1 /* 2 * Copyright (C) 2007 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #define TRACE_TAG ADB 18 19 #include "sysdeps.h" 20 #include "adb.h" 21 22 #include <ctype.h> 23 #include <errno.h> 24 #include <stdarg.h> 25 #include <stddef.h> 26 #include <stdint.h> 27 #include <stdio.h> 28 #include <stdlib.h> 29 #include <string.h> 30 #include <sys/time.h> 31 #include <time.h> 32 33 #include <chrono> 34 #include <condition_variable> 35 #include <mutex> 36 #include <string> 37 #include <thread> 38 #include <vector> 39 40 #include <android-base/errors.h> 41 #include <android-base/file.h> 42 #include <android-base/logging.h> 43 #include <android-base/macros.h> 44 #include <android-base/parsenetaddress.h> 45 #include <android-base/stringprintf.h> 46 #include <android-base/strings.h> 47 48 #include "adb_auth.h" 49 #include "adb_io.h" 50 #include "adb_listeners.h" 51 #include "adb_unique_fd.h" 52 #include "adb_utils.h" 53 #include "sysdeps/chrono.h" 54 #include "transport.h" 55 56 #if !ADB_HOST 57 #include <sys/capability.h> 58 #include <sys/mount.h> 59 #include <android-base/properties.h> 60 using namespace std::chrono_literals; 61 #endif 62 63 std::string adb_version() { 64 // Don't change the format of this --- it's parsed by ddmlib. 65 return android::base::StringPrintf( 66 "Android Debug Bridge version %d.%d.%d\n" 67 "Version %s\n" 68 "Installed as %s\n", 69 ADB_VERSION_MAJOR, ADB_VERSION_MINOR, ADB_SERVER_VERSION, ADB_VERSION, 70 android::base::GetExecutablePath().c_str()); 71 } 72 73 void fatal(const char *fmt, ...) { 74 va_list ap; 75 va_start(ap, fmt); 76 char buf[1024]; 77 vsnprintf(buf, sizeof(buf), fmt, ap); 78 79 #if ADB_HOST 80 fprintf(stderr, "error: %s\n", buf); 81 #else 82 LOG(ERROR) << "error: " << buf; 83 #endif 84 85 va_end(ap); 86 abort(); 87 } 88 89 void fatal_errno(const char* fmt, ...) { 90 int err = errno; 91 va_list ap; 92 va_start(ap, fmt); 93 char buf[1024]; 94 vsnprintf(buf, sizeof(buf), fmt, ap); 95 96 #if ADB_HOST 97 fprintf(stderr, "error: %s: %s\n", buf, strerror(err)); 98 #else 99 LOG(ERROR) << "error: " << buf << ": " << strerror(err); 100 #endif 101 102 va_end(ap); 103 abort(); 104 } 105 106 uint32_t calculate_apacket_checksum(const apacket* p) { 107 uint32_t sum = 0; 108 for (size_t i = 0; i < p->msg.data_length; ++i) { 109 sum += static_cast<uint8_t>(p->payload[i]); 110 } 111 return sum; 112 } 113 114 apacket* get_apacket(void) 115 { 116 apacket* p = new apacket(); 117 if (p == nullptr) { 118 fatal("failed to allocate an apacket"); 119 } 120 121 memset(&p->msg, 0, sizeof(p->msg)); 122 return p; 123 } 124 125 void put_apacket(apacket *p) 126 { 127 delete p; 128 } 129 130 void handle_online(atransport *t) 131 { 132 D("adb: online"); 133 t->online = 1; 134 } 135 136 void handle_offline(atransport *t) 137 { 138 D("adb: offline"); 139 //Close the associated usb 140 t->online = 0; 141 142 // This is necessary to avoid a race condition that occurred when a transport closes 143 // while a client socket is still active. 144 close_all_sockets(t); 145 146 t->RunDisconnects(); 147 } 148 149 #if DEBUG_PACKETS 150 #define DUMPMAX 32 151 void print_packet(const char *label, apacket *p) 152 { 153 const char* tag; 154 unsigned count; 155 156 switch(p->msg.command){ 157 case A_SYNC: tag = "SYNC"; break; 158 case A_CNXN: tag = "CNXN" ; break; 159 case A_OPEN: tag = "OPEN"; break; 160 case A_OKAY: tag = "OKAY"; break; 161 case A_CLSE: tag = "CLSE"; break; 162 case A_WRTE: tag = "WRTE"; break; 163 case A_AUTH: tag = "AUTH"; break; 164 default: tag = "????"; break; 165 } 166 167 fprintf(stderr, "%s: %s %08x %08x %04x \"", 168 label, tag, p->msg.arg0, p->msg.arg1, p->msg.data_length); 169 count = p->msg.data_length; 170 const char* x = p->payload.data(); 171 if (count > DUMPMAX) { 172 count = DUMPMAX; 173 tag = "\n"; 174 } else { 175 tag = "\"\n"; 176 } 177 while (count-- > 0) { 178 if ((*x >= ' ') && (*x < 127)) { 179 fputc(*x, stderr); 180 } else { 181 fputc('.', stderr); 182 } 183 x++; 184 } 185 fputs(tag, stderr); 186 } 187 #endif 188 189 static void send_ready(unsigned local, unsigned remote, atransport *t) 190 { 191 D("Calling send_ready"); 192 apacket *p = get_apacket(); 193 p->msg.command = A_OKAY; 194 p->msg.arg0 = local; 195 p->msg.arg1 = remote; 196 send_packet(p, t); 197 } 198 199 static void send_close(unsigned local, unsigned remote, atransport *t) 200 { 201 D("Calling send_close"); 202 apacket *p = get_apacket(); 203 p->msg.command = A_CLSE; 204 p->msg.arg0 = local; 205 p->msg.arg1 = remote; 206 send_packet(p, t); 207 } 208 209 std::string get_connection_string() { 210 std::vector<std::string> connection_properties; 211 212 #if !ADB_HOST 213 static const char* cnxn_props[] = { 214 "ro.product.name", 215 "ro.product.model", 216 "ro.product.device", 217 }; 218 219 for (const auto& prop : cnxn_props) { 220 std::string value = std::string(prop) + "=" + android::base::GetProperty(prop, ""); 221 connection_properties.push_back(value); 222 } 223 #endif 224 225 connection_properties.push_back(android::base::StringPrintf( 226 "features=%s", FeatureSetToString(supported_features()).c_str())); 227 228 return android::base::StringPrintf( 229 "%s::%s", adb_device_banner, 230 android::base::Join(connection_properties, ';').c_str()); 231 } 232 233 void send_connect(atransport* t) { 234 D("Calling send_connect"); 235 apacket* cp = get_apacket(); 236 cp->msg.command = A_CNXN; 237 // Send the max supported version, but because the transport is 238 // initialized to A_VERSION_MIN, this will be compatible with every 239 // device. 