1 /*
2 * Copyright (C) 2007 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #define TRACE_TAG ADB
18
19 #include "sysdeps.h"
20 #include "adb.h"
21
22 #include <ctype.h>
23 #include <errno.h>
24 #include <stdarg.h>
25 #include <stddef.h>
26 #include <stdint.h>
27 #include <stdio.h>
28 #include <stdlib.h>
29 #include <string.h>
30 #include <sys/time.h>
31 #include <time.h>
32
33 #include <chrono>
34 #include <condition_variable>
35 #include <mutex>
36 #include <string>
37 #include <thread>
38 #include <vector>
39
40 #include <android-base/errors.h>
41 #include <android-base/file.h>
42 #include <android-base/logging.h>
43 #include <android-base/macros.h>
44 #include <android-base/parsenetaddress.h>
45 #include <android-base/stringprintf.h>
46 #include <android-base/strings.h>
47
48 #include "adb_auth.h"
49 #include "adb_io.h"
50 #include "adb_listeners.h"
51 #include "adb_unique_fd.h"
52 #include "adb_utils.h"
53 #include "sysdeps/chrono.h"
54 #include "transport.h"
55
56 #if !ADB_HOST
57 #include <sys/capability.h>
58 #include <sys/mount.h>
59 #include <android-base/properties.h>
60 using namespace std::chrono_literals;
61 #endif
62
adb_version()63 std::string adb_version() {
64 // Don't change the format of this --- it's parsed by ddmlib.
65 return android::base::StringPrintf(
66 "Android Debug Bridge version %d.%d.%d\n"
67 "Version %s\n"
68 "Installed as %s\n",
69 ADB_VERSION_MAJOR, ADB_VERSION_MINOR, ADB_SERVER_VERSION, ADB_VERSION,
70 android::base::GetExecutablePath().c_str());
71 }
72
fatal(const char * fmt,...)73 void fatal(const char *fmt, ...) {
74 va_list ap;
75 va_start(ap, fmt);
76 char buf[1024];
77 vsnprintf(buf, sizeof(buf), fmt, ap);
78
79 #if ADB_HOST
80 fprintf(stderr, "error: %s\n", buf);
81 #else
82 LOG(ERROR) << "error: " << buf;
83 #endif
84
85 va_end(ap);
86 abort();
87 }
88
fatal_errno(const char * fmt,...)89 void fatal_errno(const char* fmt, ...) {
90 int err = errno;
91 va_list ap;
92 va_start(ap, fmt);
93 char buf[1024];
94 vsnprintf(buf, sizeof(buf), fmt, ap);
95
96 #if ADB_HOST
97 fprintf(stderr, "error: %s: %s\n", buf, strerror(err));
98 #else
99 LOG(ERROR) << "error: " << buf << ": " << strerror(err);
100 #endif
101
102 va_end(ap);
103 abort();
104 }
105
calculate_apacket_checksum(const apacket * p)106 uint32_t calculate_apacket_checksum(const apacket* p) {
107 uint32_t sum = 0;
108 for (size_t i = 0; i < p->msg.data_length; ++i) {
109 sum += static_cast<uint8_t>(p->payload[i]);
110 }
111 return sum;
112 }
113
get_apacket(void)114 apacket* get_apacket(void)
115 {
116 apacket* p = new apacket();
117 if (p == nullptr) {
118 fatal("failed to allocate an apacket");
119 }
120
121 memset(&p->msg, 0, sizeof(p->msg));
122 return p;
123 }
124
put_apacket(apacket * p)125 void put_apacket(apacket *p)
126 {
127 delete p;
128 }
129
handle_online(atransport * t)130 void handle_online(atransport *t)
131 {
132 D("adb: online");
133 t->online = 1;
134 }
135
handle_offline(atransport * t)136 void handle_offline(atransport *t)
137 {
138 D("adb: offline");
139 //Close the associated usb
140 t->online = 0;
141
142 // This is necessary to avoid a race condition that occurred when a transport closes
143 // while a client socket is still active.
144 close_all_sockets(t);
145
146 t->RunDisconnects();
147 }
148
149 #if DEBUG_PACKETS
150 #define DUMPMAX 32
print_packet(const char * label,apacket * p)151 void print_packet(const char *label, apacket *p)
152 {
153 const char* tag;
154 unsigned count;
155
156 switch(p->msg.command){
157 case A_SYNC: tag = "SYNC"; break;
158 case A_CNXN: tag = "CNXN" ; break;
159 case A_OPEN: tag = "OPEN"; break;
160 case A_OKAY: tag = "OKAY"; break;
161 case A_CLSE: tag = "CLSE"; break;
162 case A_WRTE: tag = "WRTE"; break;
163 case A_AUTH: tag = "AUTH"; break;
164 default: tag = "????"; break;
165 }
166
167 fprintf(stderr, "%s: %s %08x %08x %04x \"",
168 label, tag, p->msg.arg0, p->msg.arg1, p->msg.data_length);
169 count = p->msg.data_length;
170 const char* x = p->payload.data();
171 if (count > DUMPMAX) {
172 count = DUMPMAX;
173 tag = "\n";
174 } else {
175 tag = "\"\n";
176 }
177 while (count-- > 0) {
178 if ((*x >= ' ') && (*x < 127)) {
179 fputc(*x, stderr);
180 } else {
181 fputc('.', stderr);
182 }
183 x++;
184 }
185 fputs(tag, stderr);
186 }
187 #endif
188
send_ready(unsigned local,unsigned remote,atransport * t)189 static void send_ready(unsigned local, unsigned remote, atransport *t)
190 {
191 D("Calling send_ready");
192 apacket *p = get_apacket();
193 p->msg.command = A_OKAY;
194 p->msg.arg0 = local;
195 p->msg.arg1 = remote;
196 send_packet(p, t);
197 }
198
send_close(unsigned local,unsigned remote,atransport * t)199 static void send_close(unsigned local, unsigned remote, atransport *t)
200 {
201 D("Calling send_close");
202 apacket *p = get_apacket();
203 p->msg.command = A_CLSE;
204 p->msg.arg0 = local;
205 p->msg.arg1 = remote;
206 send_packet(p, t);
207 }
208
get_connection_string()209 std::string get_connection_string() {
210 std::vector<std::string> connection_properties;
211
212 #if !ADB_HOST
213 static const char* cnxn_props[] = {
214 "ro.product.name",
215 "ro.product.model",
216 "ro.product.device",
217 };
218
219 for (const auto& prop : cnxn_props) {
220 std::string value = std::string(prop) + "=" + android::base::GetProperty(prop, "");
221 connection_properties.push_back(value);
222 }
223 #endif
224
225 connection_properties.push_back(android::base::StringPrintf(
226 "features=%s", FeatureSetToString(supported_features()).c_str()));
227
228 return android::base::StringPrintf(
229 "%s::%s", adb_device_banner,
230 android::base::Join(connection_properties, ';').c_str());
231 }
232
send_connect(atransport * t)233 void send_connect(atransport* t) {
234 D("Calling send_connect");
235 apacket* cp = get_apacket();
236 cp->msg.command = A_CNXN;
237 // Send the max supported version, but because the transport is
238 // initialized to A_VERSION_MIN, this will be compatible with every
239 // device.
