1 /*
2 * Copyright (C) 2007 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #define TRACE_TAG TRANSPORT
18
19 #include "sysdeps.h"
20
21 #include "transport.h"
22
23 #include <ctype.h>
24 #include <errno.h>
25 #include <inttypes.h>
26 #include <stdio.h>
27 #include <stdlib.h>
28 #include <string.h>
29 #include <unistd.h>
30
31 #include <algorithm>
32 #include <list>
33 #include <memory>
34 #include <mutex>
35 #include <set>
36 #include <string>
37 #include <thread>
38
39 #include <adb/crypto/rsa_2048_key.h>
40 #include <adb/crypto/x509_generator.h>
41 #include <adb/tls/tls_connection.h>
42 #include <android-base/logging.h>
43 #include <android-base/no_destructor.h>
44 #include <android-base/parsenetaddress.h>
45 #include <android-base/stringprintf.h>
46 #include <android-base/strings.h>
47 #include <android-base/thread_annotations.h>
48 #include <diagnose_usb.h>
49
50 #include "adb.h"
51 #include "adb_auth.h"
52 #include "adb_io.h"
53 #include "adb_trace.h"
54 #include "adb_utils.h"
55 #include "fdevent/fdevent.h"
56 #include "sysdeps/chrono.h"
57
58 #if ADB_HOST
59 #include <google/protobuf/text_format.h>
60 #include "adb_host.pb.h"
61 #include "client/usb.h"
62 #endif
63
64 using namespace adb::crypto;
65 using namespace adb::tls;
66 using namespace std::string_literals;
67 using android::base::ScopedLockAssertion;
68 using TlsError = TlsConnection::TlsError;
69
70 static void remove_transport(atransport* transport);
71 static void transport_destroy(atransport* transport);
72
73 static auto& transport_lock = *new std::recursive_mutex();
74 // When a tranport is created, it is not started yet (and in the case of the host side, it has
75 // not yet sent CNXN). These transports are staged in the pending list.
76 static auto& pending_list = *new std::list<atransport*>();
77 // TODO: unordered_map<TransportId, atransport*>
78 static auto& transport_list = *new std::list<atransport*>();
79
80 const char* const kFeatureShell2 = "shell_v2";
81 const char* const kFeatureCmd = "cmd";
82 const char* const kFeatureStat2 = "stat_v2";
83 const char* const kFeatureLs2 = "ls_v2";
84 const char* const kFeatureLibusb = "libusb";
85 const char* const kFeaturePushSync = "push_sync";
86 const char* const kFeatureApex = "apex";
87 const char* const kFeatureFixedPushMkdir = "fixed_push_mkdir";
88 const char* const kFeatureAbb = "abb";
89 const char* const kFeatureFixedPushSymlinkTimestamp = "fixed_push_symlink_timestamp";
90 const char* const kFeatureAbbExec = "abb_exec";
91 const char* const kFeatureRemountShell = "remount_shell";
92 const char* const kFeatureTrackApp = "track_app";
93 const char* const kFeatureSendRecv2 = "sendrecv_v2";
94 const char* const kFeatureSendRecv2Brotli = "sendrecv_v2_brotli";
95 const char* const kFeatureSendRecv2LZ4 = "sendrecv_v2_lz4";
96 const char* const kFeatureSendRecv2Zstd = "sendrecv_v2_zstd";
97 const char* const kFeatureSendRecv2DryRunSend = "sendrecv_v2_dry_run_send";
98 const char* const kFeatureDelayedAck = "delayed_ack";
99 // TODO(joshuaduong): Bump to v2 when openscreen discovery is enabled by default
100 const char* const kFeatureOpenscreenMdns = "openscreen_mdns";
101 const char* const kFeatureDeviceTrackerProtoFormat = "devicetracker_proto_format";
102 const char* const kFeatureDevRaw = "devraw";
103 const char* const kFeatureAppInfo = "app_info"; // Add information to track-app (package name, ...)
104 const char* const kFeatureServerStatus = "server_status"; // Ability to output server status
105
106 namespace {
107
108 #if ADB_HOST
109
110 // Tracks and handles atransport*s that are attempting reconnection.
111 class ReconnectHandler {
112 public:
113 ReconnectHandler() = default;
114 ~ReconnectHandler() = default;
115
116 // Starts the ReconnectHandler thread.
117 void Start();
118
119 // Requests the ReconnectHandler thread to stop.
120 void Stop();
121
122 // Adds the atransport* to the queue of reconnect attempts.
123 void TrackTransport(atransport* transport);
124
125 // Wake up the ReconnectHandler thread to have it check for kicked transports.
126 void CheckForKicked();
127
128 private:
129 // The main thread loop.
130 void Run();
131
132 // Tracks a reconnection attempt.
133 struct ReconnectAttempt {
134 atransport* transport;
135 std::chrono::steady_clock::time_point reconnect_time;
136 size_t attempts_left;
137
operator <__anon3ba063df0111::ReconnectHandler::ReconnectAttempt138 bool operator<(const ReconnectAttempt& rhs) const {
139 if (reconnect_time == rhs.reconnect_time) {
140 return reinterpret_cast<uintptr_t>(transport) <
141 reinterpret_cast<uintptr_t>(rhs.transport);
142 }
143 return reconnect_time < rhs.reconnect_time;
144 }
145 };
146
147 // Only retry for up to one minute.
148 static constexpr const std::chrono::seconds kDefaultTimeout = 3s;
149 static constexpr const size_t kMaxAttempts = 20;
150
151 // Protects all members.
152 std::mutex reconnect_mutex_;
153 bool running_ GUARDED_BY(reconnect_mutex_) = true;
154 std::thread handler_thread_;
155 std::condition_variable reconnect_cv_;
156 std::set<ReconnectAttempt> reconnect_queue_ GUARDED_BY(reconnect_mutex_);
157
158 DISALLOW_COPY_AND_ASSIGN(ReconnectHandler);
159 };
160
Start()161 void ReconnectHandler::Start() {
162 fdevent_check_looper();
163 handler_thread_ = std::thread(&ReconnectHandler::Run, this);
164 }
165
Stop()166 void ReconnectHandler::Stop() {
167 fdevent_check_looper();
168 {
169 std::lock_guard<std::mutex> lock(reconnect_mutex_);
170 running_ = false;
171 }
172 reconnect_cv_.notify_one();
173 handler_thread_.join();
174
175 // Drain the queue to free all resources.
176 std::lock_guard<std::mutex> lock(reconnect_mutex_);
177 while (!reconnect_queue_.empty()) {
178 ReconnectAttempt attempt = *reconnect_queue_.begin();
179 reconnect_queue_.erase(reconnect_queue_.begin());
180 remove_transport(attempt.transport);
181 }
182 }
183
TrackTransport(atransport * transport)184 void ReconnectHandler::TrackTransport(atransport* transport) {
185 fdevent_check_looper();
186 {
187 std::lock_guard<std::mutex> lock(reconnect_mutex_);
188 if (!running_) return;
189 // Arbitrary sleep to give adbd time to get ready, if we disconnected because it exited.
190 auto reconnect_time = std::chrono::steady_clock::now() + 250ms;
191 reconnect_queue_.emplace(
192 ReconnectAttempt{transport, reconnect_time, ReconnectHandler::kMaxAttempts});
193 }
194 reconnect_cv_.notify_one();
195 }
196
CheckForKicked()197 void ReconnectHandler::CheckForKicked() {
198 reconnect_cv_.notify_one();
199 }
200
Run()201 void ReconnectHandler::Run() {
202 while (true) {
203 ReconnectAttempt attempt;
204 {
205 std::unique_lock<std::mutex> lock(reconnect_mutex_);
206 ScopedLockAssertion assume_lock(reconnect_mutex_);
207
208 if (!reconnect_queue_.empty()) {
209 // FIXME: libstdc++ (used on Windows) implements condition_variable with
210 // system_clock as its clock, so we're probably hosed if the clock changes,
211 // even if we use steady_clock throughout. This problem goes away once we
212 // switch to libc++.
