| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The list action had some problems with large numbers of forwards:
* adb_query() limited replies to 1024 B (and the print was useless)
* the reply header's length could overflow (also in other commands)
* ...and the client had no way of detecting it
* writex() didn't retry on EAGAIN ("Resource temporarily unavailable")
This patch makes all "OKAY%04x" replies use a common function which
checks the length and limits it to 0xffff. This means that the client
can easily check for truncated replies.
Before: forward --list starts failing at 15-30 forwards (depending on
device serial and forward spec lengths).
After: no problems with forward --list.
Change-Id: Ie1e82c4d622f5c56e51abb26533ba17d40459914
|
| |
|
|
|
|
|
|
|
|
|
| |
When adbd runs as root, it should transition into the
su domain. This is needed to run the adbd and shell
domains in enforcing on userdebug / eng devices without
breaking developer workflows.
Introduce a new device_banner command line option.
Change-Id: Ib33c0dd2dd6172035230514ac84fcaed2ecf44d6
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
handle_packet() in adb.c didn't check that when an A_WRTE packet is
received, the sender's local-id matches the socket's peer id.
This meant that a compromised adbd server could sent packets to
the host adb server, spoofing the identity of another connected
device if it could "guess" the right host socket id.
This patch gets rid of the issue by enforcing even more checks
to ensure that all packets comply with the description in
protocol.txt.
+ Fix a bug where closing a local socket associated with a
remote one would always send an A_CLSE(0, remote-id, "")
message, though protocol.txt says that should only happen
for failed opens.
The issue was that local_socket_close() called
remote_socket_close() after clearing the remote socket's
'peer' field.
The fix introduces a new asocket optional callback,
named 'shutdown' that is called before that, and is
used to send the A_CLSE() message with the right ID
in remote_socket_shutdown().
Also add some code in handle_packet() to detect
invalid close commands.
Change-Id: I9098bc8c6e81f8809334b060e5dca4fc92e6fbc9
|
| |
|
|
|
|
|
|
| |
When building for the host, don't make reference to
property_get / property_set. I'm in the process of removing
host side support for properties.
Change-Id: I691c5872b5fd538e78bc38a3fe72574cdc7f43c3
|
| |
|
|
|
|
|
|
|
| |
adb connect calls connect() in the event loop. If you pass a wrong ip
address or the server is slow to respond, this will block the event loop
and you can't even kill the adb server with adb kill-server. Handle connect
requests in a service thread instead.
Change-Id: I2ee732869a3dc22a6d3b87cf8ac80acaa7790037
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move the responsibility for rebooting the system from the
reboot command to init. Init is in a better position to take
actions to bring the system down cleanly, including making sure
filesystems are mounted read-only.
The only UIDs which can perform an init triggered reboot are
root, system, and shell.
Modify the reboot command so that it calls into init to perform
the reboot. The reboot command no longer requires CAP_SYS_BOOT.
Remove the -n reboot option and code which supports it. Anyone needing
to do an unclean shutdown can just do a 'echo c > /proc/sysrq-trigger'.
Modify adb so that it calls into init to perform a shutdown.
Bug: 8646621
Change-Id: I84c0513acb549720cb0e8c9fcbda0050f5c396f5
|
| |\
| |
| |
| |
| | |
* commit 'b544da0be42cdd1e28d6562a26215d57c51b2f2b':
adb : add missing connection states
|
| | |\
| | |
| | |
| | |
| | | |
* commit 'd7cab8bff1334ba48620a16d1b98f2ae623fee7d':
adb : add missing connection states
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Both CS_RECOVERY and CS_SIDELOAD where not being checked by
connection_state_name which resulted in adb get-state returning
unknown when a device is in those modes.
Change-Id: I00716024d6a0bdb68d6e2380c8cd7b5d056bd15f
Signed-off-by: trevd <trevd1234@gmail.com>
|
| |/ /
| |
| |
| |
| |
| |
| |
| | |
Set the CAP_SYS_BOOT filesystem capability on the new reboot
command and keep CAP_SYS_BOOT in adb bounding set so that the
shell user can run it.
Change-Id: I1dd6143445ee2a952254f0452ab6e544318431dd
|
| |\ \
| |/
| |
| |
| | |
* commit '844306bd9cb3c8b3e514e5d91e9514556e8f95f4':
adb: use correct header file.
|
| | |
| |
| |
| | |
Change-Id: I7a66ced762dc077247fd7c2714ae8850ffdcaeb9
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
ping no longer needs CAP_NET_RAW. See:
* http://lwn.net/Articles/443051/
* https://android-review.googlesource.com/52090
* https://android-review.googlesource.com/52072
Eliminate the CAP_NET_RAW special case in adb
Change-Id: If9d32c5254291b123b06bededc94b64113f6b8f2
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
When booting with usb attached, the secure adb authentication happens
long before the framework is done booting, so adb can't notify the
framework to install the public key.
