Dan Albert | bd0b750 | 2015-02-18 18:22:45 -0800 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2015 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | #define TRACE_TAG TRACE_ADB |
| 18 | |
| 19 | #include <errno.h> |
| 20 | #include <signal.h> |
| 21 | #include <stdio.h> |
| 22 | #include <stdlib.h> |
Dan Albert | bd0b750 | 2015-02-18 18:22:45 -0800 | [diff] [blame] | 23 | |
| 24 | #include "adb.h" |
| 25 | #include "adb_auth.h" |
| 26 | #include "adb_listeners.h" |
| 27 | #include "sysdeps.h" |
| 28 | |
| 29 | #if !ADB_HOST |
| 30 | #include <getopt.h> |
Dan Albert | 6795cd8 | 2015-02-19 11:36:53 -0800 | [diff] [blame^] | 31 | #include <sys/prctl.h> |
Dan Albert | bd0b750 | 2015-02-18 18:22:45 -0800 | [diff] [blame] | 32 | |
| 33 | #include "cutils/properties.h" |
| 34 | #include "private/android_filesystem_config.h" |
| 35 | #include "selinux/selinux.h" |
| 36 | |
| 37 | #include "qemu_tracing.h" |
| 38 | #endif |
| 39 | |
| 40 | static void adb_cleanup(void) |
| 41 | { |
| 42 | usb_cleanup(); |
| 43 | } |
| 44 | |
Dan Albert | 6795cd8 | 2015-02-19 11:36:53 -0800 | [diff] [blame^] | 45 | #if defined(_WIN32) |
| 46 | static BOOL WINAPI ctrlc_handler(DWORD type) |
| 47 | { |
| 48 | exit(STATUS_CONTROL_C_EXIT); |
| 49 | return TRUE; |
| 50 | } |
| 51 | #endif |
| 52 | |
Dan Albert | bd0b750 | 2015-02-18 18:22:45 -0800 | [diff] [blame] | 53 | #if ADB_HOST |
| 54 | #ifdef WORKAROUND_BUG6558362 |
| 55 | #include <sched.h> |
| 56 | #define AFFINITY_ENVVAR "ADB_CPU_AFFINITY_BUG6558362" |
| 57 | void adb_set_affinity(void) |
| 58 | { |
| 59 | cpu_set_t cpu_set; |
| 60 | const char* cpunum_str = getenv(AFFINITY_ENVVAR); |
| 61 | char* strtol_res; |
| 62 | int cpu_num; |
| 63 | |
| 64 | if (!cpunum_str || !*cpunum_str) |
| 65 | return; |
| 66 | cpu_num = strtol(cpunum_str, &strtol_res, 0); |
| 67 | if (*strtol_res != '\0') |
| 68 | fatal("bad number (%s) in env var %s. Expecting 0..n.\n", cpunum_str, AFFINITY_ENVVAR); |
| 69 | |
| 70 | sched_getaffinity(0, sizeof(cpu_set), &cpu_set); |
| 71 | D("orig cpu_set[0]=0x%08lx\n", cpu_set.__bits[0]); |
| 72 | CPU_ZERO(&cpu_set); |
| 73 | CPU_SET(cpu_num, &cpu_set); |
| 74 | sched_setaffinity(0, sizeof(cpu_set), &cpu_set); |
| 75 | sched_getaffinity(0, sizeof(cpu_set), &cpu_set); |
| 76 | D("new cpu_set[0]=0x%08lx\n", cpu_set.__bits[0]); |
| 77 | } |
| 78 | #endif |
| 79 | #else /* ADB_HOST */ |
| 80 | static const char *root_seclabel = NULL; |
| 81 | |
| 82 | static void drop_capabilities_bounding_set_if_needed() { |
| 83 | #ifdef ALLOW_ADBD_ROOT |
| 84 | char value[PROPERTY_VALUE_MAX]; |
| 85 | property_get("ro.debuggable", value, ""); |
| 86 | if (strcmp(value, "1") == 0) { |
| 87 | return; |
| 88 | } |
| 89 | #endif |
| 90 | int i; |
| 91 | for (i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >= 0; i++) { |
| 92 | if (i == CAP_SETUID || i == CAP_SETGID) { |
| 93 | // CAP_SETUID CAP_SETGID needed by /system/bin/run-as |
| 94 | continue; |
| 95 | } |
| 96 | int err = prctl(PR_CAPBSET_DROP, i, 0, 0, 0); |
| 97 | |
| 98 | // Some kernels don't have file capabilities compiled in, and |
| 99 | // prctl(PR_CAPBSET_DROP) returns EINVAL. Don't automatically |
| 100 | // die when we see such misconfigured kernels. |
| 101 | if ((err < 0) && (errno != EINVAL)) { |
| 102 | exit(1); |
| 103 | } |
| 104 | } |
| 105 | } |
| 106 | |
| 107 | static bool should_drop_privileges() { |
| 108 | #if defined(ALLOW_ADBD_ROOT) |
