1 /*
2 * Copyright (C) 2012 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include "install/adb_install.h"
18
19 #include <errno.h>
20 #include <fcntl.h>
21 #include <signal.h>
22 #include <stdlib.h>
23 #include <string.h>
24 #include <sys/epoll.h>
25 #include <sys/socket.h>
26 #include <sys/stat.h>
27 #include <sys/types.h>
28 #include <sys/wait.h>
29 #include <unistd.h>
30
31 #include <atomic>
32 #include <functional>
33 #include <map>
34 #include <utility>
35 #include <vector>
36
37 #include <android-base/file.h>
38 #include <android-base/logging.h>
39 #include <android-base/memory.h>
40 #include <android-base/properties.h>
41 #include <android-base/strings.h>
42 #include <android-base/unique_fd.h>
43
44 #include "fuse_sideload.h"
45 #include "install/install.h"
46 #include "install/wipe_data.h"
47 #include "minadbd/types.h"
48 #include "otautil/sysutil.h"
49 #include "recovery_ui/device.h"
50 #include "recovery_ui/ui.h"
51
52 // A CommandFunction returns a pair of (result, should_continue), which indicates the command
53 // execution result and whether it should proceed to the next iteration. The execution result will
54 // always be sent to the minadbd side.
55 using CommandFunction = std::function<std::pair<bool, bool>()>;
56
SetUsbConfig(const std::string & state)57 static bool SetUsbConfig(const std::string& state) {
58 android::base::SetProperty("sys.usb.config", state);
59 return android::base::WaitForProperty("sys.usb.state", state);
60 }
61
62 // Parses the minadbd command in |message|; returns MinadbdCommand::kError upon errors.
ParseMinadbdCommand(const std::string & message)63 static MinadbdCommand ParseMinadbdCommand(const std::string& message) {
64 if (!android::base::StartsWith(message, kMinadbdCommandPrefix)) {
65 LOG(ERROR) << "Failed to parse command in message " << message;
66 return MinadbdCommand::kError;
67 }
68
69 auto cmd_code_string = message.substr(strlen(kMinadbdCommandPrefix));
70 auto cmd_code = android::base::get_unaligned<uint32_t>(cmd_code_string.c_str());
71 if (cmd_code >= static_cast<uint32_t>(MinadbdCommand::kError)) {
72 LOG(ERROR) << "Unsupported command code: " << cmd_code;
73 return MinadbdCommand::kError;
74 }
75
76 return static_cast<MinadbdCommand>(cmd_code);
77 }
78
WriteStatusToFd(MinadbdCommandStatus status,int fd)79 static bool WriteStatusToFd(MinadbdCommandStatus status, int fd) {
80 char message[kMinadbdMessageSize];
81 memcpy(message, kMinadbdStatusPrefix, strlen(kMinadbdStatusPrefix));
82 android::base::put_unaligned(message + strlen(kMinadbdStatusPrefix), status);
83
84 if (!android::base::WriteFully(fd, message, kMinadbdMessageSize)) {
85 PLOG(ERROR) << "Failed to write message " << message;
86 return false;
87 }
88 return true;
89 }
90
91 // Installs the package from FUSE. Returns the installation result and whether it should continue
92 // waiting for new commands.
AdbInstallPackageHandler(RecoveryUI * ui,InstallResult * result)93 static auto AdbInstallPackageHandler(RecoveryUI* ui, InstallResult* result) {
94 // How long (in seconds) we wait for the package path to be ready. It doesn't need to be too long
95 // because the minadbd service has already issued an install command. FUSE_SIDELOAD_HOST_PATHNAME
96 // will start to exist once the host connects and starts serving a package. Poll for its
97 // appearance. (Note that inotify doesn't work with FUSE.)
98 constexpr int ADB_INSTALL_TIMEOUT = 15;
99 bool should_continue = true;
100 *result = INSTALL_ERROR;
101 for (int i = 0; i < ADB_INSTALL_TIMEOUT; ++i) {
102 struct stat st;
103 if (stat(FUSE_SIDELOAD_HOST_PATHNAME, &st) != 0) {
104 if (errno == ENOENT && i < ADB_INSTALL_TIMEOUT - 1) {
105 sleep(1);
106 continue;
107 } else {
108 should_continue = false;
109 ui->Print("\nTimed out waiting for fuse to be ready.\n\n");
110 break;
111 }
112 }
113
114 auto package =
115 Package::CreateFilePackage(FUSE_SIDELOAD_HOST_PATHNAME,
116 std::bind(&RecoveryUI::SetProgress, ui, std::placeholders::_1));
117 *result = InstallPackage(package.get(), FUSE_SIDELOAD_HOST_PATHNAME, false, 0, ui);
118 break;
119 }
120
121 // Calling stat() on this magic filename signals the FUSE to exit.
