Secure adb using a public key authentication, to allow USB debugging
only from authorized hosts.
When a device is connected to an unauthorized host, the adb daemon sends
the user public key to the device. A popup is shown to ask the user to
allow debugging once or permanantly from the host. The public key is
installed on the device in the later case. Other keys may be installed
at build time.
On the host, the user public/private key pair is automatically generated,
if it does not exist, when the adb daemon starts and is stored in
$HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed,
the ADB_KEYS_PATH env variable may be set to a :-separated (; under
Windows) list of private keys, e.g. company-wide or vendor keys.
On the device, vendors public keys are installed at build time in
/adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys.
ADB Protocol change:
If the device needs to authenticate the host, it replies to CNXN
packets with an AUTH packet. The AUTH packet payload is a random token.
The host signs the token with one of its private keys and sends an AUTH(0)
packet. If the signature verification succeeds, the device replies with
a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so
that the host can retry with another private key. Once the host has tried
all its keys, it can send an AUTH(1) packet with a public key as
payload. adbd then sends the public key to the framework (if it has been
started) for confirmation.
Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
A recent change use strtok_r which broke the Windows build.
Clear this potential landmine by adding adb_strtok_r to sysdeps.h
in the typical fashion. For Windows, the actual implementation
in sysdeps_win32.c was copied from bionic/libc/string/strtok.c.
Change-Id: Ibb71555bc429f7058c07c3d39e0b62859c79635c
Signed-off-by: Scott Anderson <saa@android.com>
* Add support for correctly handling subprocess termination in shell service (b/3400254 b/3482112 b/2249397)
- have a waitpid() track the subprocess, then notify the fdevent via a socket
- force an eof on the pty master in fdevent's new subproc handler.
- modify fdevent to force-read the pty after an exit.
* Migrate the "shell:blabla" handling to "#if !ADB_HOST" sections, where it
belongs.
* Fix the race around OOM adjusting.
- Do it in the child before exec() instead of the in the parent as the
child could already have started or not (no /proc/pid/... yet).
* Allow for multi-threaded D() invocations to not clobber each other.
- Allow locks across object files.
- Add lock within D()
- Make sure sysdesp init (mutex init also) is called early.
* Add some missing close(fd) calls
- Match similar existing practices near dup2()
* Add extra D() invocations related to FD handling.
* Warn about using debugging as stderr/stdout is used for protocol.
* Fix some errno handling and make D() correctly handle it.
* Add new adb trace_mask: services.
* Make fdevent_loop's handle BADFDs more gracefully (could occur some subproc closed its pts explicitely).
* Remove obsolete commandline args reported in help. (b/3509092)
Change-Id: I928287fdf4f1a86777e22ce105f9581685f46e35
This is for http://b/3482112 "adb interactions with device causing test harness failures".
This reverts commit 69c5c4c45b.
Change-Id: I630bf2e04d2ecf0223bd2af4e87136754ff880d3
* Handling of the subprocess and its FD.
This fixes http://b/3400254 "Many bugreports getting hung at the end in monkey"
- Start up a service thread that waits on the subprocess to terminate,
then closes the FD associated with it.
- Have the event handler select() with a timeout so that it can
detect the closed FD. Select() with no timeout does not return when an FD is closed.
- Have the event handler force a read on the closed FD to trigger the close sequence.
- Migrate the "shell:blabla" handling to "#if !ADB_HOST" sections.
* Fix the race around OOM adjusting.
- Do it in the child before exec() instead of the in the parent as the
child could already have started or not (no /proc/pid/... yet).
* Allow for multi-threaded D() invocations to not clobber each other.
- Allow locks across object files.
- Add lock within D()
* Add some missing close(fd) calls
- Match similar existing practices near dup2()
* Add extra D() invocations related to FD handling.
* Warn about using debugging as stderr/stdout is used for protocol.
Change-Id: Ie5c4a5e6bfbe3f22201adf5f9a205d32e069bf9d
Signed-off-by: JP Abgrall <jpa@google.com>
accept() creates a new file descriptor that should be closed on exec so
that forked processes don't keep a fd opened on the socket.
This also fixes b/3297070 where adb hangs after running adb on the
target.
Change-Id: I8df511289e5549ae49b4824c9dfb71a3bf85eae8
Also check that device is not already connected in "adb connect"
Change-Id: I5f84b56b63d8c6932f23791cac319fd6bc39d36c
Signed-off-by: Mike Lockwood <lockwood@android.com>