240 cp->msg.arg0 = A_VERSION; 241 cp->msg.arg1 = t->get_max_payload(); 242 243 std::string connection_str = get_connection_string(); 244 // Connect and auth packets are limited to MAX_PAYLOAD_V1 because we don't 245 // yet know how much data the other size is willing to accept. 246 if (connection_str.length() > MAX_PAYLOAD_V1) { 247 LOG(FATAL) << "Connection banner is too long (length = " 248 << connection_str.length() << ")"; 249 } 250 251 cp->payload = std::move(connection_str); 252 cp->msg.data_length = cp->payload.size(); 253 254 send_packet(cp, t); 255 } 256 257 // qual_overwrite is used to overwrite a qualifier string. dst is a 258 // pointer to a char pointer. It is assumed that if *dst is non-NULL, it 259 // was malloc'ed and needs to freed. *dst will be set to a dup of src. 260 // TODO: switch to std::string for these atransport fields instead. 261 static void qual_overwrite(char** dst, const std::string& src) { 262 free(*dst); 263 *dst = strdup(src.c_str()); 264 } 265 266 void parse_banner(const std::string& banner, atransport* t) { 267 D("parse_banner: %s", banner.c_str()); 268 269 // The format is something like: 270 // "device::ro.product.name=x;ro.product.model=y;ro.product.device=z;". 271 std::vector<std::string> pieces = android::base::Split(banner, ":"); 272 273 // Reset the features list or else if the server sends no features we may 274 // keep the existing feature set (http://b/24405971). 275 t->SetFeatures(""); 276 277 if (pieces.size() > 2) { 278 const std::string& props = pieces[2]; 279 for (const auto& prop : android::base::Split(props, ";")) { 280 // The list of properties was traditionally ;-terminated rather than ;-separated. 281 if (prop.empty()) continue; 282 283 std::vector<std::string> key_value = android::base::Split(prop, "="); 284 if (key_value.size() != 2) continue; 285 286 const std::string& key = key_value[0]; 287 const std::string& value = key_value[1]; 288 if (key == "ro.product.name") { 289 qual_overwrite(&t->product, value); 290 } else if (key == "ro.product.model") { 291 qual_overwrite(&t->model, value); 292 } else if (key == "ro.product.device") { 293 qual_overwrite(&t->device, value); 294 } else if (key == "features") { 295 t->SetFeatures(value); 296 } 297 } 298 } 299 300 const std::string& type = pieces[0]; 301 if (type == "bootloader") { 302 D("setting connection_state to kCsBootloader"); 303 t->SetConnectionState(kCsBootloader); 304 } else if (type == "device") { 305 D("setting connection_state to kCsDevice"); 306 t->SetConnectionState(kCsDevice); 307 } else if (type == "recovery") { 308 D("setting connection_state to kCsRecovery"); 309 t->SetConnectionState(kCsRecovery); 310 } else if (type == "sideload") { 311 D("setting connection_state to kCsSideload"); 312 t->SetConnectionState(kCsSideload); 313 } else { 314 D("setting connection_state to kCsHost"); 315 t->SetConnectionState(kCsHost); 316 } 317 } 318 319 static void handle_new_connection(atransport* t, apacket* p) { 320 if (t->GetConnectionState() != kCsOffline) { 321 t->SetConnectionState(kCsOffline); 322 handle_offline(t); 323 } 324 325 t->update_version(p->msg.arg0, p->msg.arg1); 326 parse_banner(p->payload, t); 327 328 #if ADB_HOST 329 handle_online(t); 330 #else 331 if (!auth_required) { 332 handle_online(t); 333 send_connect(t); 334 } else { 335 send_auth_request(t); 336 } 337 #endif 338 339 update_transports(); 340 } 341 342 void handle_packet(apacket *p, atransport *t) 343 { 344 D("handle_packet() %c%c%c%c", ((char*) (&(p->msg.command)))[0], 345 ((char*) (&(p->msg.command)))[1], 346 ((char*) (&(p->msg.command)))[2], 347 ((char*) (&(p->msg.command)))[3]); 348 print_packet("recv", p); 349 CHECK_EQ(p->payload.size(), p->msg.data_length); 350 351 switch(p->msg.command){ 352 case A_SYNC: 353 if (p->msg.arg0){ 354 send_packet(p, t); 355 #if ADB_HOST 356 send_connect(t); 357 #endif 358 } else { 359 t->SetConnectionState(kCsOffline); 360 handle_offline(t); 361 send_packet(p, t); 362 } 363 return; 364 365 case A_CNXN: // CONNECT(version, maxdata, "system-id-string") 366 handle_new_connection(t, p); 367 break; 368 369 case A_AUTH: 370 switch (p->msg.arg0) { 371 #if ADB_HOST 372 case ADB_AUTH_TOKEN: 373 if (t->GetConnectionState() == kCsOffline) { 374 t->SetConnectionState(kCsUnauthorized); 375 } 376 send_auth_response(p->payload.data(), p->msg.data_length, t); 377 break; 378 #else 379 case ADB_AUTH_SIGNATURE: 380 if (adbd_auth_verify(t->token, sizeof(t->token), p->payload)) { 381 adbd_auth_verified(t); 382 t->failed_auth_attempts = 0; 383 } else { 384 if (t->failed_auth_attempts++ > 256) std::this_thread::sleep_for(1s); 385 send_auth_request(t); 386 } 387 break; 388 389 case ADB_AUTH_RSAPUBLICKEY: 390 adbd_auth_confirm_key(p->payload.data(), p->msg.data_length, t); 391 break; 392 #endif 393 default: 394 t->SetConnectionState(kCsOffline); 395 handle_offline(t); 396 break; 397 } 398 break; 399 400 case A_OPEN: /* OPEN(local-id, 0, "destination") */ 401 if (t->online && p->msg.arg0 != 0 && p->msg.arg1 == 0) { 402 asocket* s = create_local_service_socket(p->payload.c_str(), t); 403 if (s == nullptr) { 404 