE:
132 return "A_WRTE";
133 case A_AUTH:
134 return "A_AUTH";
135 case A_STLS:
136 return "A_STLS";
137 default:
138 return "UNKNOWN (" + std::to_string(cmd) + ")";
139 }
140 }
141
to_string(ConnectionState state)142 std::string to_string(ConnectionState state) {
143 switch (state) {
144 case kCsOffline:
145 return "offline";
146 case kCsBootloader:
147 return "bootloader";
148 case kCsDevice:
149 return "device";
150 case kCsHost:
151 return "host";
152 case kCsRecovery:
153 return "recovery";
154 case kCsRescue:
155 return "rescue";
156 case kCsNoPerm:
157 return UsbNoPermissionsShortHelpText();
158 case kCsSideload:
159 return "sideload";
160 case kCsUnauthorized:
161 return "unauthorized";
162 case kCsAuthorizing:
163 return "authorizing";
164 case kCsConnecting:
165 return "connecting";
166 case kCsDetached:
167 return "detached";
168 case kCsAny:
169 return "any";
170 }
171 }
172
get_apacket()173 apacket* get_apacket() {
174 apacket* p = new apacket();
175 if (p == nullptr) {
176 LOG(FATAL) << "failed to allocate an apacket";
177 }
178
179 memset(&p->msg, 0, sizeof(p->msg));
180 return p;
181 }
182
put_apacket(apacket * p)183 void put_apacket(apacket *p)
184 {
185 delete p;
186 }
187
handle_online(atransport * t)188 void handle_online(atransport *t)
189 {
190 D("adb: online");
191 t->online = 1;
192 #if ADB_HOST
193 t->SetConnectionEstablished(true);
194 #elif defined(__ANDROID__)
195 IncrementActiveConnections();
196 #endif
197 }
198
handle_offline(atransport * t)199 void handle_offline(atransport *t)
200 {
201 if (t->GetConnectionState() == kCsOffline) {
202 LOG(INFO) << t->serial_name() << ": already offline";
203 return;
204 }
205
206 LOG(INFO) << t->serial_name() << ": offline";
207
208 #if !ADB_HOST && defined(__ANDROID__)
209 DecrementActiveConnections();
210 #endif
211
212 t->SetConnectionState(kCsOffline);
213
214 // Close the associated usb
215 t->online = 0;
216
217 // This is necessary to avoid a race condition that occurred when a transport closes
218 // while a client socket is still active.
219 close_all_sockets(t);
220
221 t->RunDisconnects();
222 }
223
224 #if DEBUG_PACKETS
225 #define DUMPMAX 32
print_packet(const char * label,apacket * p)226 void print_packet(const char *label, apacket *p)
227 {
228 const char* tag;
229 unsigned count;
230
231 switch(p->msg.command){
232 case A_SYNC: tag = "SYNC"; break;
233 case A_CNXN: tag = "CNXN" ; break;
234 case A_OPEN: tag = "OPEN"; break;
235 case A_OKAY: tag = "OKAY"; break;
236 case A_CLSE: tag = "CLSE"; break;
237 case A_WRTE: tag = "WRTE"; break;
238 case A_AUTH: tag = "AUTH"; break;
239 case A_STLS:
240 tag = "STLS";
241 break;
242 default: tag = "????"; break;
243 }
244
245 fprintf(stderr, "%s: %s %08x %08x %04x \"",
246 label, tag, p->msg.arg0, p->msg.arg1, p->msg.data_length);
247 count = p->msg.data_length;
248 const char* x = p->payload.data();
249 if (count > DUMPMAX) {
250 count = DUMPMAX;
251 tag = "\n";
252 } else {
253 tag = "\"\n";
254 }
255 while (count-- > 0) {
256 if ((*x >= ' ') && (*x < 127)) {
257 fputc(*x, stderr);
258 } else {
259 fputc('.', stderr);
260 }
261 x++;
262 }
263 fputs(tag, stderr);
264 }
265 #endif
266
send_ready(unsigned local,unsigned remote,atransport * t,uint32_t ack_bytes)267 void send_ready(unsigned local, unsigned remote, atransport* t, uint32_t ack_bytes) {
268 D("Calling send_ready");
269 apacket *p = get_apacket();
270 p->msg.command = A_OKAY;
271 p->msg.arg0 = local;
272 p->msg.arg1 = remote;
273 if (t->SupportsDelayedAck()) {
274 p->msg.data_length = sizeof(ack_bytes);
275 p->payload.resize(sizeof(ack_bytes));
276 memcpy(p->payload.data(), &ack_bytes, sizeof(ack_bytes));
277 }
278
279 send_packet(p, t);
280 }
281
send_close(unsigned local,unsigned remote,atransport * t)282 static void send_close(unsigned local, unsigned remote, atransport *t)
283 {
284 D("Calling send_close");
285 apacket *p = get_apacket();
286 p->msg.command = A_CLSE;
287 p->msg.arg0 = local;
288 p->msg.arg1 = remote;
289 send_packet(p, t);
290 }
291
get_connection_string()292 std::string get_connection_string() {
293 std::vector<std::string> connection_properties;
294
295 #if !ADB_HOST
296 static const char* cnxn_props[] = {
297 "ro.product.name",
298 "ro.product.model",
299 "ro.product.device",
300 };
301
302 for (const auto& prop : cnxn_props) {
303 std::string value = std::string(prop) + "=" + android::base::GetProperty(prop, "");
304 connection_properties.push_back(value);
305 }
306 #endif
307
308 connection_properties.push_back(android::base::StringPrintf(
309 "features=%s", FeatureSetToString(supported_features()).c_str()));
310
311 return android::base::StringPrintf(
312 "%s::%s", adb_device_banner,
313 android::base::Join(connection_properties, ';').c_str());
314 }
315
send_tls_request(atransport * t)316 void send_tls_request(atransport* t) {
317 D("Calling send_tls_request");
318 apacket* p = get_apacket();
319 p->msg.command = A_STLS;
320 p->msg.arg0 = A_STLS_VERSION;
321 p->msg.data_length = 0;
322 send_packet(p, t);
323 }
324
send_connect(atransport * t)325 void send_connect(atransport* t) {
326 D("Calling send_connect");
327 apacket* cp = get_apacket();
328 cp->msg.command = A_CNXN;
329 // Send the max supported version, but because the transport is
330 // initialized to A_VERSION_MIN, this will be compatible with every
331 // device.
332 cp->msg.arg0 = A_VERSION;
333 cp->msg.arg1 = t->get_max_payload();
334
335 std::string connection_str = get_connection_string();
336 // Connect and auth packets are limited to MAX_PAYLOAD_V1 because we don't
337 // yet know how much data the other size is willing to accept.
338 if (connection_str.length() > MAX_PAYLOAD_V1) {
339 LOG(FATAL) << "Connection banner is too long (length = "
340 << connection_str.length() << ")";
341 }
342
343 cp->payload.assign(connection_str.begin(), connection_str.end());
344 cp->msg.data_length = cp->payload.size();
345
346 send_packet(cp, t);
347 }
348
parse_banner(const std::string & banner,atransport * t)349 void parse_banner(const std::string& banner, atransport* t) {
350 D("parse_banner: %s", banner.c_str());
351
352 // The format is something like:
353 // "device::ro.product.name=x;ro.product.model=y;ro.product.device=z;".
354 std::vector<std::string> pieces = android::base::Split(banner, ":");
355
356 // Reset the features list or else if the server sends no features we may
357 // keep the existing feature set (http://b/24405971).
