1 /*
2  * Copyright (C) 2016 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 #define LOG_TAG "installd"
17 
18 #include <array>
19 #include <fcntl.h>
20 #include <stdlib.h>
21 #include <string.h>
22 #include <sys/capability.h>
23 #include <sys/file.h>
24 #include <sys/stat.h>
25 #include <sys/time.h>
26 #include <sys/types.h>
27 #include <sys/resource.h>
28 #include <sys/wait.h>
29 #include <unistd.h>
30 
31 #include <iomanip>
32 
33 #include <android-base/file.h>
34 #include <android-base/logging.h>
35 #include <android-base/properties.h>
36 #include <android-base/stringprintf.h>
37 #include <android-base/strings.h>
38 #include <android-base/unique_fd.h>
39 #include <cutils/fs.h>
40 #include <cutils/properties.h>
41 #include <cutils/sched_policy.h>
42 #include <dex2oat_return_codes.h>
43 #include <log/log.h>               // TODO: Move everything to base/logging.
44 #include <openssl/sha.h>
45 #include <private/android_filesystem_config.h>
46 #include <processgroup/sched_policy.h>
47 #include <selinux/android.h>
48 #include <server_configurable_flags/get_flags.h>
49 #include <system/thread_defs.h>
50 
51 #include "dexopt.h"
52 #include "dexopt_return_codes.h"
53 #include "globals.h"
54 #include "installd_deps.h"
55 #include "otapreopt_utils.h"
56 #include "utils.h"
57 
58 using android::base::EndsWith;
59 using android::base::GetBoolProperty;
60 using android::base::GetProperty;
61 using android::base::ReadFdToString;
62 using android::base::ReadFully;
63 using android::base::StringPrintf;
64 using android::base::WriteFully;
65 using android::base::unique_fd;
66 
67 namespace android {
68 namespace installd {
69 
70 // Should minidebug info be included in compiled artifacts? Even if this value is
71 // "true," usage might still be conditional to other constraints, e.g., system
72 // property overrides.
73 static constexpr bool kEnableMinidebugInfo = true;
74 
75 static constexpr const char* kMinidebugInfoSystemProperty = "dalvik.vm.dex2oat-minidebuginfo";
76 static constexpr bool kMinidebugInfoSystemPropertyDefault = false;
77 static constexpr const char* kMinidebugDex2oatFlag = "--generate-mini-debug-info";
78 static constexpr const char* kDisableCompactDexFlag = "--compact-dex-level=none";
79 
80 
81 // Deleter using free() for use with std::unique_ptr<>. See also UniqueCPtr<> below.
82 struct FreeDelete {
83   // NOTE: Deleting a const object is valid but free() takes a non-const pointer.
operator ()android::installd::FreeDelete84   void operator()(const void* ptr) const {
85     free(const_cast<void*>(ptr));
86   }
87 };
88 
89 // Alias for std::unique_ptr<> that uses the C function free() to delete objects.
90 template <typename T>
91 using UniqueCPtr = std::unique_ptr<T, FreeDelete>;
92 
invalid_unique_fd()93 static unique_fd invalid_unique_fd() {
94     return unique_fd(-1);
95 }
96 
is_debug_runtime()97 static bool is_debug_runtime() {
98     return android::base::GetProperty("persist.sys.dalvik.vm.lib.2", "") == "libartd.so";
99 }
100 
is_debuggable_build()101 static bool is_debuggable_build() {
102     return android::base::GetBoolProperty("ro.debuggable", false);
103 }
104 
clear_profile(const std::string & profile)105 static bool clear_profile(const std::string& profile) {
106     unique_fd ufd(open(profile.c_str(), O_WRONLY | O_NOFOLLOW | O_CLOEXEC));
107     if (ufd.get() < 0) {
108         if (errno != ENOENT) {
109             PLOG(WARNING) << "Could not open profile " << profile;
110             return false;
111         } else {
112             // Nothing to clear. That's ok.
113             return true;
114         }
115     }
116 
117     if (flock(ufd.get(), LOCK_EX | LOCK_NB) != 0) {
118         if (errno != EWOULDBLOCK) {
119             PLOG(WARNING) << "Error locking profile " << profile;
120         }
121         // This implies that the app owning this profile is running
122         // (and has acquired the lock).
123         //
124         // If we can't acquire the lock bail out since clearing is useless anyway
125         // (the app will write again to the profile).
126         //
127         // Note:
128         // This does not impact the this is not an issue for the profiling correctness.
129         // In case this is needed because of an app upgrade, profiles will still be
130         // eventually cleared by the app itself due to checksum mismatch.
131         // If this is needed because profman advised, then keeping the data around
132         // until the next run is again not an issue.
133         //
134         // If the app attempts to acquire a lock while we've held one here,
135         // it will simply skip the current write cycle.
136         return false;
137     }
138 
139     bool truncated = ftruncate(ufd.get(), 0) == 0;
140     if (!truncated) {
141         PLOG(WARNING) << "Could not truncate " << profile;
142     }
143     if (flock(ufd.get(), LOCK_UN) != 0) {
144         PLOG(WARNING) << "Error unlocking profile " << profile;
145     }
146     return truncated;
147 }
148 
149 // Clear the reference profile for the given location.
150 // The location is the profile name for primary apks or the dex path for secondary dex files.
clear_reference_profile(const std::string & package_name,const std::string & location,bool is_secondary_dex)151 static bool clear_reference_profile(const std::string& package_name, const std::string& location,
152         bool is_secondary_dex) {
153     return clear_profile(create_reference_profile_path(package_name, location, is_secondary_dex));
154 }
155 
156 // Clear the reference profile for the given location.
157 // The location is the profile name for primary apks or the dex path for secondary dex files.
clear_current_profile(const std::string & package_name,const std::string & location,userid_t user,bool is_secondary_dex)158 static bool clear_current_profile(const std::string& package_name, const std::string& location,
159         userid_t user, bool is_secondary_dex) {
160     return clear_profile(create_current_profile_path(user, package_name, location,
161             is_secondary_dex));
162 }
163 
164 // Clear the reference profile for the primary apk of the given package.
165 // The location is the profile name for primary apks or the dex path for secondary dex files.
clear_primary_reference_profile(const std::string & package_name,const std::string & location)166 bool clear_primary_reference_profile(const std::string& package_name,
167         const std::string& location) {
168     return clear_reference_profile(package_name, location, /*is_secondary_dex*/false);
169 }
170 
171 // Clear all current profile for the primary apk of the given package.
172 // The location is the profile name for primary apks or the dex path for secondary dex files.
clear_primary_current_profiles(const std::string & package_name,const std::string & location)173 bool clear_primary_current_profiles(const std::string& package_name, const std::string& location) {
174     bool success = true;
175     // For secondary dex files, we don't really need the user but we use it for sanity checks.
176     std::vector<userid_t> users = get_known_users(/*volume_uuid*/ nullptr);
177     for (auto user : users) {
178         success &= clear_current_profile(package_name, location, user, /*is_secondary_dex*/false);
179     }
180     return success;
181 }
182 
183 // Clear the current profile for the primary apk of the given package and user.
clear_primary_current_profile(const std::string & package_name,const std::string & location,userid_t user)184 bool clear_primary_current_profile(const std::string& package_name, const std::string& location,
185         userid_t user) {
186     return clear_current_profile(package_name, location, user, /*is_secondary_dex*/false);
187 }
188 
SplitBySpaces(const std::string & str)189 static std::vector<std::string> SplitBySpaces(const std::string& str) {
190     if (str.empty()) {
191         return {};
192     }
193     return android::base::Split(str, " ");
194 }
195 
get_location_from_path(const char * path)196 static const char* get_location_from_path(const char* path) {
197     static constexpr char kLocationSeparator = '/';
198     const char *location = strrchr(path, kLocationSeparator);
199     if (location == nullptr) {
200         return path;
201     } else {
202         // Skip the separator character.
203         return location + 1;
204     }
205 }
206 
207 // ExecVHelper prepares and holds pointers to parsed command line arguments so that no allocations
208 // need to be performed between the fork and exec.
209 class ExecVHelper {
210   public:
211     // Store a placeholder for the binary name.
ExecVHelper()212     ExecVHelper() : args_(1u, std::string()) {}
213 
PrepareArgs(const std::string & bin)214     void PrepareArgs(const std::string& bin) {
215         CHECK(!args_.empty());
216         CHECK(args_[0].empty());
217         args_[0] = bin;
218         // Write char* into array.
219         for (const std::string& arg : args_) {
220             argv_.push_back(arg.c_str());
221         }
222         argv_.push_back(nullptr);  // Add null terminator.
223     }
224 
225     [[ noreturn ]]
Exec(int exit_code)226     void Exec(int exit_code) {
227         execv(argv_[0], (char * const *)&argv_[0]);
228         PLOG(ERROR) << "execv(" << argv_[0] << ") failed";
229         exit(exit_code);
230     }
231 
232     // Add an arg if it's not empty.
AddArg(const std::string & arg)233     void AddArg(const std::string& arg) {
234         if (!arg.empty()) {
235             args_.push_back(arg);
236         }
237     }
238 
239     // Add a runtime arg if it's not empty.
AddRuntimeArg(const std::string & arg)240     void AddRuntimeArg(const std::string& arg) {
241         if (!arg.empty()) {
242             args_.push_back("--runtime-arg");
243             args_.push_back(arg);
244         }
245     }
246 
247   protected:
248     // Holder arrays for backing arg storage.
249     std::vector<std::string> args_;
250 
251     // Argument poiners.
252     std::vector<const char*> argv_;
253 };
254 
MapPropertyToArg(const std::string & property,const std::string & format,const std::string & default_value="")255 static std::string MapPropertyToArg(const std::string& property,
256                                     const std::string& format,
257                                     const std::string& default_value = "") {
258   std::string prop = GetProperty(property, default_value);
259   if (!prop.empty()) {
260     return StringPrintf(format.c_str(), prop.c_str());
261   }
262   return "";
263 }
264 
MapPropertyToArgWithBackup(const std::string & property,const std::string & backupProperty,const std::string & format,const std::string & default_value="")265 static std::string MapPropertyToArgWithBackup(const std::string& property,
266                                               const std::string& backupProperty,
267                                               const std::string& format,
268                                               const std::string& default_value = "") {
269   std::string value = GetProperty(property, default_value);
270   if (!value.empty()) {
271     return StringPrintf(format.c_str(), value.c_str());
272   }
273   return MapPropertyToArg(backupProperty, format, default_value);
274 }
275 
276 // Determines which binary we should use for execution (the debug or non-debug version).
277 // e.g. dex2oatd vs dex2oat
select_execution_binary(const char * binary,const char * debug_binary,bool background_job_compile)278 static const char* select_execution_binary(const char* binary, const char* debug_binary,
279         bool background_job_compile) {
280     return select_execution_binary(
281         binary,
282         debug_binary,
283         background_job_compile,
284         is_debug_runtime(),
285         (android::base::GetProperty("ro.build.version.codename", "") == "REL"),
286         is_debuggable_build());
287 }
288 
289 // Determines which binary we should use for execution (the debug or non-debug version).
290 // e.g. dex2oatd vs dex2oat
291 // This is convenient method which is much easier to test because it doesn't read
292 // system properties.
select_execution_binary(const char * binary,const char * debug_binary,bool background_job_compile,bool is_debug_runtime,bool is_release,bool is_debuggable_build)293 const char* select_execution_binary(
294         const char* binary,
295         const char* debug_binary,
296         bool background_job_compile,
297         bool is_debug_runtime,
298         bool is_release,
299         bool is_debuggable_build) {
300     // Do not use debug binaries for release candidates (to give more soak time).
301     bool is_debug_bg_job = background_job_compile && is_debuggable_build && !is_release;
302 
303     // If the runtime was requested to use libartd.so, we'll run the debug version - assuming
304     // the file is present (it may not be on images with very little space available).
305     bool useDebug = (is_debug_runtime || is_debug_bg_job) && (access(debug_binary, X_OK) == 0);
306 
307     return useDebug ? debug_binary : binary;
308 }
309 
310 // Namespace for Android Runtime flags applied during boot time.
