From dca76e6187c4128a17c8df5bcaca0db6993d91a1 Mon Sep 17 00:00:00 2001
From: Wei Zhong <wzhong@google.com>
Date: Tue, 13 Mar 2012 10:02:50 -0700
Subject: [PATCH] add IP checking for adb over TCP

whitelist connection for
1) emulator
2) "eng" or "tests" build, or
3) IP matches with "persist.service.adb.client_ip"

Change-Id: I8ac149149873f3bd206bd4d5abc063e5274fb468
Signed-off-by: Wei Zhong <wzhong@google.com>
---
 adb/transport_local.c | 38 ++++++++++++++++++++++++++++++++++++--
 1 file changed, 36 insertions(+), 2 deletions(-)

diff --git a/adb/transport_local.c b/adb/transport_local.c
index 105c502e5..aeca280c2 100644
--- a/adb/transport_local.c
+++ b/adb/transport_local.c
@@ -21,6 +21,7 @@
 
 #include "sysdeps.h"
 #include <sys/types.h>
+#include <arpa/inet.h>
 
 #define  TRACE_TAG  TRACE_TRANSPORT
 #include "adb.h"
@@ -151,10 +152,36 @@ static void *client_socket_thread(void *x)
     return 0;
 }
 
+#if !ADB_HOST
+static int is_whitelisted(struct sockaddr_in *addr)
+{
+    char value[PROPERTY_VALUE_MAX];
+
+    /* whitelist emulator */
+    property_get("ro.kernel.qemu", value, "");
+    if(!strcmp(value, "1")) {
+        return 1;
+    }
+
+    /* whitelist "eng" and "tests" builds */
+    property_get("ro.build.type", value, "");
+    if(!strcmp(value, "eng") || !strcmp(value, "tests")) {
+        return 1;
+    }
+
+    /* whitelist persist.service.adb.client_ip */
+    property_get("persist.service.adb.client_ip", value, "");
+    if(!strncmp(value, inet_ntoa(addr->sin_addr), sizeof(value))) {
+        return 1;
+    }
+    return 0;
+}
+#endif
+
 static void *server_socket_thread(void * arg)
 {
     int serverfd, fd;
-    struct sockaddr addr;
+    struct sockaddr_in addr;
     socklen_t alen;
     int port = (int)arg;
 
@@ -173,9 +200,16 @@ static void *server_socket_thread(void * arg)
 
         alen = sizeof(addr);
         D("server: trying to get new connection from %d\n", port);
-        fd = adb_socket_accept(serverfd, &addr, &alen);
+        fd = adb_socket_accept(serverfd, (struct sockaddr *)&addr, &alen);
         if(fd >= 0) {
             D("server: new connection on fd %d\n", fd);
+ #if !ADB_HOST
+            if(!is_whitelisted(&addr)) {
+                D("server: connection %d blacklisted and closed\n", port);
+                adb_close(fd);
+                continue;
+            }
+#endif
             close_on_exec(fd);
             disable_tcp_nagle(fd);
             register_socket_transport(fd, "host", port, 1);