tequilaOS/platform_system_core
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_system_core/adb/daemon/auth.cpp

283 lines
8.7 KiB
C++
Raw Normal View History

adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 21:23:49 +02:00
/*
* Copyright (C) 2012 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
Adb: use VLOG() to replace D() for verbose logging. As there are too many D(), we can keep both VLOG() and D() now, and get rid of D() gradually. Change-Id: I2f1cb70bcab3e82c99fed939341d03f6b2216076
2015-09-23 00:52:57 +02:00
#define TRACE_TAG AUTH
File header cleanup. * sysdeps.h should always be included first. * TRACE_TAG needs to be defined before anything is included. * Some files were missing copyright headers. * Save precious bytes on my SSD by removing useless whitespace. Change-Id: I88980e6e00b5be1093806cf286740d9e4a033b94
2015-03-19 23:21:08 +01:00
Clean up key handling in adb. This includes the locking we need to be able to re-load the keys at runtime. We should rename "adb_auth_client.cpp" to "adb_auth_adbd.cpp" or "adbd_auth.cpp" in a later change. Change-Id: I9e1d5b6b7d0497d6f6e5d9c4fb660118cdff05a8 Test: "adb devices" works against a non-AOSP device with $ADB_VENDOR_KEYS set, says "unauthorized" without. Bug: http://b/29273531
2016-06-30 02:42:01 +02:00
#include "adb.h"
File header cleanup. * sysdeps.h should always be included first. * TRACE_TAG needs to be defined before anything is included. * Some files were missing copyright headers. * Save precious bytes on my SSD by removing useless whitespace. Change-Id: I88980e6e00b5be1093806cf286740d9e4a033b94
2015-03-19 23:21:08 +01:00
#include "adb_auth.h"
Notify framework on adb disconnect Bug: 111656592 Test: atest AdbDebuggingManagerTest Change-Id: I84f0b076799b0628663fde1a14609bc71c5a9ed3
2018-12-29 05:35:37 +01:00
#include "adb_io.h"
adb: move fdevent to its own folder. Preparatory refactoring for platform-specific implementations. Test: mma Change-Id: I0f600122ac89241788c5f3300f362fd9ef02ddcd
2019-06-28 22:50:37 +02:00
#include "fdevent/fdevent.h"
Clean up key handling in adb. This includes the locking we need to be able to re-load the keys at runtime. We should rename "adb_auth_client.cpp" to "adb_auth_adbd.cpp" or "adbd_auth.cpp" in a later change. Change-Id: I9e1d5b6b7d0497d6f6e5d9c4fb660118cdff05a8 Test: "adb devices" works against a non-AOSP device with $ADB_VENDOR_KEYS set, says "unauthorized" without. Bug: http://b/29273531
2016-06-30 02:42:01 +02:00
#include "sysdeps.h"
#include "transport.h"
File header cleanup. * sysdeps.h should always be included first. * TRACE_TAG needs to be defined before anything is included. * Some files were missing copyright headers. * Save precious bytes on my SSD by removing useless whitespace. Change-Id: I88980e6e00b5be1093806cf286740d9e4a033b94
2015-03-19 23:21:08 +01:00
Move transport declarations into transport.h. There are a few cloexec issues in here as an added bonus. Change-Id: I1699d719d733f47878bdba0454230cf5ab6a60b6
2015-02-25 00:51:19 +01:00
#include <resolv.h>
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 21:23:49 +02:00
#include <stdio.h>
#include <string.h>
Notify the framework when an adb key is authorized Bug: 124076524 Test: atest AdbDebuggingManagerTest Change-Id: If73b81ca73ba4d64763cf49c1bbe42de81fa1cb6
2019-04-26 03:33:35 +02:00
#include <iomanip>
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 21:23:49 +02:00
Notify the framework when an adb key is authorized Bug: 124076524 Test: atest AdbDebuggingManagerTest Change-Id: If73b81ca73ba4d64763cf49c1bbe42de81fa1cb6
2019-04-26 03:33:35 +02:00
#include <algorithm>
Clean up key handling in adb. This includes the locking we need to be able to re-load the keys at runtime. We should rename "adb_auth_client.cpp" to "adb_auth_adbd.cpp" or "adbd_auth.cpp" in a later change. Change-Id: I9e1d5b6b7d0497d6f6e5d9c4fb660118cdff05a8 Test: "adb devices" works against a non-AOSP device with $ADB_VENDOR_KEYS set, says "unauthorized" without. Bug: http://b/29273531
2016-06-30 02:42:01 +02:00
#include <memory>
#include <android-base/file.h>
#include <android-base/strings.h>
#include <crypto_utils/android_pubkey.h>
Switch fs_mgr and adb to libcrypto_utils. Update code and dependencies to use BoringSSL + libcrypto_utils instead of mincrypt. Change-Id: Ic75164bd50c84b81b6310e27a67d4b3c174984f9
2016-03-31 16:32:09 +02:00
#include <openssl/obj_mac.h>
#include <openssl/rsa.h>
#include <openssl/sha.h>
