1 /*
2 * Copyright (C) 2015 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #define TRACE_TAG ADB
18
19 #include "sysdeps.h"
20
21 #if defined(__BIONIC__)
22 #include <android/fdsan.h>
23 #endif
24
25 #include <errno.h>
26 #include <getopt.h>
27 #include <malloc.h>
28 #include <signal.h>
29 #include <stdio.h>
30 #include <stdlib.h>
31 #include <sys/capability.h>
32 #include <sys/prctl.h>
33
34 #include <memory>
35 #include <vector>
36
37 #include <android-base/logging.h>
38 #include <android-base/macros.h>
39 #include <android-base/properties.h>
40 #include <android-base/stringprintf.h>
41 #include <android-base/strings.h>
42
43 #if defined(__ANDROID__)
44 #include <libminijail.h>
45 #include <log/log_properties.h>
46 #include <scoped_minijail.h>
47
48 #include <private/android_filesystem_config.h>
49 #include "selinux/android.h"
50 #endif
51
52 #include "adb.h"
53 #include "adb_auth.h"
54 #include "adb_listeners.h"
55 #include "adb_utils.h"
56 #include "adb_wifi.h"
57 #include "socket_spec.h"
58 #include "transport.h"
59
60 #include "daemon/mdns.h"
61 #include "daemon/watchdog.h"
62
63 #if defined(__ANDROID__)
64 static const char* root_seclabel = nullptr;
65
should_drop_privileges()66 static bool should_drop_privileges() {
67 // The properties that affect `adb root` and `adb unroot` are ro.secure and
68 // ro.debuggable. In this context the names don't make the expected behavior
69 // particularly obvious.
70 //
71 // ro.debuggable:
72 // Allowed to become root, but not necessarily the default. Set to 1 on
73 // eng and userdebug builds.
74 //
75 // ro.secure:
76 // Drop privileges by default. Set to 1 on userdebug and user builds.
77 bool ro_secure = android::base::GetBoolProperty("ro.secure", true);
78 bool ro_debuggable = __android_log_is_debuggable();
79
80 // Drop privileges if ro.secure is set...
81 bool drop = ro_secure;
82
83 // ... except "adb root" lets you keep privileges in a debuggable build.
84 std::string prop = android::base::GetProperty("service.adb.root", "");
85 bool adb_root = (prop == "1");
86 bool adb_unroot = (prop == "0");
87 if (ro_debuggable && adb_root) {
88 drop = false;
89 }
90 // ... and "adb unroot" lets you explicitly drop privileges.
91 if (adb_unroot) {
92 drop = true;
93 }
94
95 return drop;
96 }
97
drop_privileges(int server_port)98 static void drop_privileges(int server_port) {
99 ScopedMinijail jail(minijail_new());
100
101 // Add extra groups:
102 // AID_ADB to access the USB driver
103 // AID_LOG to read system logs (adb logcat)
104 // AID_INPUT to diagnose input issues (getevent)
105 // AID_INET to diagnose network issues (ping)
106 // AID_NET_BT and AID_NET_BT_ADMIN to diagnose bluetooth (hcidump)
107 // AID_SDCARD_R to allow reading from the SD card
108 // AID_SDCARD_RW to allow writing to the SD card
109 // AID_NET_BW_STATS to read out qtaguid statistics
110 // AID_READPROC for reading /proc entries across UID boundaries
111 // AID_UHID for using 'hid' command to read/write to /dev/uhid
112 // AID_EXT_DATA_RW for writing to /sdcard/Android/data (devices without sdcardfs)
113 // AID_EXT_OBB_RW for writing to /sdcard/Android/obb (devices without sdcardfs)
114 // AID_READTRACEFS for reading tracefs entries
115 gid_t groups[] = {AID_ADB, AID_LOG, AID_INPUT, AID_INET,
116 AID_NET_BT, AID_NET_BT_ADMIN, AID_SDCARD_R, AID_SDCARD_RW,
117 AID_NET_BW_STATS, AID_READPROC, AID_UHID, AID_EXT_DATA_RW,
118 AID_EXT_OBB_RW, AID_READTRACEFS};
119 minijail_set_supplementary_gids(jail.get(), arraysize(groups), groups);
120
121 // Don't listen on a port (default 5037) if running in secure mode.
122 // Don't run as root if running in secure mode.