311 static const char* RUNTIME_NATIVE_BOOT_NAMESPACE = "runtime_native_boot";
312 // Feature flag name for running the JIT in Zygote experiment, b/119800099.
313 static const char* ENABLE_JITZYGOTE_IMAGE = "enable_apex_image";
314 // Location of the JIT Zygote image.
315 static const char* kJitZygoteImage =
316     "boot.art:/nonx/boot-framework.art!/system/etc/boot-image.prof";
317 
318 // Phenotype property name for enabling profiling the boot class path.
319 static const char* PROFILE_BOOT_CLASS_PATH = "profilebootclasspath";
320 
IsBootClassPathProfilingEnable()321 static bool IsBootClassPathProfilingEnable() {
322     std::string profile_boot_class_path = GetProperty("dalvik.vm.profilebootclasspath", "");
323     profile_boot_class_path =
324         server_configurable_flags::GetServerConfigurableFlag(
325             RUNTIME_NATIVE_BOOT_NAMESPACE,
326             PROFILE_BOOT_CLASS_PATH,
327             /*default_value=*/ profile_boot_class_path);
328     return profile_boot_class_path == "true";
329 }
330 
331 class RunDex2Oat : public ExecVHelper {
332   public:
RunDex2Oat(int zip_fd,int oat_fd,int input_vdex_fd,int output_vdex_fd,int image_fd,const char * input_file_name,const char * output_file_name,int swap_fd,const char * instruction_set,const char * compiler_filter,bool debuggable,bool post_bootcomplete,bool for_restore,bool background_job_compile,int profile_fd,const char * class_loader_context,const std::string & class_loader_context_fds,int target_sdk_version,bool enable_hidden_api_checks,bool generate_compact_dex,int dex_metadata_fd,const char * compilation_reason)333     RunDex2Oat(int zip_fd,
334                int oat_fd,
335                int input_vdex_fd,
336                int output_vdex_fd,
337                int image_fd,
338                const char* input_file_name,
339                const char* output_file_name,
340                int swap_fd,
341                const char* instruction_set,
342                const char* compiler_filter,
343                bool debuggable,
344                bool post_bootcomplete,
345                bool for_restore,
346                bool background_job_compile,
347                int profile_fd,
348                const char* class_loader_context,
349                const std::string& class_loader_context_fds,
350                int target_sdk_version,
351                bool enable_hidden_api_checks,
352                bool generate_compact_dex,
353                int dex_metadata_fd,
354                const char* compilation_reason) {
355         // Get the relative path to the input file.
356         const char* relative_input_file_name = get_location_from_path(input_file_name);
357 
358         std::string dex2oat_Xms_arg = MapPropertyToArg("dalvik.vm.dex2oat-Xms", "-Xms%s");
359         std::string dex2oat_Xmx_arg = MapPropertyToArg("dalvik.vm.dex2oat-Xmx", "-Xmx%s");
360 
361         std::string threads_format = "-j%s";
362         std::string dex2oat_threads_arg = post_bootcomplete
363                 ? (for_restore
364                     ? MapPropertyToArgWithBackup(
365                             "dalvik.vm.restore-dex2oat-threads",
366                             "dalvik.vm.dex2oat-threads",
367                             threads_format)
368                     : MapPropertyToArg("dalvik.vm.dex2oat-threads", threads_format))
369                 : MapPropertyToArg("dalvik.vm.boot-dex2oat-threads", threads_format);
370         std::string cpu_set_format = "--cpu-set=%s";
371         std::string dex2oat_cpu_set_arg = post_bootcomplete
372                 ? (for_restore
373                     ? MapPropertyToArgWithBackup(
374                             "dalvik.vm.restore-dex2oat-cpu-set",
375                             "dalvik.vm.dex2oat-cpu-set",
376                             cpu_set_format)
377                     : MapPropertyToArg("dalvik.vm.dex2oat-cpu-set", cpu_set_format))
378                 : MapPropertyToArg("dalvik.vm.boot-dex2oat-cpu-set", cpu_set_format);
379 
380         std::string bootclasspath;
381         char* dex2oat_bootclasspath = getenv("DEX2OATBOOTCLASSPATH");
382         if (dex2oat_bootclasspath != nullptr) {
383             bootclasspath = StringPrintf("-Xbootclasspath:%s", dex2oat_bootclasspath);
384         }
385         // If DEX2OATBOOTCLASSPATH is not in the environment, dex2oat is going to query
386         // BOOTCLASSPATH.
387 
388         const std::string dex2oat_isa_features_key =
389                 StringPrintf("dalvik.vm.isa.%s.features", instruction_set);
390         std::string instruction_set_features_arg =
391             MapPropertyToArg(dex2oat_isa_features_key, "--instruction-set-features=%s");
392 
393         const std::string dex2oat_isa_variant_key =
394                 StringPrintf("dalvik.vm.isa.%s.variant", instruction_set);
395         std::string instruction_set_variant_arg =
396             MapPropertyToArg(dex2oat_isa_variant_key, "--instruction-set-variant=%s");
397 
398         const char* dex2oat_norelocation = "-Xnorelocate";
399 
400         const std::string dex2oat_flags = GetProperty("dalvik.vm.dex2oat-flags", "");
401         std::vector<std::string> dex2oat_flags_args = SplitBySpaces(dex2oat_flags);
402         ALOGV("dalvik.vm.dex2oat-flags=%s\n", dex2oat_flags.c_str());
403 
404         // If we are booting without the real /data, don't spend time compiling.
405         std::string vold_decrypt = GetProperty("vold.decrypt", "");
406         bool skip_compilation = vold_decrypt == "trigger_restart_min_framework" ||
407                                 vold_decrypt == "1";
408 
409         std::string updatable_bcp_packages =
410             MapPropertyToArg("dalvik.vm.dex2oat-updatable-bcp-packages-file",
411                              "--updatable-bcp-packages-file=%s");
412         if (updatable_bcp_packages.empty()) {
413           // Make dex2oat fail by providing non-existent file name.
414           updatable_bcp_packages = "--updatable-bcp-packages-file=/nonx/updatable-bcp-packages.txt";
415         }
416 
417         std::string resolve_startup_string_arg =
418                 MapPropertyToArg("persist.device_config.runtime.dex2oat_resolve_startup_strings",
419                                  "--resolve-startup-const-strings=%s");
420         if (resolve_startup_string_arg.empty()) {
421           // If empty, fall back to system property.
422           resolve_startup_string_arg =
423                 MapPropertyToArg("dalvik.vm.dex2oat-resolve-startup-strings",
424                                  "--resolve-startup-const-strings=%s");
425         }
426 
427         const std::string image_block_size_arg =
428                 MapPropertyToArg("dalvik.vm.dex2oat-max-image-block-size",
429                                  "--max-image-block-size=%s");
430 
431         const bool generate_debug_info = GetBoolProperty("debug.generate-debug-info", false);
432 
433         std::string image_format_arg;
434         if (image_fd >= 0) {
435             image_format_arg = MapPropertyToArg("dalvik.vm.appimageformat", "--image-format=%s");
436         }
437 
438         std::string dex2oat_large_app_threshold_arg =
439             MapPropertyToArg("dalvik.vm.dex2oat-very-large", "--very-large-app-threshold=%s");
440 
441 
442 
443         // Decide whether to use dex2oat64.
444         bool use_dex2oat64 = false;
445         // Check whether the device even supports 64-bit ABIs.
446         if (!GetProperty("ro.product.cpu.abilist64", "").empty()) {
447           use_dex2oat64 = GetBoolProperty("dalvik.vm.dex2oat64.enabled", false);
448         }
449         const char* dex2oat_bin = select_execution_binary(
450             (use_dex2oat64 ? kDex2oat64Path : kDex2oat32Path),
451             (use_dex2oat64 ? kDex2oatDebug64Path : kDex2oatDebug32Path),
452             background_job_compile);
453 
454         bool generate_minidebug_info = kEnableMinidebugInfo &&
455                 GetBoolProperty(kMinidebugInfoSystemProperty, kMinidebugInfoSystemPropertyDefault);
456 
457         std::string boot_image;
458         std::string use_jitzygote_image =
459             server_configurable_flags::GetServerConfigurableFlag(RUNTIME_NATIVE_BOOT_NAMESPACE,
460                                                                  ENABLE_JITZYGOTE_IMAGE,
461                                                                  /*default_value=*/ "");
462 
463         if (use_jitzygote_image == "true" || IsBootClassPathProfilingEnable()) {
464           boot_image = StringPrintf("--boot-image=%s", kJitZygoteImage);
465         } else {
466           boot_image = MapPropertyToArg("dalvik.vm.boot-image", "--boot-image=%s");
467         }
468 
469         // clang FORTIFY doesn't let us use strlen in constant array bounds, so we
470         // use arraysize instead.
471         std::string zip_fd_arg = StringPrintf("--zip-fd=%d", zip_fd);
472         std::string zip_location_arg = StringPrintf("--zip-location=%s", relative_input_file_name);
473         std::string input_vdex_fd_arg = StringPrintf("--input-vdex-fd=%d", input_vdex_fd);
474         std::string output_vdex_fd_arg = StringPrintf("--output-vdex-fd=%d", output_vdex_fd);
475         std::string oat_fd_arg = StringPrintf("--oat-fd=%d", oat_fd);
476         std::string oat_location_arg = StringPrintf("--oat-location=%s", output_file_name);
477         std::string instruction_set_arg = StringPrintf("--instruction-set=%s", instruction_set);
478         std::string dex2oat_compiler_filter_arg;
479         std::string dex2oat_swap_fd;
480         std::string dex2oat_image_fd;
481         std::string target_sdk_version_arg;
482         if (target_sdk_version != 0) {
483             target_sdk_version_arg = StringPrintf("-Xtarget-sdk-version:%d", target_sdk_version);
484         }
485         std::string class_loader_context_arg;
486         std::string class_loader_context_fds_arg;
487         if (class_loader_context != nullptr) {
488             class_loader_context_arg = StringPrintf("--class-loader-context=%s",
489                                                     class_loader_context);
490             if (!class_loader_context_fds.empty()) {
491                 class_loader_context_fds_arg = StringPrintf("--class-loader-context-fds=%s",
492                                                             class_loader_context_fds.c_str());
493             }
494         }
495 
496         if (swap_fd >= 0) {
497             dex2oat_swap_fd = StringPrintf("--swap-fd=%d", swap_fd);
498         }
499         if (image_fd >= 0) {
500             dex2oat_image_fd = StringPrintf("--app-image-fd=%d", image_fd);
501         }
502 
503         // Compute compiler filter.
504         bool have_dex2oat_relocation_skip_flag = false;
505         if (skip_compilation) {
506             dex2oat_compiler_filter_arg = "--compiler-filter=extract";
507             have_dex2oat_relocation_skip_flag = true;
508         } else if (compiler_filter != nullptr) {
509             dex2oat_compiler_filter_arg = StringPrintf("--compiler-filter=%s", compiler_filter);
510         }
511 
512         if (dex2oat_compiler_filter_arg.empty()) {
513             dex2oat_compiler_filter_arg = MapPropertyToArg("dalvik.vm.dex2oat-filter",
514                                                            "--compiler-filter=%s");
515         }
516 
517         // Check whether all apps should be compiled debuggable.
518         if (!debuggable) {
519             debuggable = GetProperty("dalvik.vm.always_debuggable", "") == "1";
520         }
521         std::string profile_arg;
522         if (profile_fd != -1) {
523             profile_arg = StringPrintf("--profile-file-fd=%d", profile_fd);
524         }
525 
526         // Get the directory of the apk to pass as a base classpath directory.
527         std::string base_dir;
528         std::string apk_dir(input_file_name);
529         unsigned long dir_index = apk_dir.rfind('/');
530         bool has_base_dir = dir_index != std::string::npos;
531         if (has_base_dir) {
532             apk_dir = apk_dir.substr(0, dir_index);
533             base_dir = StringPrintf("--classpath-dir=%s", apk_dir.c_str());
534         }
535 
536         std::string dex_metadata_fd_arg = "--dm-fd=" + std::to_string(dex_metadata_fd);
537 
538         std::string compilation_reason_arg = compilation_reason == nullptr
539                 ? ""
540                 : std::string("--compilation-reason=") + compilation_reason;
541 
542         ALOGV("Running %s in=%s out=%s\n", dex2oat_bin, relative_input_file_name, output_file_name);
543 
544         // Disable cdex if update input vdex is true since this combination of options is not
545         // supported.