send_close(0, p->msg.arg0, t); 405 } else { 406 s->peer = create_remote_socket(p->msg.arg0, t); 407 s->peer->peer = s; 408 send_ready(s->id, s->peer->id, t); 409 s->ready(s); 410 } 411 } 412 break; 413 414 case A_OKAY: /* READY(local-id, remote-id, "") */ 415 if (t->online && p->msg.arg0 != 0 && p->msg.arg1 != 0) { 416 asocket* s = find_local_socket(p->msg.arg1, 0); 417 if (s) { 418 if(s->peer == 0) { 419 /* On first READY message, create the connection. */ 420 s->peer = create_remote_socket(p->msg.arg0, t); 421 s->peer->peer = s; 422 s->ready(s); 423 } else if (s->peer->id == p->msg.arg0) { 424 /* Other READY messages must use the same local-id */ 425 s->ready(s); 426 } else { 427 D("Invalid A_OKAY(%d,%d), expected A_OKAY(%d,%d) on transport %s", 428 p->msg.arg0, p->msg.arg1, s->peer->id, p->msg.arg1, t->serial); 429 } 430 } else { 431 // When receiving A_OKAY from device for A_OPEN request, the host server may 432 // have closed the local socket because of client disconnection. Then we need 433 // to send A_CLSE back to device to close the service on device. 434 send_close(p->msg.arg1, p->msg.arg0, t); 435 } 436 } 437 break; 438 439 case A_CLSE: /* CLOSE(local-id, remote-id, "") or CLOSE(0, remote-id, "") */ 440 if (t->online && p->msg.arg1 != 0) { 441 asocket* s = find_local_socket(p->msg.arg1, p->msg.arg0); 442 if (s) { 443 /* According to protocol.txt, p->msg.arg0 might be 0 to indicate 444 * a failed OPEN only. However, due to a bug in previous ADB 445 * versions, CLOSE(0, remote-id, "") was also used for normal 446 * CLOSE() operations. 447 * 448 * This is bad because it means a compromised adbd could 449 * send packets to close connections between the host and 450 * other devices. To avoid this, only allow this if the local 451 * socket has a peer on the same transport. 452 */ 453 if (p->msg.arg0 == 0 && s->peer && s->peer->transport != t) { 454 D("Invalid A_CLSE(0, %u) from transport %s, expected transport %s", 455 p->msg.arg1, t->serial, s->peer->transport->serial); 456 } else { 457 s->close(s); 458 } 459 } 460 } 461 break; 462 463 case A_WRTE: /* WRITE(local-id, remote-id, <data>) */ 464 if (t->online && p->msg.arg0 != 0 && p->msg.arg1 != 0) { 465 asocket* s = find_local_socket(p->msg.arg1, p->msg.arg0); 466 if (s) { 467 unsigned rid = p->msg.arg0; 468 if (s->enqueue(s, std::move(p->payload)) == 0) { 469 D("Enqueue the socket"); 470 send_ready(s->id, rid, t); 471 } 472 } 473 } 474 break; 475 476 default: 477 printf("handle_packet: what is %08x?!\n", p->msg.command); 478 } 479 480 put_apacket(p); 481 } 482 483 #if ADB_HOST 484 485 #ifdef _WIN32 486 487 // Try to make a handle non-inheritable and if there is an error, don't output 488 // any error info, but leave GetLastError() for the caller to read. This is 489 // convenient if the caller is expecting that this may fail and they'd like to 490 // ignore such a failure. 491 static bool _try_make_handle_noninheritable(HANDLE h) { 492 if (h != INVALID_HANDLE_VALUE && h != NULL) { 493 return SetHandleInformation(h, HANDLE_FLAG_INHERIT, 0) ? true : false; 494 } 495 496 return true; 497 } 498 499 // Try to make a handle non-inheritable with the expectation that this should 500 // succeed, so if this fails, output error info. 501 static bool _make_handle_noninheritable(HANDLE h) { 502 if (!_try_make_handle_noninheritable(h)) { 503 // Show the handle value to give us a clue in case we have problems 504 // with pseudo-handle values. 505 fprintf(stderr, "adb: cannot make handle 0x%p non-inheritable: %s\n", h, 506 android::base::SystemErrorCodeToString(GetLastError()).c_str()); 507 return false; 508 } 509 510 return true; 511 } 512 513 // Create anonymous pipe, preventing inheritance of the read pipe and setting 514 // security of the write pipe to sa. 515 static bool _create_anonymous_pipe(unique_handle* pipe_read_out, 516 unique_handle* pipe_write_out, 517 SECURITY_ATTRIBUTES* sa) { 518 HANDLE pipe_read_raw = NULL; 519 HANDLE pipe_write_raw = NULL; 520 if (!CreatePipe(&pipe_read_raw, &pipe_write_raw, sa, 0)) { 521 fprintf(stderr, "adb: CreatePipe failed: %s\n", 522 android::base::SystemErrorCodeToString(GetLastError()).c_str()); 523 return false; 524 } 525 526 unique_handle pipe_read(pipe_read_raw); 527 pipe_read_raw = NULL; 528 unique_handle pipe_write(pipe_write_raw); 529 pipe_write_raw = NULL; 530 531 if (!_make_handle_noninheritable(pipe_read.get())) { 532 return false; 533 } 534 535 *pipe_read_out = std::move(pipe_read); 536 *pipe_write_out = std::move(pipe_write); 537 538 return true; 539 } 540 541 // Read from a pipe (that we take ownership of) and write the result to stdout/stderr. Return on 542 // error or when the pipe is closed. Internally makes inheritable handles, so this should not be 543 // called if subprocesses may be started concurrently. 544 static unsigned _redirect_pipe_thread(HANDLE h, DWORD nStdHandle) { 545 // Take ownership of the HANDLE and close when we're done. 546 unique_handle read_pipe(h); 547 const char* output_name = nStdHandle == STD_OUTPUT_HANDLE ? "stdout" : "stderr"; 548 const int original_fd = fileno(nStdHandle == STD_OUTPUT_HANDLE ? stdout : stderr); 549 std::unique_ptr<FILE, decltype(&fclose)> stream(nullptr, fclose); 550 551 if (original_fd == -1) { 552 fprintf(stderr, "adb: failed to get file descriptor for %s: %s\n", output_name, 553 strerror(errno)); 554 return EXIT_FAILURE; 555 } 556 557 // If fileno() is -2, stdout/stderr is not associated with an output stream, so we should read, 558 // but don't write. Otherwise, make a FILE* identical to stdout/stderr except that it is in 559 // binary mode with no CR/LR translation since we're reading raw. 560 if (original_fd >= 0) { 561 // This internally makes a duplicate file handle that is inheritable, so callers should not 562 // call this function if subprocesses may be started concurrently. 