358 t->SetFeatures("");
359
360 if (pieces.size() > 2) {
361 const std::string& props = pieces[2];
362 for (const auto& prop : android::base::Split(props, ";")) {
363 // The list of properties was traditionally ;-terminated rather than ;-separated.
364 if (prop.empty()) continue;
365
366 std::vector<std::string> key_value = android::base::Split(prop, "=");
367 if (key_value.size() != 2) continue;
368
369 const std::string& key = key_value[0];
370 const std::string& value = key_value[1];
371 if (key == "ro.product.name") {
372 t->product = value;
373 } else if (key == "ro.product.model") {
374 t->model = value;
375 } else if (key == "ro.product.device") {
376 t->device = value;
377 } else if (key == "features") {
378 t->SetFeatures(value);
379 }
380 }
381 }
382
383 const std::string& type = pieces[0];
384 if (type == "bootloader") {
385 D("setting connection_state to kCsBootloader");
386 t->SetConnectionState(kCsBootloader);
387 } else if (type == "device") {
388 D("setting connection_state to kCsDevice");
389 t->SetConnectionState(kCsDevice);
390 } else if (type == "recovery") {
391 D("setting connection_state to kCsRecovery");
392 t->SetConnectionState(kCsRecovery);
393 } else if (type == "sideload") {
394 D("setting connection_state to kCsSideload");
395 t->SetConnectionState(kCsSideload);
396 } else if (type == "rescue") {
397 D("setting connection_state to kCsRescue");
398 t->SetConnectionState(kCsRescue);
399 } else {
400 D("setting connection_state to kCsHost");
401 t->SetConnectionState(kCsHost);
402 }
403 }
404
handle_new_connection(atransport * t,apacket * p)405 static void handle_new_connection(atransport* t, apacket* p) {
406 handle_offline(t);
407
408 t->update_version(p->msg.arg0, p->msg.arg1);
409 std::string banner(p->payload.begin(), p->payload.end());
410 parse_banner(banner, t);
411
412 #if ADB_HOST
413 handle_online(t);
414 #else
415 ADB_LOG(Connection) << "received CNXN: version=" << p->msg.arg0 << ", maxdata = " << p->msg.arg1
416 << ", banner = '" << banner << "'";
417
418 if (t->use_tls) {
419 // We still handshake in TLS mode. If auth_required is disabled,
420 // we'll just not verify the client's certificate. This should be the
421 // first packet the client receives to indicate the new protocol.
422 send_tls_request(t);
423 } else if (!auth_required) {
424 LOG(INFO) << "authentication not required";
425 handle_online(t);
426 send_connect(t);
427 } else {
428 send_auth_request(t);
429 }
430 #endif
431 }
432
handle_packet(apacket * p,atransport * t)433 void handle_packet(apacket *p, atransport *t)
434 {
435 D("handle_packet() %c%c%c%c", ((char*) (&(p->msg.command)))[0],
436 ((char*) (&(p->msg.command)))[1],
437 ((char*) (&(p->msg.command)))[2],
438 ((char*) (&(p->msg.command)))[3]);
439 print_packet("recv", p);
440 CHECK_EQ(p->payload.size(), p->msg.data_length);
441
442 switch(p->msg.command){
443 case A_CNXN: // CONNECT(version, maxdata, "system-id-string")
444 handle_new_connection(t, p);
445 break;
446 case A_STLS: // TLS(version, "")
447 t->use_tls = true;
448 #if ADB_HOST
449 send_tls_request(t);
450 adb_auth_tls_handshake(t);
451 #else
452 adbd_auth_tls_handshake(t);
453 #endif
454 break;
455
456 case A_AUTH:
457 // All AUTH commands are ignored in TLS mode
458 if (t->use_tls) {
459 break;
460 }
461 switch (p->msg.arg0) {
462 #if ADB_HOST
463 case ADB_AUTH_TOKEN:
464 if (t->GetConnectionState() != kCsAuthorizing) {
465 t->SetConnectionState(kCsAuthorizing);
466 }
467 send_auth_response(p->payload.data(), p->msg.data_length, t);
468 break;
469 #else
470 case ADB_AUTH_SIGNATURE: {
471 // TODO: Switch to string_view.
472 std::string signature(p->payload.begin(), p->payload.end());
473 std::string auth_key;
474 if (adbd_auth_verify(t->token, sizeof(t->token), signature, &auth_key)) {
475 adbd_auth_verified(t);
476 t->failed_auth_attempts = 0;
477 t->auth_key = auth_key;
478 adbd_notify_framework_connected_key(t);
479 } else {
480 if (t->failed_auth_attempts++ > 256) std::this_thread::sleep_for(1s);
481 send_auth_request(t);
482 }
483 break;
484 }
485
486 case ADB_AUTH_RSAPUBLICKEY:
487 t->auth_key = std::string(p->payload.data());
488 adbd_auth_confirm_key(t);
489 break;
490 #endif
491 default:
492 t->SetConnectionState(kCsOffline);
493 handle_offline(t);
494 break;
495 }
496 break;
497
498 case A_OPEN: {
499 /* OPEN(local-id, [send-buffer], "destination") */
500 if (!t->online || p->msg.arg0 == 0) {
501 break;
502 }
503
504 uint32_t send_bytes = static_cast<uint32_t>(p->msg.arg1);
505 if (t->SupportsDelayedAck() != static_cast<bool>(send_bytes)) {
506 LOG(ERROR) << "unexpected value of A_OPEN arg1: " << send_bytes
507 << " (delayed acks = " << t->SupportsDelayedAck() << ")";
508 send_close(0, p->msg.arg0, t);
509 break;
510 }
511
512 std::string_view address(p->payload.begin(), p->payload.size());
513
514 // Historically, we received service names as a char*, and stopped at the first NUL
515 // byte. The client sent strings with null termination, which post-string_view, start
516 // being interpreted as part of the string, unless we explicitly strip them.
517 address = StripTrailingNulls(address);
518 #if ADB_HOST
519 // The incoming address (from the payload) might be some other
520 // target (e.g tcp:<ip>:8000), however we do not allow *any*
521 // such requests - namely, those from (a potentially compromised)
522 // adbd (reverse:forward: source) port transport.
523 if (!t->IsReverseConfigured(address.data())) {
524 LOG(FATAL) << __func__ << " disallowed connect to " << address << " from "
525 << t->serial_name();
526 }
527 #endif
528 asocket* s = create_local_service_socket(address, t);
529 if (s == nullptr) {
530 send_close(0, p->msg.arg0, t);
531 break;
532 }
533
534 s->peer = create_remote_socket(p->msg.arg0, t);
535 s->peer->peer = s;
536
537 if (t->SupportsDelayedAck()) {
538 LOG(DEBUG) << "delayed ack available: send buffer = " << send_bytes;
539 s->available_send_bytes = send_bytes;
540
541 // TODO: Make this adjustable at connection time?
542 send_ready(s->id, s->peer->id, t, INITIAL_DELAYED_ACK_BYTES);
543 } else {
544 LOG(DEBUG) << "delayed ack unavailable";
545 send_ready(s->id, s->peer->id, t, 0);
546 }
547
548 s->ready(s);
549 break;
550 }
551
552 case A_OKAY: /* READY(local-id, remote-id, "") */
553 if (t->online && p->msg.arg0 != 0 && p->msg.arg1 != 0) {
554 asocket* s = find_local_socket(p->msg.arg1, 0);
555 if (s) {
556 std::optional<int32_t> acked_bytes;
557 if (p->payload.size() == sizeof(int32_t)) {
558 int32_t value;
559 memcpy(&value, p->payload.data(), sizeof(value));
560 // acked_bytes can be negative!
