Commit Graph

14 Commits

Author SHA1 Message Date
Elliott Hughes 5cba504215 Ignore ro.adb.secure in user builds.
Require authorization by default, and remove the ability to override
that in user builds. (userdebug and eng are still free to do whatever
they want.)

Bug: http://b/21862859
Change-Id: Ibf8af375be5bf1141c1ad481eee7a59fb10a7adb
2015-06-18 10:19:30 -07:00
Elliott Hughes 2d4121c0dc Remove extern "C" barriers to using C++.
Change-Id: Ic046d6aa540738cb46b54531bc59ba3b47b0136d
2015-04-17 09:47:42 -07:00
Dan Albert 3313426fad File header cleanup.
* sysdeps.h should always be included first.
 * TRACE_TAG needs to be defined before anything is included.
 * Some files were missing copyright headers.
 * Save precious bytes on my SSD by removing useless whitespace.

Change-Id: I88980e6e00b5be1093806cf286740d9e4a033b94
2015-03-19 15:32:33 -07:00
Pavel Labath 64d9adcea8 Fix file descriptor leakage in adbd
adb_auth_init in adb_auth_client.cpp sets FD_CLOEXEC on the control
socket, which prevents the leakage. However if ro.adb.secure
property is unset (as it is on the emulator), adb_auth_init is not
invoked, which results in the control socket fd leaking into any
process started by the deamon (specifically, any command executed
through adb shell).

Split the fd cleanup into a separate function that is called
unconditionally.

Change-Id: I73ea84977542ddfc4ac20599593ecf3745ae9108
2015-03-17 11:24:34 -07:00
Dan Albert bac3474a82 Move adb to C++.
I keep trying to clean things up and needing std::strings. Might as
well just do this now.

usb_linux_client.c is going to stay as C because GCC isn't smart
enough to deal with the designated initializers it uses (though for
some reason it is in C mode).

The Darwin files are staying as C because I don't have a way to test
that they build.

The Windows files are staying as C because while I can actually build
for them, it's slow and painful.

Change-Id: I75367d29205a9049d34460032b3bb36384f43941
2015-03-09 14:06:11 -07:00
Dan Albert bd0b750897 Move adb_main to its own file.
Change-Id: If6e98c089b39f73bd8f4a878a82669bfeee367f3
2015-02-18 18:32:54 -08:00
Dan Albert ba3a251749 Move the adb auth code into its own file.
Change-Id: I84cf0bd7777f0147119e7c6afc4096c2e93156a2
2015-02-18 18:22:52 -08:00
Dan Albert 818fb4b448 Add extern "C" to all the adb headers.
Change-Id: Iaefa3e18d6ee2e065eb97271a796613b2a8e7d6e
2015-02-18 00:21:16 -08:00
Nick Kralevich bea3f9c345 Introduce "adb keygen"
Introduce the "adb keygen" command.

  Usage: adb keygen <filename>

This command creates an adb public/private key pair in a user
specified file. This can be used to create new adb keys, or rotate
existing keys.

Modify adb's key generation routines to use the HOSTNAME/LOGNAME
environment variables if available. This allows someone to override
the username/hostname embedded within the adb public key file if
desired. Fallback to the old mechanisms if those environment
variables aren't available.

Bug: 18342715
Change-Id: Ibccee6088d4609aa05ad6687d3a1d8a8689d3e8a

(cherry picked from commit af782b9f2a)

Change-Id: Ic76ffc9412171dddc879af0bbf6e20fbe1a8f057
2014-12-08 13:44:39 -08:00
Benoit Goby 045a4a9c3a adb: Fix secure adb when booting with usb attached
When booting with usb attached, the secure adb authentication happens
long before the framework is done booting, so adb can't notify the
framework to install the public key.

Change-Id: Id2af6cebece345022f56cb0c4b5af24e1d7a425c
2013-02-02 01:19:06 +00:00
Benoit Goby 345cb066d2 adb: Read secure adb keys on every auth request
The framework can now clear the user key list, so we need to reload the
key list on every auth request instead of loading it once when adbd
starts.
This also fixes issues with encrypted devices, where the user key file
is only readable after the user has unlocked the device.

Change-Id: I350c5aab986f8ca86b95f316398d03012553e581
2013-01-15 17:16:22 -08:00
Benoit Goby d5fcafaf41 adb: Add public key authentification
Secure adb using a public key authentication, to allow USB debugging
only from authorized hosts.

When a device is connected to an unauthorized host, the adb daemon sends
the user public key to the device. A popup is shown to ask the user to
allow debugging once or permanantly from the host. The public key is
installed on the device in the later case. Other keys may be installed
at build time.

On the host, the user public/private key pair is automatically generated,
if it does not exist, when the adb daemon starts and is stored in
$HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed,
the ADB_KEYS_PATH env variable may be set to a :-separated (; under
Windows) list of private keys, e.g. company-wide or vendor keys.

On the device, vendors public keys are installed at build time in
/adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys.

ADB Protocol change:
If the device needs to authenticate the host, it replies to CNXN
packets with an AUTH packet. The AUTH packet payload is a random token.
The host signs the token with one of its private keys and sends an AUTH(0)
packet. If the signature verification succeeds, the device replies with
a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so
that the host can retry with another private key. Once the host has tried
all its keys, it can send an AUTH(1) packet with a public key as
payload. adbd then sends the public key to the framework (if it has been
started) for confirmation.

Change-Id: I4e84d7621da956f66ff657245901bdaefead8395
2012-08-23 00:20:06 -07:00
Benoit Goby 3fc95a9918 Revert "adb: Add public key authentification"
This reverts commit f4ed516643.
2012-08-20 23:04:11 -07:00
Benoit Goby f4ed516643 adb: Add public key authentification
Secure adb using a public key authentication, to allow USB debugging
only from authorized hosts.

When a device is connected to an unauthorized host, the adb daemon sends
the user public key to the device. A popup is shown to ask the user to
allow debugging once or permanantly from the host. The public key is
installed on the device in the later case. Other keys may be installed
at build time.

On the host, the user public/private key pair is automatically generated,
if it does not exist, when the adb daemon starts and is stored in
$HOME/.android/adb_key(.pub) or in $ANDROID_SDK_HOME on windows. If needed,
the ADB_KEYS_PATH env variable may be set to a ;-separated list of private
keys, e.g. company-wide or vendor keys.

On the device, vendors public keys are installed at build time in
/adb_keys. User-installed keys are stored in /data/misc/adb/adb_keys.

ADB Protocol change:
If the device needs to authenticate the host, it replies to CNXN
packets with an AUTH packet. The AUTH packet payload is a random token.
The host signs the token with one of its private keys and sends an AUTH(0)
packet. If the signature verification succeeds, the device replies with
a CNXN packet. Otherwise, it sends a new AUTH packet with a new token so
that the host can retry with another private key. Once the host has tried
all its keys, it can send an AUTH(1) packet with a public key as
payload. adbd then sends the public key to the framework (if it has been
started) for confirmation.

Change-Id: Idce931a7bfe4ce878428eaa47838e5184ac6073f
2012-08-16 21:36:26 -07:00