I am using the source code of version 4.2.2 as example, which is also what my Nexus 4 is running on.
reference adb source code: https://android.googlesource.com/platform/system/core/+/android-4.2.2_r1.2/adb/
another helpful article: http://blog.csdn.net/liranke/article/details/4999210
1. how does adb communicate with debugger
For the overview, visit: https://android.googlesource.com/platform/system/core/+/android-4.2.2_r1.2/adb/OVERVIEW.TXT
adb has 3 components:
(1) adb daemon (adbd): running like a ghost or daemon on the very low level of android system. It listens to the debug port and communicates with jdwp.
(2) adb server: running on the pc side, listens to the client command via local tcp packets, and communicates with adbd via tcp/ip or usb.
(3) adb client: this is the commandline based adb tool in android sdk. When the client starts, it tries to communicate with the adb server, and creates one if it isn't running.
(4) ddms: another type of adb client which also communicates with the adb host, but with gui and other functionalities designed to assist the debugger.
(5) debugger: user-friendly debugger, such eclipse
|--------------| |--------------------------------------------------------|
| (device) | | (pc) |---> adb client |
| adbd |<--->| adb server <---|---> ddms <---> debugger |
|--------------| |--------------------------------------------------------|
2. enabling adbd
In release mode, adbd is disabled by default.
https://android.googlesource.com/platform/system/core/+/android-4.2.2_r1.2/rootdir/init.rc, line 397.
# adbd is controlled via property triggers in init.<platform>.usb.rc
service adbd /sbin/adbd
class core
socket adbd stream 660 system system
disabled
seclabel u:r:adbd:s0
# adbd on at boot in emulator
on property:ro.kernel.qemu=1
start adbdWhen the user enables the usb debugging, somehow the following code is executed:
https://android.googlesource.com/platform/system/core/+/android-4.2.2_r1.2/init/init.c, line 89.
void notify_service_state(const char *name, const char *state)
{
char pname[PROP_NAME_MAX];
int len = strlen(name);
if ((len + 10) > PROP_NAME_MAX)
return;
snprintf(pname, sizeof(pname), "init.svc.%s", name);
property_set(pname, state);
}And the init.svc.adbd property is set to 1.
3. communication port
Both adbd and server use prot 5037 to communicate, except that when adbd and server are both running on the same device, adb server uses 5038 instead.
https://android.googlesource.com/platform/system/core/+/android-4.2.2_r1.2/adb/adb.h, line 425.
#if ADB_HOST_ON_TARGET
/* adb and adbd are coexisting on the target, so use 5038 for adb
* to avoid conflicting with adbd's usage of 5037
*/
# define DEFAULT_ADB_PORT 5038
#else
# define DEFAULT_ADB_PORT 5037
#endif
4. authentication
https://android.googlesource.com/platform/system/core/+/android-4.2.2_r1.2/adb/adb.c, line 1120.
property_get("ro.adb.secure", value, "0");
auth_enabled = !strcmp(value, "1");
if (auth_enabled)
adb_auth_init();It seems that starting from 4.2.2, for security reason, the ro.adb.secure property is readonly and cannot be modified by setprop, or manually modifying /default.prop, whether rooted or not, unless you modify the boot image to override its readonly property. (See http://stackoverflow.com/questions/15225991/android-4-2-2-rsa-disabling).
to be continued ...
2141
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