adb: remove fdevent_install, fdevent_remove. Remove fdevent_install and fdevent_remove in favor of using fdevent_create and fdevent_destroy, so that we can put RAII types (i.e. unique_fd) into fdevent without worrying about -Wexit-time-destructors or structs that are freed instead of deleted. Bug: http://b/79786774 Test: python test_device.py Change-Id: I8471cc00574ed492fe1b196944976cdaae8b7cff
2018-05-14 20:14:33 +02:00
static fdevent* listener_fde = nullptr;
static fdevent* framework_fde = nullptr;
Notify the framework when an adb key is authorized Bug: 124076524 Test: atest AdbDebuggingManagerTest Change-Id: If73b81ca73ba4d64763cf49c1bbe42de81fa1cb6
2019-04-26 03:33:35 +02:00
static auto& framework_mutex = *new std::mutex();
static int framework_fd GUARDED_BY(framework_mutex) = -1;
static auto& connected_keys GUARDED_BY(framework_mutex) = *new std::vector<std::string>;
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 21:23:49 +02:00
Notify framework on adb disconnect Bug: 111656592 Test: atest AdbDebuggingManagerTest Change-Id: I84f0b076799b0628663fde1a14609bc71c5a9ed3
2018-12-29 05:35:37 +01:00
static void adb_disconnected(void* unused, atransport* t);
static struct adisconnect adb_disconnect = {adb_disconnected, nullptr};
static atransport* adb_transport;
adb: Fix secure adb when booting with usb attached When booting with usb attached, the secure adb authentication happens long before the framework is done booting, so adb can't notify the framework to install the public key. Change-Id: Id2af6cebece345022f56cb0c4b5af24e1d7a425c
2013-01-16 04:59:14 +01:00
static bool needs_retry = false;
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 21:23:49 +02:00
adb: split up adb_auth.cpp. All of the functions in adb_auth.cpp were used in only one of adb/adbd. Split up them up into adb_auth_host.cpp and adbd_auth.cpp respectively. Bug: http://b/29273531 Test: built and flashed bullhead, adb still works Change-Id: Ib610c5157522634cc273511175152f1306cc52a7
2016-10-06 04:02:29 +02:00
bool auth_required = true;
Notify the framework when an adb key is authorized Bug: 124076524 Test: atest AdbDebuggingManagerTest Change-Id: If73b81ca73ba4d64763cf49c1bbe42de81fa1cb6
2019-04-26 03:33:35 +02:00
bool adbd_auth_verify(const char* token, size_t token_size, const std::string& sig,
std::string* auth_key) {
Clean up key handling in adb. This includes the locking we need to be able to re-load the keys at runtime. We should rename "adb_auth_client.cpp" to "adb_auth_adbd.cpp" or "adbd_auth.cpp" in a later change. Change-Id: I9e1d5b6b7d0497d6f6e5d9c4fb660118cdff05a8 Test: "adb devices" works against a non-AOSP device with $ADB_VENDOR_KEYS set, says "unauthorized" without. Bug: http://b/29273531
2016-06-30 02:42:01 +02:00
static constexpr const char* key_paths[] = { "/adb_keys", "/data/misc/adb/adb_keys", nullptr };
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 21:23:49 +02:00
Clean up key handling in adb. This includes the locking we need to be able to re-load the keys at runtime. We should rename "adb_auth_client.cpp" to "adb_auth_adbd.cpp" or "adbd_auth.cpp" in a later change. Change-Id: I9e1d5b6b7d0497d6f6e5d9c4fb660118cdff05a8 Test: "adb devices" works against a non-AOSP device with $ADB_VENDOR_KEYS set, says "unauthorized" without. Bug: http://b/29273531
2016-06-30 02:42:01 +02:00
for (const auto& path : key_paths) {
if (access(path, R_OK) == 0) {
LOG(INFO) << "Loading keys from " << path;
std::string content;
if (!android::base::ReadFileToString(path, &content)) {
PLOG(ERROR) << "Couldn't read " << path;
continue;
}
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 21:23:49 +02:00
Clean up key handling in adb. This includes the locking we need to be able to re-load the keys at runtime. We should rename "adb_auth_client.cpp" to "adb_auth_adbd.cpp" or "adbd_auth.cpp" in a later change. Change-Id: I9e1d5b6b7d0497d6f6e5d9c4fb660118cdff05a8 Test: "adb devices" works against a non-AOSP device with $ADB_VENDOR_KEYS set, says "unauthorized" without. Bug: http://b/29273531
2016-06-30 02:42:01 +02:00
for (const auto& line : android::base::Split(content, "\n")) {
Notify the framework when an adb key is authorized Bug: 124076524 Test: atest AdbDebuggingManagerTest Change-Id: If73b81ca73ba4d64763cf49c1bbe42de81fa1cb6
2019-04-26 03:33:35 +02:00
if (line.empty()) continue;
*auth_key = line;
Clean up key handling in adb. This includes the locking we need to be able to re-load the keys at runtime. We should rename "adb_auth_client.cpp" to "adb_auth_adbd.cpp" or "adbd_auth.cpp" in a later change. Change-Id: I9e1d5b6b7d0497d6f6e5d9c4fb660118cdff05a8 Test: "adb devices" works against a non-AOSP device with $ADB_VENDOR_KEYS set, says "unauthorized" without. Bug: http://b/29273531
2016-06-30 02:42:01 +02:00
// TODO: do we really have to support both ' ' and '\t'?
