1 /*
2 * Copyright (C) 2020 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include "adbconnection/client.h"
18
19 #include <pwd.h>
20 #include <stddef.h>
21 #include <stdint.h>
22 #include <sys/socket.h>
23 #include <sys/un.h>
24
25 #include <memory>
26 #include <optional>
27
28 #include <android-base/cmsg.h>
29 #include <android-base/logging.h>
30 #include <android-base/unique_fd.h>
31
32 #include "adbconnection/process_info.h"
33
34 using android::base::unique_fd;
35
36 static constexpr char kJdwpControlName[] = "\0jdwp-control";
37
38 struct AdbConnectionClientContext {
39 unique_fd control_socket_;
40 };
41
SocketPeerIsTrusted(int fd)42 bool SocketPeerIsTrusted(int fd) {
43 ucred cr;
44 socklen_t cr_length = sizeof(cr);
45 if (getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &cr, &cr_length) != 0) {
46 PLOG(ERROR) << "couldn't get socket credentials";
47 return false;
48 }
49
50 passwd* shell = getpwnam("shell");
51 if (cr.uid != 0 && cr.uid != shell->pw_uid) {
52 LOG(ERROR) << "untrusted uid " << cr.uid << " on other end of socket";
53 return false;
54 }
55
56 return true;
57 }
58
adbconnection_client_new(const AdbConnectionClientInfo * const * info_elems,size_t info_count)59 AdbConnectionClientContext* adbconnection_client_new(
60 const AdbConnectionClientInfo* const* info_elems, size_t info_count) {
61 auto ctx = std::make_unique<AdbConnectionClientContext>();
62
63 std::optional<uint64_t> pid;
64 std::optional<bool> debuggable;
65 std::optional<bool> profileable;
66 std::optional<std::string> architecture;
67
68 for (size_t i = 0; i < info_count; ++i) {
69 auto info = info_elems[i];
70 switch (info->type) {
71 case AdbConnectionClientInfoType::pid:
72 if (pid) {
73 LOG(ERROR) << "multiple pid entries in AdbConnectionClientInfo, ignoring";
74 continue;
75 }
76 pid = info->data.pid;
77 break;
78
79 case AdbConnectionClientInfoType::debuggable:
80 if (debuggable) {
81 LOG(ERROR) << "multiple debuggable entries in AdbConnectionClientInfo, ignoring";
82 continue;
83 }
84 debuggable = info->data.debuggable;
85 break;
86
87 case AdbConnectionClientInfoType::profileable:
88 if (profileable) {
89 LOG(ERROR) << "multiple profileable entries in AdbConnectionClientInfo, ignoring";
90 continue;
91 }
92 profileable = info->data.profileable;
93 break;
94
95 case AdbConnectionClientInfoType::architecture:
96 if (architecture) {
97 LOG(ERROR) << "multiple architecture entries in AdbConnectionClientInfo, ignoring";
98 continue;
99 }
100 architecture = std::string(info->data.architecture.name, info->data.architecture.size);
101 break;
102 }
103 }
104
105 if (!pid) {
106 LOG(ERROR) << "AdbConnectionClientInfo missing required field pid";
107 return nullptr;
108 }
109
110 if (!debuggable) {
111 LOG(ERROR) << "AdbConnectionClientInfo missing required field debuggable";
112 return nullptr;
113 }
114
115 if (!profileable) {
116 LOG(ERROR) << "AdbConnectionClientInfo missing required field profileable";
117 return nullptr;
118 }
119
120 if (!architecture) {
121 LOG(ERROR) << "AdbConnectionClientInfo missing required field architecture";
122 return nullptr;
123 }
124
125 ctx->control_socket_.reset(socket(AF_UNIX, SOCK_SEQPACKET | SOCK_CLOEXEC, 0));
126 if (ctx->control_socket_ < 0) {
127 PLOG(ERROR) << "failed to create Unix domain socket";
128 return nullptr;
129 }
130
131 struct timeval timeout;
132 timeout.tv_sec = 1;
133 timeout.tv_usec = 0;
134 setsockopt(ctx->control_socket_.get(), SOL_SOCKET, SO_SNDTIMEO, &timeout, sizeof(timeout));
135
136 sockaddr_un addr = {};
137 addr.sun_family = AF_UNIX;
138 memcpy(addr.sun_path, kJdwpControlName, sizeof(kJdwpControlName));
139 size_t addr_len = offsetof(sockaddr_un, sun_path) + sizeof(kJdwpControlName) - 1;
140
141 int rc = connect(ctx->control_socket_.get(), reinterpret_cast<sockaddr*>(&addr), addr_len);
142 if (rc != 0) {
143 if (errno == ECONNREFUSED) {
144 // On userdebug devices, every Java process is debuggable, so if adbd is explicitly turned
145 // off, this would spew enormous amounts of red-herring errors.
146 LOG(DEBUG) << "failed to connect to jdwp control socket, adbd not running?";
147 } else {
148 PLOG(ERROR) << "failed to connect to jdwp control socket";
149 }
150 return nullptr;
151 }
152
153 bool trusted = SocketPeerIsTrusted(ctx->control_socket_.get());
154 if (!trusted) {
155 LOG(ERROR) << "adb socket is not trusted, aborting connection";
156 return nullptr;
157 }
158
159 ProcessInfo process(*pid, *debuggable, *profileable, *architecture);
160 rc = TEMP_FAILURE_RETRY(write(ctx->control_socket_.get(), &process, sizeof(process)));
161 if (rc != sizeof(process)) {
162 PLOG(ERROR) << "failed to send JDWP process info to adbd";
163 }
164
165 return ctx.release();
166 }
167
adbconnection_client_destroy(AdbConnectionClientContext * ctx)168 void adbconnection_client_destroy(AdbConnectionClientContext* ctx) {
169 delete ctx;
170 }
171
adbconnection_client_pollfd(AdbConnectionClientContext * ctx)172 int adbconnection_client_pollfd(AdbConnectionClientContext* ctx) {
173 return ctx->control_socket_.get();
174 }
175
adbconnection_client_receive_jdwp_fd(AdbConnectionClientContext * ctx)176 int adbconnection_client_receive_jdwp_fd(AdbConnectionClientContext* ctx) {
177 char dummy;
178 unique_fd jdwp_fd;
179 ssize_t rc = android::base::ReceiveFileDescriptors(ctx->control_socket_, &dummy, 1, &jdwp_fd);
180 if (rc != 1) {
181 return rc;
182 }
183 return jdwp_fd.release();
184 }
185