563 const int fd = dup(original_fd); 564 if (fd == -1) { 565 fprintf(stderr, "adb: failed to duplicate file descriptor for %s: %s\n", output_name, 566 strerror(errno)); 567 return EXIT_FAILURE; 568 } 569 570 // Note that although we call fdopen() below with a binary flag, it may not adhere to that 571 // flag, so we have to set the mode manually. 572 if (_setmode(fd, _O_BINARY) == -1) { 573 fprintf(stderr, "adb: failed to set binary mode for duplicate of %s: %s\n", output_name, 574 strerror(errno)); 575 unix_close(fd); 576 return EXIT_FAILURE; 577 } 578 579 stream.reset(fdopen(fd, "wb")); 580 if (stream.get() == nullptr) { 581 fprintf(stderr, "adb: failed to open duplicate stream for %s: %s\n", output_name, 582 strerror(errno)); 583 unix_close(fd); 584 return EXIT_FAILURE; 585 } 586 587 // Unbuffer the stream because it will be buffered by default and we want subprocess output 588 // to be shown immediately. 589 if (setvbuf(stream.get(), NULL, _IONBF, 0) == -1) { 590 fprintf(stderr, "adb: failed to unbuffer %s: %s\n", output_name, strerror(errno)); 591 return EXIT_FAILURE; 592 } 593 594 // fd will be closed when stream is closed. 595 } 596 597 while (true) { 598 char buf[64 * 1024]; 599 DWORD bytes_read = 0; 600 if (!ReadFile(read_pipe.get(), buf, sizeof(buf), &bytes_read, NULL)) { 601 const DWORD err = GetLastError(); 602 // ERROR_BROKEN_PIPE is expected when the subprocess closes 603 // the other end of the pipe. 604 if (err == ERROR_BROKEN_PIPE) { 605 return EXIT_SUCCESS; 606 } else { 607 fprintf(stderr, "adb: failed to read from %s: %s\n", output_name, 608 android::base::SystemErrorCodeToString(err).c_str()); 609 return EXIT_FAILURE; 610 } 611 } 612 613 // Don't try to write if our stdout/stderr was not setup by the parent process. 614 if (stream) { 615 // fwrite() actually calls adb_fwrite() which can write UTF-8 to the console. 616 const size_t bytes_written = fwrite(buf, 1, bytes_read, stream.get()); 617 if (bytes_written != bytes_read) { 618 fprintf(stderr, "adb: error: only wrote %zu of %lu bytes to %s\n", bytes_written, 619 bytes_read, output_name); 620 return EXIT_FAILURE; 621 } 622 } 623 } 624 } 625 626 static unsigned __stdcall _redirect_stdout_thread(HANDLE h) { 627 adb_thread_setname("stdout redirect"); 628 return _redirect_pipe_thread(h, STD_OUTPUT_HANDLE); 629 } 630 631 static unsigned __stdcall _redirect_stderr_thread(HANDLE h) { 632 adb_thread_setname("stderr redirect"); 633 return _redirect_pipe_thread(h, STD_ERROR_HANDLE); 634 } 635 636 #endif 637 638 static void ReportServerStartupFailure(pid_t pid) { 639 fprintf(stderr, "ADB server didn't ACK\n"); 640 fprintf(stderr, "Full server startup log: %s\n", GetLogFilePath().c_str()); 641 fprintf(stderr, "Server had pid: %d\n", pid); 642 643 unique_fd fd(adb_open(GetLogFilePath().c_str(), O_RDONLY)); 644 if (fd == -1) return; 645 646 // Let's not show more than 128KiB of log... 647 adb_lseek(fd, -128 * 1024, SEEK_END); 648 std::string content; 649 if (!android::base::ReadFdToString(fd, &content)) return; 650 651 std::string header = android::base::StringPrintf("--- adb starting (pid %d) ---", pid); 652 std::vector<std::string> lines = android::base::Split(content, "\n"); 653 int i = lines.size() - 1; 654 while (i >= 0 && lines[i] != header) --i; 655 while (static_cast<size_t>(i) < lines.size()) fprintf(stderr, "%s\n", lines[i++].c_str()); 656 } 657 658 int launch_server(const std::string& socket_spec) { 659 #if defined(_WIN32) 660 /* we need to start the server in the background */ 661 /* we create a PIPE that will be used to wait for the server's "OK" */ 662 /* message since the pipe handles must be inheritable, we use a */ 663 /* security attribute */ 664 SECURITY_ATTRIBUTES sa; 665 sa.nLength = sizeof(sa); 666 sa.lpSecurityDescriptor = NULL; 667 sa.bInheritHandle = TRUE; 668 669 // Redirect stdin to Windows /dev/null. If we instead pass an original 670 // stdin/stdout/stderr handle and it is a console handle, when the adb 671 // server starts up, the C Runtime will see a console handle for a process 672 // that isn't connected to a console and it will configure 673 // stdin/stdout/stderr to be closed. At that point, freopen() could be used 674 // to reopen stderr/out, but it would take more massaging to fixup the file 675 // descriptor number that freopen() uses. It's simplest to avoid all of this 676 // complexity by just redirecting stdin to `nul' and then the C Runtime acts 677 // as expected. 678 unique_handle nul_read(CreateFileW(L"nul", GENERIC_READ, 679 FILE_SHARE_READ | FILE_SHARE_WRITE, &sa, OPEN_EXISTING, 680 FILE_ATTRIBUTE_NORMAL, NULL)); 681 if (nul_read.get() == INVALID_HANDLE_VALUE) { 682 fprintf(stderr, "adb: CreateFileW 'nul' failed: %s\n", 683 android::base::SystemErrorCodeToString(GetLastError()).c_str()); 684 return -1; 685 } 686 687 // Create pipes with non-inheritable read handle, inheritable write handle. We need to connect 688 // the subprocess to pipes instead of just letting the subprocess inherit our existing 689 // stdout/stderr handles because a DETACHED_PROCESS cannot write to a console that it is not 690 // attached to. 691 unique_handle ack_read, ack_write; 692 if (!