Until I fixed this, we would fail this example:
$ adb shell sh -c 'echo hello; echo world'
hello
/system/bin/sh: echo world: not found
Bug: http://b/19734868
Change-Id: I11a437cd0c0362303028f23fbaa103611b75707e
It looks like we can't use clang on Windows yet because libc++ isn't ready.
So move back to GCC for the Windows host clang. Work around the mingw
printf format string problems that made us want to switch to clang in the
first place, and #include "sysdeps.h" in adb_utils.cpp to work around the
absence of lstat(2) on Windows.
Change-Id: Icd0797a8c0c2d1d326bdd704ba6bcafcbaeb742f
The specific motivating case is "text;ls;1.apk", but rather than continue
adding individual characters to the list of characters to be escaped, let's
just switch to quote all arguments with ', which only leaves ' itself to be
escaped.
Bug: 20323053
Bug: 19734868
Change-Id: I8bd71db9373bc2d1169fc11e46c889da6638550a
This doesn't fix the injection vulnerability, but it makes "adb backup"
no worse than the other commands, and lets me fix them all at once.
Bug: 20323053
Change-Id: I39843c065d9d738b6b7943b2ffd660e4a031cc36
Incorrectly set $ADB_VENDOR_KEYS is the most likely cause of failed
adb connections. Make it easier to debug such problems by including
the value in use in the error message.
Bug: 20165551
Change-Id: I64c1d98ae6d3fb40eea9e1f0ddcfcf4f2d9d7318
libc++.so is not widely available on the host, so we compile against
one built as part of the platform. This causes problems for adb and
fastboot, which are distributed through a number of channels - the
sdk, distro packages, downloaded from the build server, or manually
copied. Instead of forcing all users to handle libc++.so too,
statically link against libc++.
Change-Id: I51b75258653a23558c8b598802005f6c1166a439
adb shell uses termios to disable canonical input processing in order to
get raw control codes but it does not disable CR/LF translation. The default
for Linux terminals is to convert CR to LF unless the running program
specifically asks for this to be disabled. Since adb does not, there is no
way to send a CR to any program run on adb shell. Many programs do in fact
differentiate and so are broken by this behaviour, notably nano. This patch
sets the termios flags to disable all line ending translation.
Change-Id: I8b950220f7cc52fefaed2ee37d97e0789b40a078
Signed-off-by: Alistair Buxton <a.j.buxton@gmail.com>
Change 055f1aa4ff switched to using isalnum(3)
but didn't take into account that isalnum has the opposite sense to the
function it replaced, so the tests should have been inverted.
Bug: http://b/20056546
Change-Id: I90630c0bea69ddbb4a95dc09f79f49d23fd497de
Set the verity mode as the value for partition.%s.verified to make it
easier for userspace to determine in which mode dm-verity was started.
Change-Id: Icc635515f8a8ede941277aed196867351d8387cb
Currently it requires manual key press to enter the sideload mode. This
CL adds 'adb reboot sideload' to reboot the device into sideload mode
directly with text display on. With 'adb reboot sideload-auto-reboot',
it will reboot after the sideload regardless of the installation result,
unless interrupted by user.
Since it needs to write to /cache/recovery/command file, 'adb root' is
required before calling 'adb reboot sideload' and the one with
'-auto-reboot'.
Also it requires the matching CL in bootable/recovery.
Change-Id: Ib7bd4e216a1efc01e64460659c97c6005bbaec1b
adb root doesn't work on the emulator, so this prevents root access
to a userdebug emulator.
Since the emulator has always been root even on userdebug builds, it
may be that adb root has never worked on the emulator.
Bug: 19974213
This reverts commit abd6773b41.
The 'adb shell' command on Windows has had problems:
* Ctrl-C killed the local Windows adb.exe process instead of sending the
Ctrl-C to the Android device.
* Local echo was enabled, causing everything typed to be displayed twice.
* Line input was enabled, so the Android device only received input
after hitting enter. This meant that tab completion did not work because
the tab wasn't seen by the shell until pressing enter.
* The usual input line editing keys did not work (Ctrl-A to go to the
beginning of the line, etc.).
This commit fixes these issues by reconfiguring the Win32 console and
then translating input into what Gnome Terminal would send, in effect
somewhat emulating a Unix terminal.
This does not fix all Win32 console issues, but is designed to be better
than what we had before, and to make the common day-to-day usage much
more comfortable and usable.
Change-Id: Idb10e0b634e27002804fa99c09a64e7176cf7c09
Signed-off-by: Spencer Low <CompareAndSwap@gmail.com>
Addresses nnk's post commit review comments on
https://android-review.googlesource.com/#/c/139381/
Remove unneeded code for creating /data/adb.
Add an O_CLOEXEC.
Move the closing of stdin out to main().