561 //
562 // In the future, we can use this to preemptively supply backpressure, instead
563 // of waiting for the writer to hit its limit.
564 acked_bytes = value;
565 } else if (p->payload.size() != 0) {
566 LOG(ERROR) << "invalid A_OKAY payload size: " << p->payload.size();
567 return;
568 }
569
570 if (s->peer == nullptr) {
571 /* On first READY message, create the connection. */
572 s->peer = create_remote_socket(p->msg.arg0, t);
573 s->peer->peer = s;
574
575 local_socket_ack(s, acked_bytes);
576 } else if (s->peer->id == p->msg.arg0) {
577 /* Other READY messages must use the same local-id */
578 local_socket_ack(s, acked_bytes);
579 } else {
580 D("Invalid A_OKAY(%d,%d), expected A_OKAY(%d,%d) on transport %s", p->msg.arg0,
581 p->msg.arg1, s->peer->id, p->msg.arg1, t->serial.c_str());
582 }
583 } else {
584 // When receiving A_OKAY from device for A_OPEN request, the host server may
585 // have closed the local socket because of client disconnection. Then we need
586 // to send A_CLSE back to device to close the service on device.
587 send_close(p->msg.arg1, p->msg.arg0, t);
588 }
589 }
590 break;
591
592 case A_CLSE: /* CLOSE(local-id, remote-id, "") or CLOSE(0, remote-id, "") */
593 if (t->online && p->msg.arg1 != 0) {
594 asocket* s = find_local_socket(p->msg.arg1, p->msg.arg0);
595 if (s) {
596 /* According to protocol.txt, p->msg.arg0 might be 0 to indicate
597 * a failed OPEN only. However, due to a bug in previous ADB
598 * versions, CLOSE(0, remote-id, "") was also used for normal
599 * CLOSE() operations.
600 *
601 * This is bad because it means a compromised adbd could
602 * send packets to close connections between the host and
603 * other devices. To avoid this, only allow this if the local
604 * socket has a peer on the same transport.
605 */
606 if (p->msg.arg0 == 0 && s->peer && s->peer->transport != t) {
607 D("Invalid A_CLSE(0, %u) from transport %s, expected transport %s", p->msg.arg1,
608 t->serial.c_str(), s->peer->transport->serial.c_str());
609 } else {
610 s->close(s);
611 }
612 }
613 }
614 break;
615
616 case A_WRTE: /* WRITE(local-id, remote-id, <data>) */
617 if (t->online && p->msg.arg0 != 0 && p->msg.arg1 != 0) {
618 asocket* s = find_local_socket(p->msg.arg1, p->msg.arg0);
619 if (s) {
620 s->enqueue(s, std::move(p->payload));
621 }
622 }
623 break;
624
625 default:
626 printf("handle_packet: what is %08x?!\n", p->msg.command);
627 }
628
629 put_apacket(p);
630 }
631
632 #if ADB_HOST
633
634 #ifdef _WIN32
635
636 // Try to make a handle non-inheritable and if there is an error, don't output
637 // any error info, but leave GetLastError() for the caller to read. This is
638 // convenient if the caller is expecting that this may fail and they'd like to
639 // ignore such a failure.
_try_make_handle_noninheritable(HANDLE h)640 static bool _try_make_handle_noninheritable(HANDLE h) {
641 if (h != INVALID_HANDLE_VALUE && h != NULL) {
642 return SetHandleInformation(h, HANDLE_FLAG_INHERIT, 0) ? true : false;
643 }
644
645 return true;
646 }
647
648 // Try to make a handle non-inheritable with the expectation that this should
649 // succeed, so if this fails, output error info.
_make_handle_noninheritable(HANDLE h)650 static bool _make_handle_noninheritable(HANDLE h) {
651 if (!_try_make_handle_noninheritable(h)) {
652 // Show the handle value to give us a clue in case we have problems
653 // with pseudo-handle values.
654 fprintf(stderr, "adb: cannot make handle 0x%p non-inheritable: %s\n", h,
655 android::base::SystemErrorCodeToString(GetLastError()).c_str());
656 return false;
657 }
658
659 return true;
660 }
661
662 // Create anonymous pipe, preventing inheritance of the read pipe and setting
663 // security of the write pipe to sa.
_create_anonymous_pipe(unique_handle * pipe_read_out,unique_handle * pipe_write_out,SECURITY_ATTRIBUTES * sa)664 static bool _create_anonymous_pipe(unique_handle* pipe_read_out,
665 unique_handle* pipe_write_out,
666 SECURITY_ATTRIBUTES* sa) {
667 HANDLE pipe_read_raw = NULL;
668 HANDLE pipe_write_raw = NULL;
669 if (!CreatePipe(&pipe_read_raw, &pipe_write_raw, sa, 0)) {
670 fprintf(stderr, "adb: CreatePipe failed: %s\n",
671 android::base::SystemErrorCodeToString(GetLastError()).c_str());
672 return false;
673 }
674
675 unique_handle pipe_read(pipe_read_raw);
676 pipe_read_raw = NULL;
677 unique_handle pipe_write(pipe_write_raw);
678 pipe_write_raw = NULL;
679
680 if (!_make_handle_noninheritable(pipe_read.get())) {
681 return false;
682 }
683
684 *pipe_read_out = std::move(pipe_read);
685 *pipe_write_out = std::move(pipe_write);
686
687 return true;
688 }
689
690 // Read from a pipe (that we take ownership of) and write the result to stdout/stderr. Return on
691 // error or when the pipe is closed. Internally makes inheritable handles, so this should not be
692 // called if subprocesses may be started concurrently.
_redirect_pipe_thread(HANDLE h,DWORD nStdHandle)693 static unsigned _redirect_pipe_thread(HANDLE h, DWORD nStdHandle) {
694 // Take ownership of the HANDLE and close when we're done.
695 unique_handle read_pipe(h);
696 const char* output_name = nStdHandle == STD_OUTPUT_HANDLE ? "stdout" : "stderr";
697 const int original_fd = fileno(nStdHandle == STD_OUTPUT_HANDLE ? stdout : stderr);
698 std::unique_ptr<FILE, decltype(&fclose)> stream(nullptr, fclose);
699
700 if (original_fd == -1) {
701 fprintf(stderr, "adb: failed to get file descriptor for %s: %s\n", output_name,
702 strerror(errno));
703 return EXIT_FAILURE;
704 }
705
706 // If fileno() is -2, stdout/stderr is not associated with an output stream, so we should read,
707 // but don't write. Otherwise, make a FILE* identical to stdout/stderr except that it is in
708 // binary mode with no CR/LR translation since we're reading raw.
709 if (original_fd >= 0) {
710 // This internally makes a duplicate file handle that is inheritable, so callers should not
711 // call this function if subprocesses may be started concurrently.
712 const int fd = dup(original_fd);
713 if (fd == -1) {
714 fprintf(stderr, "adb: failed to duplicate file descriptor for %s: %s\n", output_name,
715 strerror(errno));
716 return EXIT_FAILURE;
717 }
718
719 // Note that although we call fdopen() below with a binary flag, it may not adhere to that
720 // flag, so we have to set the mode manually.
721 if (_setmode(fd, _O_BINARY) == -1) {
722 fprintf(stderr, "adb: failed to set binary mode for duplicate of %s: %s\n", output_name,
723 strerror(errno));
724 unix_close(fd);
725 return EXIT_FAILURE;
726 }
727
728 stream.reset(fdopen(fd, "wb"));
729 if (stream.get() == nullptr) {
730 fprintf(stderr, "adb: failed to open duplicate stream for %s: %s\n", output_name,
731 strerror(errno));
732 unix_close(fd);
733 return EXIT_FAILURE;
734 }
735
736 // Unbuffer the stream because it will be buffered by default and we want subprocess output
737 // to be shown immediately.