Change-Id: Id2af6cebece345022f56cb0c4b5af24e1d7a425c
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
run-as: don't require CAP_DAC_OVERRIDE.
Prevent an adb spawned application from acquiring capabilities
other than
* CAP_NET_RAW
* CAP_SETUID
* CAP_SETGID
The only privileged programs accessible on user builds are
* /system/bin/ping
* /system/bin/run-as
and the capabilities above are sufficient to cover those
two programs.
If the kernel doesn't support file capabilities, we ignore
a prctl(PR_CAPBSET_DROP) failure. In a future CL, this could
become a fatal error.
Change-Id: I45a56712bfda35b5ad9378dde9e04ab062fe691a
|
| |\ \ \
| |/ /
|/| /
| |/
| | |
* commit 'e149855a816c98149a95725139ae66f193049ddd':
adb: Use 64 bit capabilities.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Fix the following kernel warning:
$ adb shell dmesg | grep adb
<6>[ 7.813003] warning: `adbd' uses 32-bit capabilities (legacy support in use)
Change-Id: I3912302c5c577f1cb03f0c591834ab7b3a72ddf5
|
| |\ \
| |/
| |
| |
| |
| |
| |
| |
| | |
for uint8_t on MinGW-w64"
# By Ray Donnelly
# Via Android Git Automerger (2) and others
* commit '282caf3bd0dfd81b92ac74e0b3ea970d195fee7b':
Windows adb: include stdint.h for uint8_t on MinGW-w64
|
| | |\ |
|
| | | |
| | |
| | |
| | | |
Change-Id: I84b8284bc034feb0acd313b0aad9e2fa5868854f
|
| |\ \ \ |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Add a new connection state, so that devices, that require confirmation
to allow adb, appear as "unauthorized" in the adb devices lists.
Change-Id: Ib4264bc5736dedecf05bcf8e31896f4d7a91fad8
|
| |\ \ \ \
| |/ / /
|/| / /
| |/ /
| | |
| | |
| | | |
handles uninheritable"
* commit '3dbcb6d6c6befc406e4ce4e2b7aa9ad2635dfbb8':
Windows adb: Make client stdout and stderr handles uninheritable
|
| | |\ \
| | |/ |
|
| | | |
| | |
| | |
| | | |
Change-Id: Ib0519a199c9504aad1d0ecc3757f4d162984bf22
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
There are serious multithreading issues between the fdevent and transport
subsystems which both manipulate struct asocket and struct fde concurrently.
The prevalent symptom being around multiple socket closures which stomp
on each other, typically causing:
"glibc detected *** adb: double free or corruption ..."
This HACK allows forcing CPU affinity via an env var. E.g.:
export ADB_CPU_AFFINITY_BUG6558362=0
which will cause ONLY the adb server and all its threads to be pegged
to CPU 0.
The result is visible in valgrind's helgrind: no *socket_close() related
data races. But tons of other races are still there.
Bug: 6558362
Change-Id: I0f112390a6a921c64b2a783297be9e99ce27fd56
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
ADB client: allow user to specify hostname and port number of remote
adb server.
ADB server: bind server to all network interfaces instead of just
localhost when user gives -a flag.
Primary use-case for this change is to support remote testing of USB
devices. HostA is running some test automation software which invokes adb
client. HostB has USB-only device attached and is running adb server. adb
client on HostA makes connection to adb server on HostB to talk to the
USB device.
Change-Id: I845cc8c00350b400317f8c18f813e6fd79bd5470
Signed-off-by: Dean Kwon <daex.i.kwon@intel.com>
Signed-off-by: Jim Bride <jim.bride@intel.com>
Signed-off-by: Matt Gumbel <matthew.k.gumbel@intel.com>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds a few new options/modes to 'adb forward':
adb forward --list
adb forward --remove <local>
adb forward --remove-all
adb forward --no-rebind <local> <remote>
For more context, see http://code.google.com/p/android/issues/detail?id=39631
Note that this only affects the host adb client and server programs,
i.e. it's compatible with devices running older adbd versions.
Change-Id: I9cda3ba12b5a8560a2061620bc7f948e5c1e70f7
|
| |
|
|
|
| |
Bug: 7119408
Change-Id: Ic9a23fb6adfb1db771e1e278179586bca69a5edd
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Secure adb using a public key authentication, to allow USB debugging
only from authorized hosts.
