1 /*
2  * Copyright (C) 2007 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #include "minadbd_services.h"
18 
19 #include <errno.h>
20 #include <inttypes.h>
21 #include <stdio.h>
22 #include <stdlib.h>
23 #include <string.h>
24 #include <unistd.h>
25 
26 #include <functional>
27 #include <memory>
28 #include <string>
29 #include <string_view>
30 #include <thread>
31 #include <unordered_set>
32 
33 #include <android-base/file.h>
34 #include <android-base/logging.h>
35 #include <android-base/memory.h>
36 #include <android-base/parseint.h>
37 #include <android-base/properties.h>
38 #include <android-base/stringprintf.h>
39 #include <android-base/strings.h>
40 
41 #include "adb.h"
42 #include "adb_unique_fd.h"
43 #include "adb_utils.h"
44 #include "fdevent.h"
45 #include "fuse_adb_provider.h"
46 #include "fuse_sideload.h"
47 #include "minadbd_types.h"
48 #include "services.h"
49 #include "sysdeps.h"
50 
51 static int minadbd_socket = -1;
52 static bool rescue_mode = false;
53 static std::string sideload_mount_point = FUSE_SIDELOAD_HOST_MOUNTPOINT;
54 
SetMinadbdSocketFd(int socket_fd)55 void SetMinadbdSocketFd(int socket_fd) {
56   minadbd_socket = socket_fd;
57 }
58 
SetMinadbdRescueMode(bool rescue)59 void SetMinadbdRescueMode(bool rescue) {
60   rescue_mode = rescue;
61 }
62 
SetSideloadMountPoint(const std::string & path)63 void SetSideloadMountPoint(const std::string& path) {
64   sideload_mount_point = path;
65 }
66 
WriteCommandToFd(MinadbdCommand cmd,int fd)67 static bool WriteCommandToFd(MinadbdCommand cmd, int fd) {
68   char message[kMinadbdMessageSize];
69   memcpy(message, kMinadbdCommandPrefix, strlen(kMinadbdStatusPrefix));
70   android::base::put_unaligned(message + strlen(kMinadbdStatusPrefix), cmd);
71 
72   if (!android::base::WriteFully(fd, message, kMinadbdMessageSize)) {
73     PLOG(ERROR) << "Failed to write message " << message;
74     return false;
75   }
76   return true;
77 }
78 
79 // Blocks and reads the command status from |fd|. Returns false if the received message has a
80 // format error.
WaitForCommandStatus(int fd,MinadbdCommandStatus * status)81 static bool WaitForCommandStatus(int fd, MinadbdCommandStatus* status) {
82   char buffer[kMinadbdMessageSize];
83   if (!android::base::ReadFully(fd, buffer, kMinadbdMessageSize)) {
84     PLOG(ERROR) << "Failed to response status from socket";
85     exit(kMinadbdSocketIOError);
86   }
87 
88   std::string message(buffer, buffer + kMinadbdMessageSize);
89   if (!android::base::StartsWith(message, kMinadbdStatusPrefix)) {
90     LOG(ERROR) << "Failed to parse status in " << message;
91     return false;
92   }
93 
94   *status = android::base::get_unaligned<MinadbdCommandStatus>(
95       message.substr(strlen(kMinadbdStatusPrefix)).c_str());
96   return true;
97 }
98 
RunAdbFuseSideload(int sfd,const std::string & args,MinadbdCommandStatus * status)99 static MinadbdErrorCode RunAdbFuseSideload(int sfd, const std::string& args,
100                                            MinadbdCommandStatus* status) {
101   auto pieces = android::base::Split(args, ":");
102   int64_t file_size;
103   int block_size;
104   if (pieces.size() != 2 || !android::base::ParseInt(pieces[0], &file_size) || file_size <= 0 ||
105       !android::base::ParseInt(pieces[1], &block_size) || block_size <= 0) {
106     LOG(ERROR) << "bad sideload-host arguments: " << args;
107     return kMinadbdHostCommandArgumentError;
108   }
109 
110   LOG(INFO) << "sideload-host file size " << file_size << ", block size " << block_size;
111 
112   if (!WriteCommandToFd(MinadbdCommand::kInstall, minadbd_socket)) {
113     return kMinadbdSocketIOError;
114   }
115 
116   auto adb_data_reader = std::make_unique<FuseAdbDataProvider>(sfd, file_size, block_size);
117   if (int result = run_fuse_sideload(std::move(adb_data_reader), sideload_mount_point.c_str());
118       result != 0) {
119     LOG(ERROR) << "Failed to start fuse";
120     return kMinadbdFuseStartError;
121   }
122 
123   if (!WaitForCommandStatus(minadbd_socket, status)) {
124     return kMinadbdMessageFormatError;
125   }
126 
127   // Signal host-side adb to stop. For sideload mode, we always send kMinadbdServicesExitSuccess
128   // (i.e. "DONEDONE") regardless of the install result. For rescue mode, we send failure message on
129   // install error.