240 cp->msg.arg0 = A_VERSION;
241 cp->msg.arg1 = t->get_max_payload();
242
243 std::string connection_str = get_connection_string();
244 // Connect and auth packets are limited to MAX_PAYLOAD_V1 because we don't
245 // yet know how much data the other size is willing to accept.
246 if (connection_str.length() > MAX_PAYLOAD_V1) {
247 LOG(FATAL) << "Connection banner is too long (length = "
248 << connection_str.length() << ")";
249 }
250
251 cp->payload = std::move(connection_str);
252 cp->msg.data_length = cp->payload.size();
253
254 send_packet(cp, t);
255 }
256
257 // qual_overwrite is used to overwrite a qualifier string. dst is a
258 // pointer to a char pointer. It is assumed that if *dst is non-NULL, it
259 // was malloc'ed and needs to freed. *dst will be set to a dup of src.
260 // TODO: switch to std::string for these atransport fields instead.
qual_overwrite(char ** dst,const std::string & src)261 static void qual_overwrite(char** dst, const std::string& src) {
262 free(*dst);
263 *dst = strdup(src.c_str());
264 }
265
parse_banner(const std::string & banner,atransport * t)266 void parse_banner(const std::string& banner, atransport* t) {
267 D("parse_banner: %s", banner.c_str());
268
269 // The format is something like:
270 // "device::ro.product.name=x;ro.product.model=y;ro.product.device=z;".
271 std::vector<std::string> pieces = android::base::Split(banner, ":");
272
273 // Reset the features list or else if the server sends no features we may
274 // keep the existing feature set (http://b/24405971).
275 t->SetFeatures("");
276
277 if (pieces.size() > 2) {
278 const std::string& props = pieces[2];
279 for (const auto& prop : android::base::Split(props, ";")) {
280 // The list of properties was traditionally ;-terminated rather than ;-separated.
281 if (prop.empty()) continue;
282
283 std::vector<std::string> key_value = android::base::Split(prop, "=");
284 if (key_value.size() != 2) continue;
285
286 const std::string& key = key_value[0];
287 const std::string& value = key_value[1];
288 if (key == "ro.product.name") {
289 qual_overwrite(&t->product, value);
290 } else if (key == "ro.product.model") {
291 qual_overwrite(&t->model, value);
292 } else if (key == "ro.product.device") {
293 qual_overwrite(&t->device, value);
294 } else if (key == "features") {
295 t->SetFeatures(value);
296 }
297 }
298 }
299
300 const std::string& type = pieces[0];
301 if (type == "bootloader") {
302 D("setting connection_state to kCsBootloader");
303 t->SetConnectionState(kCsBootloader);
304 } else if (type == "device") {
305 D("setting connection_state to kCsDevice");
306 t->SetConnectionState(kCsDevice);
307 } else if (type == "recovery") {
308 D("setting connection_state to kCsRecovery");
309 t->SetConnectionState(kCsRecovery);
310 } else if (type == "sideload") {
311 D("setting connection_state to kCsSideload");
312 t->SetConnectionState(kCsSideload);
313 } else {
314 D("setting connection_state to kCsHost");
315 t->SetConnectionState(kCsHost);
316 }
317 }
318
handle_new_connection(atransport * t,apacket * p)319 static void handle_new_connection(atransport* t, apacket* p) {
320 if (t->GetConnectionState() != kCsOffline) {
321 t->SetConnectionState(kCsOffline);
322 handle_offline(t);
323 }
324
325 t->update_version(p->msg.arg0, p->msg.arg1);
326 parse_banner(p->payload, t);
327
328 #if ADB_HOST
329 handle_online(t);
330 #else
331 if (!auth_required) {
332 handle_online(t);
333 send_connect(t);
334 } else {
335 send_auth_request(t);
336 }
337 #endif
338
339 update_transports();
340 }
341
handle_packet(apacket * p,atransport * t)342 void handle_packet(apacket *p, atransport *t)
343 {
344 D("handle_packet() %c%c%c%c", ((char*) (&(p->msg.command)))[0],
345 ((char*) (&(p->msg.command)))[1],
346 ((char*) (&(p->msg.command)))[2],
347 ((char*) (&(p->msg.command)))[3]);
348 print_packet("recv", p);
349 CHECK_EQ(p->payload.size(), p->msg.data_length);
350
351 switch(p->msg.command){
352 case A_SYNC:
353 if (p->msg.arg0){
354 send_packet(p, t);
355 #if ADB_HOST
356 send_connect(t);
357 #endif
358 } else {
359 t->SetConnectionState(kCsOffline);
360 handle_offline(t);
361 send_packet(p, t);
362 }
363 return;
364
365 case A_CNXN: // CONNECT(version, maxdata, "system-id-string")
366 handle_new_connection(t, p);
367 break;
368
369 case A_AUTH:
370 switch (p->msg.arg0) {
371 #if ADB_HOST
372 case ADB_AUTH_TOKEN:
373 if (t->GetConnectionState() == kCsOffline) {
374 t->SetConnectionState(kCsUnauthorized);
375 }
376 send_auth_response(p->payload.data(), p->msg.data_length, t);
377 break;
378 #else
379 case ADB_AUTH_SIGNATURE:
380 if (adbd_auth_verify(t->token, sizeof(t->token), p->payload)) {
381 adbd_auth_verified(t);
382 t->failed_auth_attempts = 0;
383 } else {
384 if (t->failed_auth_attempts++ > 256) std::this_thread::sleep_for(1s);
385 send_auth_request(t);
386 }
387 break;
388
389 case ADB_AUTH_RSAPUBLICKEY:
390 adbd_auth_confirm_key(p->payload.data(), p->msg.data_length, t);
391 break;
392 #endif
393 default:
394 t->SetConnectionState(kCsOffline);
395 handle_offline(t);
396 break;
397 }
398 break;
399
400 case A_OPEN: /* OPEN(local-id, 0, "destination") */