When a device is connected to an unauthorized host, the adb daemon sends
the user public key to the device. A popup is shown to ask the user to
allow debugging once or permanantly from the host. The public key is
installed on the device in the later case. Other keys may be installed
at build time.
On the host, the user public/private key pair is automatically generated,
if it does not exist, when the adb daemon starts and is stored in
$HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed,
the ADB_KEYS_PATH env variable may be set to a :-separated (; under
Windows) list of private keys, e.g. company-wide or vendor keys.
On the device, vendors public keys are installed at build time in
/adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys.
ADB Protocol change:
If the device needs to authenticate the host, it replies to CNXN
packets with an AUTH packet. The AUTH packet payload is a random token.
The host signs the token with one of its private keys and sends an AUTH(0)
packet. If the signature verification succeeds, the device replies with
a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so
that the host can retry with another private key. Once the host has tried
all its keys, it can send an AUTH(1) packet with a public key as
payload. adbd then sends the public key to the framework (if it has been
started) for confirmation.
Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
|
| |
|
|
|
|
|
|
|
|
| |
Define /storage as top-level concept, so that we enforce permissions
uniformly. Moves external storage paths from headers to per-device
environment variables. Added missing mount flags, and we no longer
have adb-specific external storage.
Bug: 6925012
Change-Id: Ic7ca953be2f552d3f0ec9e69f89fef751daa1b29
|
| |
|
|
| |
This reverts commit f4ed516643ee8ed3a59ad1a8048f7ce5f47f93fb.
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Secure adb using a public key authentication, to allow USB debugging
only from authorized hosts.
When a device is connected to an unauthorized host, the adb daemon sends
the user public key to the device. A popup is shown to ask the user to
allow debugging once or permanantly from the host. The public key is
installed on the device in the later case. Other keys may be installed
at build time.
On the host, the user public/private key pair is automatically generated,
if it does not exist, when the adb daemon starts and is stored in
$HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed,
the ADB_KEYS_PATH env variable may be set to a ;-separated list of private
keys, e.g. company-wide or vendor keys.
On the device, vendors public keys are installed at build time in
/adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys.
ADB Protocol change:
If the device needs to authenticate the host, it replies to CNXN
packets with an AUTH packet. The AUTH packet payload is a random token.
The host signs the token with one of its private keys and sends an AUTH(0)
packet. If the signature verification succeeds, the device replies with
a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so
that the host can retry with another private key. Once the host has tried
all its keys, it can send an AUTH(1) packet with a public key as
payload. adbd then sends the public key to the framework (if it has been
started) for confirmation.
Change-Id: Idce931a7bfe4ce878428eaa47838e5184ac6073f
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Just print a warning if ADB_EXTERNAL_STORAGE is not defined when ADB
runs instead of segfaulting. If we really don't want to continue to
run, we can make this a fatal error instead.
Change-Id: Icfc5fb9e594b0a310029f1dca7e9476f27ceb7bc
|
| |/
|
|
|
|
|
|
|
| |
Also remove mount() from adb, since it can come online long before
data partition is ready. Set EXTERNAL_STORAGE environment variable
to point to owner for backwards compatibility.
Bug: 7005701
Change-Id: I63444f6636624eb7ad89f053daa289663424639e
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Remount rootfs as recursively shared, so that mount changes are
propagated into child namespaces. Mount external storage for access
from adb.
Clean multi-user dependencies for use in Dalvik. Also define
external storage paths.
Bug: 6925012
Change-Id: I375de581a63f4f36667894c56a34a9dd45361e8f
|
| |
|
|
|
|
|
|
|
|
|
| |
(cherry picked from commit ae868a40459a6bcb89d8a4426503fea0c8002b25 in master)
Change-Id: I980c7c5e8affbc8627d17b1d9303b002adcdb29a
Signed-off-by: Mike J. Chen <mjchen@google.com>
Conflicts:
adb/adb.c
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This is the second version of a patch which demonstrates the possibility
of using adbd (Android Debug Bridge daemon) with a generic FunctionFS gadget
instead of a custom adb usb gadget in the Linux kernel. It contains changes
introduced after Benoit's review - thank you Benoit.
The patch adds a new usb access layer to adbd using FunctionFS. The former
usb access method is still available. The method is chosen at runtime
depending if /dev/usb-ffs/adb/ep0 or /dev/android_adb is accessible.
How to use on the target device:
$ insmod g_ffs.ko idVendor=<vendor ID> iSerialNumber=<some string>
$ mount -t functionfs adb /dev/usb-ffs/adb -o uid=2000,gid=2000
$ ./adbd
This patch requires a patch to bionic which adds <linux/usb_functionfs.h>
which is an exact copy of the relevant file in the linux kernel.