213 reconnect_cv_.wait_until(lock, reconnect_queue_.begin()->reconnect_time);
214 } else {
215 reconnect_cv_.wait(lock);
216 }
217
218 if (!running_) return;
219
220 // Scan the whole list for kicked transports, so that we immediately handle an explicit
221 // disconnect request.
222 for (auto it = reconnect_queue_.begin(); it != reconnect_queue_.end();) {
223 if (it->transport->kicked()) {
224 D("transport %s was kicked. giving up on it.", it->transport->serial.c_str());
225 remove_transport(it->transport);
226 it = reconnect_queue_.erase(it);
227 } else {
228 ++it;
229 }
230 }
231
232 if (reconnect_queue_.empty()) continue;
233
234 // Go back to sleep if we either woke up spuriously, or we were woken up to remove
235 // a kicked transport, and the first transport isn't ready for reconnection yet.
236 auto now = std::chrono::steady_clock::now();
237 if (reconnect_queue_.begin()->reconnect_time > now) {
238 continue;
239 }
240
241 attempt = *reconnect_queue_.begin();
242 reconnect_queue_.erase(reconnect_queue_.begin());
243 }
244 D("attempting to reconnect %s", attempt.transport->serial.c_str());
245
246 switch (attempt.transport->Reconnect()) {
247 case ReconnectResult::Retry: {
248 D("attempting to reconnect %s failed.", attempt.transport->serial.c_str());
249 if (attempt.attempts_left == 0) {
250 D("transport %s exceeded the number of retry attempts. giving up on it.",
251 attempt.transport->serial.c_str());
252 remove_transport(attempt.transport);
253 continue;
254 }
255
256 std::lock_guard<std::mutex> lock(reconnect_mutex_);
257 reconnect_queue_.emplace(ReconnectAttempt{
258 attempt.transport,
259 std::chrono::steady_clock::now() + ReconnectHandler::kDefaultTimeout,
260 attempt.attempts_left - 1});
261 continue;
262 }
263
264 case ReconnectResult::Success:
265 D("reconnection to %s succeeded.", attempt.transport->serial.c_str());
266 register_transport(attempt.transport);
267 continue;
268
269 case ReconnectResult::Abort:
270 D("cancelling reconnection attempt to %s.", attempt.transport->serial.c_str());
271 remove_transport(attempt.transport);
272 continue;
273 }
274 }
275 }
276
277 static auto& reconnect_handler = *new ReconnectHandler();
278
279 #endif
280
281 } // namespace
282
NextTransportId()283 TransportId NextTransportId() {
284 static std::atomic<TransportId> next(1);
285 return next++;
286 }
287
Reset()288 void Connection::Reset() {
289 LOG(INFO) << "Connection::Reset(): stopping";
290 Stop();
291 }
292
Serial() const293 std::string Connection::Serial() const {
294 return transport_ ? transport_->serial_name() : "<unknown>";
295 }
296
BlockingConnectionAdapter(std::unique_ptr<BlockingConnection> connection)297 BlockingConnectionAdapter::BlockingConnectionAdapter(std::unique_ptr<BlockingConnection> connection)
298 : underlying_(std::move(connection)) {}
299
~BlockingConnectionAdapter()300 BlockingConnectionAdapter::~BlockingConnectionAdapter() {
301 LOG(INFO) << "BlockingConnectionAdapter(" << Serial() << "): destructing";
302 Stop();
303 }
304
Start()305 bool BlockingConnectionAdapter::Start() {
306 std::lock_guard<std::mutex> lock(mutex_);
307 if (started_) {
308 LOG(FATAL) << "BlockingConnectionAdapter(" << Serial() << "): started multiple times";
309 }
310
311 StartReadThread();
312
313 write_thread_ = std::thread([this]() {
314 LOG(INFO) << Serial() << ": write thread spawning";
315 while (true) {
316 std::unique_lock<std::mutex> lock(mutex_);
317 ScopedLockAssertion assume_locked(mutex_);
318 cv_.wait(lock, [this]() REQUIRES(mutex_) {
319 return this->stopped_ || !this->write_queue_.empty();
320 });
321
322 if (this->stopped_) {
323 return;
324 }
325
326 std::unique_ptr<apacket> packet = std::move(this->write_queue_.front());
327 this->write_queue_.pop_front();
328 lock.unlock();
329
330 if (!this->underlying_->Write(packet.get())) {
331 break;
332 }
333 }
334 std::call_once(this->error_flag_, [this]() { transport_->HandleError("write failed"); });
335 });
336
337 started_ = true;
338 return true;
339 }
340
StartReadThread()341 void BlockingConnectionAdapter::StartReadThread() {
342 read_thread_ = std::thread([this]() {
343 LOG(INFO) << Serial() << ": read thread spawning";
344 while (true) {
345 auto packet = std::make_unique<apacket>();
346 if (!underlying_->Read(packet.get())) {
347 PLOG(INFO) << Serial() << ": read failed";
348 break;
349 }
350
351 bool got_stls_cmd = false;
352 if (packet->msg.command == A_STLS) {
353 got_stls_cmd = true;
354 }
355
356 transport_->HandleRead(std::move(packet));
357
358 // If we received the STLS packet, we are about to perform the TLS
359 // handshake. So this read thread must stop and resume after the
360 // handshake completes otherwise this will interfere in the process.
361 if (got_stls_cmd) {
362 LOG(INFO) << Serial() << ": Received STLS packet. Stopping read thread.";
363 return;
364 }
365 }
366 std::call_once(this->error_flag_, [this]() { transport_->HandleError("read failed"); });
367 });
368 }
369
DoTlsHandshake(RSA * key,std::string * auth_key)370 bool BlockingConnectionAdapter::DoTlsHandshake(RSA* key, std::string* auth_key) {
371 std::lock_guard<std::mutex> lock(mutex_);
372 if (read_thread_.joinable()) {
373 read_thread_.join();
374 }
375 bool success = this->underlying_->DoTlsHandshake(key, auth_key);
376 StartReadThread();
377 return success;
378 }
379
Reset()380 void BlockingConnectionAdapter::Reset() {
381 {
382 std::lock_guard<std::mutex> lock(mutex_);
383 if (!started_) {
384 LOG(INFO) << "BlockingConnectionAdapter(" << Serial() << "): not started";
385 return;
386 }
387
388 if (stopped_) {
389 LOG(INFO) << "BlockingConnectionAdapter(" << Serial() << "): already stopped";
390 return;
391 }
392 }
393
394 LOG(INFO) << "BlockingConnectionAdapter(" << Serial() << "): resetting";
395 this->underlying_->Reset();
396 Stop();
397 }
398
Stop()399 void BlockingConnectionAdapter::Stop() {
400 {
401 std::lock_guard<std::mutex> lock(mutex_);
402 if (!started_) {
403 LOG(INFO) << "BlockingConnectionAdapter(" << Serial() << "): not started";
404 return;
405 }
406
407 if (stopped_) {
408 LOG(INFO) << "BlockingConnectionAdapter(" << Serial() << "): already stopped";
409 return;
410 }
411
412 stopped_ = true;
413 }
414
415 LOG(INFO) << "BlockingConnectionAdapter(" << Serial() << "): stopping";
416
417 this->underlying_->Close();
418 this->cv_.notify_one();
419
420 // Move the threads out into locals with the lock taken, and then unlock to let them exit.