738 if (setvbuf(stream.get(), NULL, _IONBF, 0) == -1) {
739 fprintf(stderr, "adb: failed to unbuffer %s: %s\n", output_name, strerror(errno));
740 return EXIT_FAILURE;
741 }
742
743 // fd will be closed when stream is closed.
744 }
745
746 while (true) {
747 char buf[64 * 1024];
748 DWORD bytes_read = 0;
749 if (!ReadFile(read_pipe.get(), buf, sizeof(buf), &bytes_read, NULL)) {
750 const DWORD err = GetLastError();
751 // ERROR_BROKEN_PIPE is expected when the subprocess closes
752 // the other end of the pipe.
753 if (err == ERROR_BROKEN_PIPE) {
754 return EXIT_SUCCESS;
755 } else {
756 fprintf(stderr, "adb: failed to read from %s: %s\n", output_name,
757 android::base::SystemErrorCodeToString(err).c_str());
758 return EXIT_FAILURE;
759 }
760 }
761
762 // Don't try to write if our stdout/stderr was not setup by the parent process.
763 if (stream) {
764 // fwrite() actually calls adb_fwrite() which can write UTF-8 to the console.
765 const size_t bytes_written = fwrite(buf, 1, bytes_read, stream.get());
766 if (bytes_written != bytes_read) {
767 fprintf(stderr, "adb: error: only wrote %zu of %lu bytes to %s\n", bytes_written,
768 bytes_read, output_name);
769 return EXIT_FAILURE;
770 }
771 }
772 }
773 }
774
_redirect_stdout_thread(HANDLE h)775 static unsigned __stdcall _redirect_stdout_thread(HANDLE h) {
776 adb_thread_setname("stdout redirect");
777 return _redirect_pipe_thread(h, STD_OUTPUT_HANDLE);
778 }
779
_redirect_stderr_thread(HANDLE h)780 static unsigned __stdcall _redirect_stderr_thread(HANDLE h) {
781 adb_thread_setname("stderr redirect");
782 return _redirect_pipe_thread(h, STD_ERROR_HANDLE);
783 }
784
785 #endif
786
ReportServerStartupFailure(pid_t pid)787 static void ReportServerStartupFailure(pid_t pid) {
788 fprintf(stderr, "ADB server didn't ACK\n");
789 fprintf(stderr, "Full server startup log: %s\n", GetLogFilePath().c_str());
790 fprintf(stderr, "Server had pid: %d\n", pid);
791
792 android::base::unique_fd fd(unix_open(GetLogFilePath(), O_RDONLY));
793 if (fd == -1) return;
794
795 // Let's not show more than 128KiB of log...
796 unix_lseek(fd, -128 * 1024, SEEK_END);
797 std::string content;
798 if (!android::base::ReadFdToString(fd, &content)) return;
799
800 std::string header = android::base::StringPrintf("--- adb starting (pid %d) ---", pid);
801 std::vector<std::string> lines = android::base::Split(content, "\n");
802 int i = lines.size() - 1;
803 while (i >= 0 && lines[i] != header) --i;
804 while (static_cast<size_t>(i) < lines.size()) fprintf(stderr, "%s\n", lines[i++].c_str());
805 }
806
is_one_device_mandatory()807 bool is_one_device_mandatory() {
808 return access("/etc/adb/one_device_required", F_OK) == 0;
809 }
810
launch_server(const std::string & socket_spec,const char * one_device)811 int launch_server(const std::string& socket_spec, const char* one_device) {
812 #if defined(_WIN32)
813 /* we need to start the server in the background */
814 /* we create a PIPE that will be used to wait for the server's "OK" */
815 /* message since the pipe handles must be inheritable, we use a */
816 /* security attribute */
817 SECURITY_ATTRIBUTES sa;
818 sa.nLength = sizeof(sa);
819 sa.lpSecurityDescriptor = NULL;
820 sa.bInheritHandle = TRUE;
821
822 // Redirect stdin to Windows /dev/null. If we instead pass an original
823 // stdin/stdout/stderr handle and it is a console handle, when the adb
824 // server starts up, the C Runtime will see a console handle for a process
825 // that isn't connected to a console and it will configure
826 // stdin/stdout/stderr to be closed. At that point, freopen() could be used
827 // to reopen stderr/out, but it would take more massaging to fixup the file
828 // descriptor number that freopen() uses. It's simplest to avoid all of this
829 // complexity by just redirecting stdin to `nul' and then the C Runtime acts
830 // as expected.
831 unique_handle nul_read(CreateFileW(L"nul", GENERIC_READ,
832 FILE_SHARE_READ | FILE_SHARE_WRITE, &sa, OPEN_EXISTING,
833 FILE_ATTRIBUTE_NORMAL, NULL));
834 if (nul_read.get() == INVALID_HANDLE_VALUE) {
835 fprintf(stderr, "adb: CreateFileW 'nul' failed: %s\n",
836 android::base::SystemErrorCodeToString(GetLastError()).c_str());
837 return -1;
838 }
839
840 // Create pipes with non-inheritable read handle, inheritable write handle. We need to connect
841 // the subprocess to pipes instead of just letting the subprocess inherit our existing
842 // stdout/stderr handles because a DETACHED_PROCESS cannot write to a console that it is not
843 // attached to.
844 unique_handle ack_read, ack_write;
845 if (!_create_anonymous_pipe(&ack_read, &ack_write, &sa)) {
846 return -1;
847 }
848 unique_handle stdout_read, stdout_write;
849 if (!_create_anonymous_pipe(&stdout_read, &stdout_write, &sa)) {
850 return -1;
851 }
852 unique_handle stderr_read, stderr_write;
853 if (!_create_anonymous_pipe(&stderr_read, &stderr_write, &sa)) {
854 return -1;
855 }
856
857 /* Some programs want to launch an adb command and collect its output by
858 * calling CreateProcess with inheritable stdout/stderr handles, then
859 * using read() to get its output. When this happens, the stdout/stderr
860 * handles passed to the adb client process will also be inheritable.
861 * When starting the adb server here, care must be taken to reset them
862 * to non-inheritable.
863 * Otherwise, something bad happens: even if the adb command completes,
864 * the calling process is stuck while read()-ing from the stdout/stderr
865 * descriptors, because they're connected to corresponding handles in the
866 * adb server process (even if the latter never uses/writes to them).
867 * Note that even if we don't pass these handles in the STARTUPINFO struct,
868 * if they're marked inheritable, they're still inherited, requiring us to
869 * deal with this.
870 *
871 * If we're still having problems with inheriting random handles in the
872 * future, consider using PROC_THREAD_ATTRIBUTE_HANDLE_LIST to explicitly
873 * specify which handles should be inherited: http://blogs.msdn.com/b/oldnewthing/archive/2011/12/16/10248328.aspx
874 *
875 * Older versions of Windows return console pseudo-handles that cannot be
876 * made non-inheritable, so ignore those failures.
877 */
878 _try_make_handle_noninheritable(GetStdHandle(STD_INPUT_HANDLE));
879 _try_make_handle_noninheritable(GetStdHandle(STD_OUTPUT_HANDLE));
880 _try_make_handle_noninheritable(GetStdHandle(STD_ERROR_HANDLE));
881
882 STARTUPINFOW startup;
883 ZeroMemory( &startup, sizeof(startup) );
884 startup.cb = sizeof(startup);
885 startup.hStdInput = nul_read.get();
886 startup.hStdOutput = stdout_write.get();
887 startup.hStdError = stderr_write.get();
888 startup.dwFlags = STARTF_USESTDHANDLES;
889
890 // Verify that the pipe_write handle value can be passed on the command line
891 // as %d and that the rest of adb code can pass it around in an int.
