We still don't really have a clue what went wrong, but "Failed to write"
made it sound like we did.
Change-Id: Ic58b13202e2d8ea6b095f7046db9d0771d77ce65
By using Minijail we avoid writing the same priv-dropping code over
and over again. This also enables future hardening opportunities.
We're already using Minijail for priv-dropping on Brillo.
Minijail is unit- and integration-tested on the
Chrome OS CI infrastructure (pulling from the same repo, see
https://wmatrix.googleplex.com/security?tests=security_Minijail0).
Once CI comes to Android, it will be continuously tested there as well.
Both 'adb root' and 'adb unroot' still work.
Bug: 26099611
Change-Id: I52c456ea272d27bd6fbc71200f4fdd928a592158
The current implementation of the host commands "adb wait-for-*" allows
to specify only the transport layer (local, usb or any).
This patch allows the specification of the expected device state
(bootloader, recovery, device or sideload), this is usefull for
scripting purposes.
Use case:
$ adb reboot sideload-auto-reboot
$ adb wait-for-usb-sideload && adb sideload package.zip
Change-Id: I276a6be4d82f8b7901f74e1e5395b86d16548e8f
Signed-off-by: Leo Sartre <leox.sartre@intel.com>
Reads from functionfs allocate contiguous buffers in the kernel, causing
long ones to sometimes fail because of memory fragmentation.
Bug: http://b/26206622
Change-Id: Id40753d6f29b37b5ca97c3e2fa3921f52b4242de
Back in 080427e4e2, we said:
If the kernel doesn't support file capabilities, we ignore
a prctl(PR_CAPBSET_DROP) failure. In a future CL, this could
become a fatal error.
Make it a fatal error. With SELinux support, all devices are
required to support file capabilities.
Change-Id: I0ce0c4cb9387c42e325cbf1a63c5d82e6aab530c
Previously, for `adb shell`, we were using setenv after forking to set
up the child's environment. This would occasionally deadlock in the
child, which would cause the main thread to deadlock waiting for the
child to complete. This patch constructs the environment before forking
and passes it to execle, eliminating the deadlock.
Bug: http://b/25847115
Change-Id: I720d472770564b1449819ddaab945a89844244a8
Shell scripts of the following form do not work properly with adb:
echo "foo\nbar\nbaz" | {
read FOO
while [ "$FOO" != "" ]; do
adb shell echo $FOO
read FOO
done
}
The first run of adb shell will consume all of the contents of stdin,
causing the loop to immediately end. ssh solves this by providing a -n
flag that causes it to not read from stdin. This commit adds the same.
Bug: http://b/25817224
Change-Id: Id74ca62ef520bcf03678b50f4bf203916fd81038
During early boot, we may be mounting and unmounting /data.
Having the home directory for adb shell commands, such as
"adb shell logcat", on the /data directory prevents unmounting.
This reverts commit 173eb396c7.
Bug: 26132185
Change-Id: Ib7c2f9e696f52bf5bbb79223d90dd76791779587
We had mostly-working hacks before, but it's time to just modify LinePrinter
to suit our needs. If we tell LinePrinter what kind of output we're giving
it, it can manage things automatically.
This fixes the minor bug where we'd sometimes have a blank line after an
error message.
Change-Id: I07ff52437f2402de311e237dd1b2dd338d9b668a
Make the home directory for adb shell be /data/local/tmp and
automatically change into that directory.
Change-Id: Ib5cc6e1ecdd31a37e986cf03836f7589ebd40868
Also, inline the bulk_read and bulk_write functions which were only
being used by one other function.
Bug: http://b/25847115
Change-Id: I218a869030219f606577a5529601c542488115e0
The current permission messages can be confusing for users who don't
know about udev and USB access permissions. This CL adds some checks to
try to identify common udev problems, and adds a link to online
documentation.
Example messages:
1) adb server is in plugdev group but access is still denied:
$ adb devices
List of devices attached
082f59270073e1e3 no permissions (verify udev rules); see [developer.android.com/tools/device.html]
2) plugdev group exists but adb server is not in it:
$ adb shell
error: USB permission failure: udev requires plugdev group membership.
See [developer.android.com/tools/device.html] for more information.
3) plugdev group does not exist:
$ adb shell
error: USB permission failure.
See [developer.android.com/tools/device.html] for more information.
Bug: http://b/25777880
Change-Id: I536565adc12ab657c75151309795674181205db0
If we stat a file and get a size of 0, and then successfully read bytes
from that file, we would previously divide by zero when calculating the
percentage completion of the file. This case happens either when we're
racing against something else writing to the file, or when we're pulling
magical files such as the ones in /dev/cpuctl/ that lie about their
size.