421 std::thread read_thread;
422 std::thread write_thread;
423
424 {
425 std::lock_guard<std::mutex> lock(mutex_);
426 read_thread = std::move(read_thread_);
427 write_thread = std::move(write_thread_);
428 }
429
430 read_thread.join();
431 write_thread.join();
432
433 LOG(INFO) << "BlockingConnectionAdapter(" << Serial() << "): stopped";
434 std::call_once(this->error_flag_, [this]() { transport_->HandleError("requested stop"); });
435 }
436
Write(std::unique_ptr<apacket> packet)437 bool BlockingConnectionAdapter::Write(std::unique_ptr<apacket> packet) {
438 {
439 std::lock_guard<std::mutex> lock(this->mutex_);
440 write_queue_.emplace_back(std::move(packet));
441 }
442
443 cv_.notify_one();
444 return true;
445 }
446
FdConnection(unique_fd fd)447 FdConnection::FdConnection(unique_fd fd) : fd_(std::move(fd)) {}
448
~FdConnection()449 FdConnection::~FdConnection() {}
450
DispatchRead(void * buf,size_t len)451 bool FdConnection::DispatchRead(void* buf, size_t len) {
452 if (tls_ != nullptr) {
453 // The TlsConnection doesn't allow 0 byte reads
454 if (len == 0) {
455 return true;
456 }
457 return tls_->ReadFully(buf, len);
458 }
459
460 return ReadFdExactly(fd_.get(), buf, len);
461 }
462
DispatchWrite(void * buf,size_t len)463 bool FdConnection::DispatchWrite(void* buf, size_t len) {
464 if (tls_ != nullptr) {
465 // The TlsConnection doesn't allow 0 byte writes
466 if (len == 0) {
467 return true;
468 }
469 return tls_->WriteFully(std::string_view(reinterpret_cast<const char*>(buf), len));
470 }
471
472 return WriteFdExactly(fd_.get(), buf, len);
473 }
474
Read(apacket * packet)475 bool FdConnection::Read(apacket* packet) {
476 if (!DispatchRead(&packet->msg, sizeof(amessage))) {
477 D("remote local: read terminated (message)");
478 return false;
479 }
480
481 if (packet->msg.data_length > MAX_PAYLOAD) {
482 D("remote local: read overflow (data length = %" PRIu32 ")", packet->msg.data_length);
483 return false;
484 }
485
486 packet->payload.resize(packet->msg.data_length);
487
488 if (!DispatchRead(&packet->payload[0], packet->payload.size())) {
489 D("remote local: terminated (data)");
490 return false;
491 }
492
493 return true;
494 }
495
Write(apacket * packet)496 bool FdConnection::Write(apacket* packet) {
497 if (!DispatchWrite(&packet->msg, sizeof(packet->msg))) {
498 D("remote local: write terminated");
499 return false;
500 }
501
502 if (packet->msg.data_length) {
503 if (!DispatchWrite(&packet->payload[0], packet->msg.data_length)) {
504 D("remote local: write terminated");
505 return false;
506 }
507 }
508
509 return true;
510 }
511
DoTlsHandshake(RSA * key,std::string * auth_key)512 bool FdConnection::DoTlsHandshake(RSA* key, std::string* auth_key) {
513 bssl::UniquePtr<EVP_PKEY> evp_pkey(EVP_PKEY_new());
514 if (!EVP_PKEY_set1_RSA(evp_pkey.get(), key)) {
515 LOG(ERROR) << "EVP_PKEY_set1_RSA failed";
516 return false;
517 }
518 auto x509 = GenerateX509Certificate(evp_pkey.get());
519 auto x509_str = X509ToPEMString(x509.get());
520 auto evp_str = Key::ToPEMString(evp_pkey.get());
521
522 int osh = cast_handle_to_int(adb_get_os_handle(fd_));
523 #if ADB_HOST
524 tls_ = TlsConnection::Create(TlsConnection::Role::Client, x509_str, evp_str, osh);
525 #else
526 tls_ = TlsConnection::Create(TlsConnection::Role::Server, x509_str, evp_str, osh);
527 #endif
528 CHECK(tls_);
529 #if ADB_HOST
530 // TLS 1.3 gives the client no message if the server rejected the
531 // certificate. This will enable a check in the tls connection to check
532 // whether the client certificate got rejected. Note that this assumes
533 // that, on handshake success, the server speaks first.
534 tls_->EnableClientPostHandshakeCheck(true);
535 // Add callback to set the certificate when server issues the
536 // CertificateRequest.
537 tls_->SetCertificateCallback(adb_tls_set_certificate);
538 // Allow any server certificate
539 tls_->SetCertVerifyCallback([](X509_STORE_CTX*) { return 1; });
540 #else
541 // Add callback to check certificate against a list of known public keys
542 tls_->SetCertVerifyCallback(
543 [auth_key](X509_STORE_CTX* ctx) { return adbd_tls_verify_cert(ctx, auth_key); });
544 // Add the list of allowed client CA issuers
545 auto ca_list = adbd_tls_client_ca_list();
546 tls_->SetClientCAList(ca_list.get());
547 #endif
548
549 auto err = tls_->DoHandshake();
550 if (err == TlsError::Success) {
551 return true;
552 }
553
554 tls_.reset();
555 return false;
556 }
557
Close()558 void FdConnection::Close() {
559 adb_shutdown(fd_.get());
560 fd_.reset();
561 }
562
send_packet(apacket * p,atransport * t)563 void send_packet(apacket* p, atransport* t) {
564 p->msg.magic = p->msg.command ^ 0xffffffff;
565 // compute a checksum for connection/auth packets for compatibility reasons
566 if (t->get_protocol_version() >= A_VERSION_SKIP_CHECKSUM) {
567 p->msg.data_check = 0;
568 } else {
569 p->msg.data_check = calculate_apacket_checksum(p);
570 }
571
572 VLOG(TRANSPORT) << dump_packet(t->serial.c_str(), "to remote", p);
573
574 if (t == nullptr) {
575 LOG(FATAL) << "Transport is null";
576 }
577
578 if (t->Write(p) != 0) {
579 D("%s: failed to enqueue packet, closing transport", t->serial.c_str());
580 t->Kick();
581 }
582 }
583
kick_transport(atransport * t,bool reset)584 void kick_transport(atransport* t, bool reset) {
585 std::lock_guard<std::recursive_mutex> lock(transport_lock);
586 // As kick_transport() can be called from threads without guarantee that t is valid,
587 // check if the transport is in transport_list first.
588 //
589 // TODO(jmgao): WTF? Is this actually true?
590 if (std::find(transport_list.begin(), transport_list.end(), t) != transport_list.end()) {
591 if (reset) {
592 t->Reset();
593 } else {
594 t->Kick();
595 }
596 }
597
598 #if ADB_HOST
599 reconnect_handler.CheckForKicked();
600 #endif
601 }
602
603 #if ADB_HOST
604
605 /* this adds support required by the 'track-devices' service.
606 * this is used to send the content of "list_transport" to any
607 * number of client connections that want it through a single
608 * live TCP connection
609 */
610 struct device_tracker {
611 asocket socket;
612 bool update_needed = false;
613 TrackerOutputType output_type = SHORT_TEXT;
614 device_tracker* next = nullptr;
615 };
616
617 /* linked list of all device trackers */
618 static device_tracker* device_tracker_list;
619
device_tracker_remove(device_tracker * tracker)620 static void device_tracker_remove(device_tracker* tracker) {
621 device_tracker** pnode = &device_tracker_list;
622 device_tracker* node = *pnode;
623
624 std::lock_guard<std::recursive_mutex> lock(transport_lock);
625 while (node) {
626 if (node == tracker) {
627 *pnode = node->next;
628 break;
629 }
630 pnode = &node->next;
631 node = *pnode;
632 }
633 }
634
device_tracker_close(asocket * socket)635 static void device_tracker_close(asocket* socket) {
636 device_tracker* tracker = (device_tracker*)socket;
637 asocket* peer = socket->peer;
638
639 D("device tracker %p removed", tracker);
640 if (peer) {
641 peer->peer = nullptr;
642 peer->close(peer);
643 }
644 device_tracker_remove(tracker);
645 delete tracker;
646 }
647
device_tracker_enqueue(asocket * socket,apacket::payload_type)648 static int device_tracker_enqueue(asocket* socket, apacket::payload_type) {
649 /* you can't read from a device tracker, close immediately */
650 device_tracker_close(socket);
651 return -1;
652 }
653
device_tracker_send(device_tracker * tracker,const std::string & string)654 static int device_tracker_send(device_tracker* tracker, const std::string& string) {
655 asocket* peer = tracker->socket.peer;
656
657 apacket::payload_type data;
658 data.resize(4 + string.size());
659 char buf[5];
660 snprintf(buf, sizeof(buf), "%04x", static_cast<int>(string.size()));
661 memcpy(&data[0], buf, 4);
662 memcpy(&data[4], string.data(), string.size());
663 return peer->enqueue(peer, std::move(data));
664 }
665
device_tracker_ready(asocket * socket)666 static void device_tracker_ready(asocket* socket) {
667 device_tracker* tracker = reinterpret_cast<device_tracker*>(socket);
668
669 // We want to send the device list when the tracker connects
670 // for the first time, even if no update occurred.