546         const bool disable_cdex = !generate_compact_dex || (input_vdex_fd == output_vdex_fd);
547 
548         AddArg(zip_fd_arg);
549         AddArg(zip_location_arg);
550         AddArg(input_vdex_fd_arg);
551         AddArg(output_vdex_fd_arg);
552         AddArg(oat_fd_arg);
553         AddArg(oat_location_arg);
554         AddArg(instruction_set_arg);
555 
556         AddArg(instruction_set_variant_arg);
557         AddArg(instruction_set_features_arg);
558 
559         AddArg(boot_image);
560 
561         AddRuntimeArg(bootclasspath);
562         AddRuntimeArg(dex2oat_Xms_arg);
563         AddRuntimeArg(dex2oat_Xmx_arg);
564 
565         AddArg(updatable_bcp_packages);
566         AddArg(resolve_startup_string_arg);
567         AddArg(image_block_size_arg);
568         AddArg(dex2oat_compiler_filter_arg);
569         AddArg(dex2oat_threads_arg);
570         AddArg(dex2oat_cpu_set_arg);
571         AddArg(dex2oat_swap_fd);
572         AddArg(dex2oat_image_fd);
573 
574         if (generate_debug_info) {
575             AddArg("--generate-debug-info");
576         }
577         if (debuggable) {
578             AddArg("--debuggable");
579         }
580         AddArg(image_format_arg);
581         AddArg(dex2oat_large_app_threshold_arg);
582 
583         if (have_dex2oat_relocation_skip_flag) {
584             AddRuntimeArg(dex2oat_norelocation);
585         }
586         AddArg(profile_arg);
587         AddArg(base_dir);
588         AddArg(class_loader_context_arg);
589         AddArg(class_loader_context_fds_arg);
590         if (generate_minidebug_info) {
591             AddArg(kMinidebugDex2oatFlag);
592         }
593         if (disable_cdex) {
594             AddArg(kDisableCompactDexFlag);
595         }
596         AddRuntimeArg(target_sdk_version_arg);
597         if (enable_hidden_api_checks) {
598             AddRuntimeArg("-Xhidden-api-policy:enabled");
599         }
600 
601         if (dex_metadata_fd > -1) {
602             AddArg(dex_metadata_fd_arg);
603         }
604 
605         AddArg(compilation_reason_arg);
606 
607         // Do not add args after dex2oat_flags, they should override others for debugging.
608         args_.insert(args_.end(), dex2oat_flags_args.begin(), dex2oat_flags_args.end());
609 
610         PrepareArgs(dex2oat_bin);
611     }
612 };
613 
614 /*
615  * Whether dexopt should use a swap file when compiling an APK.
616  *
617  * If kAlwaysProvideSwapFile, do this on all devices (dex2oat will make a more informed decision
618  * itself, anyways).
619  *
620  * Otherwise, read "dalvik.vm.dex2oat-swap". If the property exists, return whether it is "true".
621  *
622  * Otherwise, return true if this is a low-mem device.
623  *
624  * Otherwise, return default value.
625  */
626 static bool kAlwaysProvideSwapFile = false;
627 static bool kDefaultProvideSwapFile = true;
628 
ShouldUseSwapFileForDexopt()629 static bool ShouldUseSwapFileForDexopt() {
630     if (kAlwaysProvideSwapFile) {
631         return true;
632     }
633 
634     // Check the "override" property. If it exists, return value == "true".
635     std::string dex2oat_prop_buf = GetProperty("dalvik.vm.dex2oat-swap", "");
636     if (!dex2oat_prop_buf.empty()) {
637         return dex2oat_prop_buf == "true";
638     }
639 
640     // Shortcut for default value. This is an implementation optimization for the process sketched
641     // above. If the default value is true, we can avoid to check whether this is a low-mem device,
642     // as low-mem is never returning false. The compiler will optimize this away if it can.
643     if (kDefaultProvideSwapFile) {
644         return true;
645     }
646 
647     if (GetBoolProperty("ro.config.low_ram", false)) {
648         return true;
649     }
650 
651     // Default value must be false here.
652     return kDefaultProvideSwapFile;
653 }
654 
SetDex2OatScheduling(bool set_to_bg)655 static void SetDex2OatScheduling(bool set_to_bg) {
656     if (set_to_bg) {
657         if (set_sched_policy(0, SP_BACKGROUND) < 0) {
658             PLOG(ERROR) << "set_sched_policy failed";
659             exit(DexoptReturnCodes::kSetSchedPolicy);
660         }
661         if (setpriority(PRIO_PROCESS, 0, ANDROID_PRIORITY_BACKGROUND) < 0) {
662             PLOG(ERROR) << "setpriority failed";
663             exit(DexoptReturnCodes::kSetPriority);
664         }
665     }
666 }
667 
create_profile(uid_t uid,const std::string & profile,int32_t flags)668 static unique_fd create_profile(uid_t uid, const std::string& profile, int32_t flags) {
669     unique_fd fd(TEMP_FAILURE_RETRY(open(profile.c_str(), flags, 0600)));
670     if (fd.get() < 0) {
671         if (errno != EEXIST) {
672             PLOG(ERROR) << "Failed to create profile " << profile;
673             return invalid_unique_fd();
674         }
675     }
676     // Profiles should belong to the app; make sure of that by giving ownership to
677     // the app uid. If we cannot do that, there's no point in returning the fd
678     // since dex2oat/profman will fail with SElinux denials.
679     if (fchown(fd.get(), uid, uid) < 0) {
680         PLOG(ERROR) << "Could not chown profile " << profile;
681         return invalid_unique_fd();
682     }
683     return fd;
684 }
685 
open_profile(uid_t uid,const std::string & profile,int32_t flags)686 static unique_fd open_profile(uid_t uid, const std::string& profile, int32_t flags) {
687     // Do not follow symlinks when opening a profile:
688     //   - primary profiles should not contain symlinks in their paths
689     //   - secondary dex paths should have been already resolved and validated
690     flags |= O_NOFOLLOW;
691 
692     // Check if we need to create the profile
693     // Reference profiles and snapshots are created on the fly; so they might not exist beforehand.
694     unique_fd fd;
695     if ((flags & O_CREAT) != 0) {
696         fd = create_profile(uid, profile, flags);
697     } else {
698         fd.reset(TEMP_FAILURE_RETRY(open(profile.c_str(), flags)));
699     }
700 
701     if (fd.get() < 0) {
702         if (errno != ENOENT) {
703             // Profiles might be missing for various reasons. For example, in a
704             // multi-user environment, the profile directory for one user can be created
705             // after we start a merge. In this case the current profile for that user
706             // will not be found.
707             // Also, the secondary dex profiles might be deleted by the app at any time,
708             // so we can't we need to prepare if they are missing.
709             PLOG(ERROR) << "Failed to open profile " << profile;
710         }
711         return invalid_unique_fd();
712     }
713 
714     return fd;
715 }
716 
open_current_profile(uid_t uid,userid_t user,const std::string & package_name,const std::string & location,bool is_secondary_dex)717 static unique_fd open_current_profile(uid_t uid, userid_t user, const std::string& package_name,
718         const std::string& location, bool is_secondary_dex) {
719     std::string profile = create_current_profile_path(user, package_name, location,
720             is_secondary_dex);
721     return open_profile(uid, profile, O_RDONLY);
722 }
723 
open_reference_profile(uid_t uid,const std::string & package_name,const std::string & location,bool read_write,bool is_secondary_dex)724 static unique_fd open_reference_profile(uid_t uid, const std::string& package_name,
725         const std::string& location, bool read_write, bool is_secondary_dex) {
726     std::string profile = create_reference_profile_path(package_name, location, is_secondary_dex);
727     return open_profile(uid, profile, read_write ? (O_CREAT | O_RDWR) : O_RDONLY);
728 }
729 
open_spnashot_profile(uid_t uid,const std::string & package_name,const std::string & location)730 static unique_fd open_spnashot_profile(uid_t uid, const std::string& package_name,
731         const std::string& location) {
732     std::string profile = create_snapshot_profile_path(package_name, location);
733     return open_profile(uid, profile, O_CREAT | O_RDWR | O_TRUNC);
734 }
735 
open_profile_files(uid_t uid,const std::string & package_name,const std::string & location,bool is_secondary_dex,std::vector<unique_fd> * profiles_fd,unique_fd * reference_profile_fd)736 static void open_profile_files(uid_t uid, const std::string& package_name,
737             const std::string& location, bool is_secondary_dex,
738             /*out*/ std::vector<unique_fd>* profiles_fd, /*out*/ unique_fd* reference_profile_fd) {
739     // Open the reference profile in read-write mode as profman might need to save the merge.
740     *reference_profile_fd = open_reference_profile(uid, package_name, location,
741             /*read_write*/ true, is_secondary_dex);
742 
743     // For secondary dex files, we don't really need the user but we use it for sanity checks.
744     // Note: the user owning the dex file should be the current user.
745     std::vector<userid_t> users;
746     if (is_secondary_dex){
747         users.push_back(multiuser_get_user_id(uid));
748     } else {
749         users = get_known_users(/*volume_uuid*/ nullptr);
750     }
751     for (auto user : users) {
752         unique_fd profile_fd = open_current_profile(uid, user, package_name, location,
753                 is_secondary_dex);
754         // Add to the lists only if both fds are valid.
755         if (profile_fd.get() >= 0) {
756             profiles_fd->push_back(std::move(profile_fd));
757         }
758     }
759 }
760 
761 static constexpr int PROFMAN_BIN_RETURN_CODE_SUCCESS = 0;
762 static constexpr int PROFMAN_BIN_RETURN_CODE_COMPILE = 1;
763 static constexpr int PROFMAN_BIN_RETURN_CODE_SKIP_COMPILATION = 2;
764 static constexpr int PROFMAN_BIN_RETURN_CODE_BAD_PROFILES = 3;
765 static constexpr int PROFMAN_BIN_RETURN_CODE_ERROR_IO = 4;
766 static constexpr int PROFMAN_BIN_RETURN_CODE_ERROR_LOCKING = 5;
767 static constexpr int PROFMAN_BIN_RETURN_CODE_ERROR_DIFFERENT_VERSIONS = 6;
768 
769 class RunProfman : public ExecVHelper {
770   public:
SetupArgs(const std::vector<unique_fd> & profile_fds,const unique_fd & reference_profile_fd,const std::vector<unique_fd> & apk_fds,const std::vector<std::string> & dex_locations,bool copy_and_update,bool for_snapshot,bool for_boot_image)771    void SetupArgs(const std::vector<unique_fd>& profile_fds,
772                   const unique_fd& reference_profile_fd,
773                   const std::vector<unique_fd>& apk_fds,
774                   const std::vector<std::string>& dex_locations,
775                   bool copy_and_update,
776                   bool for_snapshot,
777                   bool for_boot_image) {
778 
779         // TODO(calin): Assume for now we run in the bg compile job (which is in
780         // most of the invocation). With the current data flow, is not very easy or
781         // clean to discover this in RunProfman (it will require quite a messy refactoring).
782         const char* profman_bin = select_execution_binary(
783             kProfmanPath, kProfmanDebugPath, /*background_job_compile=*/ true);
784 
785         if (copy_and_update) {
786             CHECK_EQ(1u, profile_fds.size());
787             CHECK_EQ(1u, apk_fds.size());
788         }
789         if (reference_profile_fd != -1) {
790             AddArg("--reference-profile-file-fd=" + std::to_string(reference_profile_fd.get()));
791         }
792 
793         for (const unique_fd& fd : profile_fds) {
794             AddArg("--profile-file-fd=" + std::to_string(fd.get()));
795         }
796 
797         for (const unique_fd& fd : apk_fds) {
798             AddArg("--apk-fd=" + std::to_string(fd.get()));
799         }
800 
801         for (const std::string& dex_location : dex_locations) {
802             AddArg("--dex-location=" + dex_location);
803         }
804 
805         if (copy_and_update) {
806             AddArg("--copy-and-update-profile-key");
807         }
808 
809         if (for_snapshot) {
810             AddArg("--force-merge");
811         }
812 
813         if (for_boot_image) {
814             AddArg("--boot-image-merge");
815         }
816 
817         // Do not add after dex2oat_flags, they should override others for debugging.
