This cleans up most of the size-related problems in system/core.
There are still a few changes needed for a clean 64-bit build,
but they look like they might require changes to things like the
fastboot protocol.
Change-Id: I1560425a289fa158e13e2e3173cc3e71976f92c0
handle_packet() in adb.c didn't check that when an A_WRTE packet is
received, the sender's local-id matches the socket's peer id.
This meant that a compromised adbd server could sent packets to
the host adb server, spoofing the identity of another connected
device if it could "guess" the right host socket id.
This patch gets rid of the issue by enforcing even more checks
to ensure that all packets comply with the description in
protocol.txt.
+ Fix a bug where closing a local socket associated with a
remote one would always send an A_CLSE(0, remote-id, "")
message, though protocol.txt says that should only happen
for failed opens.
The issue was that local_socket_close() called
remote_socket_close() after clearing the remote socket's
'peer' field.
The fix introduces a new asocket optional callback,
named 'shutdown' that is called before that, and is
used to send the A_CLSE() message with the right ID
in remote_socket_shutdown().
Also add some code in handle_packet() to detect
invalid close commands.
Change-Id: I9098bc8c6e81f8809334b060e5dca4fc92e6fbc9
When running "adb tcpip 5555", adb create a service socket named
"tcpip:5555". Only compare the 6 first chars "tcpip:" to decide if
we enable exit_on_close.
Bug: 6650130
Change-Id: I0835973de044f1cfde0e859ff0277c0ccc2630a3
Prior to this change, -s could take either a serial number or a
device path (e.g. "-s 01498B1F02015015" or "-s usb:1-4.2"). This
change extends -s to also allow product, model or device names
(e.g. "-s product:mysid"). These new qualifiers will only be
available on devices that are running an adb daemon that provides
properties in the connect message per Change-Id:
I09200decde4facb8fc9b4056fdae910155f2bcb9
The product, model and device are derived from the
ro.product.name, ro.product.model and ro.product.device
properties respectively. They are prefixed with "product:",
"model:" or "device:" as appropriate. In addition, any
non-alphanumerics in the model are changed to underscores.
If the -s parameter matches multiple devices, the result will be
the same as when multiple devices are connected but no -d, -e or
-s option is specified. In general, this means the user will get
"error: more than one device". However for get-state,
get-devpath and get-serialno, they will get "unknown".
The format of "devices -l" was changed to list all of the
qualifiers that are available. The following example output
(with the last digits of the serial numbers replaced with X's) is
with a Galaxy Prime with an older adb daemon and another Galaxy
Prime and Galaxy S both with the enhanced adb daemons:
List of devices attached
016B75D60A0060XX device usb:2-5 product:mysid model:Galaxy_Nexus device:toro
3731B535FAC200XX device usb:1-4.2 product:soju model:Nexus_S device:crespo
01498B1F020150XX device usb:1-4.1
Note that the serial number and state are now column oriented
instead of tab delimited. After the serial number and state, all
qualifiers are listed with each preceded by a space. The output
of the original devices command (without -l) is unchanged.
Change-Id: Iceeb2789874effc25a630d514a375d6f1889dc56
Signed-off-by: Scott Anderson <saa@android.com>
The commands that use "host-serial:<serial-number>:<request>"
service did not handle "-s usb:<path>". The -s parameter is
passed as the serial number in the protocol and then matched
against either the serial number or device path. However,
skip_host_serial() in sockets.c did not know about the usb:
syntax, the serial number was parsed incorrectly. Before this
change:
$ adb -s usb:1-4.1 get-state
error: unknown host service
After:
$ adb -s usb:1-4.1 get-state
device
Code was added in find_transport() in transport.c to match device
paths, but find_transport() is only used for socket connections
so matching device paths is not needed.
Change-Id: I922cec963659dafadd0fbc8fa36dee3b55fe366c
Signed-off-by: Scott Anderson <saa@android.com>
The handling of adb root:/tpcip:/usb: is normally only for non-ADB_HOST.
This avoids getuid() being invoked on windows builds.
Change-Id: I365b81d9f70de99b9347d3eac82e690a8ac5e747
"adb root" creates a socket, then starts the service.
Socket creation should not set the exit_on_close when the service will be
a no-op.