671 if (tracker->update_needed) {
672 tracker->update_needed = false;
673 device_tracker_send(tracker, list_transports(tracker->output_type));
674 }
675 }
676
create_device_tracker(TrackerOutputType output_type)677 asocket* create_device_tracker(TrackerOutputType output_type) {
678 device_tracker* tracker = new device_tracker();
679 if (tracker == nullptr) LOG(FATAL) << "cannot allocate device tracker";
680
681 D("device tracker %p created", tracker);
682
683 tracker->socket.enqueue = device_tracker_enqueue;
684 tracker->socket.ready = device_tracker_ready;
685 tracker->socket.close = device_tracker_close;
686 tracker->update_needed = true;
687 tracker->output_type = output_type;
688
689 tracker->next = device_tracker_list;
690 device_tracker_list = tracker;
691
692 return &tracker->socket;
693 }
694
695 // Check if all of the USB transports are connected.
iterate_transports(std::function<bool (const atransport *)> fn)696 bool iterate_transports(std::function<bool(const atransport*)> fn) {
697 std::lock_guard<std::recursive_mutex> lock(transport_lock);
698 for (const auto& t : transport_list) {
699 if (!fn(t)) {
700 return false;
701 }
702 }
703 for (const auto& t : pending_list) {
704 if (!fn(t)) {
705 return false;
706 }
707 }
708 return true;
709 }
710
711 // Call this function each time the transport list has changed.
update_transports()712 void update_transports() {
713 update_transport_status();
714
715 // Notify `adb track-devices` clients.
716 device_tracker* tracker = device_tracker_list;
717 while (tracker != nullptr) {
718 device_tracker* next = tracker->next;
719 // This may destroy the tracker if the connection is closed.
720 device_tracker_send(tracker, list_transports(tracker->output_type));
721 tracker = next;
722 }
723 }
724
725 #else
726
update_transports()727 void update_transports() {
728 // Nothing to do on the device side.
729 }
730
731 #endif // ADB_HOST
732
733 #if ADB_HOST
usb_devices_start_detached()734 static bool usb_devices_start_detached() {
735 static const char* env = getenv("ADB_LIBUSB_START_DETACHED");
736 static bool result = env && strcmp("1", env) == 0;
737 return is_libusb_enabled() && result;
738 }
739 #endif
740
fdevent_unregister_transport(atransport * t)741 static void fdevent_unregister_transport(atransport* t) {
742 VLOG(TRANSPORT) << "unregistering transport: " << t->serial;
743
744 {
745 std::lock_guard<std::recursive_mutex> lock(transport_lock);
746 transport_list.remove(t);
747 pending_list.remove(t);
748 }
749
750 delete t;
751
752 update_transports();
753 }
754
fdevent_register_transport(atransport * t)755 static void fdevent_register_transport(atransport* t) {
756 auto state = to_string(t->GetConnectionState());
757 VLOG(TRANSPORT) << "registering: " << t->serial.c_str() << " state=" << state
758 << " type=" << t->type;
759
760 /* don't create transport threads for inaccessible devices */
761 if (t->GetConnectionState() != kCsNoPerm) {
762 t->connection()->SetTransport(t);
763
764 #if ADB_HOST
765 if (t->type == kTransportUsb && usb_devices_start_detached()) {
766 VLOG(TRANSPORT) << "Force-detaching transport:" << t->serial;
767 t->SetConnectionState(kCsDetached);
768 }
769
770 VLOG(TRANSPORT) << "transport:" << t->serial << "(" << state << ")";
771 if (t->GetConnectionState() != kCsDetached) {
772 VLOG(TRANSPORT) << "Starting transport:" << t->serial;
773 if (t->connection()->Start()) {
774 send_connect(t);
775 } else {
776 VLOG(TRANSPORT) << "transport:" << t->serial << " failed to start.";
777 return;
778 }
779 }
780 #else
781 VLOG(TRANSPORT) << "Starting transport:" << t->serial;
782 t->connection()->Start();
783 #endif
784 }
785
786 {
787 std::lock_guard<std::recursive_mutex> lock(transport_lock);
788 auto it = std::find(pending_list.begin(), pending_list.end(), t);
789 if (it != pending_list.end()) {
790 pending_list.remove(t);
791 transport_list.push_front(t);
792 }
793 }
794
795 update_transports();
796 }
797
798 #if ADB_HOST
init_reconnect_handler()799 void init_reconnect_handler() {
800 reconnect_handler.Start();
801 }
802 #endif
803
kick_all_transports()804 void kick_all_transports() {
805 #if ADB_HOST
806 reconnect_handler.Stop();
807 #endif
808 // To avoid only writing part of a packet to a transport after exit, kick all transports.
809 std::lock_guard<std::recursive_mutex> lock(transport_lock);
810 for (auto t : transport_list) {
811 t->Kick();
812 }
813 }
814
kick_all_tcp_tls_transports()815 void kick_all_tcp_tls_transports() {
816 std::lock_guard<std::recursive_mutex> lock(transport_lock);
817 for (auto t : transport_list) {
818 if (t->IsTcpDevice() && t->use_tls) {
819 t->Kick();
820 }
821 }
822 }
823
824 #if !ADB_HOST
kick_all_transports_by_auth_key(std::string_view auth_key)825 void kick_all_transports_by_auth_key(std::string_view auth_key) {
826 std::lock_guard<std::recursive_mutex> lock(transport_lock);
827 for (auto t : transport_list) {
828 if (auth_key == t->auth_key) {
829 t->Kick();
830 }
831 }
832 }
833 #endif
834
register_transport(atransport * transport)835 void register_transport(atransport* transport) {
836 fdevent_run_on_looper([=]() { fdevent_register_transport(transport); });
837 }
838
remove_transport(atransport * transport)839 static void remove_transport(atransport* transport) {
840 fdevent_run_on_looper([=]() { fdevent_unregister_transport(transport); });
841 }
842
transport_destroy(atransport * t)843 static void transport_destroy(atransport* t) {
844 fdevent_check_looper();
845 CHECK(t != nullptr);
846
847 std::lock_guard<std::recursive_mutex> lock(transport_lock);
848 VLOG(TRANSPORT) << "destroying transport " << t->serial_name();
849 t->connection()->Stop();
850 #if ADB_HOST
851 if (t->IsTcpDevice() && !t->kicked()) {
852 D("transport: %s destroy (attempting reconnection)", t->serial.c_str());
853
854 // We need to clear the transport's keys, so that on the next connection, it tries
855 // again from the beginning.
856 t->ResetKeys();
857 reconnect_handler.TrackTransport(t);
858 return;
859 }
860 #endif
861
862 D("transport: %s destroy (kicking and closing)", t->serial.c_str());
863 remove_transport(t);
864 }
865
866 #if ADB_HOST
qual_match(const std::string & to_test,const char * prefix,const std::string & qual,bool sanitize_qual)867 static int qual_match(const std::string& to_test, const char* prefix, const std::string& qual,
868 bool sanitize_qual) {
869 if (to_test.empty()) /* Return true if both the qual and to_test are empty strings. */
870 return qual.empty();
871
872 if (qual.empty()) return 0;
873
874 const char* ptr = to_test.c_str();
875 if (prefix) {
876 while (*prefix) {
877 if (*prefix++ != *ptr++) return 0;
878 }
879 }
880
881 for (char ch : qual) {
882 if (sanitize_qual && !isalnum(ch)) ch = '_';
883 if (ch != *ptr++) return 0;
884 }
885
886 /* Everything matched so far. Return true if *ptr is a NUL. */
887 return !*ptr;
888 }
889
890 // Contains either a device serial string or a USB device address like "usb:2-6"
891 const char* __transport_server_one_device = nullptr;
892
transport_set_one_device(const char * adb_one_device)893 void transport_set_one_device(const char* adb_one_device) {
894 __transport_server_one_device = adb_one_device;
895 }
896
transport_get_one_device()897 const char* transport_get_one_device() {
898 return __transport_server_one_device;
899 }
900
transport_server_owns_device(std::string_view serial)901 bool transport_server_owns_device(std::string_view serial) {
902 if (!__transport_server_one_device) {
903 // If the server doesn't own one device, server owns all devices.
