1 /*
2 * Copyright (C) 2020 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include "adbconnection/client.h"
18
19 #include <pwd.h>
20 #include <stddef.h>
21 #include <stdint.h>
22 #include <sys/socket.h>
23 #include <sys/un.h>
24
25 #include <memory>
26 #include <mutex>
27 #include <optional>
28 #include <string>
29 #include <vector>
30
31 #include <android-base/cmsg.h>
32 #include <android-base/logging.h>
33 #include <android-base/properties.h>
34 #include <android-base/thread_annotations.h>
35 #include <android-base/unique_fd.h>
36
37 #include "adbconnection/common.h"
38
39 using android::base::unique_fd;
40
41 struct AppInfo {
42 std::mutex mutex;
43
44 // The state of the app process
45 ProcessInfo process GUARDED_BY(mutex);
46
47 // True if any of the ProcessInfo fields have been modified since we last sent an update to the
48 // server.
49 bool has_pending_update GUARDED_BY(mutex) = false;
50 };
51
52 static auto& app_info = *new AppInfo();
53
54 struct AdbConnectionClientContext {
55 unique_fd control_socket_;
56 };
57
SocketPeerIsTrusted(int fd)58 bool SocketPeerIsTrusted(int fd) {
59 // Allow unit tests to pass on Linux host
60 #if !defined(__ANDROID__)
61 return true;
62 #endif
63 ucred cr;
64 socklen_t cr_length = sizeof(cr);
65 if (getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &cr, &cr_length) != 0) {
66 PLOG(ERROR) << "couldn't get socket credentials";
67 return false;
68 }
69
70 passwd* shell = getpwnam("shell");
71 if (cr.uid != 0 && cr.uid != shell->pw_uid) {
72 LOG(ERROR) << "untrusted uid " << cr.uid << " on other end of socket";
73 return false;
74 }
75
76 return true;
77 }
78
send_app_info(const AdbConnectionClientContext * ctx)79 static void send_app_info(const AdbConnectionClientContext* ctx) {
80 std::lock_guard<std::mutex> lock(app_info.mutex);
81 if (!ctx) {
82 LOG(WARNING) << "Can't send app_info: No connection to adbd";
83 return;
84 }
85
86 if (!app_info.has_pending_update) {
87 LOG(WARNING) << "adbconnection_client: No pending updates";
88 return;
89 }
90
91 auto protobufProcess = app_info.process.toProtobuf();
92 std::string serialized_message;
93 if (!protobufProcess.SerializeToString(&serialized_message)) {
94 LOG(ERROR) << "Unable to build ART -> adbd message";
95 return;
96 }
97
98 if (serialized_message.size() > MAX_APP_MESSAGE_LENGTH) {
99 LOG(ERROR) << "adbd appinfo message too big (> " << MAX_APP_MESSAGE_LENGTH << ")";
100 return;
101 }
102
103 ssize_t message_size = serialized_message.size();
104 ssize_t rc = TEMP_FAILURE_RETRY(
105 write(ctx->control_socket_.get(), serialized_message.data(), serialized_message.size()));
106 if (rc != message_size) {
107 PLOG(ERROR) << "failed to send app info to adbd";
108 return;
109 }
110 app_info.has_pending_update = false;
111 }
112
adbconnection_client_new(const AdbConnectionClientInfo * const * info_elems,size_t info_count)113 AdbConnectionClientContext* adbconnection_client_new(
114 const AdbConnectionClientInfo* const* info_elems, size_t info_count) {
115 auto ctx = std::make_unique<AdbConnectionClientContext>();
116
117 std::optional<uint64_t> pid;
118 std::optional<bool> debuggable;
119 std::optional<bool> profileable;
120 std::optional<std::string> architecture;
121
122 for (size_t i = 0; i < info_count; ++i) {
123 auto info = info_elems[i];
124 switch (info->type) {
125 case AdbConnectionClientInfoType::pid:
126 if (pid) {
127 LOG(ERROR) << "multiple pid entries in AdbConnectionClientInfo, ignoring";
128 continue;
129 }
130 pid = info->data.pid;
131 break;
132
133 case AdbConnectionClientInfoType::debuggable:
134 if (debuggable) {
135 LOG(ERROR) << "multiple debuggable entries in AdbConnectionClientInfo, ignoring";
136 continue;
137 }
138 debuggable = info->data.debuggable;
139 break;
140
141 case AdbConnectionClientInfoType::profileable:
142 if (profileable) {
143 LOG(ERROR) << "multiple profileable entries in AdbConnectionClientInfo, ignoring";
144 continue;
145 }
146 profileable = info->data.profileable;
147 break;
148
149 case AdbConnectionClientInfoType::architecture:
150 if (architecture) {
151 LOG(ERROR) << "multiple architecture entries in AdbConnectionClientInfo, ignoring";
152 continue;
153 }
154 architecture = std::string(info->data.architecture.name, info->data.architecture.size);
155 break;
156 }
157 }
158
159 if (!pid) {
160 LOG(ERROR) << "AdbConnectionClientInfo missing required field pid";
161 return nullptr;
162 }
163
164 if (!debuggable) {
165 LOG(ERROR) << "AdbConnectionClientInfo missing required field debuggable";
166 return nullptr;
167 }
168
169 bool expectProfileableAndArch = false;
170 #if defined(__BIONIC__)
171 expectProfileableAndArch = android_get_device_api_level() >= __ANDROID_API_S__;
172 #endif
173 if (expectProfileableAndArch) {
174 if (!profileable) {
175 LOG(ERROR) << "AdbConnectionClientInfo missing required field profileable";
176 return nullptr;
177 }
178
179 if (!architecture) {
180 LOG(ERROR) << "AdbConnectionClientInfo missing required field architecture";
181 return nullptr;
182 }
183 }
184
185 ctx->control_socket_.reset(socket(AF_UNIX, SOCK_SEQPACKET | SOCK_CLOEXEC, 0));
186 if (ctx->control_socket_ < 0) {
187 PLOG(ERROR) << "failed to create Unix domain socket";
188 return nullptr;
189 }
190
191 #if defined(__ANDROID__)
192 // It's possible that adbd isn't running at this point.