401 if (t->online && p->msg.arg0 != 0 && p->msg.arg1 == 0) {
402 asocket* s = create_local_service_socket(p->payload.c_str(), t);
403 if (s == nullptr) {
404 send_close(0, p->msg.arg0, t);
405 } else {
406 s->peer = create_remote_socket(p->msg.arg0, t);
407 s->peer->peer = s;
408 send_ready(s->id, s->peer->id, t);
409 s->ready(s);
410 }
411 }
412 break;
413
414 case A_OKAY: /* READY(local-id, remote-id, "") */
415 if (t->online && p->msg.arg0 != 0 && p->msg.arg1 != 0) {
416 asocket* s = find_local_socket(p->msg.arg1, 0);
417 if (s) {
418 if(s->peer == 0) {
419 /* On first READY message, create the connection. */
420 s->peer = create_remote_socket(p->msg.arg0, t);
421 s->peer->peer = s;
422 s->ready(s);
423 } else if (s->peer->id == p->msg.arg0) {
424 /* Other READY messages must use the same local-id */
425 s->ready(s);
426 } else {
427 D("Invalid A_OKAY(%d,%d), expected A_OKAY(%d,%d) on transport %s",
428 p->msg.arg0, p->msg.arg1, s->peer->id, p->msg.arg1, t->serial);
429 }
430 } else {
431 // When receiving A_OKAY from device for A_OPEN request, the host server may
432 // have closed the local socket because of client disconnection. Then we need
433 // to send A_CLSE back to device to close the service on device.
434 send_close(p->msg.arg1, p->msg.arg0, t);
435 }
436 }
437 break;
438
439 case A_CLSE: /* CLOSE(local-id, remote-id, "") or CLOSE(0, remote-id, "") */
440 if (t->online && p->msg.arg1 != 0) {
441 asocket* s = find_local_socket(p->msg.arg1, p->msg.arg0);
442 if (s) {
443 /* According to protocol.txt, p->msg.arg0 might be 0 to indicate
444 * a failed OPEN only. However, due to a bug in previous ADB
445 * versions, CLOSE(0, remote-id, "") was also used for normal
446 * CLOSE() operations.
447 *
448 * This is bad because it means a compromised adbd could
449 * send packets to close connections between the host and
450 * other devices. To avoid this, only allow this if the local
451 * socket has a peer on the same transport.
452 */
453 if (p->msg.arg0 == 0 && s->peer && s->peer->transport != t) {
454 D("Invalid A_CLSE(0, %u) from transport %s, expected transport %s",
455 p->msg.arg1, t->serial, s->peer->transport->serial);
456 } else {
457 s->close(s);
458 }
459 }
460 }
461 break;
462
463 case A_WRTE: /* WRITE(local-id, remote-id, <data>) */
464 if (t->online && p->msg.arg0 != 0 && p->msg.arg1 != 0) {
465 asocket* s = find_local_socket(p->msg.arg1, p->msg.arg0);
466 if (s) {
467 unsigned rid = p->msg.arg0;
468 if (s->enqueue(s, std::move(p->payload)) == 0) {
469 D("Enqueue the socket");
470 send_ready(s->id, rid, t);
471 }
472 }
473 }
474 break;
475
476 default:
477 printf("handle_packet: what is %08x?!\n", p->msg.command);
478 }
479
480 put_apacket(p);
481 }
482
483 #if ADB_HOST
484
485 #ifdef _WIN32
486
487 // Try to make a handle non-inheritable and if there is an error, don't output
488 // any error info, but leave GetLastError() for the caller to read. This is
489 // convenient if the caller is expecting that this may fail and they'd like to
490 // ignore such a failure.
_try_make_handle_noninheritable(HANDLE h)491 static bool _try_make_handle_noninheritable(HANDLE h) {
492 if (h != INVALID_HANDLE_VALUE && h != NULL) {
493 return SetHandleInformation(h, HANDLE_FLAG_INHERIT, 0) ? true : false;
494 }
495
496 return true;
497 }
498
499 // Try to make a handle non-inheritable with the expectation that this should
500 // succeed, so if this fails, output error info.
_make_handle_noninheritable(HANDLE h)501 static bool _make_handle_noninheritable(HANDLE h) {
502 if (!_try_make_handle_noninheritable(h)) {
503 // Show the handle value to give us a clue in case we have problems
504 // with pseudo-handle values.
505 fprintf(stderr, "adb: cannot make handle 0x%p non-inheritable: %s\n", h,
506 android::base::SystemErrorCodeToString(GetLastError()).c_str());
507 return false;
508 }
509
510 return true;
511 }
512
513 // Create anonymous pipe, preventing inheritance of the read pipe and setting
514 // security of the write pipe to sa.
_create_anonymous_pipe(unique_handle * pipe_read_out,unique_handle * pipe_write_out,SECURITY_ATTRIBUTES * sa)515 static bool _create_anonymous_pipe(unique_handle* pipe_read_out,
516 unique_handle* pipe_write_out,
517 SECURITY_ATTRIBUTES* sa) {
518 HANDLE pipe_read_raw = NULL;
519 HANDLE pipe_write_raw = NULL;
520 if (!CreatePipe(&pipe_read_raw, &pipe_write_raw, sa, 0)) {
521 fprintf(stderr, "adb: CreatePipe failed: %s\n",
522 android::base::SystemErrorCodeToString(GetLastError()).c_str());
523 return false;
524 }
525
526 unique_handle pipe_read(pipe_read_raw);
527 pipe_read_raw = NULL;
528 unique_handle pipe_write(pipe_write_raw);
529 pipe_write_raw = NULL;
530
531 if (!_make_handle_noninheritable(pipe_read.get())) {
532 return false;
533 }
534
535 *pipe_read_out = std::move(pipe_read);
536 *pipe_write_out = std::move(pipe_write);
537
538 return true;
539 }
540
541 // Read from a pipe (that we take ownership of) and write the result to stdout/stderr. Return on
542 // error or when the pipe is closed. Internally makes inheritable handles, so this should not be
543 // called if subprocesses may be started concurrently.