_create_anonymous_pipe(&ack_read, &ack_write, &sa)) { 693 return -1; 694 } 695 unique_handle stdout_read, stdout_write; 696 if (!_create_anonymous_pipe(&stdout_read, &stdout_write, &sa)) { 697 return -1; 698 } 699 unique_handle stderr_read, stderr_write; 700 if (!_create_anonymous_pipe(&stderr_read, &stderr_write, &sa)) { 701 return -1; 702 } 703 704 /* Some programs want to launch an adb command and collect its output by 705 * calling CreateProcess with inheritable stdout/stderr handles, then 706 * using read() to get its output. When this happens, the stdout/stderr 707 * handles passed to the adb client process will also be inheritable. 708 * When starting the adb server here, care must be taken to reset them 709 * to non-inheritable. 710 * Otherwise, something bad happens: even if the adb command completes, 711 * the calling process is stuck while read()-ing from the stdout/stderr 712 * descriptors, because they're connected to corresponding handles in the 713 * adb server process (even if the latter never uses/writes to them). 714 * Note that even if we don't pass these handles in the STARTUPINFO struct, 715 * if they're marked inheritable, they're still inherited, requiring us to 716 * deal with this. 717 * 718 * If we're still having problems with inheriting random handles in the 719 * future, consider using PROC_THREAD_ATTRIBUTE_HANDLE_LIST to explicitly 720 * specify which handles should be inherited: http://blogs.msdn.com/b/oldnewthing/archive/2011/12/16/10248328.aspx 721 * 722 * Older versions of Windows return console pseudo-handles that cannot be 723 * made non-inheritable, so ignore those failures. 724 */ 725 _try_make_handle_noninheritable(GetStdHandle(STD_INPUT_HANDLE)); 726 _try_make_handle_noninheritable(GetStdHandle(STD_OUTPUT_HANDLE)); 727 _try_make_handle_noninheritable(GetStdHandle(STD_ERROR_HANDLE)); 728 729 STARTUPINFOW startup; 730 ZeroMemory( &startup, sizeof(startup) ); 731 startup.cb = sizeof(startup); 732 startup.hStdInput = nul_read.get(); 733 startup.hStdOutput = stdout_write.get(); 734 startup.hStdError = stderr_write.get(); 735 startup.dwFlags = STARTF_USESTDHANDLES; 736 737 // Verify that the pipe_write handle value can be passed on the command line 738 // as %d and that the rest of adb code can pass it around in an int. 739 const int ack_write_as_int = cast_handle_to_int(ack_write.get()); 740 if (cast_int_to_handle(ack_write_as_int) != ack_write.get()) { 741 // If this fires, either handle values are larger than 32-bits or else 742 // there is a bug in our casting. 743 // https://msdn.microsoft.com/en-us/library/windows/desktop/aa384203%28v=vs.85%29.aspx 744 fprintf(stderr, "adb: cannot fit pipe handle value into 32-bits: 0x%p\n", ack_write.get()); 745 return -1; 746 } 747 748 // get path of current program 749 WCHAR program_path[MAX_PATH]; 750 const DWORD module_result = GetModuleFileNameW(NULL, program_path, 751 arraysize(program_path)); 752 if ((module_result >= arraysize(program_path)) || (module_result == 0)) { 753 // String truncation or some other error. 754 fprintf(stderr, "adb: cannot get executable path: %s\n", 755 android::base::SystemErrorCodeToString(GetLastError()).c_str()); 756 return -1; 757 } 758 759 WCHAR args[64]; 760 snwprintf(args, arraysize(args), L"adb -L %s fork-server server --reply-fd %d", 761 socket_spec.c_str(), ack_write_as_int); 762 763 PROCESS_INFORMATION pinfo; 764 ZeroMemory(&pinfo, sizeof(pinfo)); 765 766 if (!CreateProcessW( 767 program_path, /* program path */ 768 args, 769 /* the fork-server argument will set the 770 debug = 2 in the child */ 771 NULL, /* process handle is not inheritable */ 772 NULL, /* thread handle is not inheritable */ 773 TRUE, /* yes, inherit some handles */ 774 DETACHED_PROCESS, /* the new process doesn't have a console */ 775 NULL, /* use parent's environment block */ 776 NULL, /* use parent's starting directory */ 777 &startup, /* startup info, i.e. std handles */ 778 &pinfo )) { 779 fprintf(stderr, "adb: CreateProcessW failed: %s\n", 780 android::base::SystemErrorCodeToString(GetLastError()).c_str()); 781 return -1; 782 } 783 784 unique_handle process_handle(pinfo.hProcess); 785 pinfo.hProcess = NULL; 786 787 // Close handles that we no longer need to complete the rest. 788 CloseHandle(pinfo.hThread); 789 pinfo.hThread = NULL; 790 791 nul_read.reset(); 792 ack_write.reset(); 793 stdout_write.reset(); 794 stderr_write.reset(); 795 796 // Start threads to read from subprocess stdout/stderr and write to ours to make subprocess 797 // errors easier to diagnose. Note that the threads internally create inheritable handles, but 798 // that is ok because we've already spawned the subprocess. 