Make it easier to identify adbd's PIDs for coverage purposes by adding
an explicit log message to grep for.
Test: manual
Change-Id: I47e13417c0d9adb7d427414fd70c218f988909f5
Bug: 111434128, 119493510, 119494503
Test: Enable wireless debugging in Settings UI, click "pair with pairing code"
to generate pairing code.
On client, 'adb pair <ip_address>', enter pairing code at prompt and hit
enter. Pairing should complete.
'adb logcat'.
Change-Id: I86527bd3fc52e30a8e08ec5843dc3e100abf91fa
Exempt-From-Owner-Approval: approved already
This patch introduce "service.adb.listen_addrs", a new
string type property, while keeping the old properties.
The new property added in this patch is used to listen
on UNIX domain socket "localfilesystem".
"service.adb.listen_addrs" can be used to listen on
multiple addresses, such as tcp:5555 and tcp:5556.
It is separated by ',' (comma) character.
In the process of introducing the new socket type, the
method tcp_connect is removed and combined into
socket_spec_connect.
Without specifying using the new property, adb will
try to listen on both tcp and vsock (following the
previous implementation).
Some examples of the new property value are:
- "tcp:5555"
- "vsock:5555"
- "localfilesystem:/tmp/test"
- "tcp:5555,vsock:5555"
Bug: 133378083
Test: On master-arc-dev:
adb root;
setprop service.adb.listen_addrs localfilesystem:
<path_to_socket>;
adb connect localfilesystem:<path_to_socket>;
adb -s localfilesystem:<path_to_socket> shell;
inside Chrome OS.
Test: On aosp_bluefin:
setprop service.adb.listen_addr tcp:5555;
adb connect <IP>:5555; adb shell;
Test: On aosp_bluefin:
setprop service.adb.tcp.port 5555;
adb connect <IP>:5555; adb shell;
Test: On aosp_bluefin:
setprop service.adb.listen_addrs tcp:5555,tcp:6666;
adb connect <IP>:5555; adb shell;
adb connect <IP>:6666; adb shell;
Test: On aosp_bluefin:
./adb_test;
Test: On cuttlefish:
launch_cvd;
adb -s 127.0.0.1:6520 shell;
Test: Ran host tests:
./adb_test;
./adb_integration_test_adb;
./adb_integration_test_device;
Change-Id: I8289bf0ab3305cf23ce5695ffba46845d58ef6bb
During automatic tests, we sometimes want to reboot the device out of
the rescue party remotely. And per http://go/recovery-adb-access, we
need to grant the adb authorization to enable the adb access. The auth
are only granted for userdebug devices and those with an unlocked
bootloader. Since the user can always flash a custom recovery image if
the bootloader is unlocked.
This cl ignores the ro.adb.secure property under recovery. The other
option is to default this property to 0 when building the boot/recovery
image.
Bug: 141247819
Test: unlock bootloader, run adb under recovery in user build
Change-Id: I424cfed5bf51a1e31d8687256ae4c6eaaa5e6249
As there is no security guarantee when the device is unlocked,
allowing adb root gives us more rooms to debug a USER build images.
Also, this makes it possible to run VTS on a USER build GSI, with
setting ro.debuggable=1 and unlocking the device.
This basically re-lands a reverted change:
https://android-review.googlesource.com/c/platform/system/core/+/437815
Which isn't needed after we moved /sbin/adbd to /system/bin/adbd in
USERDEBUG GSI. But it's still needed for USER build GSI.
Bug: 126493225
Test: unlock a USER build device, check 'adb root' can work
Change-Id: I93f12c8a3fe65c96c947e4602795eadfe591c521
Preparatory step for testing adb on GCE on non-linux hosts: instead of
pointing them at a device (emulated or otherwise), point them at adbd
running on a linux host instead.
Test: adbd & adb connect localhost:5555; adb -e wait-for-device shell
Change-Id: Ib22d51a4fc9e6e68f71bf1b3b9b2e1b0bd844760
adbd has been built as a static executable since the same binary was
copied to the recovery partition where shared library is not supported.
