main.cpp revision 38cd57a1450874d4c045ab3612f2dd11d04fca13
1/* 2 * Copyright (C) 2015 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17#define TRACE_TAG ADB 18 19#include "sysdeps.h" 20 21#include <errno.h> 22#include <signal.h> 23#include <stdio.h> 24#include <stdlib.h> 25#include <getopt.h> 26#include <sys/prctl.h> 27 28#include <android-base/logging.h> 29#include <android-base/stringprintf.h> 30#include "cutils/properties.h" 31#include "private/android_filesystem_config.h" 32#include "selinux/android.h" 33 34#include "adb.h" 35#include "adb_auth.h" 36#include "adb_listeners.h" 37#include "adb_utils.h" 38#include "transport.h" 39 40static const char* root_seclabel = nullptr; 41 42static void drop_capabilities_bounding_set_if_needed() { 43#ifdef ALLOW_ADBD_ROOT 44 char value[PROPERTY_VALUE_MAX]; 45 property_get("ro.debuggable", value, ""); 46 if (strcmp(value, "1") == 0) { 47 return; 48 } 49#endif 50 for (int i = 0; prctl(PR_CAPBSET_READ, i, 0, 0, 0) >= 0; i++) { 51 if (i == CAP_SETUID || i == CAP_SETGID) { 52 // CAP_SETUID CAP_SETGID needed by /system/bin/run-as 53 continue; 54 } 55 56 if (prctl(PR_CAPBSET_DROP, i, 0, 0, 0) == -1) { 57 PLOG(FATAL) << "Could not drop capabilities"; 58 } 59 } 60} 61 62static bool should_drop_privileges() { 63#if defined(ALLOW_ADBD_ROOT) 64 char value[PROPERTY_VALUE_MAX]; 65 66 // The properties that affect `adb root` and `adb unroot` are ro.secure and 67 // ro.debuggable. In this context the names don't make the expected behavior 68 // particularly obvious. 69 // 70 // ro.debuggable: 71 // Allowed to become root, but not necessarily the default. Set to 1 on 72 // eng and userdebug builds. 73 // 74 // ro.secure: 75 // Drop privileges by default. Set to 1 on userdebug and user builds. 76 property_get("ro.secure", value, "1"); 77 bool ro_secure = (strcmp(value, "1") == 0); 78 79 property_get("ro.debuggable", value, ""); 80 bool ro_debuggable = (strcmp(value, "1") == 0); 81 82 // Drop privileges if ro.secure is set... 83 bool drop = ro_secure; 84 85 property_get("service.adb.root", value, ""); 86 bool adb_root = (strcmp(value, "1") == 0); 87 bool adb_unroot = (strcmp(value, "0") == 0); 88 89 // ...except "adb root" lets you keep privileges in a debuggable build. 90 if (ro_debuggable && adb_root) { 91 drop = false; 92 } 93 94 // ...and "adb unroot" lets you explicitly drop privileges. 95 if (adb_unroot) { 96 drop = true; 97 } 98 99 return drop; 100#else 101 return true; // "adb root" not allowed, always drop privileges. 102#endif // ALLOW_ADBD_ROOT 103} 104 105static void drop_privileges(int server_port) { 106 // Add extra groups: 107 // AID_ADB to access the USB driver 108 // AID_LOG to read system logs (adb logcat) 109 // AID_INPUT to diagnose input issues (getevent) 110 // AID_INET to diagnose network issues (ping) 111 // AID_NET_BT and AID_NET_BT_ADMIN to diagnose bluetooth (hcidump) 112 // AID_SDCARD_R to allow reading from the SD card 113 // AID_SDCARD_RW to allow writing to the SD card 114 // AID_NET_BW_STATS to read out qtaguid statistics 115 // AID_READPROC for reading /proc entries across UID boundaries 116 gid_t groups[] = {AID_ADB, AID_LOG, AID_INPUT, 117 AID_INET, AID_NET_BT, AID_NET_BT_ADMIN, 118 AID_SDCARD_R, AID_SDCARD_RW, AID_NET_BW_STATS, 119 AID_READPROC }; 120 if (setgroups(sizeof(groups) / sizeof(groups[0]), groups) != 0) { 121 PLOG(FATAL) << "Could not set supplemental groups"; 122 } 123 124 /* don't listen on a port (default 5037) if running in secure mode */ 125 /* don't run as root if we are running in secure mode */ 126 if (should_drop_privileges()) { 