799 800 // In the past, reading from a pipe before the child process's C Runtime 801 // started up and called GetFileType() caused a hang: http://blogs.msdn.com/b/oldnewthing/archive/2011/12/02/10243553.aspx#10244216 802 // This is reportedly fixed in Windows Vista: https://support.microsoft.com/en-us/kb/2009703 803 // I was unable to reproduce the problem on Windows XP. It sounds like a 804 // Windows Update may have fixed this: https://www.duckware.com/tech/peeknamedpipe.html 805 unique_handle stdout_thread(reinterpret_cast<HANDLE>( 806 _beginthreadex(NULL, 0, _redirect_stdout_thread, stdout_read.get(), 807 0, NULL))); 808 if (stdout_thread.get() == nullptr) { 809 fprintf(stderr, "adb: cannot create thread: %s\n", strerror(errno)); 810 return -1; 811 } 812 stdout_read.release(); // Transfer ownership to new thread 813 814 unique_handle stderr_thread(reinterpret_cast<HANDLE>( 815 _beginthreadex(NULL, 0, _redirect_stderr_thread, stderr_read.get(), 816 0, NULL))); 817 if (stderr_thread.get() == nullptr) { 818 fprintf(stderr, "adb: cannot create thread: %s\n", strerror(errno)); 819 return -1; 820 } 821 stderr_read.release(); // Transfer ownership to new thread 822 823 bool got_ack = false; 824 825 // Wait for the "OK\n" message, for the pipe to be closed, or other error. 826 { 827 char temp[3]; 828 DWORD count = 0; 829 830 if (ReadFile(ack_read.get(), temp, sizeof(temp), &count, NULL)) { 831 const CHAR expected[] = "OK\n"; 832 const DWORD expected_length = arraysize(expected) - 1; 833 if (count == expected_length && 834 memcmp(temp, expected, expected_length) == 0) { 835 got_ack = true; 836 } else { 837 ReportServerStartupFailure(GetProcessId(process_handle.get())); 838 return -1; 839 } 840 } else { 841 const DWORD err = GetLastError(); 842 // If the ACK was not written and the process exited, GetLastError() 843 // is probably ERROR_BROKEN_PIPE, in which case that info is not 844 // useful to the user. 845 fprintf(stderr, "could not read ok from ADB Server%s\n", 846 err == ERROR_BROKEN_PIPE ? "" : 847 android::base::StringPrintf(": %s", 848 android::base::SystemErrorCodeToString(err).c_str()).c_str()); 849 } 850 } 851 852 // Always try to wait a bit for threads reading stdout/stderr to finish. 853 // If the process started ok, it should close the pipes causing the threads 854 // to finish. If the process had an error, it should exit, also causing 855 // the pipes to be closed. In that case we want to read all of the output 856 // and write it out so that the user can diagnose failures. 857 const DWORD thread_timeout_ms = 15 * 1000; 858 const HANDLE threads[] = { stdout_thread.get(), stderr_thread.get() }; 859 const DWORD wait_result = WaitForMultipleObjects(arraysize(threads), 860 threads, TRUE, thread_timeout_ms); 861 if (wait_result == WAIT_TIMEOUT) { 862 // Threads did not finish after waiting a little while. Perhaps the 863 // server didn't close pipes, or it is hung. 864 fprintf(stderr, "adb: timed out waiting for threads to finish reading from ADB server\n"); 865 // Process handles are signaled when the process exits, so if we wait 866 // on the handle for 0 seconds and it returns 'timeout', that means that 867 // the process is still running. 868 if (WaitForSingleObject(process_handle.get(), 0) == WAIT_TIMEOUT) { 869 // We could TerminateProcess(), but that seems somewhat presumptive. 870 fprintf(stderr, "adb: server is running with process id %lu\n", pinfo.dwProcessId); 871 } 872 return -1; 873 } 874 875 if (wait_result != WAIT_OBJECT_0) { 876 fprintf(stderr, "adb: unexpected result waiting for threads: %lu: %s\n", wait_result, 877 android::base::SystemErrorCodeToString(GetLastError()).c_str()); 878 return -1; 879 } 880 881 // For now ignore the thread exit codes and assume they worked properly. 882 883 if (!got_ack) { 884 return -1; 885 } 886 #else /* !defined(_WIN32) */ 887 // set up a pipe so the child can tell us when it is ready. 888 // fd[0] will be parent's end, and the child will write on fd[1] 889 int fd[2]; 890 if (pipe(fd)) { 891 fprintf(stderr, "pipe failed in launch_server, errno: %d\n", errno); 892 return -1; 893 } 894 895 std::string path = android::base::GetExecutablePath(); 896 897 pid_t pid = fork(); 898 if (pid < 0) return -1; 899 900 if (pid == 0) { 901 // child side of the fork 902 903 adb_close(fd[0]); 904 905 char reply_fd[30]; 906 snprintf(reply_fd, sizeof(reply_fd), "%d", fd[1]); 907 // child process 908 int result = execl(path.c_str(), "adb", "-L", socket_spec.c_str(), "fork-server", "server", 909 "--reply-fd", reply_fd, NULL); 910 // this should not return 911 fprintf(stderr, "adb: execl returned %d: %s\n", result, strerror(errno)); 912 } else { 913 // parent side of the fork 914 char temp[3] = {}; 915 // wait for the "OK\n" message 916 adb_close(fd[1]); 917 int ret = adb_read(fd[0], temp, 3); 918 int saved_errno = errno; 919 adb_close(fd[0]); 920 if (ret < 0) { 921 fprintf(stderr, "could not read ok from ADB Server, errno = %d\n", saved_errno); 922 return -1; 923 } 924 if (ret != 3 || temp[0] != 'O' || temp[1] != 'K' || temp[2] != '\n') { 925 ReportServerStartupFailure(pid); 926 return -1; 927 } 928 } 929 #endif /* !defined(_WIN32) */ 930 return 0; 931 } 932 #endif /* ADB_HOST */ 933 934 // Try to handle a network forwarding request. 935 // This returns 1 on success, 0 on failure, and -1 to indicate this is not 936 // a forwarding-related request. 937 int handle_forward_request(const char* service, atransport* transport, int reply_fd) { 938 if (!strcmp(service, "list-forward")) { 939 // Create the list of forward redirections. 