char* sep = strpbrk(const_cast<char*>(line.c_str()), " \t");
if (sep) *sep = '\0';
// b64_pton requires one additional byte in the target buffer for
// decoding to succeed. See http://b/28035006 for details.
uint8_t keybuf[ANDROID_PUBKEY_ENCODED_SIZE + 1];
adbd: compile for host. Preparatory step for testing adb on GCE on non-linux hosts: instead of pointing them at a device (emulated or otherwise), point them at adbd running on a linux host instead. Test: adbd & adb connect localhost:5555; adb -e wait-for-device shell Change-Id: Ib22d51a4fc9e6e68f71bf1b3b9b2e1b0bd844760
2019-01-23 04:36:15 +01:00
if (b64_pton(line.c_str(), keybuf, sizeof(keybuf)) != ANDROID_PUBKEY_ENCODED_SIZE) {
Clean up key handling in adb. This includes the locking we need to be able to re-load the keys at runtime. We should rename "adb_auth_client.cpp" to "adb_auth_adbd.cpp" or "adbd_auth.cpp" in a later change. Change-Id: I9e1d5b6b7d0497d6f6e5d9c4fb660118cdff05a8 Test: "adb devices" works against a non-AOSP device with $ADB_VENDOR_KEYS set, says "unauthorized" without. Bug: http://b/29273531
2016-06-30 02:42:01 +02:00
LOG(ERROR) << "Invalid base64 key " << line.c_str() << " in " << path;
continue;
}
RSA* key = nullptr;
if (!android_pubkey_decode(keybuf, ANDROID_PUBKEY_ENCODED_SIZE, &key)) {
LOG(ERROR) << "Failed to parse key " << line.c_str() << " in " << path;
continue;
}
adb: rationalize types. Use fixed length types for structs going over the wire, constify arguments where possible, use char* instead of unsigned char* for apacket data, and assorted other refactoring. Bug: http://b/29273531 Test: python test_device.py with every combination of old/new adb and adbd Change-Id: I0b6f818a32be5386985aa4519f542003cf427f9d
2016-10-06 22:31:44 +02:00
bool verified =
(RSA_verify(NID_sha1, reinterpret_cast<const uint8_t*>(token), token_size,
adb: switch apacket over to a std::string payload. Test: python test_device.py with walleye/x86_64 emulator Change-Id: I0a18941af1cb2279e5019a24ace25741def1202f
2018-02-06 03:49:10 +01:00
reinterpret_cast<const uint8_t*>(sig.c_str()), sig.size(),
key) == 1);
Clean up key handling in adb. This includes the locking we need to be able to re-load the keys at runtime. We should rename "adb_auth_client.cpp" to "adb_auth_adbd.cpp" or "adbd_auth.cpp" in a later change. Change-Id: I9e1d5b6b7d0497d6f6e5d9c4fb660118cdff05a8 Test: "adb devices" works against a non-AOSP device with $ADB_VENDOR_KEYS set, says "unauthorized" without. Bug: http://b/29273531
2016-06-30 02:42:01 +02:00
RSA_free(key);
if (verified) return true;
}
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 21:23:49 +02:00
}
}
Notify the framework when an adb key is authorized Bug: 124076524 Test: atest AdbDebuggingManagerTest Change-Id: If73b81ca73ba4d64763cf49c1bbe42de81fa1cb6
2019-04-26 03:33:35 +02:00
auth_key->clear();
Clean up key handling in adb. This includes the locking we need to be able to re-load the keys at runtime. We should rename "adb_auth_client.cpp" to "adb_auth_adbd.cpp" or "adbd_auth.cpp" in a later change. Change-Id: I9e1d5b6b7d0497d6f6e5d9c4fb660118cdff05a8 Test: "adb devices" works against a non-AOSP device with $ADB_VENDOR_KEYS set, says "unauthorized" without. Bug: http://b/29273531
2016-06-30 02:42:01 +02:00
return false;
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 21:23:49 +02:00
}
Notify the framework when an adb key is authorized Bug: 124076524 Test: atest AdbDebuggingManagerTest Change-Id: If73b81ca73ba4d64763cf49c1bbe42de81fa1cb6
2019-04-26 03:33:35 +02:00
static bool adbd_send_key_message_locked(std::string_view msg_type, std::string_view key)
REQUIRES(framework_mutex) {
if (framework_fd < 0) {
LOG(ERROR) << "Client not connected to send msg_type " << msg_type;
return false;
}
std::string msg = std::string(msg_type) + std::string(key);
int msg_len = msg.length();
if (msg_len >= static_cast<int>(MAX_FRAMEWORK_PAYLOAD)) {
LOG(ERROR) << "Key too long (" << msg_len << ")";
return false;
}
LOG(DEBUG) << "Sending '" << msg << "'";
if (!WriteFdExactly(framework_fd, msg.c_str(), msg_len)) {