818         PrepareArgs(profman_bin);
819     }
820 
SetupMerge(const std::vector<unique_fd> & profiles_fd,const unique_fd & reference_profile_fd,const std::vector<unique_fd> & apk_fds=std::vector<unique_fd> (),const std::vector<std::string> & dex_locations=std::vector<std::string> (),bool for_snapshot=false,bool for_boot_image=false)821     void SetupMerge(const std::vector<unique_fd>& profiles_fd,
822                     const unique_fd& reference_profile_fd,
823                     const std::vector<unique_fd>& apk_fds = std::vector<unique_fd>(),
824                     const std::vector<std::string>& dex_locations = std::vector<std::string>(),
825                     bool for_snapshot = false,
826                     bool for_boot_image = false) {
827         SetupArgs(profiles_fd,
828                   reference_profile_fd,
829                   apk_fds,
830                   dex_locations,
831                   /*copy_and_update=*/ false,
832                   for_snapshot,
833                   for_boot_image);
834     }
835 
SetupCopyAndUpdate(unique_fd && profile_fd,unique_fd && reference_profile_fd,unique_fd && apk_fd,const std::string & dex_location)836     void SetupCopyAndUpdate(unique_fd&& profile_fd,
837                             unique_fd&& reference_profile_fd,
838                             unique_fd&& apk_fd,
839                             const std::string& dex_location) {
840         // The fds need to stay open longer than the scope of the function, so put them into a local
841         // variable vector.
842         profiles_fd_.push_back(std::move(profile_fd));
843         apk_fds_.push_back(std::move(apk_fd));
844         reference_profile_fd_ = std::move(reference_profile_fd);
845         std::vector<std::string> dex_locations = {dex_location};
846         SetupArgs(profiles_fd_,
847                   reference_profile_fd_,
848                   apk_fds_,
849                   dex_locations,
850                   /*copy_and_update=*/true,
851                   /*for_snapshot*/false,
852                   /*for_boot_image*/false);
853     }
854 
SetupDump(const std::vector<unique_fd> & profiles_fd,const unique_fd & reference_profile_fd,const std::vector<std::string> & dex_locations,const std::vector<unique_fd> & apk_fds,const unique_fd & output_fd)855     void SetupDump(const std::vector<unique_fd>& profiles_fd,
856                    const unique_fd& reference_profile_fd,
857                    const std::vector<std::string>& dex_locations,
858                    const std::vector<unique_fd>& apk_fds,
859                    const unique_fd& output_fd) {
860         AddArg("--dump-only");
861         AddArg(StringPrintf("--dump-output-to-fd=%d", output_fd.get()));
862         SetupArgs(profiles_fd,
863                   reference_profile_fd,
864                   apk_fds,
865                   dex_locations,
866                   /*copy_and_update=*/false,
867                   /*for_snapshot*/false,
868                   /*for_boot_image*/false);
869     }
870 
Exec()871     void Exec() {
872         ExecVHelper::Exec(DexoptReturnCodes::kProfmanExec);
873     }
874 
875   private:
876     unique_fd reference_profile_fd_;
877     std::vector<unique_fd> profiles_fd_;
878     std::vector<unique_fd> apk_fds_;
879 };
880 
881 
882 
883 // Decides if profile guided compilation is needed or not based on existing profiles.
884 // The location is the package name for primary apks or the dex path for secondary dex files.
885 // Returns true if there is enough information in the current profiles that makes it
886 // worth to recompile the given location.
887 // If the return value is true all the current profiles would have been merged into
888 // the reference profiles accessible with open_reference_profile().
analyze_profiles(uid_t uid,const std::string & package_name,const std::string & location,bool is_secondary_dex)889 static bool analyze_profiles(uid_t uid, const std::string& package_name,
890         const std::string& location, bool is_secondary_dex) {
891     std::vector<unique_fd> profiles_fd;
892     unique_fd reference_profile_fd;
893     open_profile_files(uid, package_name, location, is_secondary_dex,
894         &profiles_fd, &reference_profile_fd);
895     if (profiles_fd.empty() || (reference_profile_fd.get() < 0)) {
896         // Skip profile guided compilation because no profiles were found.
897         // Or if the reference profile info couldn't be opened.
898         return false;
899     }
900 
901     RunProfman profman_merge;
902     const std::vector<unique_fd>& apk_fds = std::vector<unique_fd>();
903     const std::vector<std::string>& dex_locations = std::vector<std::string>();
904     profman_merge.SetupMerge(
905             profiles_fd,
906             reference_profile_fd,
907             apk_fds,
908             dex_locations,
909             /* for_snapshot= */ false,
910             IsBootClassPathProfilingEnable());
911     pid_t pid = fork();
912     if (pid == 0) {
913         /* child -- drop privileges before continuing */
914         drop_capabilities(uid);
915         profman_merge.Exec();
916     }
917     /* parent */
918     int return_code = wait_child(pid);
919     bool need_to_compile = false;
920     bool should_clear_current_profiles = false;
921     bool should_clear_reference_profile = false;
922     if (!WIFEXITED(return_code)) {
923         LOG(WARNING) << "profman failed for location " << location << ": " << return_code;
924     } else {
925         return_code = WEXITSTATUS(return_code);
926         switch (return_code) {
927             case PROFMAN_BIN_RETURN_CODE_COMPILE:
928                 need_to_compile = true;
929                 should_clear_current_profiles = true;
930                 should_clear_reference_profile = false;
931                 break;
932             case PROFMAN_BIN_RETURN_CODE_SKIP_COMPILATION:
933                 need_to_compile = false;
934                 should_clear_current_profiles = false;
935                 should_clear_reference_profile = false;
936                 break;
937             case PROFMAN_BIN_RETURN_CODE_BAD_PROFILES:
938                 LOG(WARNING) << "Bad profiles for location " << location;
939                 need_to_compile = false;
940                 should_clear_current_profiles = true;
941                 should_clear_reference_profile = true;
942                 break;
943             case PROFMAN_BIN_RETURN_CODE_ERROR_IO:  // fall-through
944             case PROFMAN_BIN_RETURN_CODE_ERROR_LOCKING:
945                 // Temporary IO problem (e.g. locking). Ignore but log a warning.
946                 LOG(WARNING) << "IO error while reading profiles for location " << location;
947                 need_to_compile = false;
948                 should_clear_current_profiles = false;
949                 should_clear_reference_profile = false;
950                 break;
951             case PROFMAN_BIN_RETURN_CODE_ERROR_DIFFERENT_VERSIONS:
952                 need_to_compile = false;
953                 should_clear_current_profiles = true;
954                 should_clear_reference_profile = true;
955                 break;
956            default:
957                 // Unknown return code or error. Unlink profiles.
958                 LOG(WARNING) << "Unexpected error code while processing profiles for location "
959                         << location << ": " << return_code;
960                 need_to_compile = false;
961                 should_clear_current_profiles = true;
962                 should_clear_reference_profile = true;
963                 break;
964         }
965     }
966 
967     if (should_clear_current_profiles) {
968         if (is_secondary_dex) {
969             // For secondary dex files, the owning user is the current user.
970             clear_current_profile(package_name, location, multiuser_get_user_id(uid),
971                     is_secondary_dex);
972         } else  {
973             clear_primary_current_profiles(package_name, location);
974         }
975     }
976     if (should_clear_reference_profile) {
977         clear_reference_profile(package_name, location, is_secondary_dex);
978     }
979     return need_to_compile;
980 }
981 
982 // Decides if profile guided compilation is needed or not based on existing profiles.
983 // The analysis is done for the primary apks of the given package.
984 // Returns true if there is enough information in the current profiles that makes it
985 // worth to recompile the package.
986 // If the return value is true all the current profiles would have been merged into
987 // the reference profiles accessible with open_reference_profile().
analyze_primary_profiles(uid_t uid,const std::string & package_name,const std::string & profile_name)988 bool analyze_primary_profiles(uid_t uid, const std::string& package_name,
989         const std::string& profile_name) {
990     return analyze_profiles(uid, package_name, profile_name, /*is_secondary_dex*/false);
991 }
992 
dump_profiles(int32_t uid,const std::string & pkgname,const std::string & profile_name,const std::string & code_path)993 bool dump_profiles(int32_t uid, const std::string& pkgname, const std::string& profile_name,
994         const std::string& code_path) {
995     std::vector<unique_fd> profile_fds;
996     unique_fd reference_profile_fd;
997     std::string out_file_name = StringPrintf("/data/misc/profman/%s-%s.txt",
998         pkgname.c_str(), profile_name.c_str());
999 
1000     open_profile_files(uid, pkgname, profile_name, /*is_secondary_dex*/false,
1001             &profile_fds, &reference_profile_fd);
1002 
1003     const bool has_reference_profile = (reference_profile_fd.get() != -1);
1004     const bool has_profiles = !profile_fds.empty();
1005 
1006     if (!has_reference_profile && !has_profiles) {
1007         LOG(ERROR)  << "profman dump: no profiles to dump for " << pkgname;
1008         return false;
1009     }
1010 
1011     unique_fd output_fd(open(out_file_name.c_str(),
1012             O_WRONLY | O_CREAT | O_TRUNC | O_NOFOLLOW, 0644));
1013     if (fchmod(output_fd, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH) < 0) {
1014         LOG(ERROR) << "installd cannot chmod file for dump_profile" << out_file_name;
1015         return false;
1016     }
1017 
1018     std::vector<std::string> dex_locations;
1019     std::vector<unique_fd> apk_fds;
1020     unique_fd apk_fd(open(code_path.c_str(), O_RDONLY | O_NOFOLLOW));
1021     if (apk_fd == -1) {
1022         PLOG(ERROR) << "installd cannot open " << code_path.c_str();
1023         return false;
1024     }
1025     dex_locations.push_back(get_location_from_path(code_path.c_str()));
1026     apk_fds.push_back(std::move(apk_fd));
1027 
1028 
1029     RunProfman profman_dump;
1030     profman_dump.SetupDump(profile_fds, reference_profile_fd, dex_locations, apk_fds, output_fd);
1031     pid_t pid = fork();
1032     if (pid == 0) {
1033         /* child -- drop privileges before continuing */
1034         drop_capabilities(uid);
1035         profman_dump.Exec();
1036     }
1037     /* parent */
1038     int return_code = wait_child(pid);
1039     if (!WIFEXITED(return_code)) {
1040         LOG(WARNING) << "profman failed for package " << pkgname << ": "
1041                 << return_code;
1042         return false;
1043     }
1044     return true;
1045 }
1046 
copy_system_profile(const std::string & system_profile,uid_t packageUid,const std::string & package_name,const std::string & profile_name)1047 bool copy_system_profile(const std::string& system_profile,
1048         uid_t packageUid, const std::string& package_name, const std::string& profile_name) {
1049     unique_fd in_fd(open(system_profile.c_str(), O_RDONLY | O_NOFOLLOW | O_CLOEXEC));
1050     unique_fd out_fd(open_reference_profile(packageUid,
1051                      package_name,
1052                      profile_name,
1053                      /*read_write*/ true,
1054                      /*secondary*/ false));
1055     if (in_fd.get() < 0) {
1056         PLOG(WARNING) << "Could not open profile " << system_profile;
1057         return false;
1058     }
1059     if (out_fd.get() < 0) {
1060         PLOG(WARNING) << "Could not open profile " << package_name;
1061         return false;
1062     }
1063 
1064     // As a security measure we want to write the profile information with the reduced capabilities
1065     // of the package user id. So we fork and drop capabilities in the child.
1066     pid_t pid = fork();
1067     if (pid == 0) {
1068         /* child -- drop privileges before continuing */
1069         drop_capabilities(packageUid);
1070 
1071         if (flock(out_fd.get(), LOCK_EX | LOCK_NB) != 0) {
1072             if (errno != EWOULDBLOCK) {
1073                 PLOG(WARNING) << "Error locking profile " << package_name;
1074             }
1075             // This implies that the app owning this profile is running
1076             // (and has acquired the lock).
