1 /*
2 * Copyright (C) 2015 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #define TRACE_TAG ADB
18
19 #include "sysdeps.h"
20
21 #include <errno.h>
22 #include <signal.h>
23 #include <stdio.h>
24 #include <stdlib.h>
25 #include <getopt.h>
26 #include <sys/prctl.h>
27
28 #include <memory>
29
30 #include <android-base/logging.h>
31 #include <android-base/stringprintf.h>
32 #include <libminijail.h>
33
34 #include "cutils/properties.h"
35 #include "private/android_filesystem_config.h"
36 #include "selinux/android.h"
37
38 #include "adb.h"
39 #include "adb_auth.h"
40 #include "adb_listeners.h"
41 #include "adb_utils.h"
42 #include "transport.h"
43
44 static const char* root_seclabel = nullptr;
45
drop_capabilities_bounding_set_if_needed()46 static void drop_capabilities_bounding_set_if_needed() {
47 #ifdef ALLOW_ADBD_ROOT
48 char value[PROPERTY_VALUE_MAX];
49 property_get("ro.debuggable", value, "");
50 if (strcmp(value, "1") == 0) {
51 return;
52 }
53 #endif
54 for (int i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >= 0; i++) {
55 if (i == CAP_SETUID || i == CAP_SETGID) {
56 // CAP_SETUID CAP_SETGID needed by /system/bin/run-as
57 continue;
58 }
59
60 if (prctl(PR_CAPBSET_DROP, i, 0, 0, 0) == -1) {
61 PLOG(FATAL) << "Could not drop capabilities";
62 }
63 }
64 }
65
should_drop_privileges()66 static bool should_drop_privileges() {
67 #if defined(ALLOW_ADBD_ROOT)
68 char value[PROPERTY_VALUE_MAX];
69
70 // The properties that affect `adb root` and `adb unroot` are ro.secure and
71 // ro.debuggable. In this context the names don't make the expected behavior
72 // particularly obvious.
73 //
74 // ro.debuggable:
75 // Allowed to become root, but not necessarily the default. Set to 1 on
76 // eng and userdebug builds.
77 //
78 // ro.secure:
79 // Drop privileges by default. Set to 1 on userdebug and user builds.
80 property_get("ro.secure", value, "1");
81 bool ro_secure = (strcmp(value, "1") == 0);
82
83 property_get("ro.debuggable", value, "");
84 bool ro_debuggable = (strcmp(value, "1") == 0);
85
86 // Drop privileges if ro.secure is set...
87 bool drop = ro_secure;
88
89 property_get("service.adb.root", value, "");
90 bool adb_root = (strcmp(value, "1") == 0);
91 bool adb_unroot = (strcmp(value, "0") == 0);
92
93 // ... except "adb root" lets you keep privileges in a debuggable build.
94 if (ro_debuggable && adb_root) {
95 drop = false;
96 }
97
98 // ... and "adb unroot" lets you explicitly drop privileges.
99 if (adb_unroot) {
100 drop = true;
101 }
102
103 return drop;
104 #else
105 return true; // "adb root" not allowed, always drop privileges.
106 #endif // ALLOW_ADBD_ROOT
107 }
108
drop_privileges(int server_port)109 static void drop_privileges(int server_port) {
110 std::unique_ptr<minijail, void (*)(minijail*)> jail(minijail_new(),
111 &minijail_destroy);
112
113 // Add extra groups:
114 // AID_ADB to access the USB driver
115 // AID_LOG to read system logs (adb logcat)
116 // AID_INPUT to diagnose input issues (getevent)
117 // AID_INET to diagnose network issues (ping)
118 // AID_NET_BT and AID_NET_BT_ADMIN to diagnose bluetooth (hcidump)
119 // AID_SDCARD_R to allow reading from the SD card
120 // AID_SDCARD_RW to allow writing to the SD card
121 // AID_NET_BW_STATS to read out qtaguid statistics
122 // AID_READPROC for reading /proc entries across UID boundaries
123 gid_t groups[] = {AID_ADB, AID_LOG, AID_INPUT,
124 AID_INET, AID_NET_BT, AID_NET_BT_ADMIN,
125 AID_SDCARD_R, AID_SDCARD_RW, AID_NET_BW_STATS,
126 AID_READPROC};
127 minijail_set_supplementary_gids(jail.get(),
128 sizeof(groups) / sizeof(groups[0]),
129 groups);
130
131 // Don't listen on a port (default 5037) if running in secure mode.
132 // Don't run as root if running in secure mode.