PLOG(ERROR) << "Failed to write " << msg_type;
return false;
}
return true;
}
adb: split up adb_auth.cpp. All of the functions in adb_auth.cpp were used in only one of adb/adbd. Split up them up into adb_auth_host.cpp and adbd_auth.cpp respectively. Bug: http://b/29273531 Test: built and flashed bullhead, adb still works Change-Id: Ib610c5157522634cc273511175152f1306cc52a7
2016-10-06 04:02:29 +02:00
static bool adbd_auth_generate_token(void* token, size_t token_size) {
Clean up key handling in adb. This includes the locking we need to be able to re-load the keys at runtime. We should rename "adb_auth_client.cpp" to "adb_auth_adbd.cpp" or "adbd_auth.cpp" in a later change. Change-Id: I9e1d5b6b7d0497d6f6e5d9c4fb660118cdff05a8 Test: "adb devices" works against a non-AOSP device with $ADB_VENDOR_KEYS set, says "unauthorized" without. Bug: http://b/29273531
2016-06-30 02:42:01 +02:00
FILE* fp = fopen("/dev/urandom", "re");
if (!fp) return false;
bool okay = (fread(token, token_size, 1, fp) == 1);
fclose(fp);
return okay;
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 21:23:49 +02:00
}
Notify framework on adb disconnect Bug: 111656592 Test: atest AdbDebuggingManagerTest Change-Id: I84f0b076799b0628663fde1a14609bc71c5a9ed3
2018-12-29 05:35:37 +01:00
static void adb_disconnected(void* unused, atransport* t) {
LOG(INFO) << "ADB disconnect";
adb_transport = nullptr;
adb: Fix secure adb when booting with usb attached When booting with usb attached, the secure adb authentication happens long before the framework is done booting, so adb can't notify the framework to install the public key. Change-Id: Id2af6cebece345022f56cb0c4b5af24e1d7a425c
2013-01-16 04:59:14 +01:00
needs_retry = false;
Notify the framework when an adb key is authorized Bug: 124076524 Test: atest AdbDebuggingManagerTest Change-Id: If73b81ca73ba4d64763cf49c1bbe42de81fa1cb6
2019-04-26 03:33:35 +02:00
{
std::lock_guard<std::mutex> lock(framework_mutex);
if (framework_fd >= 0) {
adbd_send_key_message_locked("DC", t->auth_key);
Notify framework on adb disconnect Bug: 111656592 Test: atest AdbDebuggingManagerTest Change-Id: I84f0b076799b0628663fde1a14609bc71c5a9ed3
2018-12-29 05:35:37 +01:00
}
Notify the framework when an adb key is authorized Bug: 124076524 Test: atest AdbDebuggingManagerTest Change-Id: If73b81ca73ba4d64763cf49c1bbe42de81fa1cb6
2019-04-26 03:33:35 +02:00
connected_keys.erase(std::remove(connected_keys.begin(), connected_keys.end(), t->auth_key),
connected_keys.end());
Notify framework on adb disconnect Bug: 111656592 Test: atest AdbDebuggingManagerTest Change-Id: I84f0b076799b0628663fde1a14609bc71c5a9ed3
2018-12-29 05:35:37 +01:00
}
adb: Fix secure adb when booting with usb attached When booting with usb attached, the secure adb authentication happens long before the framework is done booting, so adb can't notify the framework to install the public key. Change-Id: Id2af6cebece345022f56cb0c4b5af24e1d7a425c
2013-01-16 04:59:14 +01:00
}
adb: fix leak of framework_fd. Move the fdevent for the framework authentication connection out of atransport into its own static variable in adb_auth_client, since its lifetime is completely unrelated to that of the USB connection. Bug: http://b/27297963 Change-Id: Ie6180d0b59d133120c5755e239e76ab33ed3cc1d
2016-02-24 03:05:57 +01:00
static void framework_disconnected() {
Clean up key handling in adb. This includes the locking we need to be able to re-load the keys at runtime. We should rename "adb_auth_client.cpp" to "adb_auth_adbd.cpp" or "adbd_auth.cpp" in a later change. Change-Id: I9e1d5b6b7d0497d6f6e5d9c4fb660118cdff05a8 Test: "adb devices" works against a non-AOSP device with $ADB_VENDOR_KEYS set, says "unauthorized" without. Bug: http://b/29273531
2016-06-30 02:42:01 +02:00
LOG(INFO) << "Framework disconnect";
adb: remove fdevent_install, fdevent_remove. Remove fdevent_install and fdevent_remove in favor of using fdevent_create and fdevent_destroy, so that we can put RAII types (i.e. unique_fd) into fdevent without worrying about -Wexit-time-destructors or structs that are freed instead of deleted. Bug: http://b/79786774 Test: python test_device.py Change-Id: I8471cc00574ed492fe1b196944976cdaae8b7cff