Append the pid of the current process to the log file to avoid
clobbering the log if the process crashes and restarts within the same
second.
Change-Id: Ide0be86b4b33256486634c29ba02efaf10cf913d
Previously the adbd trace mask had to be set as raw hex rather than
with the colon separated list. We all have better things to do than
memorize bitmasks, so make adbd use the same trace mask setting code
as adb.
Change-Id: I0bf0ab61c070d06d1cc2acf1ed90b2b77ccd261b
* sysdeps.h should always be included first.
* TRACE_TAG needs to be defined before anything is included.
* Some files were missing copyright headers.
* Save precious bytes on my SSD by removing useless whitespace.
Change-Id: I88980e6e00b5be1093806cf286740d9e4a033b94
adb_auth_init in adb_auth_client.cpp sets FD_CLOEXEC on the control
socket, which prevents the leakage. However if ro.adb.secure
property is unset (as it is on the emulator), adb_auth_init is not
invoked, which results in the control socket fd leaking into any
process started by the deamon (specifically, any command executed
through adb shell).
Split the fd cleanup into a separate function that is called
unconditionally.
Change-Id: I73ea84977542ddfc4ac20599593ecf3745ae9108
This reverts commit 6084a0124f.
The original build breakage is fixed by (a) building the verity
code for eng builds as well as userdebug builds and (b) moving
the exported remount service functions into a new header file.
Change-Id: Ice0c4f97d4db38ab7eb333c7a6e56bbd11123f5b
This is broken on userdebug builds, and it isn't completely clear why. The declaration for make_block-device_writable in adb.h wasn't updated to match the definition (which uses a std::string instead of a char*). adb.h is currently extern "C", and it isn't clear why this is only broken for userdebug, so I'd like to revert while we investigate.
This reverts commit 81416fdb18.
Change-Id: I47f321574f9f21052e2c7332e8b0f6ef9ab98277
This won't actually ever be uninitialized because the code will take a
failure path if the code that initializes it fails. The goto seems to
thwart this check though.
Not sure why this is only firing on userdebug builds yet. I'll look in
to it tomorrow.
Change-Id: Ie9d837d6baea255d2a4d169355b53dfd775eacce
I keep trying to clean things up and needing std::strings. Might as
well just do this now.
usb_linux_client.c is going to stay as C because GCC isn't smart
enough to deal with the designated initializers it uses (though for
some reason it is in C mode).
The Darwin files are staying as C because I don't have a way to test
that they build.
The Windows files are staying as C because while I can actually build
for them, it's slow and painful.
Change-Id: I75367d29205a9049d34460032b3bb36384f43941
* Check the current adb user to choose the order of root/unroot.
* Re-root the device when finished.
Change-Id: I47a14b89e2c405bd63722e4d2043fcc629fb5e58
if many jdwp connection are created(), the memory will be leaked.
When it deletes heap memory on jdwp_process_free(),
the proc->fde just set to null.
so it need to free() in fdevent_destory().
If "adb remount" is done without having done "adb root" first,
scary looking SELinux denials are emitted before the operation
eventually fails. Avoid the scary looking messages by refusing
remount attempts if we're not running with privileges.
Change-Id: I298621251a10e38345ef77875003a97c8b5a0270
Renamed readx/writex to ReadFdExactly/WriteFdExactly respectively.
These read/write a full fixed-size buffer. If the whole buffer cannot
be read/written, these functions return an error.
Rename write_string to WriteStringFully.
Move the TEMP_FAILURE_RETRY definition in sysdeps.h out of the
!Windows section. It seems Windows won't actually interrupt a call,
but it's easier to just define it than to #ifdef each call.
Change-Id: Ia8ddffa2a52764a2f9a281c96c937660e002b9b9
I'll probably make this the default soon, but I'm not brave enough to
do that without checking the recovery image first.
Change-Id: I9cde687b08a588e3797645a308f381e4ec553447
In practice testing all connected devices is a pain, since it's
probably each device is running a different build. It would probably
make sense to just move this functionality up into a higher level test
runner (which could just live in main).
Also rename test_devices to test_shell, since it doesn't really test
`adb devices`.
Change-Id: Ie96d3e83b30acfac4e3bcbd9821690c0ad4d2f7e
Prior to https://android-review.googlesource.com/#/c/134253/ the
makefile had assumed !Windows was the same as Linux, so the Mac was
actually getting all the Linux sources as well. I mistakenly didn't
add fdevent.cpp to the Darwin sources in that change.
Change-Id: I4e12a394e9a2baf7c1e3c711a01a6b5fccbf79d9
None of this needs to be shared with minadbd, but these sources are
still needed for anything linking libadb (such as tests).
Change-Id: I3024f714da42364bf27a991986f00676e2bbbf2c
Also kill the device side libadb. This was added for the now dead
device side adb, and is no longer used.