133 if (should_drop_privileges()) {
134 drop_capabilities_bounding_set_if_needed();
135
136 minijail_change_gid(jail.get(), AID_SHELL);
137 minijail_change_uid(jail.get(), AID_SHELL);
138 // minijail_enter() will abort if any priv-dropping step fails.
139 minijail_enter(jail.get());
140
141 D("Local port disabled");
142 } else {
143 // minijail_enter() will abort if any priv-dropping step fails.
144 minijail_enter(jail.get());
145
146 if (root_seclabel != nullptr) {
147 if (selinux_android_setcon(root_seclabel) < 0) {
148 LOG(FATAL) << "Could not set SELinux context";
149 }
150 }
151 std::string error;
152 std::string local_name =
153 android::base::StringPrintf("tcp:%d", server_port);
154 if (install_listener(local_name, "*smartsocket*", nullptr, 0,
155 &error)) {
156 LOG(FATAL) << "Could not install *smartsocket* listener: "
157 << error;
158 }
159 }
160 }
161
adbd_main(int server_port)162 int adbd_main(int server_port) {
163 umask(0);
164
165 signal(SIGPIPE, SIG_IGN);
166
167 init_transport_registration();
168
169 // We need to call this even if auth isn't enabled because the file
170 // descriptor will always be open.
171 adbd_cloexec_auth_socket();
172
173 if (ALLOW_ADBD_NO_AUTH && property_get_bool("ro.adb.secure", 0) == 0) {
174 auth_required = false;
175 }
176
177 adbd_auth_init();
178
179 // Our external storage path may be different than apps, since
180 // we aren't able to bind mount after dropping root.
181 const char* adb_external_storage = getenv("ADB_EXTERNAL_STORAGE");
182 if (adb_external_storage != nullptr) {
183 setenv("EXTERNAL_STORAGE", adb_external_storage, 1);
184 } else {
185 D("Warning: ADB_EXTERNAL_STORAGE is not set. Leaving EXTERNAL_STORAGE"
186 " unchanged.\n");
187 }
188
189 drop_privileges(server_port);
190
191 bool is_usb = false;
192 if (access(USB_ADB_PATH, F_OK) == 0 || access(USB_FFS_ADB_EP0, F_OK) == 0) {
193 // Listen on USB.
194 usb_init();
195 is_usb = true;
196 }
197
198 // If one of these properties is set, also listen on that port.
199 // If one of the properties isn't set and we couldn't listen on usb, listen
200 // on the default port.
201 char prop_port[PROPERTY_VALUE_MAX];
202 property_get("service.adb.tcp.port", prop_port, "");
203 if (prop_port[0] == '\0') {
204 property_get("persist.adb.tcp.port", prop_port, "");
205 }
206
207 int port;
208 if (sscanf(prop_port, "%d", &port) == 1 && port > 0) {
209 D("using port=%d", port);
210 // Listen on TCP port specified by service.adb.tcp.port property.
211 local_init(port);
212 } else if (!is_usb) {
213 // Listen on default port.
214 local_init(DEFAULT_ADB_LOCAL_TRANSPORT_PORT);
215 }
216
217 D("adbd_main(): pre init_jdwp()");
218 init_jdwp();
219 D("adbd_main(): post init_jdwp()");
220
221 D("Event loop starting");
222 fdevent_loop();
223
224 return 0;
225 }
226
main(int argc,char ** argv)227 int main(int argc, char** argv) {
228 while (true) {
229 static struct option opts[] = {
230 {"root_seclabel", required_argument, nullptr, 's'},
231 {"device_banner", required_argument, nullptr, 'b'},
232 {"version", no_argument, nullptr, 'v'},
233 };
234
235 int option_index = 0;
236 int c = getopt_long(argc, argv, "", opts, &option_index);
237 if (c == -1) {
238 break;
239 }
240
241 switch (c) {
242 case 's':
243 root_seclabel = optarg;
244 break;
245 case 'b':
246 adb_device_banner = optarg;
247 break;
248 case 'v':
249 printf("Android Debug Bridge Daemon version %d.%d.%d %s\n",
250 ADB_VERSION_MAJOR, ADB_VERSION_MINOR, ADB_SERVER_VERSION,
251 ADB_REVISION);
252 return 0;
253 default:
254 // getopt already prints "adbd: invalid option -- %c" for us.
255 return 1;
256 }
257 }
258
259 close_stdin();
260
261 adb_trace_init(argv);
262
263 D("Handling main()");
264 return adbd_main(DEFAULT_ADB_PORT);
265 }
266