2018-05-14 20:14:33 +02:00
if (framework_fde) {
fdevent_destroy(framework_fde);
Notify the framework when an adb key is authorized Bug: 124076524 Test: atest AdbDebuggingManagerTest Change-Id: If73b81ca73ba4d64763cf49c1bbe42de81fa1cb6
2019-04-26 03:33:35 +02:00
{
std::lock_guard<std::mutex> lock(framework_mutex);
framework_fd = -1;
}
adb: remove fdevent_install, fdevent_remove. Remove fdevent_install and fdevent_remove in favor of using fdevent_create and fdevent_destroy, so that we can put RAII types (i.e. unique_fd) into fdevent without worrying about -Wexit-time-destructors or structs that are freed instead of deleted. Bug: http://b/79786774 Test: python test_device.py Change-Id: I8471cc00574ed492fe1b196944976cdaae8b7cff
2018-05-14 20:14:33 +02:00
}
adb: fix leak of framework_fd. Move the fdevent for the framework authentication connection out of atransport into its own static variable in adb_auth_client, since its lifetime is completely unrelated to that of the USB connection. Bug: http://b/27297963 Change-Id: Ie6180d0b59d133120c5755e239e76ab33ed3cc1d
2016-02-24 03:05:57 +01:00
}
adb: split up adb_auth.cpp. All of the functions in adb_auth.cpp were used in only one of adb/adbd. Split up them up into adb_auth_host.cpp and adbd_auth.cpp respectively. Bug: http://b/29273531 Test: built and flashed bullhead, adb still works Change-Id: Ib610c5157522634cc273511175152f1306cc52a7
2016-10-06 04:02:29 +02:00
static void adbd_auth_event(int fd, unsigned events, void*) {
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 21:23:49 +02:00
if (events & FDE_READ) {
Clean up key handling in adb. This includes the locking we need to be able to re-load the keys at runtime. We should rename "adb_auth_client.cpp" to "adb_auth_adbd.cpp" or "adbd_auth.cpp" in a later change. Change-Id: I9e1d5b6b7d0497d6f6e5d9c4fb660118cdff05a8 Test: "adb devices" works against a non-AOSP device with $ADB_VENDOR_KEYS set, says "unauthorized" without. Bug: http://b/29273531
2016-06-30 02:42:01 +02:00
char response[2];
int ret = unix_read(fd, response, sizeof(response));
fix for adbd pinning CPU adbd was spinning between select & read (0 bytes) for an adb_auth socket. The read documentation states: "On success, the number of bytes read is returned (zero indicates end of file)" so the code has been modified to close the connection (like the read error case). BUG=17419868 Change-Id: I1d8fb70c8e1876225ba8d47ea0a2b6265a7d182b
2014-09-26 06:51:15 +02:00
if (ret <= 0) {
adb: fix leak of framework_fd. Move the fdevent for the framework authentication connection out of atransport into its own static variable in adb_auth_client, since its lifetime is completely unrelated to that of the USB connection. Bug: http://b/27297963 Change-Id: Ie6180d0b59d133120c5755e239e76ab33ed3cc1d
2016-02-24 03:05:57 +01:00
framework_disconnected();
} else if (ret == 2 && response[0] == 'O' && response[1] == 'K') {
Notify framework on adb disconnect Bug: 111656592 Test: atest AdbDebuggingManagerTest Change-Id: I84f0b076799b0628663fde1a14609bc71c5a9ed3
2018-12-29 05:35:37 +01:00
if (adb_transport) {
adbd_auth_verified(adb_transport);
adb: fix leak of framework_fd. Move the fdevent for the framework authentication connection out of atransport into its own static variable in adb_auth_client, since its lifetime is completely unrelated to that of the USB connection. Bug: http://b/27297963 Change-Id: Ie6180d0b59d133120c5755e239e76ab33ed3cc1d
2016-02-24 03:05:57 +01:00
}
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 21:23:49 +02:00
}
}
}
Notify the framework when an adb key is authorized Bug: 124076524 Test: atest AdbDebuggingManagerTest Change-Id: If73b81ca73ba4d64763cf49c1bbe42de81fa1cb6
2019-04-26 03:33:35 +02:00
void adbd_auth_confirm_key(atransport* t) {
Notify framework on adb disconnect Bug: 111656592 Test: atest AdbDebuggingManagerTest Change-Id: I84f0b076799b0628663fde1a14609bc71c5a9ed3