1077             //
1078             // The app never acquires the lock for the reference profiles of primary apks.
1079             // Only dex2oat from installd will do that. Since installd is single threaded
1080             // we should not see this case. Nevertheless be prepared for it.
1081             PLOG(WARNING) << "Failed to flock " << package_name;
1082             return false;
1083         }
1084 
1085         bool truncated = ftruncate(out_fd.get(), 0) == 0;
1086         if (!truncated) {
1087             PLOG(WARNING) << "Could not truncate " << package_name;
1088         }
1089 
1090         // Copy over data.
1091         static constexpr size_t kBufferSize = 4 * 1024;
1092         char buffer[kBufferSize];
1093         while (true) {
1094             ssize_t bytes = read(in_fd.get(), buffer, kBufferSize);
1095             if (bytes == 0) {
1096                 break;
1097             }
1098             write(out_fd.get(), buffer, bytes);
1099         }
1100         if (flock(out_fd.get(), LOCK_UN) != 0) {
1101             PLOG(WARNING) << "Error unlocking profile " << package_name;
1102         }
1103         // Use _exit since we don't want to run the global destructors in the child.
1104         // b/62597429
1105         _exit(0);
1106     }
1107     /* parent */
1108     int return_code = wait_child(pid);
1109     return return_code == 0;
1110 }
1111 
replace_file_extension(const std::string & oat_path,const std::string & new_ext)1112 static std::string replace_file_extension(const std::string& oat_path, const std::string& new_ext) {
1113   // A standard dalvik-cache entry. Replace ".dex" with `new_ext`.
1114   if (EndsWith(oat_path, ".dex")) {
1115     std::string new_path = oat_path;
1116     new_path.replace(new_path.length() - strlen(".dex"), strlen(".dex"), new_ext);
1117     CHECK(EndsWith(new_path, new_ext));
1118     return new_path;
1119   }
1120 
1121   // An odex entry. Not that this may not be an extension, e.g., in the OTA
1122   // case (where the base name will have an extension for the B artifact).
1123   size_t odex_pos = oat_path.rfind(".odex");
1124   if (odex_pos != std::string::npos) {
1125     std::string new_path = oat_path;
1126     new_path.replace(odex_pos, strlen(".odex"), new_ext);
1127     CHECK_NE(new_path.find(new_ext), std::string::npos);
1128     return new_path;
1129   }
1130 
1131   // Don't know how to handle this.
1132   return "";
1133 }
1134 
1135 // Translate the given oat path to an art (app image) path. An empty string
1136 // denotes an error.
create_image_filename(const std::string & oat_path)1137 static std::string create_image_filename(const std::string& oat_path) {
1138     return replace_file_extension(oat_path, ".art");
1139 }
1140 
1141 // Translate the given oat path to a vdex path. An empty string denotes an error.
create_vdex_filename(const std::string & oat_path)1142 static std::string create_vdex_filename(const std::string& oat_path) {
1143     return replace_file_extension(oat_path, ".vdex");
1144 }
1145 
open_output_file(const char * file_name,bool recreate,int permissions)1146 static int open_output_file(const char* file_name, bool recreate, int permissions) {
1147     int flags = O_RDWR | O_CREAT;
1148     if (recreate) {
1149         if (unlink(file_name) < 0) {
1150             if (errno != ENOENT) {
1151                 PLOG(ERROR) << "open_output_file: Couldn't unlink " << file_name;
1152             }
1153         }
1154         flags |= O_EXCL;
1155     }
1156     return open(file_name, flags, permissions);
1157 }
1158 
set_permissions_and_ownership(int fd,bool is_public,int uid,const char * path,bool is_secondary_dex)1159 static bool set_permissions_and_ownership(
1160         int fd, bool is_public, int uid, const char* path, bool is_secondary_dex) {
1161     // Primary apks are owned by the system. Secondary dex files are owned by the app.
1162     int owning_uid = is_secondary_dex ? uid : AID_SYSTEM;
1163     if (fchmod(fd,
1164                S_IRUSR|S_IWUSR|S_IRGRP |
1165                (is_public ? S_IROTH : 0)) < 0) {
1166         ALOGE("installd cannot chmod '%s' during dexopt\n", path);
1167         return false;
1168     } else if (fchown(fd, owning_uid, uid) < 0) {
1169         ALOGE("installd cannot chown '%s' during dexopt\n", path);
1170         return false;
1171     }
1172     return true;
1173 }
1174 
IsOutputDalvikCache(const char * oat_dir)1175 static bool IsOutputDalvikCache(const char* oat_dir) {
1176   // InstallerConnection.java (which invokes installd) transforms Java null arguments
1177   // into '!'. Play it safe by handling it both.
1178   // TODO: ensure we never get null.
1179   // TODO: pass a flag instead of inferring if the output is dalvik cache.
1180   return oat_dir == nullptr || oat_dir[0] == '!';
1181 }
1182 
1183 // Best-effort check whether we can fit the the path into our buffers.
1184 // Note: the cache path will require an additional 5 bytes for ".swap", but we'll try to run
1185 // without a swap file, if necessary. Reference profiles file also add an extra ".prof"
1186 // extension to the cache path (5 bytes).
1187 // TODO(calin): move away from char* buffers and PKG_PATH_MAX.
validate_dex_path_size(const std::string & dex_path)1188 static bool validate_dex_path_size(const std::string& dex_path) {
1189     if (dex_path.size() >= (PKG_PATH_MAX - 8)) {
1190         LOG(ERROR) << "dex_path too long: " << dex_path;
1191         return false;
1192     }
1193     return true;
1194 }
1195 
create_oat_out_path(const char * apk_path,const char * instruction_set,const char * oat_dir,bool is_secondary_dex,char * out_oat_path)1196 static bool create_oat_out_path(const char* apk_path, const char* instruction_set,
1197             const char* oat_dir, bool is_secondary_dex, /*out*/ char* out_oat_path) {
1198     if (!validate_dex_path_size(apk_path)) {
1199         return false;
1200     }
1201 
1202     if (!IsOutputDalvikCache(oat_dir)) {
1203         // Oat dirs for secondary dex files are already validated.
1204         if (!is_secondary_dex && validate_apk_path(oat_dir)) {
1205             ALOGE("cannot validate apk path with oat_dir '%s'\n", oat_dir);
1206             return false;
1207         }
1208         if (!calculate_oat_file_path(out_oat_path, oat_dir, apk_path, instruction_set)) {
1209             return false;
1210         }
1211     } else {
1212         if (!create_cache_path(out_oat_path, apk_path, instruction_set)) {
1213             return false;
1214         }
1215     }
1216     return true;
1217 }
1218 
1219 // Helper for fd management. This is similar to a unique_fd in that it closes the file descriptor
1220 // on destruction. It will also run the given cleanup (unless told not to) after closing.
1221 //
1222 // Usage example:
1223 //
1224 //   Dex2oatFileWrapper file(open(...),
1225 //                                                   [name]() {
1226 //                                                       unlink(name.c_str());
1227 //                                                   });
1228 //   // Note: care needs to be taken about name, as it needs to have a lifetime longer than the
1229 //            wrapper if captured as a reference.
1230 //
1231 //   if (file.get() == -1) {
1232 //       // Error opening...
1233 //   }
1234 //
1235 //   ...
1236 //   if (error) {
1237 //       // At this point, when the Dex2oatFileWrapper is destructed, the cleanup function will run
1238 //       // and delete the file (after the fd is closed).
1239 //       return -1;
1240 //   }
1241 //
1242 //   (Success case)
1243 //   file.SetCleanup(false);
1244 //   // At this point, when the Dex2oatFileWrapper is destructed, the cleanup function will not run
1245 //   // (leaving the file around; after the fd is closed).
1246 //
1247 class Dex2oatFileWrapper {
1248  public:
Dex2oatFileWrapper()1249     Dex2oatFileWrapper() : value_(-1), cleanup_(), do_cleanup_(true), auto_close_(true) {
1250     }
1251 
Dex2oatFileWrapper(int value,std::function<void ()> cleanup)1252     Dex2oatFileWrapper(int value, std::function<void ()> cleanup)
1253             : value_(value), cleanup_(cleanup), do_cleanup_(true), auto_close_(true) {}
1254 
Dex2oatFileWrapper(Dex2oatFileWrapper && other)1255     Dex2oatFileWrapper(Dex2oatFileWrapper&& other) {
1256         value_ = other.value_;
1257         cleanup_ = other.cleanup_;
1258         do_cleanup_ = other.do_cleanup_;
1259         auto_close_ = other.auto_close_;
1260         other.release();
1261     }
1262 
operator =(Dex2oatFileWrapper && other)1263     Dex2oatFileWrapper& operator=(Dex2oatFileWrapper&& other) {
1264         value_ = other.value_;
1265         cleanup_ = other.cleanup_;
1266         do_cleanup_ = other.do_cleanup_;
1267         auto_close_ = other.auto_close_;
1268         other.release();
1269         return *this;
1270     }
1271 
~Dex2oatFileWrapper()1272     ~Dex2oatFileWrapper() {
1273         reset(-1);
1274     }
1275 
get()1276     int get() {
1277         return value_;
1278     }
1279 
SetCleanup(bool cleanup)1280     void SetCleanup(bool cleanup) {
1281         do_cleanup_ = cleanup;
1282     }
1283 
reset(int new_value)1284     void reset(int new_value) {
1285         if (auto_close_ && value_ >= 0) {
1286             close(value_);
1287         }
1288         if (do_cleanup_ && cleanup_ != nullptr) {
1289             cleanup_();
1290         }
1291 
1292         value_ = new_value;
1293     }
1294 
reset(int new_value,std::function<void ()> new_cleanup)1295     void reset(int new_value, std::function<void ()> new_cleanup) {
1296         if (auto_close_ && value_ >= 0) {
1297             close(value_);
1298         }
1299         if (do_cleanup_ && cleanup_ != nullptr) {
1300             cleanup_();
1301         }
1302 
1303         value_ = new_value;
1304         cleanup_ = new_cleanup;
1305     }
1306 
DisableAutoClose()1307     void DisableAutoClose() {
1308         auto_close_ = false;
1309     }
1310 
1311  private:
release()1312     void release() {
1313         value_ = -1;
1314         do_cleanup_ = false;
1315         cleanup_ = nullptr;
1316     }
1317     int value_;
1318     std::function<void ()> cleanup_;
1319     bool do_cleanup_;
1320     bool auto_close_;
1321 };
1322 
1323 // (re)Creates the app image if needed.
maybe_open_app_image(const char * out_oat_path,bool generate_app_image,bool is_public,int uid,bool is_secondary_dex)1324 Dex2oatFileWrapper maybe_open_app_image(const char* out_oat_path,
1325         bool generate_app_image, bool is_public, int uid, bool is_secondary_dex) {
1326 
1327     const std::string image_path = create_image_filename(out_oat_path);
1328     if (image_path.empty()) {
1329         // Happens when the out_oat_path has an unknown extension.
1330         return Dex2oatFileWrapper();
1331     }
1332 
1333     // In case there is a stale image, remove it now. Ignore any error.
1334     unlink(image_path.c_str());
1335 
1336     // Not enabled, exit.
1337     if (!generate_app_image) {
1338         return Dex2oatFileWrapper();
1339     }
1340     std::string app_image_format = GetProperty("dalvik.vm.appimageformat", "");
1341     if (app_image_format.empty()) {
1342         return Dex2oatFileWrapper();
1343     }
1344     // Recreate is true since we do not want to modify a mapped image. If the app is
1345     // already running and we modify the image file, it can cause crashes (b/27493510).
1346     Dex2oatFileWrapper wrapper_fd(
1347             open_output_file(image_path.c_str(), true /*recreate*/, 0600 /*permissions*/),
1348             [image_path]() { unlink(image_path.c_str()); });
1349     if (wrapper_fd.get() < 0) {
1350         // Could not create application image file. Go on since we can compile without it.
1351         LOG(ERROR) << "installd could not create '" << image_path
1352                 << "' for image file during dexopt";
1353          // If we have a valid image file path but no image fd, explicitly erase the image file.