| 109 | char value[PROPERTY_VALUE_MAX]; |
| 110 | |
| 111 | // The emulator is never secure, so don't drop privileges there. |
| 112 | // TODO: this seems like a bug --- shouldn't the emulator behave like a device? |
| 113 | property_get("ro.kernel.qemu", value, ""); |
| 114 | if (strcmp(value, "1") == 0) { |
| 115 | return false; |
| 116 | } |
| 117 | |
| 118 | property_get("ro.secure", value, "1"); |
| 119 | bool ro_secure = (strcmp(value, "1") == 0); |
| 120 | |
| 121 | // Drop privileges if ro.secure is set... |
| 122 | bool drop = ro_secure; |
| 123 | |
| 124 | property_get("ro.debuggable", value, ""); |
| 125 | bool ro_debuggable = (strcmp(value, "1") == 0); |
| 126 | property_get("service.adb.root", value, ""); |
| 127 | bool adb_root = (strcmp(value, "1") == 0); |
| 128 | bool adb_unroot = (strcmp(value, "0") == 0); |
| 129 | |
| 130 | // ...except "adb root" lets you keep privileges in a debuggable build. |
| 131 | if (ro_debuggable && adb_root) { |
| 132 | drop = false; |
| 133 | } |
| 134 | |
| 135 | // ...and "adb unroot" lets you explicitly drop privileges. |
| 136 | if (adb_unroot) { |
| 137 | drop = true; |
| 138 | } |
| 139 | |
| 140 | return drop; |
| 141 | #else |
| 142 | return true; // "adb root" not allowed, always drop privileges. |
| 143 | #endif /* ALLOW_ADBD_ROOT */ |
| 144 | } |
| 145 | |
| 146 | void start_device_log(void) |
| 147 | { |
| 148 | int fd; |
| 149 | char path[PATH_MAX]; |
| 150 | struct tm now; |
| 151 | time_t t; |
| 152 | char value[PROPERTY_VALUE_MAX]; |
| 153 | |
| 154 | // read the trace mask from persistent property persist.adb.trace_mask |
| 155 | // give up if the property is not set or cannot be parsed |
| 156 | property_get("persist.adb.trace_mask", value, ""); |
| 157 | if (sscanf(value, "%x", &adb_trace_mask) != 1) |
| 158 | return; |
| 159 | |
| 160 | adb_mkdir("/data/adb", 0775); |
| 161 | tzset(); |
| 162 | time(&t); |
| 163 | localtime_r(&t, &now); |
| 164 | strftime(path, sizeof(path), |
| 165 | "/data/adb/adb-%Y-%m-%d-%H-%M-%S.txt", |
| 166 | &now); |
| 167 | fd = unix_open(path, O_WRONLY | O_CREAT | O_TRUNC, 0640); |
| 168 | if (fd < 0) |
| 169 | return; |
| 170 | |
| 171 | // redirect stdout and stderr to the log file |
| 172 | dup2(fd, 1); |
| 173 | dup2(fd, 2); |
| 174 | fprintf(stderr,"--- adb starting (pid %d) ---\n", getpid()); |
| 175 | adb_close(fd); |
| 176 | |
| 177 | fd = unix_open("/dev/null", O_RDONLY); |
| 178 | dup2(fd, 0); |
| 179 | adb_close(fd); |
| 180 | } |
| 181 | #endif /* ADB_HOST */ |
| 182 | |
| 183 | /* Constructs a local name of form tcp:port. |
| 184 | * target_str points to the target string, it's content will be overwritten. |
| 185 | * target_size is the capacity of the target string. |
| 186 | * server_port is the port number to use for the local name. |
| 187 | */ |
| 188 | void build_local_name(char* target_str, size_t target_size, int server_port) |
| 189 | { |
| 190 | snprintf(target_str, target_size, "tcp:%d", server_port); |
| 191 | } |
| 192 | |
| 193 | void start_logging(void) |
| 194 | { |
| 195 | #if defined(_WIN32) |
| 196 | char temp[ MAX_PATH ]; |
| 197 | FILE* fnul; |
| 198 | FILE* flog; |
| 199 | |
| 200 | GetTempPath( sizeof(temp) - 8, temp ); |
| 201 | strcat( temp, "adb.log" ); |
| 202 | |
| 203 | /* Win32 specific redirections */ |
| 204 | fnul = fopen( "NUL", "rt" ); |
| 205 | if (fnul != NULL) |
| 206 | stdin[0] = fnul[0]; |
| 207 | |
| 208 | flog = fopen( temp, "at" ); |