Change-Id: I4b42eb267ffa50fca7a5fba46f388a2f083e8b2d
Signed-off-by: Andrzej Pietrasiewicz <andrzej.p@samsung.com>
Signed-off-by: Kyungmin Park <kyungmin.park@samsung.com>
[benoit@android.com: detect at runtime if functionfs is mounted
or fallback using f_adb]
Signed-off-by: Benoit Goby <benoit@android.com>
|
| |\ \
| | |
| | |
| | |
| | | |
* commit '1b7a7e81195ff06a7482f81cb92b094bb3481cb1':
adb: Use bionic's strtok_r() for Windows
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
A recent change use strtok_r which broke the Windows build.
Clear this potential landmine by adding adb_strtok_r to sysdeps.h
in the typical fashion. For Windows, the actual implementation
in sysdeps_win32.c was copied from bionic/libc/string/strtok.c.
Change-Id: Ibb71555bc429f7058c07c3d39e0b62859c79635c
Signed-off-by: Scott Anderson <saa@android.com>
|
| |\ \ \
| |/ /
| | |
| | |
| | | |
* commit '2ca3e6b35f79136418ebc32fef57580698dbd045':
adb: Generalizing -s to take qualifiers.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Prior to this change, -s could take either a serial number or a
device path (e.g. "-s 01498B1F02015015" or "-s usb:1-4.2"). This
change extends -s to also allow product, model or device names
(e.g. "-s product:mysid"). These new qualifiers will only be
available on devices that are running an adb daemon that provides
properties in the connect message per Change-Id:
I09200decde4facb8fc9b4056fdae910155f2bcb9
The product, model and device are derived from the
ro.product.name, ro.product.model and ro.product.device
properties respectively. They are prefixed with "product:",
"model:" or "device:" as appropriate. In addition, any
non-alphanumerics in the model are changed to underscores.
If the -s parameter matches multiple devices, the result will be
the same as when multiple devices are connected but no -d, -e or
-s option is specified. In general, this means the user will get
"error: more than one device". However for get-state,
get-devpath and get-serialno, they will get "unknown".
The format of "devices -l" was changed to list all of the
qualifiers that are available. The following example output
(with the last digits of the serial numbers replaced with X's) is
with a Galaxy Prime with an older adb daemon and another Galaxy
Prime and Galaxy S both with the enhanced adb daemons:
List of devices attached
016B75D60A0060XX device usb:2-5 product:mysid model:Galaxy_Nexus device:toro
3731B535FAC200XX device usb:1-4.2 product:soju model:Nexus_S device:crespo
01498B1F020150XX device usb:1-4.1
Note that the serial number and state are now column oriented
instead of tab delimited. After the serial number and state, all
qualifiers are listed with each preceded by a space. The output
of the original devices command (without -l) is unchanged.
Change-Id: Iceeb2789874effc25a630d514a375d6f1889dc56
Signed-off-by: Scott Anderson <saa@android.com>
|
| |\ \ \
| |/ /
| | |
| | |
| | | |
* commit 'e82c2db05cae70a0490a1f84b7211ef42c329671':
adb: Transmit key properties in banner of connect message
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
protocol.txt says that the connect message should have three
fields:
<systemtype>:<serialno>:<banner>
In reality, what is transmitted is simply:
<systemtype>::
The serialno is obtained via other means so doesn't really need
to be a part of the connect message. This change puts the
ro.product.name, ro.product.model and ro.product.device
properties in the <banner> for devices. Each property is
terminated by a semicolon (;) with the key and value separated by
an equals sign (=). Example message:
device::ro.product.name=<prd>;ro.product.model=<mdl>;ro.product.device=<dev>;
Making this change will enable the device list to provide more
information to the user and to give the potential for being able
to select which device to talk to with the -s option.
Change-Id: I09200decde4facb8fc9b4056fdae910155f2bcb9
Signed-off-by: Scott Anderson <saa@android.com>
|
| |\ \ \
| |/ /
| | /
| |/
|/| |
* commit 'c7993af64baec271a238646bc20aaa846866c4a9':
adb: Fix compiler warning
|
| | |
| |
| |
| |
| |
| |
| |
| | |
system/core/adb/adb.c: In function 'connect_device':
system/core/adb/adb.c:1001: warning: comparison between signed and unsigned integer expressions
Change-Id: I206f85395e1d7ad8d6ef130a26c95dcf0f498696
Signed-off-by: Scott Anderson <saa@android.com>
|
| |\ \
| |/
| |
| |
| | |
* commit '9526a788a6bd528e14622404e8750bdcc147d15a':
adb: Add ability to specify device path
|