1354         if (unlink(image_path.c_str()) < 0) {
1355             if (errno != ENOENT) {
1356                 PLOG(ERROR) << "Couldn't unlink image file " << image_path;
1357             }
1358         }
1359     } else if (!set_permissions_and_ownership(
1360                 wrapper_fd.get(), is_public, uid, image_path.c_str(), is_secondary_dex)) {
1361         ALOGE("installd cannot set owner '%s' for image during dexopt\n", image_path.c_str());
1362         wrapper_fd.reset(-1);
1363     }
1364 
1365     return wrapper_fd;
1366 }
1367 
1368 // Creates the dexopt swap file if necessary and return its fd.
1369 // Returns -1 if there's no need for a swap or in case of errors.
maybe_open_dexopt_swap_file(const char * out_oat_path)1370 unique_fd maybe_open_dexopt_swap_file(const char* out_oat_path) {
1371     if (!ShouldUseSwapFileForDexopt()) {
1372         return invalid_unique_fd();
1373     }
1374     auto swap_file_name = std::string(out_oat_path) + ".swap";
1375     unique_fd swap_fd(open_output_file(
1376             swap_file_name.c_str(), /*recreate*/true, /*permissions*/0600));
1377     if (swap_fd.get() < 0) {
1378         // Could not create swap file. Optimistically go on and hope that we can compile
1379         // without it.
1380         ALOGE("installd could not create '%s' for swap during dexopt\n", swap_file_name.c_str());
1381     } else {
1382         // Immediately unlink. We don't really want to hit flash.
1383         if (unlink(swap_file_name.c_str()) < 0) {
1384             PLOG(ERROR) << "Couldn't unlink swap file " << swap_file_name;
1385         }
1386     }
1387     return swap_fd;
1388 }
1389 
1390 // Opens the reference profiles if needed.
1391 // Note that the reference profile might not exist so it's OK if the fd will be -1.
maybe_open_reference_profile(const std::string & pkgname,const std::string & dex_path,const char * profile_name,bool profile_guided,bool is_public,int uid,bool is_secondary_dex)1392 Dex2oatFileWrapper maybe_open_reference_profile(const std::string& pkgname,
1393         const std::string& dex_path, const char* profile_name, bool profile_guided,
1394         bool is_public, int uid, bool is_secondary_dex) {
1395     // If we are not profile guided compilation, or we are compiling system server
1396     // do not bother to open the profiles; we won't be using them.
1397     if (!profile_guided || (pkgname[0] == '*')) {
1398         return Dex2oatFileWrapper();
1399     }
1400 
1401     // If this is a secondary dex path which is public do not open the profile.
1402     // We cannot compile public secondary dex paths with profiles. That's because
1403     // it will expose how the dex files are used by their owner.
1404     //
1405     // Note that the PackageManager is responsible to set the is_public flag for
1406     // primary apks and we do not check it here. In some cases, e.g. when
1407     // compiling with a public profile from the .dm file the PackageManager will
1408     // set is_public toghether with the profile guided compilation.
1409     if (is_secondary_dex && is_public) {
1410         return Dex2oatFileWrapper();
1411     }
1412 
1413     // Open reference profile in read only mode as dex2oat does not get write permissions.
1414     std::string location;
1415     if (is_secondary_dex) {
1416         location = dex_path;
1417     } else {
1418         if (profile_name == nullptr) {
1419             // This path is taken for system server re-compilation lunched from ZygoteInit.
1420             return Dex2oatFileWrapper();
1421         } else {
1422             location = profile_name;
1423         }
1424     }
1425     unique_fd ufd = open_reference_profile(uid, pkgname, location, /*read_write*/false,
1426             is_secondary_dex);
1427     const auto& cleanup = [pkgname, location, is_secondary_dex]() {
1428         clear_reference_profile(pkgname, location, is_secondary_dex);
1429     };
1430     return Dex2oatFileWrapper(ufd.release(), cleanup);
1431 }
1432 
1433 // Opens the vdex files and assigns the input fd to in_vdex_wrapper_fd and the output fd to
1434 // out_vdex_wrapper_fd. Returns true for success or false in case of errors.
open_vdex_files_for_dex2oat(const char * apk_path,const char * out_oat_path,int dexopt_needed,const char * instruction_set,bool is_public,int uid,bool is_secondary_dex,bool profile_guided,Dex2oatFileWrapper * in_vdex_wrapper_fd,Dex2oatFileWrapper * out_vdex_wrapper_fd)1435 bool open_vdex_files_for_dex2oat(const char* apk_path, const char* out_oat_path, int dexopt_needed,
1436         const char* instruction_set, bool is_public, int uid, bool is_secondary_dex,
1437         bool profile_guided, Dex2oatFileWrapper* in_vdex_wrapper_fd,
1438         Dex2oatFileWrapper* out_vdex_wrapper_fd) {
1439     CHECK(in_vdex_wrapper_fd != nullptr);
1440     CHECK(out_vdex_wrapper_fd != nullptr);
1441     // Open the existing VDEX. We do this before creating the new output VDEX, which will
1442     // unlink the old one.
1443     char in_odex_path[PKG_PATH_MAX];
1444     int dexopt_action = abs(dexopt_needed);
1445     bool is_odex_location = dexopt_needed < 0;
1446     std::string in_vdex_path_str;
1447 
1448     // Infer the name of the output VDEX.
1449     const std::string out_vdex_path_str = create_vdex_filename(out_oat_path);
1450     if (out_vdex_path_str.empty()) {
1451         return false;
1452     }
1453 
1454     bool update_vdex_in_place = false;
1455     if (dexopt_action != DEX2OAT_FROM_SCRATCH) {
1456         // Open the possibly existing vdex. If none exist, we pass -1 to dex2oat for input-vdex-fd.
1457         const char* path = nullptr;
1458         if (is_odex_location) {
1459             if (calculate_odex_file_path(in_odex_path, apk_path, instruction_set)) {
1460                 path = in_odex_path;
1461             } else {
1462                 ALOGE("installd cannot compute input vdex location for '%s'\n", apk_path);
1463                 return false;
1464             }
1465         } else {
1466             path = out_oat_path;
1467         }
1468         in_vdex_path_str = create_vdex_filename(path);
1469         if (in_vdex_path_str.empty()) {
1470             ALOGE("installd cannot compute input vdex location for '%s'\n", path);
1471             return false;
1472         }
1473         // We can update in place when all these conditions are met:
1474         // 1) The vdex location to write to is the same as the vdex location to read (vdex files
1475         //    on /system typically cannot be updated in place).
1476         // 2) We dex2oat due to boot image change, because we then know the existing vdex file
1477         //    cannot be currently used by a running process.
1478         // 3) We are not doing a profile guided compilation, because dexlayout requires two
1479         //    different vdex files to operate.
1480         update_vdex_in_place =
1481             (in_vdex_path_str == out_vdex_path_str) &&
1482             (dexopt_action == DEX2OAT_FOR_BOOT_IMAGE) &&
1483             !profile_guided;
1484         if (update_vdex_in_place) {
1485             // Open the file read-write to be able to update it.
1486             in_vdex_wrapper_fd->reset(open(in_vdex_path_str.c_str(), O_RDWR, 0));
1487             if (in_vdex_wrapper_fd->get() == -1) {
1488                 // If we failed to open the file, we cannot update it in place.
1489                 update_vdex_in_place = false;
1490             }
1491         } else {
1492             in_vdex_wrapper_fd->reset(open(in_vdex_path_str.c_str(), O_RDONLY, 0));
1493         }
1494     }
1495 
1496     // If we are updating the vdex in place, we do not need to recreate a vdex,
1497     // and can use the same existing one.
1498     if (update_vdex_in_place) {
1499         // We unlink the file in case the invocation of dex2oat fails, to ensure we don't
1500         // have bogus stale vdex files.
1501         out_vdex_wrapper_fd->reset(
1502               in_vdex_wrapper_fd->get(),
1503               [out_vdex_path_str]() { unlink(out_vdex_path_str.c_str()); });
1504         // Disable auto close for the in wrapper fd (it will be done when destructing the out
1505         // wrapper).
1506         in_vdex_wrapper_fd->DisableAutoClose();
1507     } else {
1508         out_vdex_wrapper_fd->reset(
1509               open_output_file(out_vdex_path_str.c_str(), /*recreate*/true, /*permissions*/0644),
1510               [out_vdex_path_str]() { unlink(out_vdex_path_str.c_str()); });
1511         if (out_vdex_wrapper_fd->get() < 0) {
1512             ALOGE("installd cannot open vdex'%s' during dexopt\n", out_vdex_path_str.c_str());
1513             return false;
1514         }
1515     }
1516     if (!set_permissions_and_ownership(out_vdex_wrapper_fd->get(), is_public, uid,
1517             out_vdex_path_str.c_str(), is_secondary_dex)) {
1518         ALOGE("installd cannot set owner '%s' for vdex during dexopt\n", out_vdex_path_str.c_str());
1519         return false;
1520     }
1521 
1522     // If we got here we successfully opened the vdex files.
1523     return true;
1524 }
1525 
1526 // Opens the output oat file for the given apk.
1527 // If successful it stores the output path into out_oat_path and returns true.
open_oat_out_file(const char * apk_path,const char * oat_dir,bool is_public,int uid,const char * instruction_set,bool is_secondary_dex,char * out_oat_path)1528 Dex2oatFileWrapper open_oat_out_file(const char* apk_path, const char* oat_dir,
1529         bool is_public, int uid, const char* instruction_set, bool is_secondary_dex,
1530         char* out_oat_path) {
1531     if (!create_oat_out_path(apk_path, instruction_set, oat_dir, is_secondary_dex, out_oat_path)) {
1532         return Dex2oatFileWrapper();
1533     }
1534     const std::string out_oat_path_str(out_oat_path);
1535     Dex2oatFileWrapper wrapper_fd(
1536             open_output_file(out_oat_path, /*recreate*/true, /*permissions*/0644),
1537             [out_oat_path_str]() { unlink(out_oat_path_str.c_str()); });
1538     if (wrapper_fd.get() < 0) {
1539         PLOG(ERROR) << "installd cannot open output during dexopt" <<  out_oat_path;
1540     } else if (!set_permissions_and_ownership(
1541                 wrapper_fd.get(), is_public, uid, out_oat_path, is_secondary_dex)) {
1542         ALOGE("installd cannot set owner '%s' for output during dexopt\n", out_oat_path);
1543         wrapper_fd.reset(-1);
1544     }
1545     return wrapper_fd;
1546 }
1547 
1548 // Creates RDONLY fds for oat and vdex files, if exist.
1549 // Returns false if it fails to create oat out path for the given apk path.
1550 // Note that the method returns true even if the files could not be opened.
maybe_open_oat_and_vdex_file(const std::string & apk_path,const std::string & oat_dir,const std::string & instruction_set,bool is_secondary_dex,unique_fd * oat_file_fd,unique_fd * vdex_file_fd)1551 bool maybe_open_oat_and_vdex_file(const std::string& apk_path,
1552                                   const std::string& oat_dir,
1553                                   const std::string& instruction_set,
1554                                   bool is_secondary_dex,
1555                                   unique_fd* oat_file_fd,
1556                                   unique_fd* vdex_file_fd) {
1557     char oat_path[PKG_PATH_MAX];
1558     if (!create_oat_out_path(apk_path.c_str(),
1559                              instruction_set.c_str(),
1560                              oat_dir.c_str(),
1561                              is_secondary_dex,
1562                              oat_path)) {
1563         LOG(ERROR) << "Could not create oat out path for "
1564                 << apk_path << " with oat dir " << oat_dir;
1565         return false;
1566     }
1567     oat_file_fd->reset(open(oat_path, O_RDONLY));
1568     if (oat_file_fd->get() < 0) {
1569         PLOG(INFO) << "installd cannot open oat file during dexopt" <<  oat_path;
1570     }
1571 
1572     std::string vdex_filename = create_vdex_filename(oat_path);
1573     vdex_file_fd->reset(open(vdex_filename.c_str(), O_RDONLY));
1574     if (vdex_file_fd->get() < 0) {
1575         PLOG(INFO) << "installd cannot open vdex file during dexopt" <<  vdex_filename;
1576     }
1577 
1578     return true;
1579 }
1580 
1581 // Updates the access times of out_oat_path based on those from apk_path.
update_out_oat_access_times(const char * apk_path,const char * out_oat_path)1582 void update_out_oat_access_times(const char* apk_path, const char* out_oat_path) {
1583     struct stat input_stat;
1584     memset(&input_stat, 0, sizeof(input_stat));
1585     if (stat(apk_path, &input_stat) != 0) {
1586         PLOG(ERROR) << "Could not stat " << apk_path << " during dexopt";
1587         return;
1588     }
1589 
1590     struct utimbuf ut;
1591     ut.actime = input_stat.st_atime;
1592     ut.modtime = input_stat.st_mtime;
1593     if (utime(out_oat_path, &ut) != 0) {
1594         PLOG(WARNING) << "Could not update access times for " << apk_path << " during dexopt";
1595     }
1596 }
1597 
1598 // Runs (execv) dexoptanalyzer on the given arguments.