2018-12-29 05:35:37 +01:00
if (!adb_transport) {
adb_transport = t;
t->AddDisconnect(&adb_disconnect);
adb: Prevent registering usb_disconnect twice adbd can receive multiple AUTH_RSAPUBLICKEY packets. This happens for example when booting with usb attached when we retry authenticating after the framework is done booting. Make sure usb_disconnect is only registered once, otherwise this creates a loop in the disconnects list. Bug: 8504991 Change-Id: Ia1f9a37005dd17b7eefee1493d622e1679263eea
2013-04-02 02:39:06 +02:00
}
adb: Fix secure adb when booting with usb attached When booting with usb attached, the secure adb authentication happens long before the framework is done booting, so adb can't notify the framework to install the public key. Change-Id: Id2af6cebece345022f56cb0c4b5af24e1d7a425c
2013-01-16 04:59:14 +01:00
Notify the framework when an adb key is authorized Bug: 124076524 Test: atest AdbDebuggingManagerTest Change-Id: If73b81ca73ba4d64763cf49c1bbe42de81fa1cb6
2019-04-26 03:33:35 +02:00
{
std::lock_guard<std::mutex> lock(framework_mutex);
if (framework_fd < 0) {
LOG(ERROR) << "Client not connected";
needs_retry = true;
return;
}
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 21:23:49 +02:00
Notify the framework when an adb key is authorized Bug: 124076524 Test: atest AdbDebuggingManagerTest Change-Id: If73b81ca73ba4d64763cf49c1bbe42de81fa1cb6
2019-04-26 03:33:35 +02:00
adbd_send_key_message_locked("PK", t->auth_key);
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 21:23:49 +02:00
}
}
adb: split up adb_auth.cpp. All of the functions in adb_auth.cpp were used in only one of adb/adbd. Split up them up into adb_auth_host.cpp and adbd_auth.cpp respectively. Bug: http://b/29273531 Test: built and flashed bullhead, adb still works Change-Id: Ib610c5157522634cc273511175152f1306cc52a7
2016-10-06 04:02:29 +02:00
static void adbd_auth_listener(int fd, unsigned events, void* data) {
adb: remove unnecessary addr arguments to accept. Follow up to https://android-review.googlesource.com/#/c/261412/ Change-Id: I0ee130db302940f3224cc823a26b02fc45da0fca Test: mma
2016-08-24 00:41:56 +02:00
int s = adb_socket_accept(fd, nullptr, nullptr);
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 21:23:49 +02:00
if (s < 0) {
Clean up key handling in adb. This includes the locking we need to be able to re-load the keys at runtime. We should rename "adb_auth_client.cpp" to "adb_auth_adbd.cpp" or "adbd_auth.cpp" in a later change. Change-Id: I9e1d5b6b7d0497d6f6e5d9c4fb660118cdff05a8 Test: "adb devices" works against a non-AOSP device with $ADB_VENDOR_KEYS set, says "unauthorized" without. Bug: http://b/29273531
2016-06-30 02:42:01 +02:00
PLOG(ERROR) << "Failed to accept";
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 21:23:49 +02:00
return;
}
Notify the framework when an adb key is authorized Bug: 124076524 Test: atest AdbDebuggingManagerTest Change-Id: If73b81ca73ba4d64763cf49c1bbe42de81fa1cb6
2019-04-26 03:33:35 +02:00
{
std::lock_guard<std::mutex> lock(framework_mutex);
if (framework_fd >= 0) {
LOG(WARNING) << "adb received framework auth socket connection again";
framework_disconnected();
}
framework_fd = s;
framework_fde = fdevent_create(framework_fd, adbd_auth_event, nullptr);
fdevent_add(framework_fde, FDE_READ);
if (needs_retry) {
needs_retry = false;
send_auth_request(adb_transport);
}
adb: fix leak of framework_fd. Move the fdevent for the framework authentication connection out of atransport into its own static variable in adb_auth_client, since its lifetime is completely unrelated to that of the USB connection. Bug: http://b/27297963 Change-Id: Ie6180d0b59d133120c5755e239e76ab33ed3cc1d
2016-02-24 03:05:57 +01:00
Notify the framework when an adb key is authorized Bug: 124076524 Test: atest AdbDebuggingManagerTest Change-Id: If73b81ca73ba4d64763cf49c1bbe42de81fa1cb6
2019-04-26 03:33:35 +02:00
// if a client connected before the framework was available notify the framework of the
// connected key now.
