Commit Graph

115 Commits

Author SHA1 Message Date
Elliott Hughes a034362be4 Merge "Make server port option work on windows" 2015-01-28 03:29:06 +00:00
Ajay Dudani 8432ddc822 system/core: Remove AID_GRAPHICS from adb groups
Remove AID_GRAPHICS from adb access groups to limit framebuffer
access.

Change-Id: I7fc6dca8b02a45d67d1ecc4a4daf6c38741ffb94
2014-11-21 18:08:05 -08:00
Elliott Hughes c66aed8a14 Remove the adb usb vendor id whitelist.
If there are bad vendors, we should blacklist them. Whitelisting the entire
world is crazy.

Change-Id: I1f4c27fd34fc420e2a3b4b2c8749198030db69f1
2014-11-21 10:44:10 -08:00
Yabin Cui e77b6a0862 kill HAVE_FORKEXEC
Bug: 18317407
Change-Id: I4eecb3c9d745e3dabfc46fa595aac7f94f6d93e3
2014-11-12 17:06:27 -08:00
Chih-Hung Hsieh f787b381b6 Include ADB_HOST only code in #if ADB_HOST.
BUG: 17409892
Change-Id: Ic1199dd745191aba718fdb18343e87c0ccbe530b
2014-09-05 16:34:02 -07:00
Elliott Hughes a8d0c4a2b8 Merge "Move host 'get-state' service up so that it works." 2014-08-05 00:30:25 +00:00
Simon Ye dc22c3c7a8 Move host 'get-state' service up so that it works.
Due to previous bad merge, the get-state service was moved out of the
ADB_HOST #ifdef block.

Change-Id: Id4b72a051ff04104659925e63a02eb340db2f807
2014-07-28 11:44:46 -07:00
Elliott Hughes b4dd6ef223 Fix implicit declaration of function 'prctl' in adb.
Change-Id: I9f14cabbb36d658510c11833b3314565a2445e10
2014-07-18 16:44:58 -07:00
Nick Kralevich e5cbf4e044 adbd: unconditionally call setgroups
We should ensure that the appropriate supplementary groups are
set, regardless of whether we're running UID=0 or UID=shell.

Change-Id: I3a1624a574102be08176a41f9c7eb5f82af2b3e5
2014-06-18 11:24:27 -07:00
David 'Digit' Turner c335887516 am 6e7343b8: Merge "adb: implement "adb reverse <local> <remote>""
* commit '6e7343b8993fecb2f0600a9e5cff91dd4480a877':
  adb: implement "adb reverse <local> <remote>"
2014-05-27 16:33:16 +00:00
David 'Digit' Turner 2525869419 adb: implement "adb reverse <local> <remote>"
This implements the logical opposite of 'adb forward', i.e.
the ability to reverse network connections from the device
to the host.

This feature is very useful for testing various programs
running on an Android device without root or poking at the
host's routing table.

Options and parameters are exactly the same as those for
'adb forward', except that the direction is reversed.

Examples:

  adb reverse tcp:5000 tcp:6000
    connections to localhost:5000 on the device will be
    forwarded to localhost:6000 on the host.

  adb reverse --no-rebind tcp:5000 tcp:6000
    same as above, but fails if the socket is already
    bound through a previous 'adb reverse tcp:5000 ...'
    command.

  adb reverse --list
    list all active reversed connections for the target
    device. Note: there is no command to list all
    reversed connections for all devices at once.

  adb reverse --remove tcp:5000
    remove any reversed connection on the device from
    localhost:5000

  adb reverse --remove-all
    remove all reversed connections form the current
    device.

Reversed connections are tied to a transport, in other
words, they disappear as soon as a device is disconnected.

Simple testing protocol:

  adb forward tcp:5000 tcp:6000
  adb reverse tcp:6000 tcp:7000
  nc -l localhost 7000

in another terminal:
  echo "Hello" | nc localhost 5000

Will print "Hello" on the first terminal.