892 const int ack_write_as_int = cast_handle_to_int(ack_write.get());
893 if (cast_int_to_handle(ack_write_as_int) != ack_write.get()) {
894 // If this fires, either handle values are larger than 32-bits or else
895 // there is a bug in our casting.
896 // https://msdn.microsoft.com/en-us/library/windows/desktop/aa384203%28v=vs.85%29.aspx
897 fprintf(stderr, "adb: cannot fit pipe handle value into 32-bits: 0x%p\n", ack_write.get());
898 return -1;
899 }
900
901 // get path of current program
902 WCHAR program_path[MAX_PATH];
903 const DWORD module_result = GetModuleFileNameW(NULL, program_path,
904 arraysize(program_path));
905 if ((module_result >= arraysize(program_path)) || (module_result == 0)) {
906 // String truncation or some other error.
907 fprintf(stderr, "adb: cannot get executable path: %s\n",
908 android::base::SystemErrorCodeToString(GetLastError()).c_str());
909 return -1;
910 }
911
912 std::vector<std::string> child_argv = {"adb", "-L", socket_spec};
913 if (gListenAll) {
914 child_argv.push_back("-a");
915 }
916 child_argv.push_back("fork-server");
917 child_argv.push_back("server");
918 child_argv.push_back("--reply-fd");
919 child_argv.push_back(std::to_string(ack_write_as_int));
920 if (one_device) {
921 child_argv.push_back("--one-device");
922 child_argv.push_back(one_device);
923 }
924 // Ideally we'd do CommandLineToArgvW-like quoting, but this is probably
925 // sufficient for the arguments we have.
926 std::string cmdline = android::base::Join(child_argv, ' ');
927 std::wstring cmdline_wide;
928 if (!android::base::UTF8ToWide(cmdline, &cmdline_wide)) {
929 fprintf(stderr, "adb: could not convert cmdline from UTF-8 to UTF-16: %s\n",
930 cmdline.c_str());
931 return -1;
932 }
933
934 PROCESS_INFORMATION pinfo;
935 ZeroMemory(&pinfo, sizeof(pinfo));
936
937 if (!CreateProcessW(
938 program_path, /* program path */
939 cmdline_wide.data(),
940 /* the fork-server argument will set the
941 debug = 2 in the child */
942 NULL, /* process handle is not inheritable */
943 NULL, /* thread handle is not inheritable */
944 TRUE, /* yes, inherit some handles */
945 DETACHED_PROCESS, /* the new process doesn't have a console */
946 NULL, /* use parent's environment block */
947 NULL, /* use parent's starting directory */
948 &startup, /* startup info, i.e. std handles */
949 &pinfo )) {
950 fprintf(stderr, "adb: CreateProcessW failed: %s\n",
951 android::base::SystemErrorCodeToString(GetLastError()).c_str());
952 return -1;
953 }
954
955 unique_handle process_handle(pinfo.hProcess);
956 pinfo.hProcess = NULL;
957
958 // Close handles that we no longer need to complete the rest.
959 CloseHandle(pinfo.hThread);
960 pinfo.hThread = NULL;
961
962 nul_read.reset();
963 ack_write.reset();
964 stdout_write.reset();
965 stderr_write.reset();
966
967 // Start threads to read from subprocess stdout/stderr and write to ours to make subprocess
968 // errors easier to diagnose. Note that the threads internally create inheritable handles, but
969 // that is ok because we've already spawned the subprocess.
970
971 // In the past, reading from a pipe before the child process's C Runtime
972 // started up and called GetFileType() caused a hang: http://blogs.msdn.com/b/oldnewthing/archive/2011/12/02/10243553.aspx#10244216
973 // This is reportedly fixed in Windows Vista: https://support.microsoft.com/en-us/kb/2009703
974 // I was unable to reproduce the problem on Windows XP. It sounds like a
975 // Windows Update may have fixed this: https://www.duckware.com/tech/peeknamedpipe.html
976 unique_handle stdout_thread(reinterpret_cast<HANDLE>(
977 _beginthreadex(NULL, 0, _redirect_stdout_thread, stdout_read.get(),
978 0, NULL)));
979 if (stdout_thread.get() == nullptr) {
980 fprintf(stderr, "adb: cannot create thread: %s\n", strerror(errno));
981 return -1;
982 }
983 stdout_read.release(); // Transfer ownership to new thread
984
985 unique_handle stderr_thread(reinterpret_cast<HANDLE>(
986 _beginthreadex(NULL, 0, _redirect_stderr_thread, stderr_read.get(),
987 0, NULL)));
988 if (stderr_thread.get() == nullptr) {
989 fprintf(stderr, "adb: cannot create thread: %s\n", strerror(errno));
990 return -1;
991 }
992 stderr_read.release(); // Transfer ownership to new thread
993
994 bool got_ack = false;
995
996 // Wait for the "OK\n" message, for the pipe to be closed, or other error.
997 {
998 char temp[3];
999 DWORD count = 0;
1000
1001 if (ReadFile(ack_read.get(), temp, sizeof(temp), &count, NULL)) {
1002 const CHAR expected[] = "OK\n";
1003 const DWORD expected_length = arraysize(expected) - 1;
1004 if (count == expected_length &&
1005 memcmp(temp, expected, expected_length) == 0) {
1006 got_ack = true;
1007 } else {
1008 ReportServerStartupFailure(pinfo.dwProcessId);
1009 return -1;
1010 }
1011 } else {
1012 const DWORD err = GetLastError();
1013 // If the ACK was not written and the process exited, GetLastError()
1014 // is probably ERROR_BROKEN_PIPE, in which case that info is not
1015 // useful to the user.
1016 fprintf(stderr, "could not read ok from ADB Server%s\n",
1017 err == ERROR_BROKEN_PIPE ? "" :
1018 android::base::StringPrintf(": %s",
1019 android::base::SystemErrorCodeToString(err).c_str()).c_str());
1020 }
1021 }
1022
1023 // Always try to wait a bit for threads reading stdout/stderr to finish.
1024 // If the process started ok, it should close the pipes causing the threads
1025 // to finish. If the process had an error, it should exit, also causing
1026 // the pipes to be closed. In that case we want to read all of the output
1027 // and write it out so that the user can diagnose failures.
1028 const DWORD thread_timeout_ms = 15 * 1000;
1029 const HANDLE threads[] = { stdout_thread.get(), stderr_thread.get() };
1030 const DWORD wait_result = WaitForMultipleObjects(arraysize(threads),
1031 threads, TRUE, thread_timeout_ms);
1032 if (wait_result == WAIT_TIMEOUT) {
1033 // Threads did not finish after waiting a little while. Perhaps the
1034 // server didn't close pipes, or it is hung.
1035 fprintf(stderr, "adb: timed out waiting for threads to finish reading from ADB server\n");
1036 // Process handles are signaled when the process exits, so if we wait
1037 // on the handle for 0 seconds and it returns 'timeout', that means that
1038 // the process is still running.
1039 if (WaitForSingleObject(process_handle.get(), 0) == WAIT_TIMEOUT) {
1040 // We could TerminateProcess(), but that seems somewhat presumptive.