Bug: 17626262
Change-Id: I3b28915641fd5b4f16fc86cf1f4f4e9711093001
Also note that we need both a libadb and a libadbd (for now) to
differentiate between code using ADB_HOST=1 and ADB_HOST=0.
Bug: 17626262
Change-Id: I873a8fb442a8a69258fe39af17781714a8fae4f6
lfd returned by adb_open is not the actual file desc.
on win32 builds. calling through fstat with invalid fd
will lead to crash, using stat instead.
Change-Id: I7fdc8b825162eaa42efe8755265842c300b00e39
Signed-off-by: eric.yan <eric.yan@yulong.com>
Signed-off-by: severecold <severecold@gmail.com>
If tracing was not enabled (the ADB_TRACE environment variable was not
set specially), writex() and readx() would still call dump_hex() which
would construct hex tracing strings, which would be immediately
discarded and not printed (because tracing is not enabled).
The fix is to only call dump_hex() if ADB_TRACING evalutes to true, the
same way that dump_packet() is only called if ADB_TRACING evaluates to
true.
Change-Id: I1651680da344389475ebdeea77ba1982960d5764
Signed-off-by: Spencer Low <CompareAndSwap@gmail.com>
Currently, a host running adb will sign a token of any length passed
to it by a device, effectively acting as a signing oracle. If the
ADB_VENDOR_KEYS environment variable is used to specify an additional
key to use, this behavior is not only unexpected, but probably also
unwanted. Further discussion can be found from this thread:
http://www.metzdowd.com/pipermail/cryptography/2015-January/024423.html
This change adds a check to ensure token length matches TOKEN_SIZE
before it's signed, which prevents an attacker from signing longer
messages.
Change-Id: I7b2cc1f051941bf9b66e1c02980850bede501793
On Windows, adb_socket_setbufsize() was taking a file descriptor value
from the compatibility layer in sysdeps_win32.c (namely, an index into
the _win32_fhs array) and passing it to the Winsock setsockopt() call,
which wants a Winsock SOCKET handle. Basically, adb_socket_setbufsize()
was passing `fd` instead of `_fh_from_int(fd)->fh_socket`, resulting in
adb effectively setting a socket buffer size on a random socket in the
process.
The fix is to introduce adb_setsockopt() which just calls setsockopt()
on non-Win32, and which uses the Winsock SOCKET handle on Win32. The
change also moves Win32 disable_tcp_nagle() to a header and adds an
extra sanity check to adb_shutdown().
Change-Id: I4354e818d27538f7ff5b0e70b28bdb6300e1b98b
Signed-off-by: Spencer Low <CompareAndSwap@gmail.com>
Using a const bool rather than an ifdef means the compiler can still
protect us from breaking code paths that aren't included in every
build variant.
Change-Id: Ic45c8fb52cd66c3ce090d760cdb92104e31265f5
Hadn't caught this in the previous submission because I tested the
build with another change on top of it that also fixes this.
Bug: 17626262
Change-Id: Ia40127618a5466e382081760d614ff7fc09d50a3
Much of adb is duplicated in bootable/recovery/minadb and fastboot.
Changes made to adb rarely get ported to the other two, so the trees
have diverged a bit. We'd like to stop this because it is a
maintenance nightmare, but the divergence makes this difficult to do
all at once. For now, we will start small by moving common files into
a static library. Hopefully some day we can get enough of adb in here
that we no longer need minadb.
Bug: 17626262
Change-Id: Ic8d5653bfcc0fec4e1acbece124402355084b864
There was a misinterpretation of how the v2 header works. The flags
in the header indicate what is in the rest of the structure.
Bug: 19127803
Change-Id: I5fa0dae6da51522c9afc4c94838eb6f462208683
If you run `adb tcpip`, adbd tries to process a string of 'tcpip:' using
this code:
} else if(!strncmp(name, "tcpip:", 6)) {
int port;
if (sscanf(name + 6, "%d", &port) == 0) {
port = 0;
}
ret = create_service_thread(restart_tcp_service, (void *) (uintptr_t) port);
If a zero-length string is passed to sscanf(), it returns EOF (-1) which
causes the if statement to skip the block, leaving the port variable
uninitialized.
I found this by running `adb tcpip` and sometimes getting 'invalid port'
and sometimes a device would start listening on a random port number.
The fix is to check the sscanf() return value for the success case (the
number of items successfully parsed), as is already done in other parts
of the adb code. I also fixed-up another instance of the same
code-pattern in services.c.
Change-Id: I8c9c33485ad076828da0ac74f048fdad561669d3
Signed-off-by: Spencer Low <CompareAndSwap@gmail.com>
Due to a typo, the --no-rebind option never worked (it always failed).
The root of the problem was that the client was sending on the wire
a command like:
host:forward:norebind::tcp:<port>;tcp:<port>
^^
Instead of:
host:forward:norebind:tcp:<port>;tcp:<port>
^
Note the erroneous double-column.