Change-Id: I761af790cdb06829b68430afa4145a919fa0e6d5
2014-05-27 16:42:13 +02:00
JP Abgrall a4a9e64668 am 66e95d76: Merge "Fix adb forward --list when forwarding a lot"
* commit '66e95d76c47a3a099931bbebe7f4a0af4d3f7fbb':
  Fix adb forward --list when forwarding a lot
2014-03-11 18:42:18 +00:00
Nick Kralevich 3530b9cd46 am 02916aa2: Remove obsolete vdc call.
* commit '02916aa20e3ffbe4b738bb12dc1607a7ec6a8c37':
  Remove obsolete vdc call.
2014-03-04 08:23:06 +00:00
Nick Kralevich 02916aa20e Remove obsolete vdc call.
Since ca8e66a8b0, init has
been handling reboots and filesystem unmounts. Remove obsolete
call to vdc.

Bug: 12504045
Change-Id: If8704ca042cb3a68857743b9973e48c52e7eb881
(cherry picked from commit 225459a5da)
2014-03-04 04:54:00 +00:00
Snild Dolkow 2264e7cfef Fix adb forward --list when forwarding a lot
The list action had some problems with large numbers of forwards:
 * adb_query() limited replies to 1024 B (and the print was useless)
 * the reply header's length could overflow (also in other commands)
 * ...and the client had no way of detecting it
 * writex() didn't retry on EAGAIN ("Resource temporarily unavailable")

This patch makes all "OKAY%04x" replies use a common function which
checks the length and limits it to 0xffff. This means that the client
can easily check for truncated replies.

Before: forward --list starts failing at 15-30 forwards (depending on
device serial and forward spec lengths).

After: no problems with forward --list.

Change-Id: Ie1e82c4d622f5c56e51abb26533ba17d40459914
2014-02-21 14:57:02 +01:00
Nick Kralevich d49aa2537c adbd: switch to su domain when running as root
When adbd runs as root, it should transition into the
su domain. This is needed to run the adbd and shell
domains in enforcing on userdebug / eng devices without
breaking developer workflows.

Introduce a new device_banner command line option.

Change-Id: Ib33c0dd2dd6172035230514ac84fcaed2ecf44d6
2014-01-22 14:20:17 -08:00
David 'Digit' Turner 818d641c42 adb: Check sender's socket id when receiving packets.
handle_packet() in adb.c didn't check that when an A_WRTE packet is
received, the sender's local-id matches the socket's peer id.

This meant that a compromised adbd server could sent packets to
the host adb server, spoofing the identity of another connected
device if it could "guess" the right host socket id.

This patch gets rid of the issue by enforcing even more checks
to ensure that all packets comply with the description in
protocol.txt.

+ Fix a bug where closing a local socket associated with a
  remote one would always send an A_CLSE(0, remote-id, "")
  message, though protocol.txt says that should only happen
  for failed opens.

  The issue was that local_socket_close() called
  remote_socket_close() after clearing the remote socket's
  'peer' field.

  The fix introduces a new asocket optional callback,
  named 'shutdown' that is called before that, and is
  used to send the A_CLSE() message with the right ID
  in remote_socket_shutdown().

  Also add some code in handle_packet() to detect
  invalid close commands.

Change-Id: I9098bc8c6e81f8809334b060e5dca4fc92e6fbc9
2013-12-16 17:58:08 +01:00
Wenhao Li a09558c2e2 Make server port option work on windows
The server port command line option do not work
on windows, need pass -P option to child process.

Change-Id: Ibb3f0a926fae8e17c75fccbd4bb3a33318fffe9e
2013-11-13 19:04:25 +08:00
Nick Kralevich 893a4a47e8 adb: Only use properties on device builds
When building for the host, don't make reference to
property_get / property_set.  I'm in the process of removing
host side support for properties.

Change-Id: I691c5872b5fd538e78bc38a3fe72574cdc7f43c3
2013-05-23 10:37:46 -07:00
Benoit Goby 1c45ee92e2 adb: Handle adb connect in a thread
adb connect calls connect() in the event loop. If you pass a wrong ip
address or the server is slow to respond, this will block the event loop
and you can't even kill the adb server with adb kill-server. Handle connect
requests in a service thread instead.