_redirect_pipe_thread(HANDLE h,DWORD nStdHandle)544 static unsigned _redirect_pipe_thread(HANDLE h, DWORD nStdHandle) {
545 // Take ownership of the HANDLE and close when we're done.
546 unique_handle read_pipe(h);
547 const char* output_name = nStdHandle == STD_OUTPUT_HANDLE ? "stdout" : "stderr";
548 const int original_fd = fileno(nStdHandle == STD_OUTPUT_HANDLE ? stdout : stderr);
549 std::unique_ptr<FILE, decltype(&fclose)> stream(nullptr, fclose);
550
551 if (original_fd == -1) {
552 fprintf(stderr, "adb: failed to get file descriptor for %s: %s\n", output_name,
553 strerror(errno));
554 return EXIT_FAILURE;
555 }
556
557 // If fileno() is -2, stdout/stderr is not associated with an output stream, so we should read,
558 // but don't write. Otherwise, make a FILE* identical to stdout/stderr except that it is in
559 // binary mode with no CR/LR translation since we're reading raw.
560 if (original_fd >= 0) {
561 // This internally makes a duplicate file handle that is inheritable, so callers should not
562 // call this function if subprocesses may be started concurrently.
563 const int fd = dup(original_fd);
564 if (fd == -1) {
565 fprintf(stderr, "adb: failed to duplicate file descriptor for %s: %s\n", output_name,
566 strerror(errno));
567 return EXIT_FAILURE;
568 }
569
570 // Note that although we call fdopen() below with a binary flag, it may not adhere to that
571 // flag, so we have to set the mode manually.
572 if (_setmode(fd, _O_BINARY) == -1) {
573 fprintf(stderr, "adb: failed to set binary mode for duplicate of %s: %s\n", output_name,
574 strerror(errno));
575 unix_close(fd);
576 return EXIT_FAILURE;
577 }
578
579 stream.reset(fdopen(fd, "wb"));
580 if (stream.get() == nullptr) {
581 fprintf(stderr, "adb: failed to open duplicate stream for %s: %s\n", output_name,
582 strerror(errno));
583 unix_close(fd);
584 return EXIT_FAILURE;
585 }
586
587 // Unbuffer the stream because it will be buffered by default and we want subprocess output
588 // to be shown immediately.
589 if (setvbuf(stream.get(), NULL, _IONBF, 0) == -1) {
590 fprintf(stderr, "adb: failed to unbuffer %s: %s\n", output_name, strerror(errno));
591 return EXIT_FAILURE;
592 }
593
594 // fd will be closed when stream is closed.
595 }
596
597 while (true) {
598 char buf[64 * 1024];
599 DWORD bytes_read = 0;
600 if (!ReadFile(read_pipe.get(), buf, sizeof(buf), &bytes_read, NULL)) {
601 const DWORD err = GetLastError();
602 // ERROR_BROKEN_PIPE is expected when the subprocess closes
603 // the other end of the pipe.
604 if (err == ERROR_BROKEN_PIPE) {
605 return EXIT_SUCCESS;
606 } else {
607 fprintf(stderr, "adb: failed to read from %s: %s\n", output_name,
608 android::base::SystemErrorCodeToString(err).c_str());
609 return EXIT_FAILURE;
610 }
611 }
612
613 // Don't try to write if our stdout/stderr was not setup by the parent process.
614 if (stream) {
615 // fwrite() actually calls adb_fwrite() which can write UTF-8 to the console.
616 const size_t bytes_written = fwrite(buf, 1, bytes_read, stream.get());
617 if (bytes_written != bytes_read) {
618 fprintf(stderr, "adb: error: only wrote %zu of %lu bytes to %s\n", bytes_written,
619 bytes_read, output_name);
620 return EXIT_FAILURE;
621 }
622 }
623 }
624 }
625
_redirect_stdout_thread(HANDLE h)626 static unsigned __stdcall _redirect_stdout_thread(HANDLE h) {
627 adb_thread_setname("stdout redirect");
628 return _redirect_pipe_thread(h, STD_OUTPUT_HANDLE);
629 }
630
_redirect_stderr_thread(HANDLE h)631 static unsigned __stdcall _redirect_stderr_thread(HANDLE h) {
632 adb_thread_setname("stderr redirect");
633 return _redirect_pipe_thread(h, STD_ERROR_HANDLE);
634 }
635
636 #endif
637
ReportServerStartupFailure(pid_t pid)638 static void ReportServerStartupFailure(pid_t pid) {
639 fprintf(stderr, "ADB server didn't ACK\n");
640 fprintf(stderr, "Full server startup log: %s\n", GetLogFilePath().c_str());
641 fprintf(stderr, "Server had pid: %d\n", pid);
642
643 unique_fd fd(adb_open(GetLogFilePath().c_str(), O_RDONLY));
644 if (fd == -1) return;
645
646 // Let's not show more than 128KiB of log...
647 adb_lseek(fd, -128 * 1024, SEEK_END);
648 std::string content;
649 if (!android::base::ReadFdToString(fd, &content)) return;
650
651 std::string header = android::base::StringPrintf("--- adb starting (pid %d) ---", pid);
652 std::vector<std::string> lines = android::base::Split(content, "\n");
653 int i = lines.size() - 1;
654 while (i >= 0 && lines[i] != header) --i;
655 while (static_cast<size_t>(i) < lines.size()) fprintf(stderr, "%s\n", lines[i++].c_str());
656 }
657
launch_server(const std::string & socket_spec)658 int launch_server(const std::string& socket_spec) {
659 #if defined(_WIN32)
660 /* we need to start the server in the background */
661 /* we create a PIPE that will be used to wait for the server's "OK" */
662 /* message since the pipe handles must be inheritable, we use a */
663 /* security attribute */
664 SECURITY_ATTRIBUTES sa;
665 sa.nLength = sizeof(sa);
666 sa.lpSecurityDescriptor = NULL;
667 sa.bInheritHandle = TRUE;
668
669 // Redirect stdin to Windows /dev/null. If we instead pass an original
670 // stdin/stdout/stderr handle and it is a console handle, when the adb
671 // server starts up, the C Runtime will see a console handle for a process
672 // that isn't connected to a console and it will configure
673 // stdin/stdout/stderr to be closed. At that point, freopen() could be used
674 // to reopen stderr/out, but it would take more massaging to fixup the file
675 // descriptor number that freopen() uses. It's simplest to avoid all of this
676 // complexity by just redirecting stdin to `nul' and then the C Runtime acts
677 // as expected.
