commit 8447ed95610b1725d3f0b142e052e8f1c11c9240
author Lingfeng Yang <lfy@google.com> Wed Nov 28 16:38:36 2018 -0800
committer Joshua Duong <joshuaduong@google.com> Tue Feb 18 05:12:52 2020 +0000
tree 9edc584654b92eb4ac92ff178c4f81eb3708ce4e
parent 9f4fff3c4fc86a8a47fc281a9b8c4bab7fab5316

adbd: only register dnsservices via explicit API

For privacy/security reasons, let's not broadcast the adb secure
services on startup automatically, and instead leave that up to
the rest of the adbd code somehow.

Instead, this CL adds an API in daemon/mdns.h that lets the user
control when registration happens, potentially only doing so if
the developer option is enabled or something.

Bug: 111434128, 119490749

Test: N/A
Exempt-From-Owner-Approval: already approved
Change-Id: Idc994a59ef9e5d48f08796c21989883497e19ef8

daemon/mdns.cpp

diff --git a/daemon/mdns.cpp b/daemon/mdns.cpp
index c8faab4..35e3d90 100644
--- a/daemon/mdns.cpp
+++ b/daemon/mdns.cpp
@@ -14,6 +14,7 @@
  * limitations under the License.
  */
 
+#include "mdns.h"
 #include "adb_mdns.h"
 #include "sysdeps.h"
 
@@ -60,43 +61,58 @@
     }
 }
 
-static void setup_mdns_thread() {
-    start_mdns();
+static void register_mdns_service(int index, int port) {
     std::lock_guard<std::mutex> lock(mdns_lock);
 
     std::string hostname = "adb-";
     hostname += android::base::GetProperty("ro.serialno", "unidentified");
 
-    for (int i = 0; i < kNumADBDNSServices; i++) {
-        auto error = DNSServiceRegister(&mdns_refs[i], 0, 0, hostname.c_str(), kADBDNSServices[i],
-                                        nullptr, nullptr, htobe16((uint16_t)port), 0, nullptr,
-                                        mdns_callback, nullptr);
+    auto error = DNSServiceRegister(&mdns_refs[index], 0, 0, hostname.c_str(),
+                                    kADBDNSServices[index], nullptr, nullptr,
+                                    htobe16((uint16_t)port), 0, nullptr, mdns_callback, nullptr);
 
-        if (error != kDNSServiceErr_NoError) {
-            LOG(ERROR) << "Could not register mDNS service " << kADBDNSServices[i] << ", error ("
-                       << error << ").";
-            mdns_registered[i] = false;
-        }
-
-        mdns_registered[i] = true;
+    if (error != kDNSServiceErr_NoError) {
+        LOG(ERROR) << "Could not register mDNS service " << kADBDNSServices[index] << ", error ("
+                   << error << ").";
+        mdns_registered[index] = false;
     }
 
-    for (int i = 0; i < kNumADBDNSServices; i++) {
-        LOG(INFO) << "adbd mDNS service " << kADBDNSServices[i]
-                  << " registered: " << mdns_registered[i];
-    }
+    mdns_registered[index] = true;
+
+    LOG(INFO) << "adbd mDNS service " << kADBDNSServices[index]
+              << " registered: " << mdns_registered[index];
 }
 
-static void teardown_mdns() {
+static void unregister_mdns_service(int index) {
     std::lock_guard<std::mutex> lock(mdns_lock);
 
-    for (int i = 0; i < kNumADBDNSServices; ++i) {
-        if (mdns_registered[i]) {
-            DNSServiceRefDeallocate(mdns_refs[i]);
-        }
+    if (mdns_registered[index]) {
+        DNSServiceRefDeallocate(mdns_refs[index]);
     }
 }
 
+static void register_base_mdns_transport() {
+    register_mdns_service(kADBTransportServiceRefIndex, port);
+}
+
+static void setup_mdns_thread() {
+    start_mdns();
+
+    // We will now only set up the normal transport mDNS service
+    // instead of registering all the adb secure mDNS services
+    // in the beginning. This is to provide more privacy/security.
+    register_base_mdns_transport();
+}
+
+// This also tears down any adb secure mDNS services, if they exist.
+static void teardown_mdns() {
+    for (int i = 0; i < kNumADBDNSServices; ++i) {
+        unregister_mdns_service(i);
+    }
+}
+
+// Public interface/////////////////////////////////////////////////////////////
+
 void setup_mdns(int port_in) {
     port = port_in;
     std::thread(setup_mdns_thread).detach();
@@ -104,3 +120,33 @@
     // TODO: Make this more robust against a hard kill.
     atexit(teardown_mdns);
 }
+
+void register_adb_secure_pairing_service(int port) {
+    std::thread([port]() {
+        register_mdns_service(kADBSecurePairingServiceRefIndex, port);
+    }).detach();
+}
+
+void unregister_adb_secure_pairing_service() {
+    std::thread([]() { unregister_mdns_service(kADBSecurePairingServiceRefIndex); }).detach();
+}
+
+bool is_adb_secure_pairing_service_registered() {
+    std::lock_guard<std::mutex> lock(mdns_lock);
+    return mdns_registered[kADBSecurePairingServiceRefIndex];
+}
+
+void register_adb_secure_connect_service(int port) {
+    std::thread([port]() {
+        register_mdns_service(kADBSecureConnectServiceRefIndex, port);
+    }).detach();
+}
+
+void unregister_adb_secure_connect_service() {
+    std::thread([]() { unregister_mdns_service(kADBSecureConnectServiceRefIndex); }).detach();
+}
+
+bool is_adb_secure_connect_service_registered() {
+    std::lock_guard<std::mutex> lock(mdns_lock);
+    return mdns_registered[kADBSecureConnectServiceRefIndex];
+}