904 return true;
905 }
906 return serial.compare(__transport_server_one_device) == 0;
907 }
908
transport_server_owns_device(std::string_view dev_path,std::string_view serial)909 bool transport_server_owns_device(std::string_view dev_path, std::string_view serial) {
910 if (!__transport_server_one_device) {
911 // If the server doesn't own one device, server owns all devices.
912 return true;
913 }
914 return serial.compare(__transport_server_one_device) == 0 ||
915 dev_path.compare(__transport_server_one_device) == 0;
916 }
917
acquire_one_transport(TransportType type,const char * serial,TransportId transport_id,bool * is_ambiguous,std::string * error_out,bool accept_any_state)918 atransport* acquire_one_transport(TransportType type, const char* serial, TransportId transport_id,
919 bool* is_ambiguous, std::string* error_out,
920 bool accept_any_state) {
921 atransport* result = nullptr;
922
923 if (transport_id != 0) {
924 *error_out = android::base::StringPrintf("no device with transport id '%" PRIu64 "'",
925 transport_id);
926 } else if (serial) {
927 *error_out = android::base::StringPrintf("device '%s' not found", serial);
928 } else if (type == kTransportLocal) {
929 *error_out = "no emulators found";
930 } else if (type == kTransportAny) {
931 *error_out = "no devices/emulators found";
932 } else {
933 *error_out = "no devices found";
934 }
935
936 std::unique_lock<std::recursive_mutex> lock(transport_lock);
937 for (const auto& t : transport_list) {
938 if (t->GetConnectionState() == kCsNoPerm) {
939 *error_out = UsbNoPermissionsLongHelpText();
940 continue;
941 }
942
943 if (transport_id) {
944 if (t->id == transport_id) {
945 result = t;
946 break;
947 }
948 } else if (serial) {
949 if (t->MatchesTarget(serial)) {
950 if (result) {
951 *error_out = "more than one device with serial "s + serial;
952 if (is_ambiguous) *is_ambiguous = true;
953 result = nullptr;
954 break;
955 }
956 result = t;
957 }
958 } else {
959 if (type == kTransportUsb && t->type == kTransportUsb) {
960 if (result) {
961 *error_out = "more than one USB device";
962 if (is_ambiguous) *is_ambiguous = true;
963 result = nullptr;
964 break;
965 }
966 result = t;
967 } else if (type == kTransportLocal && t->type == kTransportLocal) {
968 if (result) {
969 *error_out = "more than one emulator";
970 if (is_ambiguous) *is_ambiguous = true;
971 result = nullptr;
972 break;
973 }
974 result = t;
975 } else if (type == kTransportAny) {
976 if (result) {
977 *error_out = "more than one device/emulator";
978 if (is_ambiguous) *is_ambiguous = true;
979 result = nullptr;
980 break;
981 }
982 result = t;
983 }
984 }
985 }
986 lock.unlock();
987
988 if (result && !accept_any_state) {
989 // The caller requires an active transport.
990 // Make sure that we're actually connected.
991 ConnectionState state = result->GetConnectionState();
992 switch (state) {
993 case kCsConnecting:
994 *error_out = "device still connecting";
995 result = nullptr;
996 break;
997
998 case kCsAuthorizing:
999 *error_out = "device still authorizing";
1000 result = nullptr;
1001 break;
1002
1003 case kCsUnauthorized: {
1004 *error_out = "device unauthorized.\n";
1005 char* ADB_VENDOR_KEYS = getenv("ADB_VENDOR_KEYS");
1006 *error_out += "This adb server's $ADB_VENDOR_KEYS is ";
1007 *error_out += ADB_VENDOR_KEYS ? ADB_VENDOR_KEYS : "not set";
1008 *error_out += "\n";
1009 *error_out += "Try 'adb kill-server' if that seems wrong.\n";
1010 *error_out += "Otherwise check for a confirmation dialog on your device.";
1011 result = nullptr;
1012 break;
1013 }
1014
1015 case kCsOffline:
1016 *error_out = "device offline";
1017 result = nullptr;
1018 break;
1019
1020 default:
1021 break;
1022 }
1023 }
1024
1025 if (result) {
1026 *error_out = "success";
1027 }
1028
1029 return result;
1030 }
1031
WaitForConnection(std::chrono::milliseconds timeout)1032 bool ConnectionWaitable::WaitForConnection(std::chrono::milliseconds timeout) {
1033 std::unique_lock<std::mutex> lock(mutex_);
1034 ScopedLockAssertion assume_locked(mutex_);
1035 return cv_.wait_for(lock, timeout, [&]() REQUIRES(mutex_) {
1036 return connection_established_ready_;
1037 }) && connection_established_;
1038 }
1039
SetConnectionEstablished(bool success)1040 void ConnectionWaitable::SetConnectionEstablished(bool success) {
1041 {
1042 std::lock_guard<std::mutex> lock(mutex_);
1043 if (connection_established_ready_) return;
1044 connection_established_ready_ = true;
1045 connection_established_ = success;
1046 D("connection established with %d", success);
1047 }
1048 cv_.notify_one();
1049 }
1050 #endif
1051
~atransport()1052 atransport::~atransport() {
1053 #if ADB_HOST
1054 // If the connection callback had not been run before, run it now.
1055 SetConnectionEstablished(false);
1056 #endif
1057 }
1058
Write(apacket * p)1059 int atransport::Write(apacket* p) {
1060 return this->connection()->Write(std::unique_ptr<apacket>(p)) ? 0 : -1;
1061 }
1062
Reset()1063 void atransport::Reset() {
1064 if (!kicked_.exchange(true)) {
1065 LOG(INFO) << "resetting transport " << this << " " << this->serial;
1066 this->connection()->Reset();
1067 }
1068 }
1069
Kick()1070 void atransport::Kick() {
1071 if (!kicked_.exchange(true)) {
1072 LOG(INFO) << "kicking transport " << this << " " << this->serial;
1073 this->connection()->Stop();
1074 }
1075 }
1076
GetConnectionState() const1077 ConnectionState atransport::GetConnectionState() const {
1078 return connection_state_;
1079 }
1080
SetConnectionState(ConnectionState state)1081 void atransport::SetConnectionState(ConnectionState state) {
1082 fdevent_check_looper();
1083 connection_state_ = state;
1084 update_transports();
1085 }
1086
1087 #if ADB_HOST
Attach(std::string * error)1088 bool atransport::Attach(std::string* error) {
1089 D("%s: attach", serial.c_str());
1090 fdevent_check_looper();
1091
1092 if (!is_libusb_enabled()) {
1093 *error = "attach/detach only implemented for libusb backend";
1094 return false;
1095 }
1096
1097 if (GetConnectionState() != ConnectionState::kCsDetached) {
1098 *error = android::base::StringPrintf("transport %s is not detached", serial.c_str());
1099 return false;
1100 }
1101
1102 ResetKeys();
1103
1104 {
1105 std::lock_guard<std::mutex> lock(mutex_);
1106 if (!connection_->Attach(error)) {
1107 return false;
1108 }
1109 }
1110
1111 send_connect(this);
1112 return true;
1113 }
1114
Detach(std::string * error)1115 bool atransport::Detach(std::string* error) {
1116 D("%s: detach", serial.c_str());
1117 fdevent_check_looper();
1118
1119 if (!is_libusb_enabled()) {
1120 *error = "attach/detach only implemented for libusb backend";
1121 return false;
1122 }
1123
1124 if (GetConnectionState() == ConnectionState::kCsDetached) {
1125 *error = android::base::StringPrintf("transport %s is already detached", serial.c_str());
1126 return false;
1127 }
1128
1129 handle_offline(this);
1130
1131 {
1132 std::lock_guard<std::mutex> lock(mutex_);
1133 if (!connection_->Detach(error)) {
1134 return false;
1135 }
1136 }
1137
1138 this->SetConnectionState(kCsDetached);
1139 return true;
1140 }
1141 #endif // ADB_HOST
1142
SetConnection(std::shared_ptr<Connection> connection)1143 void atransport::SetConnection(std::shared_ptr<Connection> connection) {
1144 std::lock_guard<std::mutex> lock(mutex_);
1145 connection_ = std::shared_ptr<Connection>(std::move(connection));
1146 }
1147
HandleRead(std::unique_ptr<apacket> p)1148 bool atransport::HandleRead(std::unique_ptr<apacket> p) {
1149 if (!check_header(p.get(), this)) {
1150 D("%s: remote read: bad header", serial.c_str());
1151 return false;
1152 }
1153
1154 VLOG(TRANSPORT) << dump_packet(serial.c_str(), "from remote", p.get());
1155 apacket* packet = p.release();
1156
1157 // This needs to run on the looper thread since the associated fdevent
1158 // message pump exists in that context.