However, since we now support shared library in the recovery partition,
adbd is built as a dynamic executable.
In addition, the dependency from adbd to libdebuggerd_handler is removed
as debuggerd is handled by the dynamic linker.
A few more modules in /system/core are marked as recovery_available:
true as they are transitive dependencies of the dynamic linker.
This change also includes ld.config.recovery.txt which is the linker
config file for the recovery mode. It is installed to /etc/ld.config.txt
and contains linker namespace config for the dynamic binaries under
/sbin.
Bug: 63673171
Test: `adb reboot recovery; adb devices` shows the device ID
Test: Select 'mount /system' in the recovery mode, then `adb shell`.
$ lsof -p `pidof adbd` shows that libm.so, libc.so, etc. are loaded from
the /lib directory.
Change-Id: I363d5a787863f1677ee40afb5d5841321ddaae77
This change splits the capability-dropping step of adbd into two. This
is more robust when ambient capabilities are being used, since minijail
cannot currently handle that case.
Bug: 77146512
Test: grep Cap /proc/`pidof adbd`/status
CapInh: 0000000000000000
CapPrm: 0000000000000000
CapEff: 0000000000000000
CapBnd: 00000000000000c0
CapAmb: 0000000000000000
Change-Id: I0476a8d80f7a2497600196932542045f3bc87537
Profiling of adb_benchmark revealed that something like half of the CPU
time was being spent in malloc and free, which was odd because the
benchmark repeatedly mallocs and frees allocations of the same size. It
turns out that our default configuration of jemalloc will purge after
every free. Configure jemalloc to not do this, for gains of over 100%
on adb_benchmark, and up to 25% (on walleye USB3) in real-life.
Test: adb_benchmark
Change-Id: I602dd1645c3d21709c7f6a78903511ce4d576558
By default, the build system only sets ro.adb.secure (to 1) when
building user builds.
Bug: http://b/73993211
Bug: http://b/74059119
Test: treehugger
Change-Id: I2a683257c1027394ded90c8d2634def6003e0525
Rearrange some files while we're doing this.
Bug: http://b/71721338
Test: manually ran adb on windows
Change-Id: Ie47bda82279e4b9521505ad0353bf9ef649fc7d7
We want repeatable builds for minimal OTAs.
(cherrypick of 2e93eda69cf20d9c04d56ea6bf1e2ea62ad62eb4.)
Bug: http://b/64634017
Bug: 64709603 (presubmit balking at the line above)
Test: repeated builds after `touch daemon/main.cpp` keep same md5sum
Change-Id: Iedeb44377ea45bbf20e2212760802198a57dc14a
ALLOW_ADBD_ROOT ('adb root') and ALLOW_ADBD_NO_AUTH (ro.adb.secure = 0)
are false in user build. This prevents a non-A/B device from running
Treble VTS because it requires 'adb root'. Without ALLOW_ADBD_NO_AUTH,
adb still can work if ro.adb.secure = 1. However, allowing it to be 0
is better for test automation.
The image combination in VTS is:
- system.img (userdebug): provided by Googlg
- boot.img (user): provided by the OEM <-- adbd is here
- vendor.img (user): provided by the OEM
This change allows 'adb root' and 'ro.adb.secure = 0' when the device is
unlocked in user build. No changes for userdebug/eng builds.
Note that the device must be unlocked when running VTS. Otherwise,
verified boot will prevent it from booting the system.img provided by
Google (no verity metadata).
Bug: 63313955
Bug: 63381692
Test: use the above image combination, check 'adb root' and
'ro.adb.secure = 0' can work
Change-Id: I109d96c950e54c4fb0ac0c98b989a20593681e52
This CL is in support of another CL c/2048848, topic
'Refactor hid command in /frameworks/base/cmds' in
internal master. Adding the permissions for
shell here to access uhid_node as part of the
new 'uhid' group.