| 209 | if (flog == NULL) |
| 210 | flog = fnul; |
| 211 | |
| 212 | setvbuf( flog, NULL, _IONBF, 0 ); |
| 213 | |
| 214 | stdout[0] = flog[0]; |
| 215 | stderr[0] = flog[0]; |
| 216 | fprintf(stderr,"--- adb starting (pid %d) ---\n", getpid()); |
| 217 | #else |
| 218 | int fd; |
| 219 | |
| 220 | fd = unix_open("/dev/null", O_RDONLY); |
| 221 | dup2(fd, 0); |
| 222 | adb_close(fd); |
| 223 | |
| 224 | fd = unix_open("/tmp/adb.log", O_WRONLY | O_CREAT | O_APPEND, 0640); |
| 225 | if(fd < 0) { |
| 226 | fd = unix_open("/dev/null", O_WRONLY); |
| 227 | } |
| 228 | dup2(fd, 1); |
| 229 | dup2(fd, 2); |
| 230 | adb_close(fd); |
| 231 | fprintf(stderr,"--- adb starting (pid %d) ---\n", getpid()); |
| 232 | #endif |
| 233 | } |
| 234 | |
| 235 | int adb_main(int is_daemon, int server_port) |
| 236 | { |
| 237 | #if !ADB_HOST |
| 238 | int port; |
| 239 | char value[PROPERTY_VALUE_MAX]; |
| 240 | |
| 241 | umask(000); |
| 242 | #endif |
| 243 | |
| 244 | atexit(adb_cleanup); |
| 245 | #if defined(_WIN32) |
| 246 | SetConsoleCtrlHandler( ctrlc_handler, TRUE ); |
| 247 | #else |
| 248 | // No SIGCHLD. Let the service subproc handle its children. |
| 249 | signal(SIGPIPE, SIG_IGN); |
| 250 | #endif |
| 251 | |
| 252 | init_transport_registration(); |
| 253 | |
| 254 | #if ADB_HOST |
| 255 | HOST = 1; |
| 256 | |
| 257 | #ifdef WORKAROUND_BUG6558362 |
| 258 | if(is_daemon) adb_set_affinity(); |
| 259 | #endif |
| 260 | usb_init(); |
| 261 | local_init(DEFAULT_ADB_LOCAL_TRANSPORT_PORT); |
| 262 | adb_auth_init(); |
| 263 | |
| 264 | char local_name[30]; |
| 265 | build_local_name(local_name, sizeof(local_name), server_port); |
| 266 | if(install_listener(local_name, "*smartsocket*", NULL, 0)) { |
| 267 | exit(1); |
| 268 | } |
| 269 | #else |
| 270 | property_get("ro.adb.secure", value, "0"); |
| 271 | auth_enabled = !strcmp(value, "1"); |
| 272 | if (auth_enabled) |
| 273 | adb_auth_init(); |
| 274 | |
| 275 | // Our external storage path may be different than apps, since |
| 276 | // we aren't able to bind mount after dropping root. |
| 277 | const char* adb_external_storage = getenv("ADB_EXTERNAL_STORAGE"); |
| 278 | if (NULL != adb_external_storage) { |
| 279 | setenv("EXTERNAL_STORAGE", adb_external_storage, 1); |
| 280 | } else { |
| 281 | D("Warning: ADB_EXTERNAL_STORAGE is not set. Leaving EXTERNAL_STORAGE" |
| 282 | " unchanged.\n"); |
| 283 | } |
| 284 | |
| 285 | /* add extra groups: |
| 286 | ** AID_ADB to access the USB driver |
| 287 | ** AID_LOG to read system logs (adb logcat) |
| 288 | ** AID_INPUT to diagnose input issues (getevent) |
| 289 | ** AID_INET to diagnose network issues (ping) |
| 290 | ** AID_NET_BT and AID_NET_BT_ADMIN to diagnose bluetooth (hcidump) |
| 291 | ** AID_SDCARD_R to allow reading from the SD card |
| 292 | ** AID_SDCARD_RW to allow writing to the SD card |
| 293 | ** AID_NET_BW_STATS to read out qtaguid statistics |
| 294 | */ |
| 295 | gid_t groups[] = { AID_ADB, AID_LOG, AID_INPUT, AID_INET, AID_NET_BT, |
| 296 | AID_NET_BT_ADMIN, AID_SDCARD_R, AID_SDCARD_RW, |
| 297 | AID_NET_BW_STATS }; |
| 298 | if (setgroups(sizeof(groups)/sizeof(groups[0]), groups) != 0) { |
| 299 | exit(1); |
| 300 | } |
| 301 | |
| 302 | /* don't listen on a port (default 5037) if running in secure mode */ |
| 303 | /* don't run as root if we are running in secure mode */ |
| 304 | if (should_drop_privileges()) { |
| 305 | drop_capabilities_bounding_set_if_needed(); |