1041 fprintf(stderr, "adb: server is running with process id %lu\n", pinfo.dwProcessId);
1042 }
1043 return -1;
1044 }
1045
1046 if (wait_result != WAIT_OBJECT_0) {
1047 fprintf(stderr, "adb: unexpected result waiting for threads: %lu: %s\n", wait_result,
1048 android::base::SystemErrorCodeToString(GetLastError()).c_str());
1049 return -1;
1050 }
1051
1052 // For now ignore the thread exit codes and assume they worked properly.
1053
1054 if (!got_ack) {
1055 return -1;
1056 }
1057 #else /* !defined(_WIN32) */
1058 // set up a pipe so the child can tell us when it is ready.
1059 unique_fd pipe_read, pipe_write;
1060 if (!Pipe(&pipe_read, &pipe_write)) {
1061 fprintf(stderr, "pipe failed in launch_server, errno: %d\n", errno);
1062 return -1;
1063 }
1064
1065 std::string path = android::base::GetExecutablePath();
1066
1067 std::string reply_fd = std::to_string(pipe_write.get());
1068 // child process arguments
1069 std::vector<const char*> child_argv = {"adb", "-L", socket_spec.c_str()};
1070 if (gListenAll) {
1071 child_argv.push_back("-a");
1072 }
1073 child_argv.push_back("fork-server");
1074 child_argv.push_back("server");
1075 child_argv.push_back("--reply-fd");
1076 child_argv.push_back(reply_fd.c_str());
1077 if (one_device) {
1078 child_argv.push_back("--one-device");
1079 child_argv.push_back(one_device);
1080 } else if (is_one_device_mandatory()) {
1081 fprintf(stderr,
1082 "adb: cannot start server: --one-device option is required for this system in "
1083 "order to start adb.\n");
1084 return -1;
1085 }
1086 child_argv.push_back(nullptr);
1087
1088 pid_t pid = fork();
1089 if (pid < 0) return -1;
1090
1091 if (pid == 0) {
1092 // child side of the fork
1093 pipe_read.reset();
1094
1095 // android::base::Pipe unconditionally opens the pipe with O_CLOEXEC.
1096 // Undo this manually.
1097 fcntl(pipe_write.get(), F_SETFD, 0);
1098
1099 int result = execv(path.c_str(), const_cast<char* const*>(child_argv.data()));
1100 // this should not return
1101 fprintf(stderr, "adb: execl returned %d: %s\n", result, strerror(errno));
1102 _exit(127);
1103 } else {
1104 // parent side of the fork
1105 char temp[3] = {};
1106 // wait for the "OK\n" message
1107 pipe_write.reset();
1108 int ret = adb_read(pipe_read.get(), temp, 3);
1109 int saved_errno = errno;
1110 pipe_read.reset();
1111 if (ret < 0) {
1112 fprintf(stderr, "could not read ok from ADB Server, errno = %d\n", saved_errno);
1113 return -1;
1114 }
1115 if (ret != 3 || temp[0] != 'O' || temp[1] != 'K' || temp[2] != '\n') {
1116 ReportServerStartupFailure(pid);
1117 return -1;
1118 }
1119 }
1120 #endif /* !defined(_WIN32) */
1121 return 0;
1122 }
1123 #endif /* ADB_HOST */
1124
handle_forward_request(const char * service,atransport * transport,int reply_fd)1125 bool handle_forward_request(const char* service, atransport* transport, int reply_fd) {
1126 return handle_forward_request(service, [transport](std::string*) { return transport; },
1127 reply_fd);
1128 }
1129
1130 // Try to handle a network forwarding request.
handle_forward_request(const char * service,std::function<atransport * (std::string * error)> transport_acquirer,int reply_fd)1131 bool handle_forward_request(const char* service,
1132 std::function<atransport*(std::string* error)> transport_acquirer,
1133 int reply_fd) {
1134 if (!strcmp(service, "list-forward")) {
1135 // Create the list of forward redirections.
1136 std::string listeners = format_listeners();
1137 #if ADB_HOST
1138 SendOkay(reply_fd);
1139 #endif
1140 SendProtocolString(reply_fd, listeners);
1141 return true;
1142 }
1143
1144 if (!strcmp(service, "killforward-all")) {
1145 remove_all_listeners();
1146 #if ADB_HOST
1147 /* On the host: 1st OKAY is connect, 2nd OKAY is status */
1148 SendOkay(reply_fd);
1149 #endif
1150 SendOkay(reply_fd);
1151 return true;
1152 }
1153
1154 if (!strncmp(service, "forward:", 8) || !strncmp(service, "killforward:", 12)) {
1155 // killforward:local
1156 // forward:(norebind:)?local;remote
1157 std::string error;
1158 atransport* transport = transport_acquirer(&error);
1159 if (!transport) {
1160 SendFail(reply_fd, error);
1161 return true;
1162 }
1163
1164 bool kill_forward = false;
1165 bool no_rebind = false;
1166 if (android::base::StartsWith(service, "killforward:")) {
1167 kill_forward = true;
1168 service += 12;
1169 } else {
1170 service += 8; // skip past "forward:"
1171 if (android::base::StartsWith(service, "norebind:")) {
1172 no_rebind = true;
1173 service += 9;
1174 }
1175 }
1176
1177 std::vector<std::string> pieces = android::base::Split(service, ";");
1178
1179 if (kill_forward) {
1180 // Check killforward: parameter format: '<local>'
1181 if (pieces.size() != 1 || pieces[0].empty()) {
1182 SendFail(reply_fd, android::base::StringPrintf("bad killforward: %s", service));
1183 return true;
1184 }
1185 } else {
1186 // Check forward: parameter format: '<local>;<remote>'
1187 if (pieces.size() != 2 || pieces[0].empty() || pieces[1].empty() || pieces[1][0] == '*') {
1188 SendFail(reply_fd, android::base::StringPrintf("bad forward: %s", service));
1189 return true;
1190 }
1191 }
1192
1193 InstallStatus r;
1194 int resolved_tcp_port = 0;
1195 if (kill_forward) {
1196 r = remove_listener(pieces[0].c_str(), transport);
1197 } else {
1198 int flags = 0;
1199 if (no_rebind) {
1200 flags |= INSTALL_LISTENER_NO_REBIND;
1201 }
1202 r = install_listener(pieces[0], pieces[1].c_str(), transport, flags, &resolved_tcp_port,
1203 &error);
1204 }
1205 if (r == INSTALL_STATUS_OK) {
1206 #if ADB_HOST
1207 // On the host: 1st OKAY is connect, 2nd OKAY is status.
1208 SendOkay(reply_fd);
1209 #endif
1210 SendOkay(reply_fd);
1211
1212 // If a TCP port was resolved, send the actual port number back.