193 // We don't want to just blindly connect, because if there's nothing listening, we'll end up
194 // waking up every second and preventing the CPU from going to sleep.
195 if (!android::base::WaitForProperty("init.svc.adbd", "running")) {
196 LOG(ERROR) << "adbd isn't running";
197 return nullptr;
198 }
199 #endif
200
201 struct timeval timeout;
202 timeout.tv_sec = 1;
203 timeout.tv_usec = 0;
204 setsockopt(ctx->control_socket_.get(), SOL_SOCKET, SO_SNDTIMEO, &timeout, sizeof(timeout));
205
206 auto [addr, addr_len] = get_control_socket_addr();
207 int rc = connect(ctx->control_socket_.get(), reinterpret_cast<sockaddr*>(&addr), addr_len);
208 if (rc != 0) {
209 if (errno == ECONNREFUSED) {
210 // On userdebug devices, every Java process is debuggable, so if adbd is explicitly turned
211 // off, this would spew enormous amounts of red-herring errors.
212 LOG(DEBUG) << "failed to connect to jdwp control socket, adbd not running?";
213 } else {
214 PLOG(ERROR) << "failed to connect to jdwp control socket";
215 }
216 return nullptr;
217 }
218
219 bool trusted = SocketPeerIsTrusted(ctx->control_socket_.get());
220 if (!trusted) {
221 LOG(ERROR) << "adb socket is not trusted, aborting connection";
222 return nullptr;
223 }
224
225 {
226 std::lock_guard<std::mutex> lock(app_info.mutex);
227 app_info.process.pid = *pid;
228 app_info.process.debuggable = *debuggable;
229 if (profileable) {
230 app_info.process.profileable = *profileable;
231 }
232 if (architecture) {
233 app_info.process.architecture = *architecture;
234 }
235 app_info.process.uid = getuid();
236 app_info.has_pending_update = true;
237 }
238 send_app_info(ctx.get());
239
240 return ctx.release();
241 }
242
adbconnection_client_set_current_process_name(const char * process_name)243 void adbconnection_client_set_current_process_name(const char* process_name) {
244 std::lock_guard<std::mutex> lock(app_info.mutex);
245 app_info.process.process_name = process_name;
246 app_info.has_pending_update = true;
247 }
248
adbconnection_client_add_application(const char * package_name)249 void adbconnection_client_add_application(const char* package_name) {
250 std::lock_guard<std::mutex> lock(app_info.mutex);
251 app_info.process.package_names.insert(package_name);
252 app_info.has_pending_update = true;
253 }
254
adbconnection_client_remove_application(const char * package_name)255 void adbconnection_client_remove_application(const char* package_name) {
256 std::lock_guard<std::mutex> lock(app_info.mutex);
257 app_info.process.package_names.erase(package_name);
258 app_info.has_pending_update = true;
259 }
260
adbconnection_client_set_waiting_for_debugger(bool waiting)261 void adbconnection_client_set_waiting_for_debugger(bool waiting) {
262 std::lock_guard<std::mutex> lock(app_info.mutex);
263 app_info.process.waiting_for_debugger = waiting;
264 app_info.has_pending_update = true;
265 }
266
adbconnection_client_has_pending_update()267 bool adbconnection_client_has_pending_update() {
268 std::lock_guard<std::mutex> lock(app_info.mutex);
269 return app_info.has_pending_update;
270 }
271
adbconnection_client_set_user_id(int user_id)272 void adbconnection_client_set_user_id(int user_id) {
273 std::lock_guard<std::mutex> lock(app_info.mutex);
274 app_info.process.user_id = user_id;
275 app_info.has_pending_update = true;
276 }
277
adbconnection_client_send_update(const AdbConnectionClientContext * ctx)278 void adbconnection_client_send_update(const AdbConnectionClientContext* ctx) {
279 send_app_info(ctx);
280 }
281
adbconnection_client_destroy(AdbConnectionClientContext * ctx)282 void adbconnection_client_destroy(AdbConnectionClientContext* ctx) {
283 delete ctx;
284 }
285
adbconnection_client_pollfd(AdbConnectionClientContext * ctx)286 int adbconnection_client_pollfd(AdbConnectionClientContext* ctx) {
287 return ctx->control_socket_.get();
288 }
289
adbconnection_client_receive_jdwp_fd(AdbConnectionClientContext * ctx)290 int adbconnection_client_receive_jdwp_fd(AdbConnectionClientContext* ctx) {
291 char dummy;
292 unique_fd jdwp_fd;
293 ssize_t rc = android::base::ReceiveFileDescriptors(ctx->control_socket_, &dummy, 1, &jdwp_fd);
294 if (rc != 1) {
295 return rc;
296 }
297 return jdwp_fd.release();
298 }