| 306 | |
| 307 | /* then switch user and group to "shell" */ |
| 308 | if (setgid(AID_SHELL) != 0) { |
| 309 | exit(1); |
| 310 | } |
| 311 | if (setuid(AID_SHELL) != 0) { |
| 312 | exit(1); |
| 313 | } |
| 314 | |
| 315 | D("Local port disabled\n"); |
| 316 | } else { |
| 317 | char local_name[30]; |
| 318 | if ((root_seclabel != NULL) && (is_selinux_enabled() > 0)) { |
| 319 | // b/12587913: fix setcon to allow const pointers |
| 320 | if (setcon((char *)root_seclabel) < 0) { |
| 321 | exit(1); |
| 322 | } |
| 323 | } |
| 324 | build_local_name(local_name, sizeof(local_name), server_port); |
| 325 | if(install_listener(local_name, "*smartsocket*", NULL, 0)) { |
| 326 | exit(1); |
| 327 | } |
| 328 | } |
| 329 | |
| 330 | int usb = 0; |
| 331 | if (access(USB_ADB_PATH, F_OK) == 0 || access(USB_FFS_ADB_EP0, F_OK) == 0) { |
| 332 | // listen on USB |
| 333 | usb_init(); |
| 334 | usb = 1; |
| 335 | } |
| 336 | |
| 337 | // If one of these properties is set, also listen on that port |
| 338 | // If one of the properties isn't set and we couldn't listen on usb, |
| 339 | // listen on the default port. |
| 340 | property_get("service.adb.tcp.port", value, ""); |
| 341 | if (!value[0]) { |
| 342 | property_get("persist.adb.tcp.port", value, ""); |
| 343 | } |
| 344 | if (sscanf(value, "%d", &port) == 1 && port > 0) { |
| 345 | printf("using port=%d\n", port); |
| 346 | // listen on TCP port specified by service.adb.tcp.port property |
| 347 | local_init(port); |
| 348 | } else if (!usb) { |
| 349 | // listen on default port |
| 350 | local_init(DEFAULT_ADB_LOCAL_TRANSPORT_PORT); |
| 351 | } |
| 352 | |
| 353 | D("adb_main(): pre init_jdwp()\n"); |
| 354 | init_jdwp(); |
| 355 | D("adb_main(): post init_jdwp()\n"); |
| 356 | #endif |
| 357 | |
| 358 | if (is_daemon) |
| 359 | { |
| 360 | // inform our parent that we are up and running. |
| 361 | #if defined(_WIN32) |
| 362 | DWORD count; |
| 363 | WriteFile( GetStdHandle( STD_OUTPUT_HANDLE ), "OK\n", 3, &count, NULL ); |
| 364 | #else |
| 365 | fprintf(stderr, "OK\n"); |
| 366 | #endif |
| 367 | start_logging(); |
| 368 | } |
| 369 | D("Event loop starting\n"); |
| 370 | |
| 371 | fdevent_loop(); |
| 372 | |
| 373 | usb_cleanup(); |
| 374 | |
| 375 | return 0; |
| 376 | } |
| 377 | |
| 378 | int main(int argc, char **argv) |
| 379 | { |
| 380 | #if ADB_HOST |
| 381 | adb_sysdeps_init(); |
| 382 | adb_trace_init(); |
| 383 | D("Handling commandline()\n"); |
| 384 | return adb_commandline(argc - 1, argv + 1); |
| 385 | #else |
| 386 | /* If adbd runs inside the emulator this will enable adb tracing via |
| 387 | * adb-debug qemud service in the emulator. */ |
| 388 | adb_qemu_trace_init(); |
| 389 | while(1) { |
| 390 | int c; |
| 391 | int option_index = 0; |
| 392 | static struct option opts[] = { |
| 393 | {"root_seclabel", required_argument, 0, 's' }, |
| 394 | {"device_banner", required_argument, 0, 'b' } |
| 395 | }; |
| 396 | c = getopt_long(argc, argv, "", opts, &option_index); |
| 397 | if (c == -1) |
| 398 | break; |
| 399 | switch (c) { |
| 400 | case 's': |
| 401 | root_seclabel = optarg; |
| 402 | break; |
| 403 | case 'b': |
| 404 | adb_device_banner = optarg; |
| 405 | break; |
| 406 | default: |
| 407 | break; |
| 408 | } |
| 409 | } |
| 410 | |
| 411 | start_device_log(); |
| 412 | D("Handling main()\n"); |
| 413 | return adb_main(0, DEFAULT_ADB_PORT); |
| 414 | #endif |
| 415 | } |