Bug: 34052337
Test: Tested on angler, bluetooth mouse works OK.
Change-Id: If9e100aa1262d689fb8adc5c0ce93f157c96399e
Annoyingly folks parse the "adb --version" output so we have the
less-interesting protocol version first. But at least now we'll
have the "real" version somewhere...
Bug: N/A
Test: "adb --version"/"fastboot --version"
Change-Id: Ia85b561bd8d84c6fd6995923730d36f53b2f800b
- moved __android_log_is_debuggable to a new public header
(log_properties.h)
- vendor version of sched_policy uses ALOG* instead SLOG*
Test: (sanity) liblog-unit-tests
Test: (sanity) libcutils_test (noting b/b/32972117, two tests continue
to fail)
Test: system/core as a whole makes with BOARD_VNDK_VERSION := current
now with no problems.
Test: boots/works on internal marlin
Bug: 33241851
(cherry picked from commit 1f83aa424f)
Merged-In: I5bc1f348dc0f0c8814bec5b5c3d2c52c825ab640
Change-Id: I5bc1f348dc0f0c8814bec5b5c3d2c52c825ab640
We now request mdnsd from adb and register a service of type _adb._tcp
for clients to connect to.
Test: Verified service appears in avahi-browse
Bug: 28074466
(cherry picked from 379ac414e4d9f53388d903913022a55695292775)
Change-Id: Ie871b9c8b40e86063cc1e68e8f3e4290ead2d279
Remove debuggerd in favor of a helper process that gets execed by
crashing processes.
Bug: http://b/30705528
Test: debuggerd_test
Change-Id: I9906c69473989cbf7fe5ea6cccf9a9c563d75906
Everything should be using the functionfs interface instead by now.
Bug: http://b/34228376
Test: grepping for f_adb, android_adb in source tree
Test: m
Change-Id: I6bc41049c49a867499832588dac8ed108c636c11
This CL adds support to forward or reverse TCP port 0 to allow the
system to automatically select an open port. The resolved port number
will be printed to stdout:
$ adb forward tcp:0 tcp:8000
12345
$ adb reverse tcp:0 tcp:9000
23456
This allows testing to be more robust by not hardcoding TCP ports which
may already be in use.
Forwarding port 0 is a host-only change and will work with any device,
but reversing port 0 requires the device to be updated with a new adbd
binary.
This CL also does a little bit of cleanup such as moving the alistener
class out of adb.h, and adds some error checking and additional tests.
Bug: 28051746
Test: python -m unittest discover
Test: adb_test
Test: `adb forward` and `adb reverse` with tcp:0
Change-Id: Icaa87346685b403ab5da7f0e6aa186aa091da572
Minijail supports dropping capabilities from the bounding set.
Use that code instead.
This cleans up one small loose end in the work started with
https://android-review.googlesource.com/#/c/187775/
Final diff: fewer lines, more unit-tested code.
"""
$ git diff --stat 52cf4fa6aa3e8d13f61b1 adb/daemon/main.cpp
adb/daemon/main.cpp | 56
1 file changed, 27 insertions(+), 29 deletions(-)
"""
Bug: 27314096
Change-Id: I238975920b85fae376522eb26f5ad6d9fee0762a
With https://android-review.googlesource.com/#/c/195400, Minijail will
check for this failure so there's no need to do it here, which allows
to simplify the code.
Bug: 26099611
Change-Id: I7c876fdcab874ed403f82bdd5a4048c0f1e5db58
By using Minijail we avoid writing the same priv-dropping code over
and over again. This also enables future hardening opportunities.
We're already using Minijail for priv-dropping on Brillo.
Minijail is unit- and integration-tested on the
Chrome OS CI infrastructure (pulling from the same repo, see
https://wmatrix.googleplex.com/security?tests=security_Minijail0).
Once CI comes to Android, it will be continuously tested there as well.
Both 'adb root' and 'adb unroot' still work.