Change-Id: I2ee732869a3dc22a6d3b87cf8ac80acaa7790037
2013-04-25 12:34:49 -07:00
Nick Kralevich ca8e66a8b0 Make init handle reboots
Move the responsibility for rebooting the system from the
reboot command to init. Init is in a better position to take
actions to bring the system down cleanly, including making sure
filesystems are mounted read-only.

The only UIDs which can perform an init triggered reboot are
root, system, and shell.

Modify the reboot command so that it calls into init to perform
the reboot. The reboot command no longer requires CAP_SYS_BOOT.

Remove the -n reboot option and code which supports it.  Anyone needing
to do an unclean shutdown can just do a 'echo c > /proc/sysrq-trigger'.

Modify adb so that it calls into init to perform a shutdown.

Bug: 8646621
Change-Id: I84c0513acb549720cb0e8c9fcbda0050f5c396f5
2013-04-23 13:21:40 -07:00
Colin Cross 5192363226 am b544da0b: am d7cab8bf: Merge "adb : add missing connection states"
* commit 'b544da0be42cdd1e28d6562a26215d57c51b2f2b':
  adb : add missing connection states
2013-04-17 15:13:27 -07:00
Colin Cross b544da0be4 am d7cab8bf: Merge "adb : add missing connection states"
* commit 'd7cab8bff1334ba48620a16d1b98f2ae623fee7d':
  adb : add missing connection states
2013-04-17 15:11:39 -07:00
trevd a5ad539cff adb : add missing connection states
Both CS_RECOVERY and CS_SIDELOAD where not being checked by
connection_state_name which resulted in adb get-state returning
unknown when a device is in those modes.

Change-Id: I00716024d6a0bdb68d6e2380c8cd7b5d056bd15f
Signed-off-by: trevd <trevd1234@gmail.com>
2013-04-17 14:34:23 +01:00
Benoit Goby c6d7e200ed toolbox: Make reboot a separate command from toolbox
Set the CAP_SYS_BOOT filesystem capability on the new reboot
command and keep CAP_SYS_BOOT in adb bounding set so that the
shell user can run it.

Change-Id: I1dd6143445ee2a952254f0452ab6e544318431dd
2013-03-26 12:24:10 -07:00
Nick Kralevich 277626e59d am 844306bd: am cc4499b6: Merge "adb: use correct header file."
* commit '844306bd9cb3c8b3e514e5d91e9514556e8f95f4':
  adb: use correct header file.
2013-02-28 23:22:04 +00:00
Nick Kralevich e2864bf727 adb: use correct header file.
Change-Id: I7a66ced762dc077247fd7c2714ae8850ffdcaeb9
2013-02-28 14:12:58 -08:00
Nick Kralevich 4c609e9683 Remove CAP_NET_RAW from adb
ping no longer needs CAP_NET_RAW. See:

* http://lwn.net/Articles/443051/
* https://android-review.googlesource.com/52090
* https://android-review.googlesource.com/52072

Eliminate the CAP_NET_RAW special case in adb

Change-Id: If9d32c5254291b123b06bededc94b64113f6b8f2
2013-02-27 13:15:02 -08:00
Benoit Goby 1531c966c1 Merge "adb: Fix secure adb when booting with usb attached" 2013-02-21 23:55:57 +00:00
Nick Kralevich 080427e4e2 adb: drop capability bounding set on user builds
run-as: don't require CAP_DAC_OVERRIDE.

Prevent an adb spawned application from acquiring capabilities
other than

* CAP_NET_RAW
* CAP_SETUID
* CAP_SETGID

The only privileged programs accessible on user builds are
* /system/bin/ping
* /system/bin/run-as

and the capabilities above are sufficient to cover those
two programs.

If the kernel doesn't support file capabilities, we ignore
a prctl(PR_CAPBSET_DROP) failure. In a future CL, this could
become a fatal error.