Bug: http://b/25925733
Change-Id: I980b9c14f44a1eb4a42bc8736c94fa6db06c08d1
The previous change to do this (f96dc73b) only skipped individually
named symlinks, not symlinks inside of a directory that was being
pulled.
Bug: http://b/25601283
Change-Id: I25bdcbc546a9d3a0dbd8dacdb065fb134d96022b
This patch ensures that we read any error response from the server if the
server closes the connection. Unfortunately, that's not sufficient to ensure
that we always see the server's error message --- sometimes the data just
gets thrown away because we keep writing without reading. Setting SO_LINGER
avoids this.
Bug: http://b/25230872
Change-Id: I96c019cc72bd139198de79bf29e6536cc462c20f
We're now able to send packets faster than the device can handle them,
meaning that sometimes we're several packets through before the device
says "hey, wait, I can't write" and closes the connection. At best this
led to us reporting that we couldn't sync because "Connection reset";
at worst we'd get SIGPIPE because we were still streaming to a connection
that had already been closed.
This change renames adb_main adb_server_main, and moves the ignoring of
SIGPIPE into adb_commandline so it applies to both client and server (but
not adbd).
This change doesn't address the "wrong error message" part of the problem,
but at least it means you'll get *an* error message.
Bug: http://b/25230872
Change-Id: Ic60e4d13ed03fdcdf0d5cbc97201ebd1097c16ed
I put the conditional in the wrong place, not realizing that even the
old shell system allowed one 'argument'.
Bug: http://b/25765657
Change-Id: I2752fb838d6377bf24e5b4cf959462557a196c87
adb_dirname might trample over the errno value we want to print. Move
the adb_dirname call out to a local to prevent this.
Change-Id: I8a62cb2e1be8704225a9c3b72dd01259c7eaaae4
Unfortunately, this isn't backwards-compatible with the current shell
protocol because we made unknown shell: arguments errors. We could try
to commit the change to make them just warnings first, but how would
we know when everyone was running adbd with that change? Bumping the
protocol version doesn't help because that only affects the code running
on the host. And although we could add another feature to the reported
features, since shell_v2 is still in development, that doesn't seem
worthwhile.
Bug: http://b/25601436
Change-Id: I12b81aa656cd25b91d14ef691dcbd2b7dab49535
Pulling symlinks was broken for directories, and it doesn't seem like
there's a good way to make it not broken, given that the protocol doesn't
have readlink (and we don't want to create symlinks on Windows, anyway).
The behavior for files doesn't seem to be especially useful, either.
Bug: http://b/25601283
Change-Id: Ie1d27e93dd09cbc0c178623b390041d1cb11f726
Cleanup TODO and instead of (poorly) converting the device name from
wchar_t to char, just retrieve and store it as wchar_t, simplifying the
code.
This probably isn't necessary since device names are probably always
ASCII, but this cleans things up.
Change-Id: Ib780dcdc1e0e06b97b61e25d29a23874b35d7800
Signed-off-by: Spencer Low <CompareAndSwap@gmail.com>
Now that we have a more standardized API (also available in Chromium),
switch to it. Another benefit is real error handling instead of just
killing the process on invalid Unicode.
Make UTF8ToWide()/WideToUTF8() set errno to EILSEQ on bad input. This is
the same error code that wcsrtombs(3) uses.
Update the unittest to check for EILSEQ.
Change-Id: Ie92acf74d37adaea116cf610c1bf8cd433741e16
Signed-off-by: Spencer Low <CompareAndSwap@gmail.com>
On exit, these destructors get invoked while other threads might
still be using them, potentially causing a crash, and definitely
causing tsan to report a race condition.
Bug: http://b/23384853
Change-Id: I94de55d22f97f4edd1d7cc1f34e8c1f8dfd56a5a
This reverts commit cc8cd59456.
With the dependency on libcutils (for gettid for non-bionic) removed,
this no longer breaks the build.
Change-Id: I645bd6876e2502ddc1535b69af1e645c0df9d178
28416d6d33 broke adb shell on Windows
because it was calling unix_read() with a buffer size of 1 byte which
wasn't supported by unix_read()/_console_read().
This change makes _console_read() support such a small buffer by
maintaining an internal input buffer.
This lets us simplify the existing code that was already maintaining a
cached INPUT_RECORD.
Also eliminate some duplicate code in the big switch statement.