1213 if (resolved_tcp_port != 0) {
1214 SendProtocolString(reply_fd, android::base::StringPrintf("%d", resolved_tcp_port));
1215 }
1216
1217 return true;
1218 }
1219
1220 std::string message;
1221 switch (r) {
1222 case INSTALL_STATUS_OK: message = "success (!)"; break;
1223 case INSTALL_STATUS_INTERNAL_ERROR: message = "internal error"; break;
1224 case INSTALL_STATUS_CANNOT_BIND:
1225 message = android::base::StringPrintf("cannot bind listener: %s",
1226 error.c_str());
1227 break;
1228 case INSTALL_STATUS_CANNOT_REBIND:
1229 message = android::base::StringPrintf("cannot rebind existing socket");
1230 break;
1231 case INSTALL_STATUS_LISTENER_NOT_FOUND:
1232 message = android::base::StringPrintf("listener '%s' not found", service);
1233 break;
1234 }
1235 SendFail(reply_fd, message);
1236 return true;
1237 }
1238
1239 return false;
1240 }
1241
1242 #if ADB_HOST
SendOkay(int fd,const std::string & s)1243 static int SendOkay(int fd, const std::string& s) {
1244 SendOkay(fd);
1245 SendProtocolString(fd, s);
1246 return 0;
1247 }
1248
1249 static bool g_reject_kill_server = false;
adb_set_reject_kill_server(bool value)1250 void adb_set_reject_kill_server(bool value) {
1251 g_reject_kill_server = value;
1252 }
1253
handle_mdns_request(std::string_view service,int reply_fd)1254 static bool handle_mdns_request(std::string_view service, int reply_fd) {
1255 if (!android::base::ConsumePrefix(&service, "mdns:")) {
1256 return false;
1257 }
1258
1259 if (service == "check") {
1260 std::string check = mdns_check();
1261 SendOkay(reply_fd, check);
1262 return true;
1263 }
1264 if (service == "services") {
1265 std::string services_list = mdns_list_discovered_services();
1266 SendOkay(reply_fd, services_list);
1267 return true;
1268 }
1269
1270 return false;
1271 }
1272
handle_host_request(std::string_view service,TransportType type,const char * serial,TransportId transport_id,int reply_fd,asocket * s)1273 HostRequestResult handle_host_request(std::string_view service, TransportType type,
1274 const char* serial, TransportId transport_id, int reply_fd,
1275 asocket* s) {
1276 if (service == "kill") {
1277 if (g_reject_kill_server) {
1278 LOG(WARNING) << "adb server ignoring kill-server";
1279 SendFail(reply_fd, "kill-server rejected by remote server");
1280 } else {
1281 fprintf(stderr, "adb server killed by remote request\n");
1282 SendOkay(reply_fd);
1283
1284 // Rely on process exit to close the socket for us.
1285 exit(0);
1286 }
1287 }
1288
1289 VLOG(SERVICES) << "handle_host_request(" << service << ")";
1290
1291 // Transport selection:
1292 if (service.starts_with("transport") || service.starts_with("tport:")) {
1293 TransportType type = kTransportAny;
1294
1295 std::string serial_storage;
1296 bool legacy = true;
1297
1298 // New transport selection protocol:
1299 // This is essentially identical to the previous version, except it returns the selected
1300 // transport id to the caller as well.
1301 if (android::base::ConsumePrefix(&service, "tport:")) {
1302 legacy = false;
1303 if (android::base::ConsumePrefix(&service, "serial:")) {
1304 serial_storage = service;
1305 serial = serial_storage.c_str();
1306 } else if (service == "usb") {
1307 type = kTransportUsb;
1308 } else if (service == "local") {
1309 type = kTransportLocal;
1310 } else if (service == "any") {
1311 type = kTransportAny;
1312 }
1313
1314 // Selection by id is unimplemented, since you obviously already know the transport id
1315 // you're connecting to.
1316 } else {
1317 if (android::base::ConsumePrefix(&service, "transport-id:")) {
1318 if (!ParseUint(&transport_id, service)) {
1319 SendFail(reply_fd, "invalid transport id");
1320 return HostRequestResult::Handled;
1321 }
1322 } else if (service == "transport-usb") {
1323 type = kTransportUsb;
1324 } else if (service == "transport-local") {
1325 type = kTransportLocal;
1326 } else if (service == "transport-any") {
1327 type = kTransportAny;
1328 } else if (android::base::ConsumePrefix(&service, "transport:")) {
1329 serial_storage = service;
1330 serial = serial_storage.c_str();
1331 }
1332 }
1333
1334 std::string error;
1335 atransport* t = acquire_one_transport(type, serial, transport_id, nullptr, &error);
1336 if (t != nullptr) {
1337 s->transport = t;
1338 SendOkay(reply_fd);
1339
1340 if (!legacy) {
1341 // Nothing we can do if this fails.
1342 WriteFdExactly(reply_fd, &t->id, sizeof(t->id));
1343 }
1344
1345 return HostRequestResult::SwitchedTransport;
1346 } else {
1347 SendFail(reply_fd, error);
1348 return HostRequestResult::Handled;
1349 }
1350 }
1351
1352 if (service == "server-status") {
1353 adb::proto::AdbServerStatus status;
1354 if (is_libusb_enabled()) {
1355 status.set_usb_backend(adb::proto::AdbServerStatus::LIBUSB);
1356 } else {
1357 status.set_usb_backend(adb::proto::AdbServerStatus::NATIVE);
1358 }
1359 status.set_usb_backend_forced(getenv("ADB_LIBUSB") != nullptr);
1360
1361 if (using_bonjour()) {
1362 status.set_mdns_backend(adb::proto::AdbServerStatus::BONJOUR);
1363 } else {
1364 status.set_mdns_backend(adb::proto::AdbServerStatus::OPENSCREEN);
1365 }
1366 status.set_mdns_backend_forced(getenv("ADB_MDNS_OPENSCREEN") != nullptr);
1367
1368 status.set_version(std::string(PLATFORM_TOOLS_VERSION));
1369 status.set_build(android::build::GetBuildNumber());
1370 status.set_executable_absolute_path(android::base::GetExecutablePath());
1371 status.set_log_absolute_path(GetLogFilePath());
1372 status.set_os(GetOSVersion());
1373
1374 std::string server_status_string;
1375 status.SerializeToString(&server_status_string);
1376 SendOkay(reply_fd, server_status_string);
1377 return HostRequestResult::Handled;
1378 }
1379
1380 // return a list of all connected devices
1381 if (service == "devices" || service == "devices-l") {
1382 TrackerOutputType output_type;
1383 if (service == "devices-l") {
1384 output_type = LONG_TEXT;
1385 } else {
1386 output_type = SHORT_TEXT;
1387 }
1388 D("Getting device list...");
1389 std::string device_list = list_transports(output_type);
1390 D("Sending device list...");
1391 SendOkay(reply_fd, device_list);
1392 return HostRequestResult::Handled;
1393 }
1394
1395 if (service == "reconnect-offline") {
1396 std::string response;
1397 close_usb_devices([&response](const atransport* transport) {
1398 if (!ConnectionStateIsOnline(transport->GetConnectionState())) {
1399 response += "reconnecting " + transport->serial_name() + "\n";
1400 return true;
1401 }
1402 return false;
1403 }, true);
1404 if (!response.empty()) {
1405 response.resize(response.size() - 1);
1406 }
1407 SendOkay(reply_fd, response);
1408 return HostRequestResult::Handled;
1409 }
1410
1411 if (service == "features") {
1412 std::string error;
1413 atransport* t =
1414 s->transport ? s->transport
1415 : acquire_one_transport(type, serial, transport_id, nullptr, &error);
1416 if (t != nullptr) {
1417 SendOkay(reply_fd, FeatureSetToString(t->features()));
1418 } else {
1419 SendFail(reply_fd, error);
1420 }
1421 return HostRequestResult::Handled;
1422 }
1423
1424 if (service == "host-features") {
1425 FeatureSet features = supported_features();
1426 // Abuse features to report libusb status.