Change-Id: I45a56712bfda35b5ad9378dde9e04ab062fe691a
2013-02-15 21:22:19 -08:00
Nick Kralevich b9c087031b am e149855a: am 523a2090: Merge "adb: Use 64 bit capabilities."
* commit 'e149855a816c98149a95725139ae66f193049ddd':
  adb: Use 64 bit capabilities.
2013-02-15 10:22:08 -08:00
Nick Kralevich 109f4e16cb adb: Use 64 bit capabilities.
Fix the following kernel warning:

$ adb shell dmesg | grep adb
<6>[    7.813003] warning: `adbd' uses 32-bit capabilities (legacy support in use)

Change-Id: I3912302c5c577f1cb03f0c591834ab7b3a72ddf5
2013-02-15 09:33:13 -08:00
Benoit Goby 045a4a9c3a adb: Fix secure adb when booting with usb attached
When booting with usb attached, the secure adb authentication happens
long before the framework is done booting, so adb can't notify the
framework to install the public key.

Change-Id: Id2af6cebece345022f56cb0c4b5af24e1d7a425c
2013-02-02 01:19:06 +00:00
Kenny Root 49f0f77693 am 282caf3b: am 260f3471: am f8afaebe: Merge "Windows adb: include stdint.h for uint8_t on MinGW-w64"
# By Ray Donnelly
# Via Android Git Automerger (2) and others
* commit '282caf3bd0dfd81b92ac74e0b3ea970d195fee7b':
  Windows adb: include stdint.h for uint8_t on MinGW-w64
2013-01-29 21:54:00 -08:00
Kenny Root f8afaebec3 Merge "Windows adb: include stdint.h for uint8_t on MinGW-w64" 2013-01-30 05:44:17 +00:00
Benoit Goby 8e85644aa1 Merge "adb: Add "unauthorized" connection state" 2013-01-29 00:17:43 +00:00
David Turner 5bf8a4200c am 3dbcb6d6: am 98d07897: Merge "Windows adb: Make client stdout and stderr handles uninheritable"
* commit '3dbcb6d6c6befc406e4ce4e2b7aa9ad2635dfbb8':
  Windows adb: Make client stdout and stderr handles uninheritable
2013-01-21 02:56:36 -08:00
David Turner 98d0789772 Merge "Windows adb: Make client stdout and stderr handles uninheritable" 2013-01-21 10:16:54 +00:00
Benoit Goby 77e8e5851d adb: Add "unauthorized" connection state
Add a new connection state, so that devices, that require confirmation
to allow adb, appear as "unauthorized" in the adb devices lists.

Change-Id: Ib4264bc5736dedecf05bcf8e31896f4d7a91fad8
2013-01-15 17:21:13 -08:00
JP Abgrall 571c136768 adb: HACK: (linux only) allow temp mitigation for multithreaded issues
There are serious multithreading issues between the fdevent and transport
subsystems which both manipulate struct asocket and struct fde concurrently.
The prevalent symptom being around multiple socket closures which stomp
 on each other, typically causing:
   "glibc detected *** adb: double free or corruption ..."

This HACK allows forcing CPU affinity via an env var. E.g.:
  export ADB_CPU_AFFINITY_BUG6558362=0
which will cause ONLY the adb server and all its threads to be pegged
to CPU 0.

The result is visible in valgrind's helgrind: no *socket_close() related
data races. But tons of other races are still there.

Bug: 6558362
Change-Id: I0f112390a6a921c64b2a783297be9e99ce27fd56
2013-01-09 15:34:21 -08:00
Ray Donnelly cbb9891049 Windows adb: include stdint.h for uint8_t on MinGW-w64
Change-Id: I84b8284bc034feb0acd313b0aad9e2fa5868854f
2013-01-08 23:11:49 +00:00
Ray Donnelly 267aa8b00e Windows adb: Make client stdout and stderr handles uninheritable
Change-Id: Ib0519a199c9504aad1d0ecc3757f4d162984bf22
2013-01-08 23:02:28 +00:00
Matt Gumbel d7b3308511 Support adb client connect to remote server
ADB client: allow user to specify hostname and port number of remote
adb server.
ADB server: bind server to all network interfaces instead of just
localhost when user gives -a flag.