1159 fdevent_run_on_looper([packet, this]() { handle_packet(packet, this); });
1160
1161 return true;
1162 }
1163
HandleError(const std::string & error)1164 void atransport::HandleError(const std::string& error) {
1165 LOG(INFO) << serial_name() << ": connection terminated: " << error;
1166 fdevent_run_on_looper([this]() {
1167 handle_offline(this);
1168 transport_destroy(this);
1169 });
1170 }
1171
update_version(int version,size_t payload)1172 void atransport::update_version(int version, size_t payload) {
1173 protocol_version = std::min(version, A_VERSION);
1174 max_payload = std::min(payload, MAX_PAYLOAD);
1175 }
1176
get_protocol_version() const1177 int atransport::get_protocol_version() const {
1178 return protocol_version;
1179 }
1180
get_tls_version() const1181 int atransport::get_tls_version() const {
1182 return tls_version;
1183 }
1184
get_max_payload() const1185 size_t atransport::get_max_payload() const {
1186 return max_payload;
1187 }
1188
1189 #if ADB_HOST
delayed_ack_enabled()1190 static bool delayed_ack_enabled() {
1191 static const char* env = getenv("ADB_DELAYED_ACK");
1192 static bool result = env && strcmp(env, "1") == 0;
1193 return result;
1194 }
1195 #endif
1196
supported_features()1197 const FeatureSet& supported_features() {
1198 static const android::base::NoDestructor<FeatureSet> features([]() {
1199 // Increment ADB_SERVER_VERSION when adding a feature that adbd needs
1200 // to know about. Otherwise, the client can be stuck running an old
1201 // version of the server even after upgrading their copy of adb.
1202 // (http://b/24370690)
1203
1204 // clang-format off
1205 FeatureSet result {
1206 kFeatureShell2,
1207 kFeatureCmd,
1208 kFeatureStat2,
1209 kFeatureLs2,
1210 kFeatureFixedPushMkdir,
1211 kFeatureApex,
1212 kFeatureAbb,
1213 kFeatureFixedPushSymlinkTimestamp,
1214 kFeatureAbbExec,
1215 kFeatureRemountShell,
1216 kFeatureTrackApp,
1217 kFeatureSendRecv2,
1218 kFeatureSendRecv2Brotli,
1219 kFeatureSendRecv2LZ4,
1220 kFeatureSendRecv2Zstd,
1221 kFeatureSendRecv2DryRunSend,
1222 kFeatureOpenscreenMdns,
1223 kFeatureDeviceTrackerProtoFormat,
1224 kFeatureDevRaw,
1225 kFeatureAppInfo,
1226 kFeatureServerStatus,
1227 };
1228 // clang-format on
1229
1230 #if ADB_HOST
1231 if (delayed_ack_enabled()) {
1232 result.push_back(kFeatureDelayedAck);
1233 }
1234 #else
1235 result.push_back(kFeatureDelayedAck);
1236 #endif
1237 return result;
1238 }());
1239
1240 return *features;
1241 }
1242
FeatureSetToString(const FeatureSet & features)1243 std::string FeatureSetToString(const FeatureSet& features) {
1244 return android::base::Join(features, ',');
1245 }
1246
StringToFeatureSet(const std::string & features_string)1247 FeatureSet StringToFeatureSet(const std::string& features_string) {
1248 if (features_string.empty()) {
1249 return FeatureSet();
1250 }
1251
1252 return android::base::Split(features_string, ",");
1253 }
1254
1255 template <class Range, class Value>
contains(const Range & r,const Value & v)1256 static bool contains(const Range& r, const Value& v) {
1257 return std::find(std::begin(r), std::end(r), v) != std::end(r);
1258 }
1259
CanUseFeature(const FeatureSet & feature_set,const std::string & feature)1260 bool CanUseFeature(const FeatureSet& feature_set, const std::string& feature) {
1261 return contains(feature_set, feature) && contains(supported_features(), feature);
1262 }
1263
has_feature(const std::string & feature) const1264 bool atransport::has_feature(const std::string& feature) const {
1265 return contains(features_, feature);
1266 }
1267
SetFeatures(const std::string & features_string)1268 void atransport::SetFeatures(const std::string& features_string) {
1269 features_ = StringToFeatureSet(features_string);
1270 delayed_ack_ = CanUseFeature(features_, kFeatureDelayedAck);
1271 }
1272
AddDisconnect(adisconnect * disconnect)1273 void atransport::AddDisconnect(adisconnect* disconnect) {
1274 disconnects_.push_back(disconnect);
1275 }
1276
RemoveDisconnect(adisconnect * disconnect)1277 void atransport::RemoveDisconnect(adisconnect* disconnect) {
1278 disconnects_.remove(disconnect);
1279 }
1280
RunDisconnects()1281 void atransport::RunDisconnects() {
1282 for (const auto& disconnect : disconnects_) {
1283 disconnect->func(disconnect->opaque, this);
1284 }
1285 disconnects_.clear();
1286 }
1287
1288 #if ADB_HOST
MatchesTarget(const std::string & target) const1289 bool atransport::MatchesTarget(const std::string& target) const {
1290 if (!serial.empty()) {
1291 if (target == serial) {
1292 return true;
1293 } else if (type == kTransportLocal) {
1294 // Local transports can match [tcp:|udp:]<hostname>[:port].
1295 const char* local_target_ptr = target.c_str();
1296
1297 // For fastboot compatibility, ignore protocol prefixes.
1298 if (android::base::StartsWith(target, "tcp:") ||
1299 android::base::StartsWith(target, "udp:")) {
1300 local_target_ptr += 4;
1301 }
1302
1303 // Parse our |serial| and the given |target| to check if the hostnames and ports match.
1304 std::string serial_host, error;
1305 int serial_port = -1;
1306 if (android::base::ParseNetAddress(serial, &serial_host, &serial_port, nullptr,
1307 &error)) {
1308 // |target| may omit the port to default to ours.