122 struct stat st;
123 stat(FUSE_SIDELOAD_HOST_EXIT_PATHNAME, &st);
124 return std::make_pair(*result == INSTALL_SUCCESS, should_continue);
125 }
126
AdbRebootHandler(MinadbdCommand command,InstallResult * result,Device::BuiltinAction * reboot_action)127 static auto AdbRebootHandler(MinadbdCommand command, InstallResult* result,
128 Device::BuiltinAction* reboot_action) {
129 // Use Device::REBOOT_{FASTBOOT,RECOVERY,RESCUE}, instead of the ones with ENTER_. This allows
130 // rebooting back into fastboot/recovery/rescue mode through bootloader, which may use a newly
131 // installed bootloader/recovery image.
132 switch (command) {
133 case MinadbdCommand::kRebootBootloader:
134 *reboot_action = Device::REBOOT_BOOTLOADER;
135 break;
136 case MinadbdCommand::kRebootFastboot:
137 *reboot_action = Device::REBOOT_FASTBOOT;
138 break;
139 case MinadbdCommand::kRebootRecovery:
140 *reboot_action = Device::REBOOT_RECOVERY;
141 break;
142 case MinadbdCommand::kRebootRescue:
143 *reboot_action = Device::REBOOT_RESCUE;
144 break;
145 case MinadbdCommand::kRebootAndroid:
146 default:
147 *reboot_action = Device::REBOOT;
148 break;
149 }
150 *result = INSTALL_REBOOT;
151 return std::make_pair(true, false);
152 }
153
154 // Parses and executes the command from minadbd. Returns whether the caller should keep waiting for
155 // next command.
HandleMessageFromMinadbd(int socket_fd,const std::map<MinadbdCommand,CommandFunction> & command_map)156 static bool HandleMessageFromMinadbd(int socket_fd,
157 const std::map<MinadbdCommand, CommandFunction>& command_map) {
158 char buffer[kMinadbdMessageSize];
159 if (!android::base::ReadFully(socket_fd, buffer, kMinadbdMessageSize)) {
160 PLOG(ERROR) << "Failed to read message from minadbd";
161 return false;
162 }
163
164 std::string message(buffer, buffer + kMinadbdMessageSize);
165 auto command_type = ParseMinadbdCommand(message);
166 if (command_type == MinadbdCommand::kError) {
167 return false;
168 }
169 if (command_map.find(command_type) == command_map.end()) {
170 LOG(ERROR) << "Unsupported command: "
171 << android::base::get_unaligned<unsigned int>(
172 message.substr(strlen(kMinadbdCommandPrefix)).c_str());
173 return false;
174 }
175
176 // We have received a valid command, execute the corresponding function.
177 const auto& command_func = command_map.at(command_type);
178 const auto [result, should_continue] = command_func();
179 LOG(INFO) << "Command " << static_cast<uint32_t>(command_type) << " finished with " << result;
180 if (!WriteStatusToFd(result ? MinadbdCommandStatus::kSuccess : MinadbdCommandStatus::kFailure,
181 socket_fd)) {
182 return false;
183 }
184 return should_continue;
185 }
186
187 // TODO(xunchang) add a wrapper function and kill the minadbd service there.