940 std::string listeners = format_listeners(); 941 #if ADB_HOST 942 SendOkay(reply_fd); 943 #endif 944 return SendProtocolString(reply_fd, listeners); 945 } 946 947 if (!strcmp(service, "killforward-all")) { 948 remove_all_listeners(); 949 #if ADB_HOST 950 /* On the host: 1st OKAY is connect, 2nd OKAY is status */ 951 SendOkay(reply_fd); 952 #endif 953 SendOkay(reply_fd); 954 return 1; 955 } 956 957 if (!strncmp(service, "forward:", 8) || !strncmp(service, "killforward:", 12)) { 958 // killforward:local 959 // forward:(norebind:)?local;remote 960 bool kill_forward = false; 961 bool no_rebind = false; 962 if (android::base::StartsWith(service, "killforward:")) { 963 kill_forward = true; 964 service += 12; 965 } else { 966 service += 8; // skip past "forward:" 967 if (android::base::StartsWith(service, "norebind:")) { 968 no_rebind = true; 969 service += 9; 970 } 971 } 972 973 std::vector<std::string> pieces = android::base::Split(service, ";"); 974 975 if (kill_forward) { 976 // Check killforward: parameter format: '<local>' 977 if (pieces.size() != 1 || pieces[0].empty()) { 978 SendFail(reply_fd, android::base::StringPrintf("bad killforward: %s", service)); 979 return 1; 980 } 981 } else { 982 // Check forward: parameter format: '<local>;<remote>' 983 if (pieces.size() != 2 || pieces[0].empty() || pieces[1].empty() || pieces[1][0] == '*') { 984 SendFail(reply_fd, android::base::StringPrintf("bad forward: %s", service)); 985 return 1; 986 } 987 } 988 989 std::string error; 990 InstallStatus r; 991 int resolved_tcp_port = 0; 992 if (kill_forward) { 993 r = remove_listener(pieces[0].c_str(), transport); 994 } else { 995 r = install_listener(pieces[0], pieces[1].c_str(), transport, no_rebind, 996 &resolved_tcp_port, &error); 997 } 998 if (r == INSTALL_STATUS_OK) { 999 #if ADB_HOST 1000 // On the host: 1st OKAY is connect, 2nd OKAY is status. 1001 SendOkay(reply_fd); 1002 #endif 1003 SendOkay(reply_fd); 1004 1005 // If a TCP port was resolved, send the actual port number back. 1006 if (resolved_tcp_port != 0) { 1007 SendProtocolString(reply_fd, android::base::StringPrintf("%d", resolved_tcp_port)); 1008 } 1009 1010 return 1; 1011 } 1012 1013 std::string message; 1014 switch (r) { 1015 case INSTALL_STATUS_OK: message = "success (!)"; break; 1016 case INSTALL_STATUS_INTERNAL_ERROR: message = "internal error"; break; 1017 case INSTALL_STATUS_CANNOT_BIND: 1018 message = android::base::StringPrintf("cannot bind listener: %s", 1019 error.c_str()); 1020 break; 1021 case INSTALL_STATUS_CANNOT_REBIND: 1022 message = android::base::StringPrintf("cannot rebind existing socket"); 1023 break; 1024 case INSTALL_STATUS_LISTENER_NOT_FOUND: 1025 message = android::base::StringPrintf("listener '%s' not found", service); 1026 break; 1027 } 1028 SendFail(reply_fd, message); 1029 return 1; 1030 } 1031 return 0; 1032 } 1033 1034 #if ADB_HOST 1035 static int SendOkay(int fd, const std::string& s) { 1036 SendOkay(fd); 1037 SendProtocolString(fd, s); 1038 return 0; 1039 } 1040 1041 int handle_host_request(const char* service, TransportType type, const char* serial, 1042 TransportId transport_id, int reply_fd, asocket* s) { 1043 if (strcmp(service, "kill") == 0) { 1044 fprintf(stderr, "adb server killed by remote request\n"); 1045 fflush(stdout); 1046 1047 // Send a reply even though we don't read it anymore, so that old versions 1048 // of adb that do read it don't spew error messages. 1049 SendOkay(reply_fd); 1050 1051 // Rely on process exit to close the socket for us. 1052 exit(0); 1053 } 1054 1055 // "transport:" is used for switching transport with a specified serial number 1056 // "transport-usb:" is used for switching transport to the only USB transport 1057 // "transport-local:" is used for switching transport to the only local transport 1058 // "transport-any:" is used for switching transport to the only transport 1059 if (!strncmp(service, "transport", strlen("transport"))) { 1060 TransportType type = kTransportAny; 1061 1062 if (!strncmp(service, "transport-id:", strlen("transport-id:"))) { 1063 service += strlen("transport-id:"); 1064 transport_id = strtoll(service, const_cast<char**>(&service), 10); 1065 if (*service != '\0') { 1066 SendFail(reply_fd, "invalid transport id"); 1067 return 1; 1068 } 1069 } else if (!strncmp(service, "transport-usb", strlen("transport-usb"))) { 1070 type = kTransportUsb; 1071 } else if (!strncmp(service, "transport-local", strlen("transport-local"))) { 1072 type = kTransportLocal; 1073 } else if (!strncmp(service, "transport-any", strlen("transport-any"))) { 1074 type = kTransportAny; 1075 } else if (!strncmp(service, "transport:", strlen("transport:"))) { 1076 service += strlen("transport:"); 1077 serial = service; 1078 } 1079 1080 std::string error; 1081 atransport* t = acquire_one_transport(type, serial, transport_id, nullptr, &error); 1082 if (t != nullptr) { 1083 s->transport = t; 1084 SendOkay(reply_fd); 1085 } else { 1086 SendFail(reply_fd, error); 1087 } 1088 return 1; 1089 } 1090 1091 // return a list of all connected devices 1092 if (!strncmp(service, "devices", 7)) { 1093 bool long_listing = (strcmp(service+7, "-l") == 0); 1094 if (long_listing || service[7] == 0) { 1095 D("Getting device list..."); 1096 std::string device_list = list_transports(long_listing); 1097 D("Sending device list..."); 1098 return SendOkay(reply_fd, device_list); 1099 } 1100 return 1; 1101 } 1102 1103 if (!strcmp(service, "reconnect-offline")) { 1104 std::string response; 1105 close_usb_devices([&response](const atransport* transport) { 1106 switch (transport->GetConnectionState()) { 1107 case kCsOffline: 1108 case kCsUnauthorized: 1109 response += "reconnecting " + transport->serial_name() + "\n"; 1110 return true; 1111 default: 1112 return false; 1113 } 1114 }); 1115 if (!response.empty()) { 1116 response.resize(response.size() - 1); 1117 } 1118 SendOkay(reply_fd, response); 1119 return 0; 1120 } 1121 1122 if (!strcmp(service, "features")) { 1123 std::string error; 1124 atransport* t = acquire_one_transport(type, serial, transport_id, nullptr, &error); 1125 if (t != nullptr) { 1126 SendOkay(reply_fd, FeatureSetToString(t->features())); 1127 } else { 1128 SendFail(reply_fd, error); 1129 } 1130 return 0; 1131 } 1132 1133 if (!strcmp(service, "host-features")) { 1134 FeatureSet features = supported_features(); 1135 // Abuse features to report libusb status. 1136 if (should_use_libusb()) { 1137 features.insert(kFeatureLibusb); 1138 } 1139 features.insert(kFeaturePushSync); 1140 SendOkay(reply_fd, FeatureSetToString(features)); 1141 return 0; 1142 } 1143 1144 // remove TCP transport 1145 if (!strncmp(service, "disconnect:", 11)) { 1146 const std::string address(service + 11); 1147 if (address.empty()) { 1148 kick_all_tcp_devices(); 1149 return SendOkay(reply_fd, "disconnected everything"); 1150 } 1151 1152 std::string serial; 1153 std::string host; 1154 int port = DEFAULT_ADB_LOCAL_TRANSPORT_PORT; 1155 std::string error; 1156 if (!android::base::ParseNetAddress(address, &host, &port, &serial, &error)) { 1157 return SendFail(reply_fd, android::base::StringPrintf("couldn't parse '%s': %s", 1158 address.c_str(), error.c_str())); 1159 } 1160 atransport* t = find_transport(serial.c_str()); 1161 if (t == nullptr) { 1162 return SendFail(reply_fd, android::base::StringPrintf("no such device '%s'", 1163 serial.c_str())); 1164 } 1165 kick_transport(t); 1166 return SendOkay(reply_fd, android::base::StringPrintf("disconnected %s", address.c_str())); 1167 } 1168 1169 // Returns our value for ADB_SERVER_VERSION. 1170 if (!strcmp(service, "version")) { 1171 return SendOkay(reply_fd, android::base::StringPrintf("%04x", ADB_SERVER_VERSION)); 1172 } 1173 1174 // These always report "unknown" rather than the actual error, for scripts. 1175 if (!strcmp(service, "get-serialno")) { 1176 std::string error; 1177 atransport* t = acquire_one_transport(type, serial, transport_id, nullptr, &error); 1178 if (t) { 1179 return SendOkay(reply_fd, t->serial ? t->serial : "unknown"); 1180 } else { 1181 return SendFail(reply_fd, error); 1182 } 1183 } 1184 if (!strcmp(service, "get-devpath")) { 1185 std::string error; 1186 atransport* t = acquire_one_transport(type, serial, transport_id, nullptr, &error); 1187 if (t) { 1188 return SendOkay(reply_fd, t->devpath ? t->devpath : "unknown"); 1189 } else { 1190 return SendFail(reply_fd, error); 1191 } 1192 } 1193 if (!strcmp(service, "get-state")) { 1194 std::string error; 1195 atransport* t = acquire_one_transport(type, serial, transport_id, nullptr, &error); 1196 if (t) { 1197 return SendOkay(reply_fd, t->connection_state_name()); 1198 } else { 1199 return SendFail(reply_fd, error); 1200 } 1201 } 1202 1203 // Indicates a new emulator instance has started. 1204 if (!strncmp(service, "emulator:", 9)) { 1205 int port = atoi(service+9); 1206 local_connect(port); 1207 /* we don't even need to send a reply */ 1208 return 0; 1209 } 1210 1211 if (!strcmp(service, "reconnect")) { 1212 std::string response; 1213 atransport* t = acquire_one_transport(type, serial, transport_id, nullptr, &response, true); 1214 if (t != nullptr) { 1215 kick_transport(t); 1216 response = 1217 "reconnecting " + t->serial_name() + " [" + t->connection_state_name() + "]\n"; 1218 } 1219 return SendOkay(reply_fd, response); 1220 } 1221 1222 std::string error; 1223 atransport* t = acquire_one_transport(type, serial, transport_id, nullptr, &error); 1224 if (!t) { 1225 return -1; 1226 } 1227 1228 int ret = handle_forward_request(service, t, reply_fd); 1229 if (ret >= 0) 1230 return ret - 1; 1231 return -1; 1232 } 1233 1234 static auto& init_mutex = *new std::mutex(); 1235 static auto& init_cv = *new std::condition_variable(); 1236 static bool device_scan_complete = false; 1237 static bool transports_ready = false; 1238 1239 void update_transport_status() { 1240 bool result = iterate_transports([](const atransport* t) { 1241 if (t->type == kTransportUsb && t->online != 1) { 1242 return false; 1243 } 1244 return true; 1245 }); 1246 1247 bool ready; 1248 { 1249 std::lock_guard<std::mutex> lock(init_mutex); 1250 transports_ready = result; 1251 ready = transports_ready && device_scan_complete; 1252 } 1253 1254 if (ready) { 1255 init_cv.notify_all(); 1256 } 1257 } 1258 1259 void adb_notify_device_scan_complete() { 1260 { 1261 std::lock_guard<std::mutex> lock(init_mutex); 1262 if (device_scan_complete) { 1263 return; 1264 } 1265 1266 device_scan_complete = true; 1267 } 1268 1269 update_transport_status(); 1270 } 1271 1272 void adb_wait_for_device_initialization() { 1273 std::unique_lock<std::mutex> lock(init_mutex); 1274 init_cv.wait_for(lock, 3s, []() { return device_scan_complete && transports_ready; }); 1275 } 1276 1277 #endif // ADB_HOST 1278