678 unique_handle nul_read(CreateFileW(L"nul", GENERIC_READ,
679 FILE_SHARE_READ | FILE_SHARE_WRITE, &sa, OPEN_EXISTING,
680 FILE_ATTRIBUTE_NORMAL, NULL));
681 if (nul_read.get() == INVALID_HANDLE_VALUE) {
682 fprintf(stderr, "adb: CreateFileW 'nul' failed: %s\n",
683 android::base::SystemErrorCodeToString(GetLastError()).c_str());
684 return -1;
685 }
686
687 // Create pipes with non-inheritable read handle, inheritable write handle. We need to connect
688 // the subprocess to pipes instead of just letting the subprocess inherit our existing
689 // stdout/stderr handles because a DETACHED_PROCESS cannot write to a console that it is not
690 // attached to.
691 unique_handle ack_read, ack_write;
692 if (!_create_anonymous_pipe(&ack_read, &ack_write, &sa)) {
693 return -1;
694 }
695 unique_handle stdout_read, stdout_write;
696 if (!_create_anonymous_pipe(&stdout_read, &stdout_write, &sa)) {
697 return -1;
698 }
699 unique_handle stderr_read, stderr_write;
700 if (!_create_anonymous_pipe(&stderr_read, &stderr_write, &sa)) {
701 return -1;
702 }
703
704 /* Some programs want to launch an adb command and collect its output by
705 * calling CreateProcess with inheritable stdout/stderr handles, then
706 * using read() to get its output. When this happens, the stdout/stderr
707 * handles passed to the adb client process will also be inheritable.
708 * When starting the adb server here, care must be taken to reset them
709 * to non-inheritable.
710 * Otherwise, something bad happens: even if the adb command completes,
711 * the calling process is stuck while read()-ing from the stdout/stderr
712 * descriptors, because they're connected to corresponding handles in the
713 * adb server process (even if the latter never uses/writes to them).
714 * Note that even if we don't pass these handles in the STARTUPINFO struct,
715 * if they're marked inheritable, they're still inherited, requiring us to
716 * deal with this.
717 *
718 * If we're still having problems with inheriting random handles in the
719 * future, consider using PROC_THREAD_ATTRIBUTE_HANDLE_LIST to explicitly
720 * specify which handles should be inherited: http://blogs.msdn.com/b/oldnewthing/archive/2011/12/16/10248328.aspx
721 *
722 * Older versions of Windows return console pseudo-handles that cannot be
723 * made non-inheritable, so ignore those failures.
724 */
725 _try_make_handle_noninheritable(GetStdHandle(STD_INPUT_HANDLE));
726 _try_make_handle_noninheritable(GetStdHandle(STD_OUTPUT_HANDLE));
727 _try_make_handle_noninheritable(GetStdHandle(STD_ERROR_HANDLE));
728
729 STARTUPINFOW startup;
730 ZeroMemory( &startup, sizeof(startup) );
731 startup.cb = sizeof(startup);
732 startup.hStdInput = nul_read.get();
733 startup.hStdOutput = stdout_write.get();
734 startup.hStdError = stderr_write.get();
735 startup.dwFlags = STARTF_USESTDHANDLES;
736
737 // Verify that the pipe_write handle value can be passed on the command line
738 // as %d and that the rest of adb code can pass it around in an int.
739 const int ack_write_as_int = cast_handle_to_int(ack_write.get());
740 if (cast_int_to_handle(ack_write_as_int) != ack_write.get()) {
741 // If this fires, either handle values are larger than 32-bits or else
742 // there is a bug in our casting.
743 // https://msdn.microsoft.com/en-us/library/windows/desktop/aa384203%28v=vs.85%29.aspx
744 fprintf(stderr, "adb: cannot fit pipe handle value into 32-bits: 0x%p\n", ack_write.get());
745 return -1;
746 }
747
748 // get path of current program
749 WCHAR program_path[MAX_PATH];
750 const DWORD module_result = GetModuleFileNameW(NULL, program_path,
751 arraysize(program_path));
752 if ((module_result >= arraysize(program_path)) || (module_result == 0)) {
753 // String truncation or some other error.
754 fprintf(stderr, "adb: cannot get executable path: %s\n",
755 android::base::SystemErrorCodeToString(GetLastError()).c_str());
756 return -1;
757 }
758
759 WCHAR args[64];
760 snwprintf(args, arraysize(args), L"adb -L %s fork-server server --reply-fd %d",
761 socket_spec.c_str(), ack_write_as_int);
762
763 PROCESS_INFORMATION pinfo;
764 ZeroMemory(&pinfo, sizeof(pinfo));
765
766 if (!CreateProcessW(
767 program_path, /* program path */
768 args,
769 /* the fork-server argument will set the
770 debug = 2 in the child */
771 NULL, /* process handle is not inheritable */
772 NULL, /* thread handle is not inheritable */
773 TRUE, /* yes, inherit some handles */
774 DETACHED_PROCESS, /* the new process doesn't have a console */
775 NULL, /* use parent's environment block */
776 NULL, /* use parent's starting directory */
777 &startup, /* startup info, i.e. std handles */
778 &pinfo )) {
779 fprintf(stderr, "adb: CreateProcessW failed: %s\n",
780 android::base::SystemErrorCodeToString(GetLastError()).c_str());
781 return -1;
782 }
783
784 unique_handle process_handle(pinfo.hProcess);
785 pinfo.hProcess = NULL;
786
787 // Close handles that we no longer need to complete the rest.
788 CloseHandle(pinfo.hThread);
789 pinfo.hThread = NULL;
790
791 nul_read.reset();
792 ack_write.reset();
793 stdout_write.reset();
794 stderr_write.reset();
795
796 // Start threads to read from subprocess stdout/stderr and write to ours to make subprocess
797 // errors easier to diagnose. Note that the threads internally create inheritable handles, but
798 // that is ok because we've already spawned the subprocess.