1599 // The analyzer will check if the dex_file needs to be (re)compiled to match the compiler_filter.
1600 // If this is for a profile guided compilation, profile_was_updated will tell whether or not
1601 // the profile has changed.
1602 class RunDexoptAnalyzer : public ExecVHelper {
1603  public:
RunDexoptAnalyzer(const std::string & dex_file,int vdex_fd,int oat_fd,int zip_fd,const std::string & instruction_set,const std::string & compiler_filter,bool profile_was_updated,bool downgrade,const char * class_loader_context,const std::string & class_loader_context_fds)1604     RunDexoptAnalyzer(const std::string& dex_file,
1605                       int vdex_fd,
1606                       int oat_fd,
1607                       int zip_fd,
1608                       const std::string& instruction_set,
1609                       const std::string& compiler_filter,
1610                       bool profile_was_updated,
1611                       bool downgrade,
1612                       const char* class_loader_context,
1613                       const std::string& class_loader_context_fds) {
1614         CHECK_GE(zip_fd, 0);
1615 
1616         // We always run the analyzer in the background job.
1617         const char* dexoptanalyzer_bin = select_execution_binary(
1618              kDexoptanalyzerPath, kDexoptanalyzerDebugPath, /*background_job_compile=*/ true);
1619 
1620         std::string dex_file_arg = "--dex-file=" + dex_file;
1621         std::string oat_fd_arg = "--oat-fd=" + std::to_string(oat_fd);
1622         std::string vdex_fd_arg = "--vdex-fd=" + std::to_string(vdex_fd);
1623         std::string zip_fd_arg = "--zip-fd=" + std::to_string(zip_fd);
1624         std::string isa_arg = "--isa=" + instruction_set;
1625         std::string compiler_filter_arg = "--compiler-filter=" + compiler_filter;
1626         const char* assume_profile_changed = "--assume-profile-changed";
1627         const char* downgrade_flag = "--downgrade";
1628         std::string class_loader_context_arg = "--class-loader-context=";
1629         if (class_loader_context != nullptr) {
1630             class_loader_context_arg += class_loader_context;
1631         }
1632         std::string class_loader_context_fds_arg = "--class-loader-context-fds=";
1633         if (!class_loader_context_fds.empty()) {
1634             class_loader_context_fds_arg += class_loader_context_fds;
1635         }
1636 
1637         // program name, dex file, isa, filter
1638         AddArg(dex_file_arg);
1639         AddArg(isa_arg);
1640         AddArg(compiler_filter_arg);
1641         if (oat_fd >= 0) {
1642             AddArg(oat_fd_arg);
1643         }
1644         if (vdex_fd >= 0) {
1645             AddArg(vdex_fd_arg);
1646         }
1647         AddArg(zip_fd_arg);
1648         if (profile_was_updated) {
1649             AddArg(assume_profile_changed);
1650         }
1651         if (downgrade) {
1652             AddArg(downgrade_flag);
1653         }
1654         if (class_loader_context != nullptr) {
1655             AddArg(class_loader_context_arg);
1656             if (!class_loader_context_fds.empty()) {
1657                 AddArg(class_loader_context_fds_arg);
1658             }
1659         }
1660 
1661         PrepareArgs(dexoptanalyzer_bin);
1662     }
1663 
1664     // Dexoptanalyzer mode which flattens the given class loader context and
1665     // prints a list of its dex files in that flattened order.
RunDexoptAnalyzer(const char * class_loader_context)1666     RunDexoptAnalyzer(const char* class_loader_context) {
1667         CHECK(class_loader_context != nullptr);
1668 
1669         // We always run the analyzer in the background job.
1670         const char* dexoptanalyzer_bin = select_execution_binary(
1671              kDexoptanalyzerPath, kDexoptanalyzerDebugPath, /*background_job_compile=*/ true);
1672 
1673         AddArg("--flatten-class-loader-context");
1674         AddArg(std::string("--class-loader-context=") + class_loader_context);
1675         PrepareArgs(dexoptanalyzer_bin);
1676     }
1677 };
1678 
1679 // Prepares the oat dir for the secondary dex files.
prepare_secondary_dex_oat_dir(const std::string & dex_path,int uid,const char * instruction_set)1680 static bool prepare_secondary_dex_oat_dir(const std::string& dex_path, int uid,
1681         const char* instruction_set) {
1682     unsigned long dirIndex = dex_path.rfind('/');
1683     if (dirIndex == std::string::npos) {
1684         LOG(ERROR ) << "Unexpected dir structure for secondary dex " << dex_path;
1685         return false;
1686     }
1687     std::string dex_dir = dex_path.substr(0, dirIndex);
1688 
1689     // Create oat file output directory.
1690     mode_t oat_dir_mode = S_IRWXU | S_IRWXG | S_IXOTH;
1691     if (prepare_app_cache_dir(dex_dir, "oat", oat_dir_mode, uid, uid) != 0) {
1692         LOG(ERROR) << "Could not prepare oat dir for secondary dex: " << dex_path;
1693         return false;
1694     }
1695 
1696     char oat_dir[PKG_PATH_MAX];
1697     snprintf(oat_dir, PKG_PATH_MAX, "%s/oat", dex_dir.c_str());
1698 
1699     if (prepare_app_cache_dir(oat_dir, instruction_set, oat_dir_mode, uid, uid) != 0) {
1700         LOG(ERROR) << "Could not prepare oat/isa dir for secondary dex: " << dex_path;
1701         return false;
1702     }
1703 
1704     return true;
1705 }
1706 
1707 // Return codes for identifying the reason why dexoptanalyzer was not invoked when processing
1708 // secondary dex files. This return codes are returned by the child process created for
1709 // analyzing secondary dex files in process_secondary_dex_dexopt.
1710 
1711 enum DexoptAnalyzerSkipCodes {
1712   // The dexoptanalyzer was not invoked because of validation or IO errors.
1713   // Specific errors are encoded in the name.
1714   kSecondaryDexDexoptAnalyzerSkippedValidatePath = 200,
1715   kSecondaryDexDexoptAnalyzerSkippedOpenZip = 201,
1716   kSecondaryDexDexoptAnalyzerSkippedPrepareDir = 202,
1717   kSecondaryDexDexoptAnalyzerSkippedOpenOutput = 203,
1718   kSecondaryDexDexoptAnalyzerSkippedFailExec = 204,
1719   // The dexoptanalyzer was not invoked because the dex file does not exist anymore.
1720   kSecondaryDexDexoptAnalyzerSkippedNoFile = 205,
1721 };
1722 
1723 // Verifies the result of analyzing secondary dex files from process_secondary_dex_dexopt.
1724 // If the result is valid returns true and sets dexopt_needed_out to a valid value.
1725 // Returns false for errors or unexpected result values.
1726 // The result is expected to be either one of SECONDARY_DEX_* codes or a valid exit code
1727 // of dexoptanalyzer.
process_secondary_dexoptanalyzer_result(const std::string & dex_path,int result,int * dexopt_needed_out,std::string * error_msg)1728 static bool process_secondary_dexoptanalyzer_result(const std::string& dex_path, int result,
1729             int* dexopt_needed_out, std::string* error_msg) {
1730     // The result values are defined in dexoptanalyzer.
1731     switch (result) {
1732         case 0:  // dexoptanalyzer: no_dexopt_needed
1733             *dexopt_needed_out = NO_DEXOPT_NEEDED; return true;
1734         case 1:  // dexoptanalyzer: dex2oat_from_scratch
1735             *dexopt_needed_out = DEX2OAT_FROM_SCRATCH; return true;
1736         case 4:  // dexoptanalyzer: dex2oat_for_bootimage_odex
1737             *dexopt_needed_out = -DEX2OAT_FOR_BOOT_IMAGE; return true;
1738         case 5:  // dexoptanalyzer: dex2oat_for_filter_odex
1739             *dexopt_needed_out = -DEX2OAT_FOR_FILTER; return true;
1740         case 2:  // dexoptanalyzer: dex2oat_for_bootimage_oat
1741         case 3:  // dexoptanalyzer: dex2oat_for_filter_oat
1742             *error_msg = StringPrintf("Dexoptanalyzer return the status of an oat file."
1743                                       " Expected odex file status for secondary dex %s"
1744                                       " : dexoptanalyzer result=%d",
1745                                       dex_path.c_str(),
1746                                       result);
1747             return false;
1748     }
1749 
1750     // Use a second switch for enum switch-case analysis.
1751     switch (static_cast<DexoptAnalyzerSkipCodes>(result)) {
1752         case kSecondaryDexDexoptAnalyzerSkippedNoFile:
1753             // If the file does not exist there's no need for dexopt.
1754             *dexopt_needed_out = NO_DEXOPT_NEEDED;
1755             return true;
1756 
1757         case kSecondaryDexDexoptAnalyzerSkippedValidatePath:
1758             *error_msg = "Dexoptanalyzer path validation failed";
1759             return false;
1760         case kSecondaryDexDexoptAnalyzerSkippedOpenZip:
1761             *error_msg = "Dexoptanalyzer open zip failed";
1762             return false;
1763         case kSecondaryDexDexoptAnalyzerSkippedPrepareDir:
1764             *error_msg = "Dexoptanalyzer dir preparation failed";
1765             return false;
1766         case kSecondaryDexDexoptAnalyzerSkippedOpenOutput:
1767             *error_msg = "Dexoptanalyzer open output failed";
1768             return false;
1769         case kSecondaryDexDexoptAnalyzerSkippedFailExec:
1770             *error_msg = "Dexoptanalyzer failed to execute";
1771             return false;
1772     }
1773 
1774     *error_msg = StringPrintf("Unexpected result from analyzing secondary dex %s result=%d",
1775                               dex_path.c_str(),
1776                               result);
1777     return false;
1778 }
1779 
1780 enum SecondaryDexAccess {
1781     kSecondaryDexAccessReadOk = 0,
1782     kSecondaryDexAccessDoesNotExist = 1,
1783     kSecondaryDexAccessPermissionError = 2,
1784     kSecondaryDexAccessIOError = 3
1785 };
1786 
check_secondary_dex_access(const std::string & dex_path)1787 static SecondaryDexAccess check_secondary_dex_access(const std::string& dex_path) {
1788     // Check if the path exists and can be read. If not, there's nothing to do.
1789     if (access(dex_path.c_str(), R_OK) == 0) {
1790         return kSecondaryDexAccessReadOk;
1791     } else {
1792         if (errno == ENOENT) {
1793             LOG(INFO) << "Secondary dex does not exist: " <<  dex_path;
1794             return kSecondaryDexAccessDoesNotExist;
1795         } else {
1796             PLOG(ERROR) << "Could not access secondary dex " << dex_path;
1797             return errno == EACCES
1798                 ? kSecondaryDexAccessPermissionError
1799                 : kSecondaryDexAccessIOError;
1800         }
1801     }
1802 }
1803 
is_file_public(const std::string & filename)1804 static bool is_file_public(const std::string& filename) {
1805     struct stat file_stat;
1806     if (stat(filename.c_str(), &file_stat) == 0) {
1807         return (file_stat.st_mode & S_IROTH) != 0;
1808     }
1809     return false;
1810 }
1811 
1812 // Create the oat file structure for the secondary dex 'dex_path' and assign
1813 // the individual path component to the 'out_' parameters.
create_secondary_dex_oat_layout(const std::string & dex_path,const std::string & isa,char * out_oat_dir,char * out_oat_isa_dir,char * out_oat_path,std::string * error_msg)1814 static bool create_secondary_dex_oat_layout(const std::string& dex_path, const std::string& isa,
1815         char* out_oat_dir, char* out_oat_isa_dir, char* out_oat_path, std::string* error_msg) {
1816     size_t dirIndex = dex_path.rfind('/');
1817     if (dirIndex == std::string::npos) {
1818         *error_msg = std::string("Unexpected dir structure for dex file ").append(dex_path);
1819         return false;
1820     }
1821     // TODO(calin): we have similar computations in at lest 3 other places
1822     // (InstalldNativeService, otapropt and dexopt). Unify them and get rid of snprintf by
1823     // using string append.