if (!connected_keys.empty()) {
for (const auto& key : connected_keys) {
adbd_send_key_message_locked("CK", key);
}
}
}
}
adb: Fix secure adb when booting with usb attached When booting with usb attached, the secure adb authentication happens long before the framework is done booting, so adb can't notify the framework to install the public key. Change-Id: Id2af6cebece345022f56cb0c4b5af24e1d7a425c
2013-01-16 04:59:14 +01:00
Notify the framework when an adb key is authorized Bug: 124076524 Test: atest AdbDebuggingManagerTest Change-Id: If73b81ca73ba4d64763cf49c1bbe42de81fa1cb6
2019-04-26 03:33:35 +02:00
void adbd_notify_framework_connected_key(atransport* t) {
if (!adb_transport) {
adb_transport = t;
t->AddDisconnect(&adb_disconnect);
}
{
std::lock_guard<std::mutex> lock(framework_mutex);
if (std::find(connected_keys.begin(), connected_keys.end(), t->auth_key) ==
connected_keys.end()) {
connected_keys.push_back(t->auth_key);
}
if (framework_fd >= 0) {
adbd_send_key_message_locked("CK", t->auth_key);
}
adb: Fix secure adb when booting with usb attached When booting with usb attached, the secure adb authentication happens long before the framework is done booting, so adb can't notify the framework to install the public key. Change-Id: Id2af6cebece345022f56cb0c4b5af24e1d7a425c
2013-01-16 04:59:14 +01:00
}
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 21:23:49 +02:00
}
Fix file descriptor leakage in adbd adb_auth_init in adb_auth_client.cpp sets FD_CLOEXEC on the control socket, which prevents the leakage. However if ro.adb.secure property is unset (as it is on the emulator), adb_auth_init is not invoked, which results in the control socket fd leaking into any process started by the deamon (specifically, any command executed through adb shell). Split the fd cleanup into a separate function that is called unconditionally. Change-Id: I73ea84977542ddfc4ac20599593ecf3745ae9108
2015-03-17 19:03:36 +01:00
void adbd_cloexec_auth_socket() {
int fd = android_get_control_socket("adbd");
if (fd == -1) {
Clean up key handling in adb. This includes the locking we need to be able to re-load the keys at runtime. We should rename "adb_auth_client.cpp" to "adb_auth_adbd.cpp" or "adbd_auth.cpp" in a later change. Change-Id: I9e1d5b6b7d0497d6f6e5d9c4fb660118cdff05a8 Test: "adb devices" works against a non-AOSP device with $ADB_VENDOR_KEYS set, says "unauthorized" without. Bug: http://b/29273531
2016-06-30 02:42:01 +02:00
PLOG(ERROR) << "Failed to get adbd socket";
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 21:23:49 +02:00
return;
}
adb: set O_CLOEXEC on lots of file descriptors Too many leaking FDs. Fixes bug: https://code.google.com/p/android/issues/detail?id=65857 (and more) Change-Id: I67d8683244e54288a8105f6f65ee40abe2378d7e
2014-07-19 05:57:35 +02:00
fcntl(fd, F_SETFD, FD_CLOEXEC);
Fix file descriptor leakage in adbd adb_auth_init in adb_auth_client.cpp sets FD_CLOEXEC on the control socket, which prevents the leakage. However if ro.adb.secure property is unset (as it is on the emulator), adb_auth_init is not invoked, which results in the control socket fd leaking into any process started by the deamon (specifically, any command executed through adb shell). Split the fd cleanup into a separate function that is called unconditionally. Change-Id: I73ea84977542ddfc4ac20599593ecf3745ae9108
2015-03-17 19:03:36 +01:00
}
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 21:23:49 +02:00
Fix file descriptor leakage in adbd adb_auth_init in adb_auth_client.cpp sets FD_CLOEXEC on the control socket, which prevents the leakage. However if ro.adb.secure property is unset (as it is on the emulator), adb_auth_init is not invoked, which results in the control socket fd leaking into any process started by the deamon (specifically, any command executed through adb shell). Split the fd cleanup into a separate function that is called unconditionally. Change-Id: I73ea84977542ddfc4ac20599593ecf3745ae9108
2015-03-17 19:03:36 +01:00
void adbd_auth_init(void) {
int fd = android_get_control_socket("adbd");
if (fd == -1) {
Clean up key handling in adb. This includes the locking we need to be able to re-load the keys at runtime. We should rename "adb_auth_client.cpp" to "adb_auth_adbd.cpp" or "adbd_auth.cpp" in a later change. Change-Id: I9e1d5b6b7d0497d6f6e5d9c4fb660118cdff05a8 Test: "adb devices" works against a non-AOSP device with $ADB_VENDOR_KEYS set, says "unauthorized" without. Bug: http://b/29273531
2016-06-30 02:42:01 +02:00
PLOG(ERROR) << "Failed to get adbd socket";
Fix file descriptor leakage in adbd adb_auth_init in adb_auth_client.cpp sets FD_CLOEXEC on the control socket, which prevents the leakage. However if ro.adb.secure property is unset (as it is on the emulator), adb_auth_init is not invoked, which results in the control socket fd leaking into any process started by the deamon (specifically, any command executed through adb shell). Split the fd cleanup into a separate function that is called unconditionally. Change-Id: I73ea84977542ddfc4ac20599593ecf3745ae9108