123 if (should_drop_privileges()) {
124 const bool should_drop_caps = !__android_log_is_debuggable();
125
126 if (should_drop_caps) {
127 minijail_use_caps(jail.get(), CAP_TO_MASK(CAP_SETUID) | CAP_TO_MASK(CAP_SETGID));
128 }
129
130 minijail_change_gid(jail.get(), AID_SHELL);
131 minijail_change_uid(jail.get(), AID_SHELL);
132 // minijail_enter() will abort if any priv-dropping step fails.
133 minijail_enter(jail.get());
134
135 // Whenever ambient capabilities are being used, minijail cannot
136 // simultaneously drop the bounding capability set to just
137 // CAP_SETUID|CAP_SETGID while clearing the inheritable, effective,
138 // and permitted sets. So we need to do that in two steps.
139 using ScopedCaps =
140 std::unique_ptr<std::remove_pointer<cap_t>::type, std::function<void(cap_t)>>;
141 ScopedCaps caps(cap_get_proc(), &cap_free);
142 if (cap_clear_flag(caps.get(), CAP_INHERITABLE) == -1) {
143 PLOG(FATAL) << "cap_clear_flag(INHERITABLE) failed";
144 }
145 if (cap_clear_flag(caps.get(), CAP_EFFECTIVE) == -1) {
146 PLOG(FATAL) << "cap_clear_flag(PEMITTED) failed";
147 }
148 if (cap_clear_flag(caps.get(), CAP_PERMITTED) == -1) {
149 PLOG(FATAL) << "cap_clear_flag(PEMITTED) failed";
150 }
151 if (cap_set_proc(caps.get()) != 0) {
152 PLOG(FATAL) << "cap_set_proc() failed";
153 }
154
155 D("Local port disabled");
156 } else {
157 // minijail_enter() will abort if any priv-dropping step fails.
158 minijail_enter(jail.get());
159
160 if (root_seclabel != nullptr) {
161 if (selinux_android_setcon(root_seclabel) < 0) {
162 LOG(FATAL) << "Could not set SELinux context";
163 }
164 }
165 }
166 }
167 #endif
168
setup_adb(const std::vector<std::string> & addrs)169 static void setup_adb(const std::vector<std::string>& addrs) {
170 #if defined(__ANDROID__)
171 // Get the first valid port from addrs and setup mDNS.
172 int port = -1;
173 std::string error;
174 for (const auto& addr : addrs) {
175 port = get_host_socket_spec_port(addr, &error);
176 if (port != -1) {
177 break;
178 }
179 }
180 if (port == -1) {
181 port = DEFAULT_ADB_LOCAL_TRANSPORT_PORT;
182 }
183 LOG(INFO) << "Setup mdns on port= " << port;
184 setup_mdns(port);
185 #endif
186 for (const auto& addr : addrs) {
187 LOG(INFO) << "adbd listening on " << addr;
188 local_init(addr);
189 }
190 }
191
adbd_main(int server_port)192 int adbd_main(int server_port) {
193 umask(0);
194
195 signal(SIGPIPE, SIG_IGN);
196
197 #if defined(__BIONIC__)
198 auto fdsan_level = android_fdsan_get_error_level();
199 if (fdsan_level == ANDROID_FDSAN_ERROR_LEVEL_DISABLED) {
200 android_fdsan_set_error_level(ANDROID_FDSAN_ERROR_LEVEL_WARN_ONCE);
201 }
202 #endif
203
204 init_transport_registration();
205
206 // We need to call this even if auth isn't enabled because the file
207 // descriptor will always be open.
208 adbd_cloexec_auth_socket();
209
210 #if defined(__ANDROID__)
211 // If we're on userdebug/eng or the device is unlocked, permit no-authentication.
212 bool device_unlocked = "orange" == android::base::GetProperty("ro.boot.verifiedbootstate", "");
213 if (__android_log_is_debuggable() || device_unlocked) {
214 auth_required = android::base::GetBoolProperty("ro.adb.secure", false);
215 }
216 #endif
217
218 // Our external storage path may be different than apps, since
219 // we aren't able to bind mount after dropping root.