Bug: 26099611
Change-Id: I52c456ea272d27bd6fbc71200f4fdd928a592158
Back in 080427e4e2, we said:
If the kernel doesn't support file capabilities, we ignore
a prctl(PR_CAPBSET_DROP) failure. In a future CL, this could
become a fatal error.
Make it a fatal error. With SELinux support, all devices are
required to support file capabilities.
Change-Id: I0ce0c4cb9387c42e325cbf1a63c5d82e6aab530c
Shell scripts of the following form do not work properly with adb:
echo "foo\nbar\nbaz" | {
read FOO
while [ "$FOO" != "" ]; do
adb shell echo $FOO
read FOO
done
}
The first run of adb shell will consume all of the contents of stdin,
causing the loop to immediately end. ssh solves this by providing a -n
flag that causes it to not read from stdin. This commit adds the same.
Bug: http://b/25817224
Change-Id: Id74ca62ef520bcf03678b50f4bf203916fd81038
Add the following mount options to the /proc filesystem:
hidepid=2,gid=3009
This change blocks /proc access unless you're in group 3009
(aka AID_READPROC).
Please see
https://github.com/torvalds/linux/blob/master/Documentation/filesystems/proc.txt
for documentation on the hidepid option.
hidepid=2 is preferred over hidepid=1 since it leaks less information
and doesn't generate SELinux ptrace denials when trying to access
/proc without being in the proper group.
Add AID_READPROC to processes which need to access /proc entries for
other UIDs.
Bug: 23310674
Change-Id: I22bb55ff7b80ff722945e224845215196f09dafa
Always use LOG() for debug tracing.
Remove useless D_lock. I believe it is useless to lock just before and after fprintf.
I verified the log output both on host and on device. The output looks fine to me.
Change-Id: I96ccfe408ff56864361551afe9ad464d197ae104
The existing format was unreadable; putting the pid and tid first helps
somewhat. Also remove the unused qemu tracing which wasn't called anywhere.
Change-Id: I37ef3c556fe17b237ba1d8ca3216e2155ce5d0de
Call getaddrinfo() for connecting to IPv6 destinations.
Winsock APIs do not set errno. WSAGetLastError() returns Winsock errors
that are more numerous than BSD sockets, so it really doesn't make sense
to map those to BSD socket errors. Plus, even if we did that, the
Windows C Runtime (that mingw binaries use) has a strerror() that does
not recognize BSD socket error codes.
The solution is to wrap the various libcutils socket_* APIs with
sysdeps.h network_* APIs. For POSIX, the network_* APIs just call
strerror(). For Windows, they call SystemErrorCodeToString() (adapted
from Chromium).
Also in this change:
- Various other code was modified to return errors in a std::string*
argument, to be able to surface the error string to the end-user.
- Improved error checking and use of D() to log Winsock errors for
improved debuggability.
- For sysdeps_win32.cpp, added unique_fh class that works like
std::unique_ptr, for calling _fh_close().
- Fix win32 adb_socketpair() setting of errno in error case.
- Improve _socket_set_errno() D() logging to reduce confusion. Map
a few extra error codes.
- Move adb_shutdown() lower in sysdeps_win32.cpp so it can call
_socket_set_errno().
- Move network_connect() from adb_utils.cpp to sysdeps.h.
- Merge socket_loopback_server() and socket_inaddr_any_server() into
_network_server() since most of the code was identical.
Change-Id: I945f36870f320578b3a11ba093852ba6f7b93400
Signed-off-by: Spencer Low <CompareAndSwap@gmail.com>
Require authorization by default, and remove the ability to override
that in user builds. (userdebug and eng are still free to do whatever
they want.)
Bug: http://b/21862859
Change-Id: Ibf8af375be5bf1141c1ad481eee7a59fb10a7adb
d34e407aeb removed support for
running with SELinux completely disabled. SELinux must either be
in permissive or enforcing mode now.
Remove unnecessary calls to is_selinux_enabled(). It always returns
true now.
Change-Id: Ife3156b74b13b2e590afe4accf716fc7776567e5
Josh Gao