130   if (!rescue_mode || *status == MinadbdCommandStatus::kSuccess) {
131     if (!android::base::WriteFully(sfd, kMinadbdServicesExitSuccess,
132                                    strlen(kMinadbdServicesExitSuccess))) {
133       return kMinadbdHostSocketIOError;
134     }
135   } else {
136     if (!android::base::WriteFully(sfd, kMinadbdServicesExitFailure,
137                                    strlen(kMinadbdServicesExitFailure))) {
138       return kMinadbdHostSocketIOError;
139     }
140   }
141 
142   return kMinadbdSuccess;
143 }
144 
145 // Sideload service always exits after serving an install command.
SideloadHostService(unique_fd sfd,const std::string & args)146 static void SideloadHostService(unique_fd sfd, const std::string& args) {
147   MinadbdCommandStatus status;
148   exit(RunAdbFuseSideload(sfd.get(), args, &status));
149 }
150 
151 // Rescue service waits for the next command after an install command.
RescueInstallHostService(unique_fd sfd,const std::string & args)152 static void RescueInstallHostService(unique_fd sfd, const std::string& args) {
153   MinadbdCommandStatus status;
154   if (auto result = RunAdbFuseSideload(sfd.get(), args, &status); result != kMinadbdSuccess) {
155     exit(result);
156   }
157 }
158 
RescueGetpropHostService(unique_fd sfd,const std::string & prop)159 static void RescueGetpropHostService(unique_fd sfd, const std::string& prop) {
160   static const std::unordered_set<std::string> kGetpropAllowedProps = {
161     "ro.build.fingerprint",
162     "ro.build.date.utc",
163   };
164   auto allowed = kGetpropAllowedProps.find(prop) != kGetpropAllowedProps.end();
165   if (!allowed) {
166     return;
167   }
168 
169   auto result = android::base::GetProperty(prop, "");
170   if (result.empty()) {
171     return;
172   }
173   if (!android::base::WriteFully(sfd, result.data(), result.size())) {
174     exit(kMinadbdHostSocketIOError);
175   }
176 
177   // Send heartbeat signal to keep the rescue service alive.
178   if (!WriteCommandToFd(MinadbdCommand::kNoOp, minadbd_socket)) {
179     exit(kMinadbdSocketIOError);
180   }
181   if (MinadbdCommandStatus status; !WaitForCommandStatus(minadbd_socket, &status)) {
182     exit(kMinadbdMessageFormatError);
183   }
184 }
185 
186 // Reboots into the given target. We don't reboot directly from minadbd, but going through recovery
187 // instead. This allows recovery to finish all the pending works (clear BCB, save logs etc) before
188 // the reboot.