Bug: 6259353
Change-Id: Ie526d2fad64f39a48051ed0ff6fb3405c2802ced
Services that cause adbd to reboot are currently implemented this way:
write(fd, response)
close(fd)
sleep(1)
exit(1)
sleep(1) is necessary to leave time for the transport to transmit
the response before the daemon exits. This is slow and unreliable.
Instead, add a flag to the asocket to make it exit the daemon only
after the socket is closed.
Change-Id: I9df45ea6221f0d9b828703b9b2316a5d4fe59352
This reverts commit d15e6ac95d.
Also increment adb version to 1.0.29
Change-Id: I890643f0c18a2fe90f170134df039c54116cecda
Signed-off-by: Mike Lockwood <lockwood@android.com>
* Increase transfer buffer size to 32K
* Add logging about error conditions and fd teardown
* Pass the fd number as a command line option to the 'bu' subprocess
* Properly harvest the 'bu' subprocess after it's done
Change-Id: Id44dde25778ecf43c5604fd9d01d726ba58861e5
This is needed because the USB driver on the device no longer resets the bus
when exits and restarts.
Since the host side adb no longer detects that adbd has restarted we need
to reset the connection on the host side now.
Change-Id: I1a8eabd292e8b45c34fa07a8a8b8c609cc15648d
Signed-off-by: Mike Lockwood <lockwood@android.com>
Reset peers to NULL after closing them down. This prevents
other code from attempting to access that freed memory
(which prevents crashes). Previously, it left pointers to
freed memory and the "if (s->peer)" guards could not block
the attempt to access that memory later. Resolves many
crashes seen while taking repeated screenshots on WinXP.
Change-Id: I32553f4d19f6ddc9b05b6ab4dc1e9efe69e5be4f
* Add support for correctly handling subprocess termination in shell service (b/3400254 b/3482112 b/2249397)
- have a waitpid() track the subprocess, then notify the fdevent via a socket
- force an eof on the pty master in fdevent's new subproc handler.
- modify fdevent to force-read the pty after an exit.
* Migrate the "shell:blabla" handling to "#if !ADB_HOST" sections, where it
belongs.
* Fix the race around OOM adjusting.
- Do it in the child before exec() instead of the in the parent as the
child could already have started or not (no /proc/pid/... yet).
* Allow for multi-threaded D() invocations to not clobber each other.
- Allow locks across object files.
- Add lock within D()
- Make sure sysdesp init (mutex init also) is called early.
* Add some missing close(fd) calls
- Match similar existing practices near dup2()
* Add extra D() invocations related to FD handling.
* Warn about using debugging as stderr/stdout is used for protocol.
* Fix some errno handling and make D() correctly handle it.
* Add new adb trace_mask: services.
* Make fdevent_loop's handle BADFDs more gracefully (could occur some subproc closed its pts explicitely).
* Remove obsolete commandline args reported in help. (b/3509092)
Change-Id: I928287fdf4f1a86777e22ce105f9581685f46e35
This is for http://b/3482112 "adb interactions with device causing test harness failures".
This reverts commit 69c5c4c45b.
Change-Id: I630bf2e04d2ecf0223bd2af4e87136754ff880d3
* Handling of the subprocess and its FD.
This fixes http://b/3400254 "Many bugreports getting hung at the end in monkey"
- Start up a service thread that waits on the subprocess to terminate,
then closes the FD associated with it.
- Have the event handler select() with a timeout so that it can
detect the closed FD. Select() with no timeout does not return when an FD is closed.
- Have the event handler force a read on the closed FD to trigger the close sequence.
- Migrate the "shell:blabla" handling to "#if !ADB_HOST" sections.
* Fix the race around OOM adjusting.
- Do it in the child before exec() instead of the in the parent as the
child could already have started or not (no /proc/pid/... yet).
* Allow for multi-threaded D() invocations to not clobber each other.
- Allow locks across object files.
- Add lock within D()
* Add some missing close(fd) calls
- Match similar existing practices near dup2()
* Add extra D() invocations related to FD handling.
* Warn about using debugging as stderr/stdout is used for protocol.
Change-Id: Ie5c4a5e6bfbe3f22201adf5f9a205d32e069bf9d
Signed-off-by: JP Abgrall <jpa@google.com>
... as memory was already obtained zero'ed by calloc().
Change-Id: Ic73bad09b54cb778fd40bdf86bb40888ea504c5f
Signed-off-by: André Goddard Rosa <andre.goddard@gmail.com>