ListenAndExecuteMinadbdCommands(RecoveryUI * ui,pid_t minadbd_pid,android::base::unique_fd && socket_fd,const std::map<MinadbdCommand,CommandFunction> & command_map)188 static void ListenAndExecuteMinadbdCommands(
189 RecoveryUI* ui, pid_t minadbd_pid, android::base::unique_fd&& socket_fd,
190 const std::map<MinadbdCommand, CommandFunction>& command_map) {
191 android::base::unique_fd epoll_fd(epoll_create1(O_CLOEXEC));
192 if (epoll_fd == -1) {
193 PLOG(ERROR) << "Failed to create epoll";
194 kill(minadbd_pid, SIGKILL);
195 return;
196 }
197
198 constexpr int EPOLL_MAX_EVENTS = 10;
199 struct epoll_event ev = {};
200 ev.events = EPOLLIN | EPOLLHUP;
201 ev.data.fd = socket_fd.get();
202 struct epoll_event events[EPOLL_MAX_EVENTS];
203 if (epoll_ctl(epoll_fd.get(), EPOLL_CTL_ADD, socket_fd.get(), &ev) == -1) {
204 PLOG(ERROR) << "Failed to add socket fd to epoll";
205 kill(minadbd_pid, SIGKILL);
206 return;
207 }
208
209 // Set the timeout to be 300s when waiting for minadbd commands.
210 constexpr int TIMEOUT_MILLIS = 300 * 1000;
211 while (true) {
212 // Reset the progress bar and the background image before each command.
213 ui->SetProgressType(RecoveryUI::EMPTY);
214 ui->SetBackground(RecoveryUI::NO_COMMAND);
215
216 // Poll for the status change of the socket_fd, and handle the message if the fd is ready to
217 // read.
218 int event_count =
219 TEMP_FAILURE_RETRY(epoll_wait(epoll_fd.get(), events, EPOLL_MAX_EVENTS, TIMEOUT_MILLIS));
220 if (event_count == -1) {
221 PLOG(ERROR) << "Failed to wait for epoll events";
222 kill(minadbd_pid, SIGKILL);
223 return;
224 }
225 if (event_count == 0) {
226 LOG(ERROR) << "Timeout waiting for messages from minadbd";
227 kill(minadbd_pid, SIGKILL);
228 return;
229 }
230
231 for (int n = 0; n < event_count; n++) {
232 if (events[n].events & EPOLLHUP) {
233 LOG(INFO) << "Socket has been closed";
234 kill(minadbd_pid, SIGKILL);
235 return;
236 }
237 if (!HandleMessageFromMinadbd(socket_fd.get(), command_map)) {
238 kill(minadbd_pid, SIGKILL);
239 return;
240 }
241 }
242 }
243 }
244
245 // Recovery starts minadbd service as a child process, and spawns another thread to listen for the
246 // message from minadbd through a socket pair. Here is an example to execute one command from adb
247 // host.
248 // a. recovery b. listener thread c. minadbd service
249 //
250 // a1. create socket pair
251 // a2. fork minadbd service
252 // c3. wait for the adb commands
253 // from host
254 // c4. after receiving host commands:
255 // 1) set up pre-condition (i.e.
256 // start fuse for adb sideload)
257 // 2) issue command through
258 // socket.
259 // 3) wait for result
260 // a5. start listener thread
261 // b6. listen for message from
262 // minadbd in a loop.
263 // b7. After receiving a minadbd
264 // command from socket
265 // 1) execute the command function
266 // 2) send the result back to
267 // minadbd
268 // ......
269 // c8. exit upon receiving the
270 // result
271 // a9. wait for listener thread
272 // to exit.
273 //
274 // a10. wait for minadbd to
275 // exit
276 // b11. exit the listening loop
277 //
CreateMinadbdServiceAndExecuteCommands(RecoveryUI * ui,const std::map<MinadbdCommand,CommandFunction> & command_map,bool rescue_mode)278 static void CreateMinadbdServiceAndExecuteCommands(
279 RecoveryUI* ui, const std::map<MinadbdCommand, CommandFunction>& command_map,
280 bool rescue_mode) {
281 signal(SIGPIPE, SIG_IGN);
282
283 android::base::unique_fd recovery_socket;
284 android::base::unique_fd minadbd_socket;
285 if (!android::base::Socketpair(AF_UNIX, SOCK_STREAM, 0, &recovery_socket, &minadbd_socket)) {
286 PLOG(ERROR) << "Failed to create socket";
287 return;
288 }
289
290 pid_t child = fork();
291 if (child == -1) {
292 PLOG(ERROR) << "Failed to fork child process";
293 return;
294 }
295 if (child == 0) {
296 recovery_socket.reset();
297 std::vector<std::string> minadbd_commands = {
298 "/system/bin/minadbd",
299 "--socket_fd",
300 std::to_string(minadbd_socket.release()),
301 };
302 if (rescue_mode) {
303 minadbd_commands.push_back("--rescue");
304 }
305 auto exec_args = StringVectorToNullTerminatedArray(minadbd_commands);
306 execv(exec_args[0], exec_args.data());
307 _exit(EXIT_FAILURE);
308 }
309
310 minadbd_socket.reset();
311
312 // We need to call SetUsbConfig() after forking minadbd service. Because the function waits for
313 // the usb state to be updated, which depends on sys.usb.ffs.ready=1 set in the adb daemon.