1427 if (is_libusb_enabled()) {
1428 features.emplace_back(kFeatureLibusb);
1429 }
1430 features.emplace_back(kFeaturePushSync);
1431 SendOkay(reply_fd, FeatureSetToString(features));
1432 return HostRequestResult::Handled;
1433 }
1434
1435 // remove TCP transport
1436 if (service.starts_with("disconnect:")) {
1437 std::string address(service.substr(11));
1438 if (address.empty()) {
1439 kick_all_tcp_devices();
1440 SendOkay(reply_fd, "disconnected everything");
1441 return HostRequestResult::Handled;
1442 }
1443
1444 // Mdns instance named device
1445 atransport* t = find_transport(address.c_str());
1446 if (t != nullptr) {
1447 kick_transport(t);
1448 SendOkay(reply_fd, android::base::StringPrintf("disconnected %s", address.c_str()));
1449 return HostRequestResult::Handled;
1450 }
1451
1452 std::string serial;
1453 std::string host;
1454 int port = DEFAULT_ADB_LOCAL_TRANSPORT_PORT;
1455 std::string error;
1456 if (address.starts_with("vsock:") || address.starts_with("localfilesystem:")) {
1457 serial = address;
1458 } else if (!android::base::ParseNetAddress(address, &host, &port, &serial, &error)) {
1459 SendFail(reply_fd, android::base::StringPrintf("couldn't parse '%s': %s",
1460 address.c_str(), error.c_str()));
1461 return HostRequestResult::Handled;
1462 }
1463 t = find_transport(serial.c_str());
1464 if (t == nullptr) {
1465 SendFail(reply_fd, android::base::StringPrintf("no such device '%s'", serial.c_str()));
1466 return HostRequestResult::Handled;
1467 }
1468 kick_transport(t);
1469 SendOkay(reply_fd, android::base::StringPrintf("disconnected %s", address.c_str()));
1470 return HostRequestResult::Handled;
1471 }
1472
1473 // Returns our value for ADB_SERVER_VERSION.
1474 if (service == "version") {
1475 SendOkay(reply_fd, android::base::StringPrintf("%04x", ADB_SERVER_VERSION));
1476 return HostRequestResult::Handled;
1477 }
1478
1479 // These always report "unknown" rather than the actual error, for scripts.
1480 if (service == "get-serialno") {
1481 std::string error;
1482 atransport* t =
1483 s->transport ? s->transport
1484 : acquire_one_transport(type, serial, transport_id, nullptr, &error);
1485 if (t) {
1486 SendOkay(reply_fd, !t->serial.empty() ? t->serial : "unknown");
1487 } else {
1488 SendFail(reply_fd, error);
1489 }
1490 return HostRequestResult::Handled;
1491 }
1492 if (service == "get-devpath") {
1493 std::string error;
1494 atransport* t =
1495 s->transport ? s->transport
1496 : acquire_one_transport(type, serial, transport_id, nullptr, &error);
1497 if (t) {
1498 SendOkay(reply_fd, !t->devpath.empty() ? t->devpath : "unknown");
1499 } else {
1500 SendFail(reply_fd, error);
1501 }
1502 return HostRequestResult::Handled;
1503 }
1504 if (service == "get-state") {
1505 std::string error;
1506 atransport* t =
1507 s->transport ? s->transport
1508 : acquire_one_transport(type, serial, transport_id, nullptr, &error);
1509 if (t) {
1510 SendOkay(reply_fd, to_string(t->GetConnectionState()));
1511 } else {
1512 SendFail(reply_fd, error);
1513 }
1514 return HostRequestResult::Handled;
1515 }
1516
1517 // Indicates a new emulator instance has started.
1518 if (android::base::ConsumePrefix(&service, "emulator:")) {
1519 unsigned int port;
1520 if (!ParseUint(&port, service)) {
1521 LOG(ERROR) << "received invalid port for emulator: " << service;
1522 } else {
1523 connect_emulator(port);
1524 }
1525
1526 /* we don't even need to send a reply */
1527 return HostRequestResult::Handled;
1528 }
1529
1530 if (service == "reconnect") {
1531 std::string response;
1532 atransport* t = s->transport ? s->transport
1533 : acquire_one_transport(type, serial, transport_id, nullptr,
1534 &response, true);
1535 if (t != nullptr) {
1536 kick_transport(t, true);
1537 response = "reconnecting " + t->serial_name() + " [" +
1538 to_string(t->GetConnectionState()) + "]\n";
1539 }
1540 SendOkay(reply_fd, response);
1541 return HostRequestResult::Handled;
1542 }
1543
1544 if (service == "attach") {
1545 std::string error;
1546 atransport* t = s->transport ? s->transport
1547 : acquire_one_transport(type, serial, transport_id, nullptr,
1548 &error, true);
1549 if (!t) {
1550 SendFail(reply_fd, error);
1551 return HostRequestResult::Handled;
1552 }
1553
1554 if (t->Attach(&error)) {
1555 SendOkay(reply_fd,
1556 android::base::StringPrintf("%s attached", t->serial_name().c_str()));
1557 } else {
1558 SendFail(reply_fd, error);
1559 }
1560 return HostRequestResult::Handled;
1561 }
1562
1563 if (service == "detach") {
1564 std::string error;
1565 atransport* t = s->transport ? s->transport
1566 : acquire_one_transport(type, serial, transport_id, nullptr,
1567 &error, true);
1568 if (!t) {
1569 SendFail(reply_fd, error);
1570 return HostRequestResult::Handled;
1571 }
1572
1573 // HACK:
1574 // Detaching the transport will lead to all of its sockets being closed,
1575 // but we're handling one of those sockets right now!
1576 //
1577 // Mark the socket as not having a transport, knowing that it'll be cleaned up by the
1578 // function that called us.
1579 s->transport = nullptr;
1580
1581 if (t->Detach(&error)) {
1582 SendOkay(reply_fd,
1583 android::base::StringPrintf("%s detached", t->serial_name().c_str()));
1584 } else {
1585 SendFail(reply_fd, error);
1586 }
1587 return HostRequestResult::Handled;
1588 }
1589
1590 // TODO: Switch handle_forward_request to string_view.
1591 std::string service_str(service);
1592 auto transport_acquirer = [=](std::string* error) {
1593 if (s->transport) {
1594 return s->transport;
1595 } else {
1596 std::string error;
1597 return acquire_one_transport(type, serial, transport_id, nullptr, &error);
1598 }
1599 };
1600 if (handle_forward_request(service_str.c_str(), transport_acquirer, reply_fd)) {
1601 return HostRequestResult::Handled;
1602 }
1603
1604 if (handle_mdns_request(service, reply_fd)) {
1605 return HostRequestResult::Handled;
1606 }
1607
1608 return HostRequestResult::Unhandled;
1609 }
1610
1611 static auto& init_mutex = *new std::mutex();
1612 static auto& init_cv = *new std::condition_variable();
1613 static bool device_scan_complete = false;
1614 static bool transports_ready = false;
1615
update_transport_status()1616 void update_transport_status() {
1617 bool result = iterate_transports([](const atransport* t) {
1618 if (t->type == kTransportUsb && t->online != 1) {
1619 return false;
1620 }
1621 return true;
1622 });
1623
1624 bool ready;
1625 {
1626 std::lock_guard<std::mutex> lock(init_mutex);
1627 transports_ready = result;
1628 ready = transports_ready && device_scan_complete;
1629 }
1630
1631 if (ready) {
1632 init_cv.notify_all();
1633 }
1634 }
1635
adb_notify_device_scan_complete()1636 void adb_notify_device_scan_complete() {
1637 {
1638 std::lock_guard<std::mutex> lock(init_mutex);
1639 if (device_scan_complete) {
1640 return;
1641 }
1642
1643 device_scan_complete = true;
1644 }
1645
1646 update_transport_status();
1647 }
1648
adb_wait_for_device_initialization()1649 void adb_wait_for_device_initialization() {
1650 std::unique_lock<std::mutex> lock(init_mutex);
1651 init_cv.wait_for(lock, 3s, []() { return device_scan_complete && transports_ready; });
1652 }
1653
1654 #endif // ADB_HOST
1655