799
800 // In the past, reading from a pipe before the child process's C Runtime
801 // started up and called GetFileType() caused a hang: http://blogs.msdn.com/b/oldnewthing/archive/2011/12/02/10243553.aspx#10244216
802 // This is reportedly fixed in Windows Vista: https://support.microsoft.com/en-us/kb/2009703
803 // I was unable to reproduce the problem on Windows XP. It sounds like a
804 // Windows Update may have fixed this: https://www.duckware.com/tech/peeknamedpipe.html
805 unique_handle stdout_thread(reinterpret_cast<HANDLE>(
806 _beginthreadex(NULL, 0, _redirect_stdout_thread, stdout_read.get(),
807 0, NULL)));
808 if (stdout_thread.get() == nullptr) {
809 fprintf(stderr, "adb: cannot create thread: %s\n", strerror(errno));
810 return -1;
811 }
812 stdout_read.release(); // Transfer ownership to new thread
813
814 unique_handle stderr_thread(reinterpret_cast<HANDLE>(
815 _beginthreadex(NULL, 0, _redirect_stderr_thread, stderr_read.get(),
816 0, NULL)));
817 if (stderr_thread.get() == nullptr) {
818 fprintf(stderr, "adb: cannot create thread: %s\n", strerror(errno));
819 return -1;
820 }
821 stderr_read.release(); // Transfer ownership to new thread
822
823 bool got_ack = false;
824
825 // Wait for the "OK\n" message, for the pipe to be closed, or other error.
826 {
827 char temp[3];
828 DWORD count = 0;
829
830 if (ReadFile(ack_read.get(), temp, sizeof(temp), &count, NULL)) {
831 const CHAR expected[] = "OK\n";
832 const DWORD expected_length = arraysize(expected) - 1;
833 if (count == expected_length &&
834 memcmp(temp, expected, expected_length) == 0) {
835 got_ack = true;
836 } else {
837 ReportServerStartupFailure(GetProcessId(process_handle.get()));
838 return -1;
839 }
840 } else {
841 const DWORD err = GetLastError();
842 // If the ACK was not written and the process exited, GetLastError()
843 // is probably ERROR_BROKEN_PIPE, in which case that info is not
844 // useful to the user.
845 fprintf(stderr, "could not read ok from ADB Server%s\n",
846 err == ERROR_BROKEN_PIPE ? "" :
847 android::base::StringPrintf(": %s",
848 android::base::SystemErrorCodeToString(err).c_str()).c_str());
849 }
850 }
851
852 // Always try to wait a bit for threads reading stdout/stderr to finish.
853 // If the process started ok, it should close the pipes causing the threads
854 // to finish. If the process had an error, it should exit, also causing
855 // the pipes to be closed. In that case we want to read all of the output
856 // and write it out so that the user can diagnose failures.
857 const DWORD thread_timeout_ms = 15 * 1000;
858 const HANDLE threads[] = { stdout_thread.get(), stderr_thread.get() };
859 const DWORD wait_result = WaitForMultipleObjects(arraysize(threads),
860 threads, TRUE, thread_timeout_ms);
861 if (wait_result == WAIT_TIMEOUT) {
862 // Threads did not finish after waiting a little while. Perhaps the
863 // server didn't close pipes, or it is hung.
864 fprintf(stderr, "adb: timed out waiting for threads to finish reading from ADB server\n");
865 // Process handles are signaled when the process exits, so if we wait
866 // on the handle for 0 seconds and it returns 'timeout', that means that
867 // the process is still running.
868 if (WaitForSingleObject(process_handle.get(), 0) == WAIT_TIMEOUT) {
869 // We could TerminateProcess(), but that seems somewhat presumptive.
870 fprintf(stderr, "adb: server is running with process id %lu\n", pinfo.dwProcessId);
871 }
872 return -1;
873 }
874
875 if (wait_result != WAIT_OBJECT_0) {
876 fprintf(stderr, "adb: unexpected result waiting for threads: %lu: %s\n", wait_result,
877 android::base::SystemErrorCodeToString(GetLastError()).c_str());
878 return -1;
879 }
880
881 // For now ignore the thread exit codes and assume they worked properly.
882
883 if (!got_ack) {
884 return -1;
885 }
886 #else /* !defined(_WIN32) */
887 // set up a pipe so the child can tell us when it is ready.
888 // fd[0] will be parent's end, and the child will write on fd[1]
889 int fd[2];
890 if (pipe(fd)) {
891 fprintf(stderr, "pipe failed in launch_server, errno: %d\n", errno);
892 return -1;
893 }
894
895 std::string path = android::base::GetExecutablePath();
896
897 pid_t pid = fork();
898 if (pid < 0) return -1;
899
900 if (pid == 0) {
901 // child side of the fork
902
903 adb_close(fd[0]);
904
905 char reply_fd[30];
906 snprintf(reply_fd, sizeof(reply_fd), "%d", fd[1]);
907 // child process
908 int result = execl(path.c_str(), "adb", "-L", socket_spec.c_str(), "fork-server", "server",
909 "--reply-fd", reply_fd, NULL);
910 // this should not return
911 fprintf(stderr, "adb: execl returned %d: %s\n", result, strerror(errno));
912 } else {
913 // parent side of the fork
914 char temp[3] = {};
915 // wait for the "OK\n" message
916 adb_close(fd[1]);
917 int ret = adb_read(fd[0], temp, 3);
918 int saved_errno = errno;
919 adb_close(fd[0]);
920 if (ret < 0) {
921 fprintf(stderr, "could not read ok from ADB Server, errno = %d\n", saved_errno);
922 return -1;
923 }
924 if (ret != 3 || temp[0] != 'O' || temp[1] != 'K' || temp[2] != '\n') {
925 ReportServerStartupFailure(pid);
926 return -1;
927 }
928 }
929 #endif /* !defined(_WIN32) */
930 return 0;
931 }
932 #endif /* ADB_HOST */
933
934 // Try to handle a network forwarding request.
935 // This returns 1 on success, 0 on failure, and -1 to indicate this is not
936 // a forwarding-related request.
handle_forward_request(const char * service,atransport * transport,int reply_fd)937 int handle_forward_request(const char* service, atransport* transport, int reply_fd) {
938 if (!strcmp(service, "list-forward")) {
939 // Create the list of forward redirections.