2015-03-17 19:03:36 +01:00
return;
}
if (listen(fd, 4) == -1) {
Clean up key handling in adb. This includes the locking we need to be able to re-load the keys at runtime. We should rename "adb_auth_client.cpp" to "adb_auth_adbd.cpp" or "adbd_auth.cpp" in a later change. Change-Id: I9e1d5b6b7d0497d6f6e5d9c4fb660118cdff05a8 Test: "adb devices" works against a non-AOSP device with $ADB_VENDOR_KEYS set, says "unauthorized" without. Bug: http://b/29273531
2016-06-30 02:42:01 +02:00
PLOG(ERROR) << "Failed to listen on '" << fd << "'";
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 21:23:49 +02:00
return;
}
[adb] Modernize codebase by replacing NULL with nullptr Fixes -Wzero-as-null-pointer-constant warning. Test: m Bug: 68236239 Change-Id: Ia8c4deacafed2f3b7dbc3d4c3c77c6c632e3de81
2018-07-14 03:15:16 +02:00
listener_fde = fdevent_create(fd, adbd_auth_listener, nullptr);
adb: remove fdevent_install, fdevent_remove. Remove fdevent_install and fdevent_remove in favor of using fdevent_create and fdevent_destroy, so that we can put RAII types (i.e. unique_fd) into fdevent without worrying about -Wexit-time-destructors or structs that are freed instead of deleted. Bug: http://b/79786774 Test: python test_device.py Change-Id: I8471cc00574ed492fe1b196944976cdaae8b7cff
2018-05-14 20:14:33 +02:00
fdevent_add(listener_fde, FDE_READ);
adb: Add public key authentification Secure adb using a public key authentication, to allow USB debugging only from authorized hosts. When a device is connected to an unauthorized host, the adb daemon sends the user public key to the device. A popup is shown to ask the user to allow debugging once or permanantly from the host. The public key is installed on the device in the later case. Other keys may be installed at build time. On the host, the user public/private key pair is automatically generated, if it does not exist, when the adb daemon starts and is stored in $HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed, the ADB_KEYS_PATH env variable may be set to a :-separated (; under Windows) list of private keys, e.g. company-wide or vendor keys. On the device, vendors public keys are installed at build time in /adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys. ADB Protocol change: If the device needs to authenticate the host, it replies to CNXN packets with an AUTH packet. The AUTH packet payload is a random token. The host signs the token with one of its private keys and sends an AUTH(0) packet. If the signature verification succeeds, the device replies with a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so that the host can retry with another private key. Once the host has tried all its keys, it can send an AUTH(1) packet with a public key as payload. adbd then sends the public key to the framework (if it has been started) for confirmation. Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-04-12 21:23:49 +02:00
}
adb: split up adb_auth.cpp. All of the functions in adb_auth.cpp were used in only one of adb/adbd. Split up them up into adb_auth_host.cpp and adbd_auth.cpp respectively. Bug: http://b/29273531 Test: built and flashed bullhead, adb still works Change-Id: Ib610c5157522634cc273511175152f1306cc52a7
2016-10-06 04:02:29 +02:00
void send_auth_request(atransport* t) {
LOG(INFO) << "Calling send_auth_request...";
if (!adbd_auth_generate_token(t->token, sizeof(t->token))) {
PLOG(ERROR) << "Error generating token";
return;
}
apacket* p = get_apacket();
p->msg.command = A_AUTH;
p->msg.arg0 = ADB_AUTH_TOKEN;
p->msg.data_length = sizeof(t->token);
adb: switch apacket over to a std::string payload. Test: python test_device.py with walleye/x86_64 emulator Change-Id: I0a18941af1cb2279e5019a24ace25741def1202f
2018-02-06 03:49:10 +01:00
p->payload.assign(t->token, t->token + sizeof(t->token));
adb: split up adb_auth.cpp. All of the functions in adb_auth.cpp were used in only one of adb/adbd. Split up them up into adb_auth_host.cpp and adbd_auth.cpp respectively. Bug: http://b/29273531 Test: built and flashed bullhead, adb still works Change-Id: Ib610c5157522634cc273511175152f1306cc52a7
2016-10-06 04:02:29 +02:00
send_packet(p, t);
}
adbd: add logging to troubleshoot usb issues. Bug: http://b/63899881 Bug: http://b/63901259 Bug: http://b/63904904 Test: treehugger Change-Id: Ifbc3caa6b416093bf8e127194003747c910352dc
2017-07-26 20:06:55 +02:00
void adbd_auth_verified(atransport* t) {
LOG(INFO) << "adb client authorized";
adb: split up adb_auth.cpp. All of the functions in adb_auth.cpp were used in only one of adb/adbd. Split up them up into adb_auth_host.cpp and adbd_auth.cpp respectively. Bug: http://b/29273531 Test: built and flashed bullhead, adb still works Change-Id: Ib610c5157522634cc273511175152f1306cc52a7
2016-10-06 04:02:29 +02:00
handle_online(t);
send_connect(t);
}
Reference in a new issue Copy permalink