RebootHostService(unique_fd,const std::string & target)189 static void RebootHostService(unique_fd /* sfd */, const std::string& target) {
190   MinadbdCommand command;
191   if (target == "bootloader") {
192     command = MinadbdCommand::kRebootBootloader;
193   } else if (target == "rescue") {
194     command = MinadbdCommand::kRebootRescue;
195   } else if (target == "recovery") {
196     command = MinadbdCommand::kRebootRecovery;
197   } else if (target == "fastboot") {
198     command = MinadbdCommand::kRebootFastboot;
199   } else {
200     command = MinadbdCommand::kRebootAndroid;
201   }
202   if (!WriteCommandToFd(command, minadbd_socket)) {
203     exit(kMinadbdSocketIOError);
204   }
205   MinadbdCommandStatus status;
206   if (!WaitForCommandStatus(minadbd_socket, &status)) {
207     exit(kMinadbdMessageFormatError);
208   }
209 }
210 
WipeDeviceService(unique_fd fd,const std::string & args)211 static void WipeDeviceService(unique_fd fd, const std::string& args) {
212   auto pieces = android::base::Split(args, ":");
213   if (pieces.size() != 2 || pieces[0] != "userdata") {
214     LOG(ERROR) << "Failed to parse wipe device command arguments " << args;
215     exit(kMinadbdHostCommandArgumentError);
216   }
217 
218   size_t message_size;
219   if (!android::base::ParseUint(pieces[1], &message_size) ||
220       message_size < strlen(kMinadbdServicesExitSuccess)) {
221     LOG(ERROR) << "Failed to parse wipe device message size in " << args;
222     exit(kMinadbdHostCommandArgumentError);
223   }
224 
225   WriteCommandToFd(MinadbdCommand::kWipeData, minadbd_socket);
226   MinadbdCommandStatus status;
227   if (!WaitForCommandStatus(minadbd_socket, &status)) {
228     exit(kMinadbdMessageFormatError);
229   }
230 
231   std::string response = (status == MinadbdCommandStatus::kSuccess) ? kMinadbdServicesExitSuccess
232                                                                     : kMinadbdServicesExitFailure;
233   response += std::string(message_size - response.size(), '\0');
234   if (!android::base::WriteFully(fd, response.c_str(), response.size())) {
235     exit(kMinadbdHostSocketIOError);
236   }
237 }
238 
daemon_service_to_fd(std::string_view name,atransport *)239 unique_fd daemon_service_to_fd(std::string_view name, atransport* /* transport */) {
240   // Common services that are supported both in sideload and rescue modes.
241   if (ConsumePrefix(&name, "reboot:")) {
242     // "reboot:<target>", where target must be one of the following.
243     std::string args(name);
244     if (args.empty() || args == "bootloader" || args == "rescue" || args == "recovery" ||
245         args == "fastboot") {
246       return create_service_thread("reboot",
247                                    std::bind(RebootHostService, std::placeholders::_1, args));
248     }
249     return unique_fd{};
250   }
251 
252   // Rescue-specific services.
253   if (rescue_mode) {
254     if (ConsumePrefix(&name, "rescue-install:")) {
255       // rescue-install:<file-size>:<block-size>
256       std::string args(name);
257       return create_service_thread(
258           "rescue-install", std::bind(RescueInstallHostService, std::placeholders::_1, args));
259     } else if (ConsumePrefix(&name, "rescue-getprop:")) {
260       // rescue-getprop:<prop>
261       std::string args(name);
262       return create_service_thread(
263           "rescue-getprop", std::bind(RescueGetpropHostService, std::placeholders::_1, args));
264     } else if (ConsumePrefix(&name, "rescue-wipe:")) {
265       // rescue-wipe:target:<message-size>
266       std::string args(name);
267       return create_service_thread("rescue-wipe",
268                                    std::bind(WipeDeviceService, std::placeholders::_1, args));
269     }
270 
271     return unique_fd{};
272   }
273 
274   // Sideload-specific services.
275   if (name.starts_with("sideload:")) {
276     // This exit status causes recovery to print a special error message saying to use a newer adb
277     // (that supports sideload-host).
278     exit(kMinadbdAdbVersionError);
279   } else if (ConsumePrefix(&name, "sideload-host:")) {
280     // sideload-host:<file-size>:<block-size>
281     std::string args(name);
282     return create_service_thread("sideload-host",
283                                  std::bind(SideloadHostService, std::placeholders::_1, args));
284   }
285   return unique_fd{};
286 }
287