940 std::string listeners = format_listeners();
941 #if ADB_HOST
942 SendOkay(reply_fd);
943 #endif
944 return SendProtocolString(reply_fd, listeners);
945 }
946
947 if (!strcmp(service, "killforward-all")) {
948 remove_all_listeners();
949 #if ADB_HOST
950 /* On the host: 1st OKAY is connect, 2nd OKAY is status */
951 SendOkay(reply_fd);
952 #endif
953 SendOkay(reply_fd);
954 return 1;
955 }
956
957 if (!strncmp(service, "forward:", 8) || !strncmp(service, "killforward:", 12)) {
958 // killforward:local
959 // forward:(norebind:)?local;remote
960 bool kill_forward = false;
961 bool no_rebind = false;
962 if (android::base::StartsWith(service, "killforward:")) {
963 kill_forward = true;
964 service += 12;
965 } else {
966 service += 8; // skip past "forward:"
967 if (android::base::StartsWith(service, "norebind:")) {
968 no_rebind = true;
969 service += 9;
970 }
971 }
972
973 std::vector<std::string> pieces = android::base::Split(service, ";");
974
975 if (kill_forward) {
976 // Check killforward: parameter format: '<local>'
977 if (pieces.size() != 1 || pieces[0].empty()) {
978 SendFail(reply_fd, android::base::StringPrintf("bad killforward: %s", service));
979 return 1;
980 }
981 } else {
982 // Check forward: parameter format: '<local>;<remote>'
983 if (pieces.size() != 2 || pieces[0].empty() || pieces[1].empty() || pieces[1][0] == '*') {
984 SendFail(reply_fd, android::base::StringPrintf("bad forward: %s", service));
985 return 1;
986 }
987 }
988
989 std::string error;
990 InstallStatus r;
991 int resolved_tcp_port = 0;
992 if (kill_forward) {
993 r = remove_listener(pieces[0].c_str(), transport);
994 } else {
995 r = install_listener(pieces[0], pieces[1].c_str(), transport, no_rebind,
996 &resolved_tcp_port, &error);
997 }
998 if (r == INSTALL_STATUS_OK) {
999 #if ADB_HOST
1000 // On the host: 1st OKAY is connect, 2nd OKAY is status.
1001 SendOkay(reply_fd);
1002 #endif
1003 SendOkay(reply_fd);
1004
1005 // If a TCP port was resolved, send the actual port number back.
1006 if (resolved_tcp_port != 0) {
1007 SendProtocolString(reply_fd, android::base::StringPrintf("%d", resolved_tcp_port));
1008 }
1009
1010 return 1;
1011 }
1012
1013 std::string message;
1014 switch (r) {
1015 case INSTALL_STATUS_OK: message = "success (!)"; break;
1016 case INSTALL_STATUS_INTERNAL_ERROR: message = "internal error"; break;
1017 case INSTALL_STATUS_CANNOT_BIND:
1018 message = android::base::StringPrintf("cannot bind listener: %s",
1019 error.c_str());
1020 break;
1021 case INSTALL_STATUS_CANNOT_REBIND:
1022 message = android::base::StringPrintf("cannot rebind existing socket");
1023 break;
1024 case INSTALL_STATUS_LISTENER_NOT_FOUND:
1025 message = android::base::StringPrintf("listener '%s' not found", service);
1026 break;
1027 }
1028 SendFail(reply_fd, message);
1029 return 1;
1030 }
1031 return 0;
1032 }
1033
1034 #if ADB_HOST
SendOkay(int fd,const std::string & s)1035 static int SendOkay(int fd, const std::string& s) {
1036 SendOkay(fd);
1037 SendProtocolString(fd, s);
1038 return 0;
1039 }
1040
handle_host_request(const char * service,TransportType type,const char * serial,TransportId transport_id,int reply_fd,asocket * s)1041 int handle_host_request(const char* service, TransportType type, const char* serial,
1042 TransportId transport_id, int reply_fd, asocket* s) {
1043 if (strcmp(service, "kill") == 0) {
1044 fprintf(stderr, "adb server killed by remote request\n");
1045 fflush(stdout);
1046
1047 // Send a reply even though we don't read it anymore, so that old versions
1048 // of adb that do read it don't spew error messages.
1049 SendOkay(reply_fd);
1050
1051 // Rely on process exit to close the socket for us.
1052 exit(0);
1053 }
1054
1055 // "transport:" is used for switching transport with a specified serial number
1056 // "transport-usb:" is used for switching transport to the only USB transport
1057 // "transport-local:" is used for switching transport to the only local transport
1058 // "transport-any:" is used for switching transport to the only transport
1059 if (!strncmp(service, "transport", strlen("transport"))) {
1060 TransportType type = kTransportAny;
1061
1062 if (!strncmp(service, "transport-id:", strlen("transport-id:"))) {
1063 service += strlen("transport-id:");
1064 transport_id = strtoll(service, const_cast<char**>(&service), 10);
1065 if (*service != '\0') {
1066 SendFail(reply_fd, "invalid transport id");
1067 return 1;
1068 }
1069 } else if (!strncmp(service, "transport-usb", strlen("transport-usb"))) {
1070 type = kTransportUsb;
1071 } else if (!strncmp(service, "transport-local", strlen("transport-local"))) {
1072 type = kTransportLocal;
1073 } else if (!strncmp(service, "transport-any", strlen("transport-any"))) {
1074 type = kTransportAny;
1075 } else if (!strncmp(service, "transport:", strlen("transport:"))) {
1076 service += strlen("transport:");
1077 serial = service;
1078 }
1079
1080 std::string error;
1081 atransport* t = acquire_one_transport(type, serial, transport_id, nullptr, &error);
1082 if (t != nullptr) {
1083 s->transport = t;
1084 SendOkay(reply_fd);
1085 } else {
1086 SendFail(reply_fd, error);
1087 }
1088 return 1;
1089 }
1090
1091 // return a list of all connected devices
1092 if (!strncmp(service, "devices", 7)) {
1093 bool long_listing = (strcmp(service+7, "-l") == 0);
1094 if (long_listing || service[7] == 0) {
1095 D("Getting device list...");
1096 std::string device_list = list_transports(long_listing);
1097 D("Sending device list...");
1098 return SendOkay(reply_fd, device_list);
1099 }
1100 return 1;
1101 }
1102
1103 if (!strcmp(service, "reconnect-offline")) {
1104 std::string response;
1105 close_usb_devices([&response](const atransport* transport) {
1106 switch (transport->GetConnectionState()) {
1107 case kCsOffline:
1108 case kCsUnauthorized:
1109 response += "reconnecting " + transport->serial_name() + "\n";
1110 return true;
1111 default:
1112 return false;
1113 }
1114 });
1115 if (!response.empty()) {
1116 response.resize(response.size() - 1);
1117 }
1118 SendOkay(reply_fd, response);
1119 return 0;
1120 }
1121
1122 if (!strcmp(service, "features")) {
1123 std::string error;
1124 atransport* t = acquire_one_transport(type, serial, transport_id, nullptr, &error);
1125 if (t != nullptr) {
1126 SendOkay(reply_fd, FeatureSetToString(t->features()));
1127 } else {
1128 SendFail(reply_fd, error);
1129 }
1130 return 0;
1131 }
1132
1133 if (!strcmp(service, "host-features")) {
1134 FeatureSet features = supported_features();
1135 // Abuse features to report libusb status.