The fix is local to the adb client and thus doesn't require a new
version of the server or guest adbd on the device-side.
This also fixes 'adb reverse --no-rebind'.
See https://code.google.com/p/chromium/issues/detail?id=451109
Change-Id: I680fd432b5470072f6a9968ca32a7f90c600ac68
If verity is enabled and the underlying block device is marked
read-only, disable-verity fails. We cannot use the existing code
for enable-verity to make the device writable as the device in
/proc/mounts will be the verity device instead of the underlying
device we want to change. This change makes the correct device
writable when altering verity state.
Change-Id: I423ee50fb34d78cff2fe843318b9081c03c5142d
Remove 2 unused functions and 1 unused label in the
!ALLOW_ADBD_DISABLE_VERITY case
Change-Id: Id6b29f57bcb95e54f5a4014021d47d8ca6e4556e
Signed-off-by: Bernhard Rosenkränzer <Bernhard.Rosenkranzer@linaro.org>
Note that it is *easy* to break your phone with this feature. It is
not a bug that reenabling verity after changing one byte of the system
partition stops the device booting.
(cherry-pick of 7c442e1700e6312727283db402dec6f666f1b55a.)
Bug: 18529433
Change-Id: I632e91281884471a362960f1ba30312d2669b8ff
This reverts commit 152d2d4234.
Fixed build error, and also fixed memory leak spotted from warning.
(cherry-pick of bbb36319119edde9377fb80015235893c30d2bc9.)
Bug: 17691572
Change-Id: I23b5ba537f7b557432041d4338b38b9be434e981
The patch "[RFC] usb: gadget: f_fs: Add flags
to descriptors block" marks the current
usb_functionfs_descs_head format deprecated
and introduces support for sending SuperSpeed
descriptors.
This CL makes adbd to send Descriptors in the
new format. Adbd would fall back to the old
format, if kernel is not able to recognize
the new format. This is done to prevent
adbd from breaking in the older versions
of the kernel.
(cherry-pick of fad60336daa5a7adf82d8140cbddd1c735770e71.)
Bug: 17394972
Change-Id: I05095ccdcc74bf6953cbef847d7583eab137e12e
Signed-off-by: Badhri Jagan Sridharan <Badhri@google.com>
On mac require a case.
Also, this code is not portable, will fix it in long run.
(cherry-pick of 0f1fda9ee80ba086e4c8960a7d153798e3cf3285.)
Change-Id: I76194b62cea29bd3d21c7ba6c3da4d549bea4738
Re-commit https://googleplex-android-review.googlesource.com/#/c/519430/
Add fix for win_sdk build.
Add socketpair debug log.
Also output thread information in log on host side.
(cherry-pick of adb09fa01a16d8c5c92c2f8d325e1678c531223f.)
Change-Id: I21021bc111a3f7362a91b70593e3738125878118
Many of the windows files where not including stdlib.h even though they
are using malloc/free calls.
(cherry-pick of ae7bf0959bd3f79afbf365e41f015ed1c304afdc.)
Change-Id: If6959df9909d9d9928e9f4a2a96018166361cf3c
Introduce the "adb keygen" command.
Usage: adb keygen <filename>
This command creates an adb public/private key pair in a user
specified file. This can be used to create new adb keys, or rotate
existing keys.
Modify adb's key generation routines to use the HOSTNAME/LOGNAME
environment variables if available. This allows someone to override
the username/hostname embedded within the adb public key file if
desired. Fallback to the old mechanisms if those environment
variables aren't available.
Bug: 18342715
Change-Id: Ibccee6088d4609aa05ad6687d3a1d8a8689d3e8a
(cherry picked from commit af782b9f2a)
Change-Id: Ic76ffc9412171dddc879af0bbf6e20fbe1a8f057
Change-Id: I5a350bfa5641365d7a0939d89c6f477c335e948a
Signed-off-by: Zhuang Jin Can <jin.can.zhuang@intel.com>
Signed-off-by: Robert Chiras <robert.chiras@intel.com>
Replace the use of CFStringGetCString with kCFStringEncodingASCII specified
with CFStringGetFileSystemRepresentation which will ensure the correct
character encoding is used to conver the CFString into a NULL terminated
char array suitable for use with POSIX APIs.
Change-Id: Ibab1dc05c4f4db8604d329a493b4241992b8e69d
Companion patch for change I2bf583a27f9a3f98ef006ea62b906a4f89960507.
Due to the use of USB class 0xff it's not possible to register a listener
which uses the OS methods for filtering notifications, so this patch
also introduces a check in the notification listener which checks the
class, subclass, and protocol for the interface each notification relates
to.
Change-Id: I380cc80f96addc5057660efb2179b35f9378886a