1309 std::string target_host;
1310 int target_port = serial_port;
1311 if (android::base::ParseNetAddress(local_target_ptr, &target_host, &target_port,
1312 nullptr, &error) &&
1313 serial_host == target_host && serial_port == target_port) {
1314 return true;
1315 }
1316 }
1317 }
1318 }
1319
1320 return (target == devpath) || qual_match(target, "product:", product, false) ||
1321 qual_match(target, "model:", model, true) ||
1322 qual_match(target, "device:", device, false);
1323 }
1324
SetConnectionEstablished(bool success)1325 void atransport::SetConnectionEstablished(bool success) {
1326 connection_waitable_->SetConnectionEstablished(success);
1327 }
1328
Reconnect()1329 ReconnectResult atransport::Reconnect() {
1330 return reconnect_(this);
1331 }
1332
1333 // We use newline as our delimiter, make sure to never output it.
sanitize(std::string str,bool alphanumeric)1334 static std::string sanitize(std::string str, bool alphanumeric) {
1335 auto pred = alphanumeric ? [](const char c) { return !isalnum(c); }
1336 : [](const char c) { return c == '\n'; };
1337 std::replace_if(str.begin(), str.end(), pred, '_');
1338 return str;
1339 }
1340
adbStateFromProto(ConnectionState state)1341 static adb::proto::ConnectionState adbStateFromProto(ConnectionState state) {
1342 switch (state) {
1343 case kCsConnecting:
1344 return adb::proto::ConnectionState::CONNECTING;
1345 case kCsAuthorizing:
1346 return adb::proto::ConnectionState::AUTHORIZING;
1347 case kCsUnauthorized:
1348 return adb::proto::ConnectionState::UNAUTHORIZED;
1349 case kCsNoPerm:
1350 return adb::proto::ConnectionState::NOPERMISSION;
1351 case kCsDetached:
1352 return adb::proto::ConnectionState::DETACHED;
1353 case kCsOffline:
1354 return adb::proto::ConnectionState::OFFLINE;
1355 case kCsBootloader:
1356 return adb::proto::ConnectionState::BOOTLOADER;
1357 case kCsDevice:
1358 return adb::proto::ConnectionState::DEVICE;
1359 case kCsHost:
1360 return adb::proto::ConnectionState::HOST;
1361 case kCsRecovery:
1362 return adb::proto::ConnectionState::RECOVERY;
1363 case kCsSideload:
1364 return adb::proto::ConnectionState::SIDELOAD;
1365 case kCsRescue:
1366 return adb::proto::ConnectionState::RESCUE;
1367 case kCsAny:
1368 return adb::proto::ConnectionState::ANY;
1369 }
1370 }
1371
transportListToProto(const std::list<atransport * > & sorted_transport_list,bool text_version)1372 static std::string transportListToProto(const std::list<atransport*>& sorted_transport_list,
1373 bool text_version) {
1374 adb::proto::Devices devices;
1375 for (const auto& t : sorted_transport_list) {
1376 auto* device = devices.add_device();
1377 device->set_serial(t->serial.c_str());
1378 device->set_connection_type(t->type == kTransportUsb ? adb::proto::ConnectionType::USB
1379 : adb::proto::ConnectionType::SOCKET);
1380 device->set_state(adbStateFromProto(t->GetConnectionState()));
1381 device->set_bus_address(sanitize(t->devpath, false));
1382 device->set_product(sanitize(t->product, false));
1383 device->set_model(sanitize(t->model, true));
1384 device->set_device(sanitize(t->device, false));
1385 device->set_negotiated_speed(t->connection()->NegotiatedSpeedMbps());
1386 device->set_max_speed(t->connection()->MaxSpeedMbps());
1387 device->set_transport_id(t->id);
1388 }
1389
1390 std::string proto;
1391 if (text_version) {
1392 google::protobuf::TextFormat::PrintToString(devices, &proto);
1393 } else {
1394 devices.SerializeToString(&proto);
1395 }
1396 return proto;
1397 }
1398
append_transport_info(std::string * result,const char * key,const std::string & value,bool alphanumeric)1399 static void append_transport_info(std::string* result, const char* key, const std::string& value,
1400 bool alphanumeric) {
1401 if (value.empty()) {
1402 return;
1403 }
1404
1405 *result += ' ';
1406 *result += key;
1407 *result += sanitize(value, alphanumeric);
1408 }
1409
append_transport(const atransport * t,std::string * result,bool long_listing)1410 static void append_transport(const atransport* t, std::string* result, bool long_listing) {
1411 std::string serial = t->serial;
1412 if (serial.empty()) {
1413 serial = "(no serial number)";
1414 }
1415
1416 if (!long_listing) {
1417 *result += serial;
1418 *result += '\t';
1419 *result += to_string(t->GetConnectionState());
1420 } else {
1421 android::base::StringAppendF(result, "%-22s %s", serial.c_str(),
1422 to_string(t->GetConnectionState()).c_str());
1423
1424 append_transport_info(result, "", t->devpath, false);
1425 append_transport_info(result, "product:", t->product, false);
1426 append_transport_info(result, "model:", t->model, true);
1427 append_transport_info(result, "device:", t->device, false);
1428
1429 // Put id at the end, so that anyone parsing the output here can always find it by scanning
1430 // backwards from newlines, even with hypothetical devices named 'transport_id:1'.
1431 *result += " transport_id:";
1432 *result += std::to_string(t->id);
1433 }
1434 *result += '\n';
1435 }
1436
transportListToText(const std::list<atransport * > & sorted_transport_list,bool long_listing)1437 static std::string transportListToText(const std::list<atransport*>& sorted_transport_list,
1438 bool long_listing) {
1439 std::string result;
1440 for (const auto& t : sorted_transport_list) {
1441 append_transport(t, &result, long_listing);
1442 }
1443 return result;
1444 }
1445
list_transports(TrackerOutputType outputType)1446 std::string list_transports(TrackerOutputType outputType) {
1447 std::lock_guard<std::recursive_mutex> lock(transport_lock);
1448
1449 auto sorted_transport_list = transport_list;
1450 sorted_transport_list.sort([](atransport*& x, atransport*& y) {
1451 if (x->type != y->type) {
1452 return x->type < y->type;
1453 }
1454 return x->serial < y->serial;
1455 });
1456
1457 switch (outputType) {
1458 case SHORT_TEXT:
1459 case LONG_TEXT: {
1460 return transportListToText(sorted_transport_list, outputType == LONG_TEXT);
1461 }
1462 case PROTOBUF:
1463 case TEXT_PROTOBUF: {
1464 return transportListToProto(sorted_transport_list, outputType == TEXT_PROTOBUF);
1465 }
1466 }
1467 }
1468
close_usb_devices(std::function<bool (const atransport *)> predicate,bool reset)1469 void close_usb_devices(std::function<bool(const atransport*)> predicate, bool reset) {
1470 std::lock_guard<std::recursive_mutex> lock(transport_lock);
1471 for (auto& t : transport_list) {
1472 if (predicate(t)) {
1473 if (reset) {
1474 t->Reset();
1475 } else {
1476 t->Kick();
1477 }
1478 }
1479 }
1480 }
1481
1482 /* hack for osx */
close_usb_devices(bool reset)1483 void close_usb_devices(bool reset) {
1484 close_usb_devices([](const atransport*) { return true; }, reset);
1485 }
1486 #endif
1487
validate_transport_list(const std::list<atransport * > & list,const std::string & serial,atransport * t,int * error)1488 bool validate_transport_list(const std::list<atransport*>& list, const std::string& serial,
1489 atransport* t, int* error) {
1490 for (const auto& transport : list) {
1491 if (serial == transport->serial) {
1492 const std::string list_name(&list == &pending_list ? "pending" : "transport");
1493 VLOG(TRANSPORT) << "socket transport " << transport->serial << " is already in the "
1494 << list_name << " list and fails to register";
1495 delete t;
1496 if (error) *error = EALREADY;
1497 return false;
1498 }
1499 }
1500 return true;
1501 }
1502
register_socket_transport(unique_fd s,std::string serial,int port,bool is_emulator,atransport::ReconnectCallback reconnect,bool use_tls,int * error)1503 bool register_socket_transport(unique_fd s, std::string serial, int port, bool is_emulator,
1504 atransport::ReconnectCallback reconnect, bool use_tls, int* error) {
1505 atransport* t = new atransport(kTransportLocal, std::move(reconnect), kCsOffline);
1506 t->use_tls = use_tls;
1507 t->serial = std::move(serial);
1508
1509 D("transport: %s init'ing for socket %d, on port %d", t->serial.c_str(), s.get(), port);
1510 if (init_socket_transport(t, std::move(s), port, is_emulator) < 0) {
1511 delete t;
1512 if (error) *error = errno;
1513 return false;
1514 }
1515
1516 std::unique_lock<std::recursive_mutex> lock(transport_lock);
1517 if (!validate_transport_list(pending_list, t->serial, t, error)) {
1518 return false;
1519 }
1520
1521 if (!validate_transport_list(transport_list, t->serial, t, error)) {
1522 return false;
1523 }
1524
1525 pending_list.push_front(t);
1526
1527 lock.unlock();
1528
1529 #if ADB_HOST
1530 auto waitable = t->connection_waitable();
1531 #endif
1532 register_transport(t);
1533
1534 if (is_emulator) {
1535 return true;
1536 }
1537
1538 #if ADB_HOST
1539 if (!waitable->WaitForConnection(std::chrono::seconds(10))) {
1540 if (error) *error = ETIMEDOUT;
1541 return false;
1542 }
1543
1544 if (t->GetConnectionState() == kCsUnauthorized) {
1545 if (error) *error = EPERM;
1546 return false;
1547 }
1548 #endif
1549
1550 return true;
1551 }
1552
1553 #if ADB_HOST
find_transport(const char * serial)1554 atransport* find_transport(const char* serial) {
1555 atransport* result = nullptr;
1556
1557 std::lock_guard<std::recursive_mutex> lock(transport_lock);
1558 for (auto& t : transport_list) {
1559 if (strcmp(serial, t->serial.c_str()) == 0) {
1560 result = t;
1561 break;
1562 }
1563 }
1564
1565 return result;
1566 }
1567
kick_all_tcp_devices()1568 void kick_all_tcp_devices() {
1569 std::lock_guard<std::recursive_mutex> lock(transport_lock);
1570 for (auto& t : transport_list) {
1571 if (t->IsTcpDevice()) {
1572 // Kicking breaks the read_transport thread of this transport out of any read, then
1573 // the read_transport thread will notify the main thread to make this transport
1574 // offline. Then the main thread will notify the write_transport thread to exit.