220 const char* adb_external_storage = getenv("ADB_EXTERNAL_STORAGE");
221 if (adb_external_storage != nullptr) {
222 setenv("EXTERNAL_STORAGE", adb_external_storage, 1);
223 } else {
224 D("Warning: ADB_EXTERNAL_STORAGE is not set. Leaving EXTERNAL_STORAGE"
225 " unchanged.\n");
226 }
227
228 #if defined(__ANDROID__)
229 drop_privileges(server_port);
230 #endif
231
232 #if defined(__ANDROID__)
233 // A thread gets spawned as a side-effect of initializing the watchdog, so it needs to happen
234 // after we drop privileges.
235 watchdog::Initialize();
236 #endif
237
238 // adbd_auth_init will spawn a thread, so we need to defer it until after selinux transitions.
239 adbd_auth_init();
240
241 bool is_usb = false;
242
243 #if defined(__ANDROID__)
244 if (access(USB_FFS_ADB_EP0, F_OK) == 0) {
245 // Listen on USB.
246 usb_init();
247 is_usb = true;
248 }
249 #endif
250
251 // If one of these properties is set, also listen on that port.
252 // If one of the properties isn't set and we couldn't listen on usb, listen
253 // on the default port.
254 std::vector<std::string> addrs;
255 std::string prop_addr = android::base::GetProperty("service.adb.listen_addrs", "");
256 if (prop_addr.empty()) {
257 std::string prop_port = android::base::GetProperty("service.adb.tcp.port", "");
258 if (prop_port.empty()) {
259 prop_port = android::base::GetProperty("persist.adb.tcp.port", "");
260 }
261
262 #if !defined(__ANDROID__)
263 if (prop_port.empty() && getenv("ADBD_PORT")) {
264 prop_port = getenv("ADBD_PORT");
265 }
266 #endif
267
268 int port;
269 if (sscanf(prop_port.c_str(), "%d", &port) == 1 && port > 0) {
270 D("using tcp port=%d", port);
271 // Listen on TCP and VSOCK port specified by service.adb.tcp.port property.
272 addrs.push_back(android::base::StringPrintf("tcp:%d", port));
273 addrs.push_back(android::base::StringPrintf("vsock:%d", port));
274 setup_adb(addrs);
275 } else if (!is_usb) {
276 // Listen on default port.
277 addrs.push_back(
278 android::base::StringPrintf("tcp:%d", DEFAULT_ADB_LOCAL_TRANSPORT_PORT));
279 addrs.push_back(
280 android::base::StringPrintf("vsock:%d", DEFAULT_ADB_LOCAL_TRANSPORT_PORT));
281 setup_adb(addrs);
282 }
283 } else {
284 addrs = android::base::Split(prop_addr, ",");
285 setup_adb(addrs);
286 }
287
288 LOG(INFO) << "adbd started";
289
290 D("adbd_main(): pre init_jdwp()");
291 init_jdwp();
292 D("adbd_main(): post init_jdwp()");
293
294 D("Event loop starting");
295 fdevent_loop();
296
297 return 0;
298 }
299
main(int argc,char ** argv)300 int main(int argc, char** argv) {
301 #if defined(__BIONIC__)
302 // Set M_DECAY_TIME so that our allocations aren't immediately purged on free.
303 mallopt(M_DECAY_TIME, 1);
304 #endif
305
306 while (true) {
307 static struct option opts[] = {
308 {"root_seclabel", required_argument, nullptr, 's'},
309 {"device_banner", required_argument, nullptr, 'b'},
310 {"version", no_argument, nullptr, 'v'},
311 {"logpostfsdata", no_argument, nullptr, 'l'},
312 };
313
314 int option_index = 0;
315 int c = getopt_long(argc, argv, "", opts, &option_index);
316 if (c == -1) {
317 break;
318 }
319
320 switch (c) {
321 #if defined(__ANDROID__)
322 case 's':
323 root_seclabel = optarg;
324 break;
325 #endif
326 case 'b':
327 adb_device_banner = optarg;
328 break;
329 case 'v':
330 printf("Android Debug Bridge Daemon version %d.%d.%d\n", ADB_VERSION_MAJOR,
331 ADB_VERSION_MINOR, ADB_SERVER_VERSION);
332 return 0;
333 case 'l':
334 LOG(ERROR) << "post-fs-data triggered";
335 return 0;
336 default:
337 // getopt already prints "adbd: invalid option -- %c" for us.
338 return 1;
339 }
340 }
341
342 close_stdin();
343
344 adb_trace_init(argv);
345
346 D("Handling main()");
347 return adbd_main(DEFAULT_ADB_PORT);
348 }
349