Primary use-case for this change is to support remote testing of USB
devices. HostA is running some test automation software which invokes adb
client. HostB has USB-only device attached and is running adb server. adb
client on HostA makes connection to adb server on HostB to talk to the
USB device.

Change-Id: I845cc8c00350b400317f8c18f813e6fd79bd5470
Signed-off-by: Dean Kwon <daex.i.kwon@intel.com>
Signed-off-by: Jim Bride <jim.bride@intel.com>
Signed-off-by: Matt Gumbel <matthew.k.gumbel@intel.com>
2013-01-04 11:00:38 -08:00
David 'Digit' Turner 0d82fbf04d adb: Improve ADB's forward redirection management.
This adds a few new options/modes to 'adb forward':

  adb forward --list
  adb forward --remove <local>
  adb forward --remove-all
  adb forward --no-rebind <local> <remote>

For more context, see http://code.google.com/p/android/issues/detail?id=39631

Note that this only affects the host adb client and server programs,
i.e. it's compatible with devices running older adbd versions.

Change-Id: I9cda3ba12b5a8560a2061620bc7f948e5c1e70f7
2012-11-26 21:37:08 +01:00
Jeff Sharkey d6d4286a28 Bring back ADB_EXTERNAL_STORAGE.
Bug: 7119408
Change-Id: Ic9a23fb6adfb1db771e1e278179586bca69a5edd
2012-09-06 13:05:40 -07:00
Benoit Goby d5fcafaf41 adb: Add public key authentification
Secure adb using a public key authentication, to allow USB debugging
only from authorized hosts.

When a device is connected to an unauthorized host, the adb daemon sends
the user public key to the device. A popup is shown to ask the user to
allow debugging once or permanantly from the host. The public key is
installed on the device in the later case. Other keys may be installed
at build time.

On the host, the user public/private key pair is automatically generated,
if it does not exist, when the adb daemon starts and is stored in
$HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed,
the ADB_KEYS_PATH env variable may be set to a :-separated (; under
Windows) list of private keys, e.g. company-wide or vendor keys.

On the device, vendors public keys are installed at build time in
/adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys.

ADB Protocol change:
If the device needs to authenticate the host, it replies to CNXN
packets with an AUTH packet. The AUTH packet payload is a random token.
The host signs the token with one of its private keys and sends an AUTH(0)
packet. If the signature verification succeeds, the device replies with
a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so
that the host can retry with another private key. Once the host has tried
all its keys, it can send an AUTH(1) packet with a public key as
payload. adbd then sends the public key to the framework (if it has been
started) for confirmation.

Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-08-23 00:20:06 -07:00
Jeff Sharkey bfcd810b79 Iteration on multi-user external storage.
Define /storage as top-level concept, so that we enforce permissions
uniformly.  Moves external storage paths from headers to per-device
environment variables.  Added missing mount flags, and we no longer
have adb-specific external storage.

Bug: 6925012
Change-Id: Ic7ca953be2f552d3f0ec9e69f89fef751daa1b29
2012-08-22 14:28:37 -07:00
Benoit Goby 3fc95a9918 Revert "adb: Add public key authentification"
This reverts commit f4ed516643.
2012-08-20 23:04:11 -07:00
Benoit Goby 300d6d65d0 Merge "adb: Add public key authentification" into jb-mr1-dev 2012-08-20 20:28:51 -07:00
John Grossman 9367f4f973 Replace a segfault with a warning.
Just print a warning if ADB_EXTERNAL_STORAGE is not defined when ADB
runs instead of segfaulting.  If we really don't want to continue to
run, we can make this a fatal error instead.

Change-Id: Icfc5fb9e594b0a310029f1dca7e9476f27ceb7bc
2012-08-20 16:38:01 -07:00