1136 if (should_use_libusb()) {
1137 features.insert(kFeatureLibusb);
1138 }
1139 features.insert(kFeaturePushSync);
1140 SendOkay(reply_fd, FeatureSetToString(features));
1141 return 0;
1142 }
1143
1144 // remove TCP transport
1145 if (!strncmp(service, "disconnect:", 11)) {
1146 const std::string address(service + 11);
1147 if (address.empty()) {
1148 kick_all_tcp_devices();
1149 return SendOkay(reply_fd, "disconnected everything");
1150 }
1151
1152 std::string serial;
1153 std::string host;
1154 int port = DEFAULT_ADB_LOCAL_TRANSPORT_PORT;
1155 std::string error;
1156 if (!android::base::ParseNetAddress(address, &host, &port, &serial, &error)) {
1157 return SendFail(reply_fd, android::base::StringPrintf("couldn't parse '%s': %s",
1158 address.c_str(), error.c_str()));
1159 }
1160 atransport* t = find_transport(serial.c_str());
1161 if (t == nullptr) {
1162 return SendFail(reply_fd, android::base::StringPrintf("no such device '%s'",
1163 serial.c_str()));
1164 }
1165 kick_transport(t);
1166 return SendOkay(reply_fd, android::base::StringPrintf("disconnected %s", address.c_str()));
1167 }
1168
1169 // Returns our value for ADB_SERVER_VERSION.
1170 if (!strcmp(service, "version")) {
1171 return SendOkay(reply_fd, android::base::StringPrintf("%04x", ADB_SERVER_VERSION));
1172 }
1173
1174 // These always report "unknown" rather than the actual error, for scripts.
1175 if (!strcmp(service, "get-serialno")) {
1176 std::string error;
1177 atransport* t = acquire_one_transport(type, serial, transport_id, nullptr, &error);
1178 if (t) {
1179 return SendOkay(reply_fd, t->serial ? t->serial : "unknown");
1180 } else {
1181 return SendFail(reply_fd, error);
1182 }
1183 }
1184 if (!strcmp(service, "get-devpath")) {
1185 std::string error;
1186 atransport* t = acquire_one_transport(type, serial, transport_id, nullptr, &error);
1187 if (t) {
1188 return SendOkay(reply_fd, t->devpath ? t->devpath : "unknown");
1189 } else {
1190 return SendFail(reply_fd, error);
1191 }
1192 }
1193 if (!strcmp(service, "get-state")) {
1194 std::string error;
1195 atransport* t = acquire_one_transport(type, serial, transport_id, nullptr, &error);
1196 if (t) {
1197 return SendOkay(reply_fd, t->connection_state_name());
1198 } else {
1199 return SendFail(reply_fd, error);
1200 }
1201 }
1202
1203 // Indicates a new emulator instance has started.
1204 if (!strncmp(service, "emulator:", 9)) {
1205 int port = atoi(service+9);
1206 local_connect(port);
1207 /* we don't even need to send a reply */
1208 return 0;
1209 }
1210
1211 if (!strcmp(service, "reconnect")) {
1212 std::string response;
1213 atransport* t = acquire_one_transport(type, serial, transport_id, nullptr, &response, true);
1214 if (t != nullptr) {
1215 kick_transport(t);
1216 response =
1217 "reconnecting " + t->serial_name() + " [" + t->connection_state_name() + "]\n";
1218 }
1219 return SendOkay(reply_fd, response);
1220 }
1221
1222 std::string error;
1223 atransport* t = acquire_one_transport(type, serial, transport_id, nullptr, &error);
1224 if (!t) {
1225 return -1;
1226 }
1227
1228 int ret = handle_forward_request(service, t, reply_fd);
1229 if (ret >= 0)
1230 return ret - 1;
1231 return -1;
1232 }
1233
1234 static auto& init_mutex = *new std::mutex();
1235 static auto& init_cv = *new std::condition_variable();
1236 static bool device_scan_complete = false;
1237 static bool transports_ready = false;
1238
update_transport_status()1239 void update_transport_status() {
1240 bool result = iterate_transports([](const atransport* t) {
1241 if (t->type == kTransportUsb && t->online != 1) {
1242 return false;
1243 }
1244 return true;
1245 });
1246
1247 bool ready;
1248 {
1249 std::lock_guard<std::mutex> lock(init_mutex);
1250 transports_ready = result;
1251 ready = transports_ready && device_scan_complete;
1252 }
1253
1254 if (ready) {
1255 init_cv.notify_all();
1256 }
1257 }
1258
adb_notify_device_scan_complete()1259 void adb_notify_device_scan_complete() {
1260 {
1261 std::lock_guard<std::mutex> lock(init_mutex);
1262 if (device_scan_complete) {
1263 return;
1264 }
1265
1266 device_scan_complete = true;
1267 }
1268
1269 update_transport_status();
1270 }
1271
adb_wait_for_device_initialization()1272 void adb_wait_for_device_initialization() {
1273 std::unique_lock<std::mutex> lock(init_mutex);
1274 init_cv.wait_for(lock, 3s, []() { return device_scan_complete && transports_ready; });
1275 }
1276
1277 #endif // ADB_HOST
1278