127 drop_capabilities_bounding_set_if_needed(); 128 129 /* then switch user and group to "shell" */ 130 if (setgid(AID_SHELL) != 0) { 131 PLOG(FATAL) << "Could not setgid"; 132 } 133 if (setuid(AID_SHELL) != 0) { 134 PLOG(FATAL) << "Could not setuid"; 135 } 136 137 D("Local port disabled"); 138 } else { 139 if (root_seclabel != nullptr) { 140 if (selinux_android_setcon(root_seclabel) < 0) { 141 LOG(FATAL) << "Could not set SELinux context"; 142 } 143 } 144 std::string error; 145 std::string local_name = 146 android::base::StringPrintf("tcp:%d", server_port); 147 if (install_listener(local_name, "*smartsocket*", nullptr, 0, 148 &error)) { 149 LOG(FATAL) << "Could not install *smartsocket* listener: " 150 << error; 151 } 152 } 153} 154 155int adbd_main(int server_port) { 156 umask(0); 157 158 signal(SIGPIPE, SIG_IGN); 159 160 init_transport_registration(); 161 162 // We need to call this even if auth isn't enabled because the file 163 // descriptor will always be open. 164 adbd_cloexec_auth_socket(); 165 166 if (ALLOW_ADBD_NO_AUTH && property_get_bool("ro.adb.secure", 0) == 0) { 167 auth_required = false; 168 } 169 170 adbd_auth_init(); 171 172 // Our external storage path may be different than apps, since 173 // we aren't able to bind mount after dropping root. 174 const char* adb_external_storage = getenv("ADB_EXTERNAL_STORAGE"); 175 if (adb_external_storage != nullptr) { 176 setenv("EXTERNAL_STORAGE", adb_external_storage, 1); 177 } else { 178 D("Warning: ADB_EXTERNAL_STORAGE is not set. Leaving EXTERNAL_STORAGE" 179 " unchanged.\n"); 180 } 181 182 drop_privileges(server_port); 183 184 bool is_usb = false; 185 if (access(USB_ADB_PATH, F_OK) == 0 || access(USB_FFS_ADB_EP0, F_OK) == 0) { 186 // Listen on USB. 187 usb_init(); 188 is_usb = true; 189 } 190 191 // If one of these properties is set, also listen on that port. 192 // If one of the properties isn't set and we couldn't listen on usb, listen 193 // on the default port. 194 char prop_port[PROPERTY_VALUE_MAX]; 195 property_get("service.adb.tcp.port", prop_port, ""); 196 if (prop_port[0] == '\0') { 197 property_get("persist.adb.tcp.port", prop_port, ""); 198 } 199 200 int port; 201 if (sscanf(prop_port, "%d", &port) == 1 && port > 0) { 202 D("using port=%d", port); 203 // Listen on TCP port specified by service.adb.tcp.port property. 204 local_init(port); 205 } else if (!is_usb) { 206 // Listen on default port. 207 local_init(DEFAULT_ADB_LOCAL_TRANSPORT_PORT); 208 } 209 210 D("adbd_main(): pre init_jdwp()"); 211 init_jdwp(); 212 D("adbd_main(): post init_jdwp()"); 213 214 D("Event loop starting"); 215 fdevent_loop(); 216 217 return 0; 218} 219 220int main(int argc, char** argv) { 221 while (true) { 222 static struct option opts[] = { 223 {"root_seclabel", required_argument, nullptr, 's'}, 224 {"device_banner", required_argument, nullptr, 'b'}, 225 {"version", no_argument, nullptr, 'v'}, 226 }; 227 228 int option_index = 0; 229 int c = getopt_long(argc, argv, "", opts, &option_index); 230 if (c == -1) { 231 break; 232 } 233 234 switch (c) { 235 case 's': 236 root_seclabel = optarg; 237 break; 238 case 'b': 239 adb_device_banner = optarg; 240 break; 241 case 'v': 242 printf("Android Debug Bridge Daemon version %d.%d.%d %s\n", 243 ADB_VERSION_MAJOR, ADB_VERSION_MINOR, ADB_SERVER_VERSION, 244 ADB_REVISION); 245 return 0; 246 default: 247 // getopt already prints "adbd: invalid option -- %c" for us. 248 return 1; 249 } 250 } 251 252 close_stdin(); 253 254 adb_trace_init(argv); 255 256 D("Handling main()"); 257 return adbd_main(DEFAULT_ADB_PORT); 258} 259