Change-Id: I8f0aed4fb9f6f2f5b9a6b68ce60d2e368fec81c7
Signed-off-by: Spencer Low <CompareAndSwap@gmail.com>
Previously, `adb pull /data/local/tmp` would spew all of the contents of
/data/local/tmp into the current directory. This patch makes push/pull
keep directories intact.
Bug: http://b/25394682
Change-Id: I2304ae9e61745a2b9536f58a6012640bf8ff422a
This commit fixes two cases:
`adb pull /data/local/tmp nonexistent/path` would succeed.
`adb pull /data/local/tmp nonexistent/` would fail.
Change-Id: I60c39eb2816946686241af42cfa2ad5cdc63fb0e
ae5a6c06cd made adb push use
android::base::ReadFileToString() for small files, but that API did not
support UTF-8 filenames on Windows, until this fix which does the
following:
- Add android::base::{WideToUTF8,UTF8ToWide}() which are only available
on Windows. The signatures are based on Chromium's APIs of the same
name.
- Add the namespace android::base::utf8 which has versions of APIs that
take UTF-8 strings. To use this, make sure your code is in a namespace
and then do "using namespace android::base::utf8;". On Windows, this will
make calls to open() call android::base::utf8::open(), and on other
platforms, it will just call the regular ::open().
- Make ReadFileToString() and WriteStringToFile() use utf8::open() and
utf8::unlink().
- Adapt unittests from Chromium.
- fastboot needs to link with libcutils because it links with libbase
which depends on libcutils for gettid() for logging.
Change-Id: I1aeac40ff358331d7a1ff457ce894bfb17863904
Signed-off-by: Spencer Low <CompareAndSwap@gmail.com>
Start of input is, by definition, the start of a line. Give the states
names to make the error clearer. We should also swallow the escape
character until/unless it's proven not to have been part of an escape
sequence. Finally, implement an ssh(1)-like -e option so the user can
choose -- or, more importantly, disable -- escape character handling.
Change-Id: I28a91db47e15f3e7de96303c0b9a98d302b9c92e
I've been using these changes to compile with Visual Studio.
- GetFileBasename(): __FILE__ uses \ with Visual Studio.
- adb_trace.cpp: Apparently VS needs an ampersand before the function name.
- "expr1 ? : expr2" is a GCC extension.
- <algorithm> contains std::min().
- seekdir can't always be #define'd because some headers have members
named seekdir.
- adb_utils.cpp: Not really a compiler issue, just a random fix:
0x7F/DEL is not printable.
Change-Id: I0dfb634f1ba4ccbc0d1b9f71b00e838fbebb3b41
Signed-off-by: Spencer Low <CompareAndSwap@gmail.com>
Add the following mount options to the /proc filesystem:
hidepid=2,gid=3009
This change blocks /proc access unless you're in group 3009
(aka AID_READPROC).
Please see
https://github.com/torvalds/linux/blob/master/Documentation/filesystems/proc.txt
for documentation on the hidepid option.
hidepid=2 is preferred over hidepid=1 since it leaks less information
and doesn't generate SELinux ptrace denials when trying to access
/proc without being in the proper group.
Add AID_READPROC to processes which need to access /proc entries for
other UIDs.
Bug: 23310674
Change-Id: I22bb55ff7b80ff722945e224845215196f09dafa
Instead of using the pm command, 'adb install' and 'adb uninstall' will now
use the cmd command. Additionally, the APK will be streamed directly to
package installer instead of creating a temporary file.
(cherry-pick of d039800a4e008b52c532f901e3bb34b40877cf30.)
Change-Id: Ie7529afa5b039d29cc8183f36085ff4e66b3457a
Pushing empty directories is more troublesome, and probably either
requires changes to the server, or hacky `adb shell mkdir` stuff.
Bug: http://b/25395071
Change-Id: I4db6a993429a56e5c5ca994752418503b6f5d7c4
Instead of using the pm command, 'adb install' and 'adb uninstall' will now
use the cmd command. Additionally, the APK will be streamed directly to
package installer instead of creating a temporary file.
Change-Id: Ie7529afa5b039d29cc8183f36085ff4e66b3457a
local_build_list previously was returning an int, 0 on success and -1 on
failure, while remote_build_list was returning a bool, true on success
and false on failure.
Change-Id: Iced6c4142e2f843048d81c4e133d6b6dc75a35dd
Previously, mkdirs/secure_mkdirs wouldn't create a directory at the
specified path, only the ones above it.
Bug: http://b/25459942
Change-Id: I70c94c4b44d90723cb4a063657fc40e5bcb3b10e