314 if (!SetUsbConfig("sideload")) {
315 LOG(ERROR) << "Failed to set usb config to sideload";
316 return;
317 }
318
319 std::thread listener_thread(ListenAndExecuteMinadbdCommands, ui, child,
320 std::move(recovery_socket), std::ref(command_map));
321 if (listener_thread.joinable()) {
322 listener_thread.join();
323 }
324
325 int status;
326 waitpid(child, &status, 0);
327 if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) {
328 if (WEXITSTATUS(status) == MinadbdErrorCode::kMinadbdAdbVersionError) {
329 LOG(ERROR) << "\nYou need adb 1.0.32 or newer to sideload\nto this device.\n";
330 } else if (!WIFSIGNALED(status)) {
331 LOG(ERROR) << "\n(adbd status " << WEXITSTATUS(status) << ")";
332 }
333 }
334
335 signal(SIGPIPE, SIG_DFL);
336 }
337
ApplyFromAdb(Device * device,bool rescue_mode,Device::BuiltinAction * reboot_action)338 InstallResult ApplyFromAdb(Device* device, bool rescue_mode, Device::BuiltinAction* reboot_action) {
339 // Save the usb state to restore after the sideload operation.
340 std::string usb_state = android::base::GetProperty("sys.usb.state", "none");
341 // Clean up state and stop adbd.
342 if (usb_state != "none" && !SetUsbConfig("none")) {
343 LOG(ERROR) << "Failed to clear USB config";
344 return INSTALL_ERROR;
345 }
346
347 RecoveryUI* ui = device->GetUI();
348
349 InstallResult install_result = INSTALL_ERROR;
350 std::map<MinadbdCommand, CommandFunction> command_map{
351 { MinadbdCommand::kInstall, std::bind(&AdbInstallPackageHandler, ui, &install_result) },
352 { MinadbdCommand::kRebootAndroid, std::bind(&AdbRebootHandler, MinadbdCommand::kRebootAndroid,
353 &install_result, reboot_action) },
354 { MinadbdCommand::kRebootBootloader,
355 std::bind(&AdbRebootHandler, MinadbdCommand::kRebootBootloader, &install_result,
356 reboot_action) },
357 { MinadbdCommand::kRebootFastboot, std::bind(&AdbRebootHandler, MinadbdCommand::kRebootFastboot,
358 &install_result, reboot_action) },
359 { MinadbdCommand::kRebootRecovery, std::bind(&AdbRebootHandler, MinadbdCommand::kRebootRecovery,
360 &install_result, reboot_action) },
361 { MinadbdCommand::kRebootRescue,
362 std::bind(&AdbRebootHandler, MinadbdCommand::kRebootRescue, &install_result, reboot_action) },
363 };
364
365 if (!rescue_mode) {
366 ui->Print(
367 "\n\nNow send the package you want to apply\n"
368 "to the device with \"adb sideload <filename>\"...\n");
369 } else {
370 command_map.emplace(MinadbdCommand::kWipeData, [&device]() {
371 bool result = WipeData(device, false);
372 return std::make_pair(result, true);
373 });
374 command_map.emplace(MinadbdCommand::kNoOp, []() { return std::make_pair(true, true); });
375
376 ui->Print("\n\nWaiting for rescue commands...\n");
377 }
378
379 CreateMinadbdServiceAndExecuteCommands(ui, command_map, rescue_mode);
380
381 // Clean up before switching to the older state, for example setting the state
382 // to none sets sys/class/android_usb/android0/enable to 0.
383 if (!SetUsbConfig("none")) {
384 LOG(ERROR) << "Failed to clear USB config";
385 }
386
387 if (usb_state != "none") {
388 if (!SetUsbConfig(usb_state)) {
389 LOG(ERROR) << "Failed to set USB config to " << usb_state;
390 }
391 }
392
393 return install_result;
394 }
395