1575 // Finally, this transport will be closed and freed in the main thread.
1576 t->Kick();
1577 }
1578 }
1579 reconnect_handler.CheckForKicked();
1580 }
1581
1582 #if ADB_HOST
register_libusb_transport(std::shared_ptr<Connection> connection,const char * serial,const char * devpath,unsigned writeable)1583 void register_libusb_transport(std::shared_ptr<Connection> connection, const char* serial,
1584 const char* devpath, unsigned writeable) {
1585 atransport* t = new atransport(kTransportUsb, writeable ? kCsOffline : kCsNoPerm);
1586 if (serial) {
1587 t->serial = serial;
1588 }
1589 if (devpath) {
1590 t->devpath = devpath;
1591 }
1592
1593 t->SetConnection(std::move(connection));
1594
1595 {
1596 std::lock_guard<std::recursive_mutex> lock(transport_lock);
1597 pending_list.push_front(t);
1598 }
1599
1600 register_transport(t);
1601 }
1602
register_usb_transport(usb_handle * usb,const char * serial,const char * devpath,unsigned writeable)1603 void register_usb_transport(usb_handle* usb, const char* serial, const char* devpath,
1604 unsigned writeable) {
1605 atransport* t = new atransport(kTransportUsb, writeable ? kCsOffline : kCsNoPerm);
1606
1607 D("transport: %p init'ing for usb_handle %p (sn='%s')", t, usb, serial ? serial : "");
1608 init_usb_transport(t, usb);
1609 if (serial) {
1610 t->serial = serial;
1611 }
1612
1613 if (devpath) {
1614 t->devpath = devpath;
1615 }
1616
1617 {
1618 std::lock_guard<std::recursive_mutex> lock(transport_lock);
1619 pending_list.push_front(t);
1620 }
1621
1622 register_transport(t);
1623 }
1624
1625 // This should only be used for transports with connection_state == kCsNoPerm.
unregister_usb_transport(usb_handle * usb)1626 void unregister_usb_transport(usb_handle* usb) {
1627 std::lock_guard<std::recursive_mutex> lock(transport_lock);
1628 transport_list.remove_if([usb](atransport* t) {
1629 return t->GetUsbHandle() == usb && t->GetConnectionState() == kCsNoPerm;
1630 });
1631 }
1632 #endif
1633
1634 // Track reverse:forward commands, so that info can be used to develop
1635 // an 'allow-list':
1636 // - adb reverse tcp:<device_port> localhost:<host_port> : responds with the
1637 // device_port
1638 // - adb reverse --remove tcp:<device_port> : responds OKAY
1639 // - adb reverse --remove-all : responds OKAY
UpdateReverseConfig(std::string_view service_addr)1640 void atransport::UpdateReverseConfig(std::string_view service_addr) {
1641 fdevent_check_looper();
1642 if (!android::base::ConsumePrefix(&service_addr, "reverse:")) {
1643 return;
1644 }
1645
1646 if (android::base::ConsumePrefix(&service_addr, "forward:")) {
1647 // forward:[norebind:]<remote>;<local>
1648 bool norebind = android::base::ConsumePrefix(&service_addr, "norebind:");
1649 auto it = service_addr.find(';');
1650 if (it == std::string::npos) {
1651 return;
1652 }
1653 std::string remote(service_addr.substr(0, it));
1654
1655 if (norebind && reverse_forwards_.contains(remote)) {
1656 // This will fail, don't update the map.
1657 LOG(DEBUG) << "ignoring reverse forward that will fail due to norebind";
1658 return;
1659 }
1660
1661 std::string local(service_addr.substr(it + 1));
1662 reverse_forwards_[remote] = local;
1663 } else if (android::base::ConsumePrefix(&service_addr, "killforward:")) {
1664 // kill-forward:<remote>
1665 auto it = service_addr.find(';');
1666 if (it != std::string::npos) {
1667 return;
1668 }
1669 reverse_forwards_.erase(std::string(service_addr));
1670 } else if (service_addr == "killforward-all") {
1671 reverse_forwards_.clear();
1672 } else if (service_addr == "list-forward") {
1673 LOG(DEBUG) << __func__ << " ignoring --list";
1674 } else { // Anything else we need to know about?
1675 LOG(FATAL) << "unhandled reverse service: " << service_addr;
1676 }
1677 }
1678
1679 // Is this an authorized :connect request?
IsReverseConfigured(const std::string & local_addr)1680 bool atransport::IsReverseConfigured(const std::string& local_addr) {
1681 fdevent_check_looper();
1682 for (const auto& [remote, local] : reverse_forwards_) {
1683 if (local == local_addr) {
1684 return true;
1685 }
1686 }
1687 return false;
1688 }
1689
1690 #endif
1691
check_header(apacket * p,atransport * t)1692 bool check_header(apacket* p, atransport* t) {
1693 if (p->msg.magic != (p->msg.command ^ 0xffffffff)) {
1694 VLOG(RWX) << "check_header(): invalid magic command = " << std::hex << p->msg.command
1695 << ", magic = " << p->msg.magic;
1696 return false;
1697 }
1698
1699 if (p->msg.data_length > t->get_max_payload()) {
1700 VLOG(RWX) << "check_header(): " << p->msg.data_length
1701 << " atransport::max_payload = " << t->get_max_payload();
1702 return false;
1703 }
1704
1705 return true;
1706 }
1707
1708 #if ADB_HOST
Key()1709 std::shared_ptr<RSA> atransport::Key() {
1710 if (keys_.empty()) {
1711 return nullptr;
1712 }
1713
1714 std::shared_ptr<RSA> result = keys_[0];
1715 return result;
1716 }
1717
NextKey()1718 std::shared_ptr<RSA> atransport::NextKey() {
1719 if (keys_.empty()) {
1720 LOG(INFO) << "fetching keys for transport " << this->serial_name();
1721 keys_ = adb_auth_get_private_keys();
1722
1723 // We should have gotten at least one key: the one that's automatically generated.
1724 CHECK(!keys_.empty());
1725 } else {
1726 keys_.pop_front();
1727 }
1728
1729 return Key();
1730 }
1731
ResetKeys()1732 void atransport::ResetKeys() {
1733 keys_.clear();
1734 }
1735 #endif
1736