1824     std::string apk_dir = dex_path.substr(0, dirIndex);
1825     snprintf(out_oat_dir, PKG_PATH_MAX, "%s/oat", apk_dir.c_str());
1826     snprintf(out_oat_isa_dir, PKG_PATH_MAX, "%s/%s", out_oat_dir, isa.c_str());
1827 
1828     if (!create_oat_out_path(dex_path.c_str(), isa.c_str(), out_oat_dir,
1829             /*is_secondary_dex*/true, out_oat_path)) {
1830         *error_msg = std::string("Could not create oat path for secondary dex ").append(dex_path);
1831         return false;
1832     }
1833     return true;
1834 }
1835 
1836 // Validate that the dexopt_flags contain a valid storage flag and convert that to an installd
1837 // recognized storage flags (FLAG_STORAGE_CE or FLAG_STORAGE_DE).
validate_dexopt_storage_flags(int dexopt_flags,int * out_storage_flag,std::string * error_msg)1838 static bool validate_dexopt_storage_flags(int dexopt_flags,
1839                                           int* out_storage_flag,
1840                                           std::string* error_msg) {
1841     if ((dexopt_flags & DEXOPT_STORAGE_CE) != 0) {
1842         *out_storage_flag = FLAG_STORAGE_CE;
1843         if ((dexopt_flags & DEXOPT_STORAGE_DE) != 0) {
1844             *error_msg = "Ambiguous secondary dex storage flag. Both, CE and DE, flags are set";
1845             return false;
1846         }
1847     } else if ((dexopt_flags & DEXOPT_STORAGE_DE) != 0) {
1848         *out_storage_flag = FLAG_STORAGE_DE;
1849     } else {
1850         *error_msg = "Secondary dex storage flag must be set";
1851         return false;
1852     }
1853     return true;
1854 }
1855 
get_class_loader_context_dex_paths(const char * class_loader_context,int uid,std::vector<std::string> * context_dex_paths)1856 static bool get_class_loader_context_dex_paths(const char* class_loader_context, int uid,
1857         /* out */ std::vector<std::string>* context_dex_paths) {
1858     if (class_loader_context == nullptr) {
1859       return true;
1860     }
1861 
1862     LOG(DEBUG) << "Getting dex paths for context " << class_loader_context;
1863 
1864     // Pipe to get the hash result back from our child process.
1865     unique_fd pipe_read, pipe_write;
1866     if (!Pipe(&pipe_read, &pipe_write)) {
1867         PLOG(ERROR) << "Failed to create pipe";
1868         return false;
1869     }
1870 
1871     pid_t pid = fork();
1872     if (pid == 0) {
1873         // child -- drop privileges before continuing.
1874         drop_capabilities(uid);
1875 
1876         // Route stdout to `pipe_write`
1877         while ((dup2(pipe_write, STDOUT_FILENO) == -1) && (errno == EINTR)) {}
1878         pipe_write.reset();
1879         pipe_read.reset();
1880 
1881         RunDexoptAnalyzer run_dexopt_analyzer(class_loader_context);
1882         run_dexopt_analyzer.Exec(kSecondaryDexDexoptAnalyzerSkippedFailExec);
1883     }
1884 
1885     /* parent */
1886     pipe_write.reset();
1887 
1888     std::string str_dex_paths;
1889     if (!ReadFdToString(pipe_read, &str_dex_paths)) {
1890         PLOG(ERROR) << "Failed to read from pipe";
1891         return false;
1892     }
1893     pipe_read.reset();
1894 
1895     int return_code = wait_child(pid);
1896     if (!WIFEXITED(return_code)) {
1897         PLOG(ERROR) << "Error waiting for child dexoptanalyzer process";
1898         return false;
1899     }
1900 
1901     constexpr int kFlattenClassLoaderContextSuccess = 50;
1902     return_code = WEXITSTATUS(return_code);
1903     if (return_code != kFlattenClassLoaderContextSuccess) {
1904         LOG(ERROR) << "Dexoptanalyzer could not flatten class loader context, code=" << return_code;
1905         return false;
1906     }
1907 
1908     if (!str_dex_paths.empty()) {
1909         *context_dex_paths = android::base::Split(str_dex_paths, ":");
1910     }
1911     return true;
1912 }
1913 
open_dex_paths(const std::vector<std::string> & dex_paths,std::vector<unique_fd> * zip_fds,std::string * error_msg)1914 static int open_dex_paths(const std::vector<std::string>& dex_paths,
1915         /* out */ std::vector<unique_fd>* zip_fds, /* out */ std::string* error_msg) {
1916     for (const std::string& dex_path : dex_paths) {
1917         zip_fds->emplace_back(open(dex_path.c_str(), O_RDONLY));
1918         if (zip_fds->back().get() < 0) {
1919             *error_msg = StringPrintf(
1920                     "installd cannot open '%s' for input during dexopt", dex_path.c_str());
1921             if (errno == ENOENT) {
1922                 return kSecondaryDexDexoptAnalyzerSkippedNoFile;
1923             } else {
1924                 return kSecondaryDexDexoptAnalyzerSkippedOpenZip;
1925             }
1926         }
1927     }
1928     return 0;
1929 }
1930 
join_fds(const std::vector<unique_fd> & fds)1931 static std::string join_fds(const std::vector<unique_fd>& fds) {
1932     std::stringstream ss;
1933     bool is_first = true;
1934     for (const unique_fd& fd : fds) {
1935         if (is_first) {
1936             is_first = false;
1937         } else {
1938             ss << ":";
1939         }
1940         ss << fd.get();
1941     }
1942     return ss.str();
1943 }
1944 
1945 // Processes the dex_path as a secondary dex files and return true if the path dex file should
1946 // be compiled. Returns false for errors (logged) or true if the secondary dex path was process
1947 // successfully.
1948 // When returning true, the output parameters will be:
1949 //   - is_public_out: whether or not the oat file should not be made public
1950 //   - dexopt_needed_out: valid OatFileAsssitant::DexOptNeeded
1951 //   - oat_dir_out: the oat dir path where the oat file should be stored
process_secondary_dex_dexopt(const std::string & dex_path,const char * pkgname,int dexopt_flags,const char * volume_uuid,int uid,const char * instruction_set,const char * compiler_filter,bool * is_public_out,int * dexopt_needed_out,std::string * oat_dir_out,bool downgrade,const char * class_loader_context,const std::vector<std::string> & context_dex_paths,std::string * error_msg)1952 static bool process_secondary_dex_dexopt(const std::string& dex_path, const char* pkgname,
1953         int dexopt_flags, const char* volume_uuid, int uid, const char* instruction_set,
1954         const char* compiler_filter, bool* is_public_out, int* dexopt_needed_out,
1955         std::string* oat_dir_out, bool downgrade, const char* class_loader_context,
1956         const std::vector<std::string>& context_dex_paths, /* out */ std::string* error_msg) {
1957     LOG(DEBUG) << "Processing secondary dex path " << dex_path;
1958     int storage_flag;
1959     if (!validate_dexopt_storage_flags(dexopt_flags, &storage_flag, error_msg)) {
1960         LOG(ERROR) << *error_msg;
1961         return false;
1962     }
1963     // Compute the oat dir as it's not easy to extract it from the child computation.
1964     char oat_path[PKG_PATH_MAX];
1965     char oat_dir[PKG_PATH_MAX];
1966     char oat_isa_dir[PKG_PATH_MAX];
1967     if (!create_secondary_dex_oat_layout(
1968             dex_path, instruction_set, oat_dir, oat_isa_dir, oat_path, error_msg)) {
1969         LOG(ERROR) << "Could not create secondary odex layout: " << *error_msg;
1970         return false;
1971     }
1972     oat_dir_out->assign(oat_dir);
1973 
1974     pid_t pid = fork();
1975     if (pid == 0) {
1976         // child -- drop privileges before continuing.
1977         drop_capabilities(uid);
1978 
1979         // Validate the path structure.
1980         if (!validate_secondary_dex_path(pkgname, dex_path, volume_uuid, uid, storage_flag)) {
1981             LOG(ERROR) << "Could not validate secondary dex path " << dex_path;
1982             _exit(kSecondaryDexDexoptAnalyzerSkippedValidatePath);
1983         }
1984 
1985         // Open the dex file.
1986         unique_fd zip_fd;
1987         zip_fd.reset(open(dex_path.c_str(), O_RDONLY));
1988         if (zip_fd.get() < 0) {
1989             if (errno == ENOENT) {
1990                 _exit(kSecondaryDexDexoptAnalyzerSkippedNoFile);
1991             } else {
1992                 _exit(kSecondaryDexDexoptAnalyzerSkippedOpenZip);
1993             }
1994         }
1995 
1996         // Open class loader context dex files.
1997         std::vector<unique_fd> context_zip_fds;
1998         int open_dex_paths_rc = open_dex_paths(context_dex_paths, &context_zip_fds, error_msg);
1999         if (open_dex_paths_rc != 0) {
2000             _exit(open_dex_paths_rc);
2001         }
2002 
2003         // Prepare the oat directories.
2004         if (!prepare_secondary_dex_oat_dir(dex_path, uid, instruction_set)) {
2005             _exit(kSecondaryDexDexoptAnalyzerSkippedPrepareDir);
2006         }
2007 
2008         // Open the vdex/oat files if any.
2009         unique_fd oat_file_fd;
2010         unique_fd vdex_file_fd;
2011         if (!maybe_open_oat_and_vdex_file(dex_path,
2012                                           *oat_dir_out,
2013                                           instruction_set,
2014                                           true /* is_secondary_dex */,
2015                                           &oat_file_fd,
2016                                           &vdex_file_fd)) {
2017             _exit(kSecondaryDexDexoptAnalyzerSkippedOpenOutput);
2018         }
2019 
2020         // Analyze profiles.
2021         bool profile_was_updated = analyze_profiles(uid, pkgname, dex_path,
2022                 /*is_secondary_dex*/true);
2023 
2024         // Run dexoptanalyzer to get dexopt_needed code. This is not expected to return.
2025         // Note that we do not do it before the fork since opening the files is required to happen
2026         // after forking.
2027         RunDexoptAnalyzer run_dexopt_analyzer(dex_path,
2028                                               vdex_file_fd.get(),
2029                                               oat_file_fd.get(),
2030                                               zip_fd.get(),
2031                                               instruction_set,
2032                                               compiler_filter, profile_was_updated,
2033                                               downgrade,
2034                                               class_loader_context,
2035                                               join_fds(context_zip_fds));
2036         run_dexopt_analyzer.Exec(kSecondaryDexDexoptAnalyzerSkippedFailExec);
2037     }
2038 
2039     /* parent */
2040     int result = wait_child(pid);
2041     if (!WIFEXITED(result)) {
2042         *error_msg = StringPrintf("dexoptanalyzer failed for path %s: 0x%04x",
2043                                   dex_path.c_str(),
2044                                   result);
2045         LOG(ERROR) << *error_msg;
2046         return false;
2047     }
2048     result = WEXITSTATUS(result);
2049     // Check that we successfully executed dexoptanalyzer.
2050     bool success = process_secondary_dexoptanalyzer_result(dex_path,
2051                                                            result,
2052                                                            dexopt_needed_out,
2053                                                            error_msg);
2054     if (!success) {
2055         LOG(ERROR) << *error_msg;
2056     }
2057 
2058     LOG(DEBUG) << "Processed secondary dex file " << dex_path << " result=" << result;
2059 
2060     // Run dexopt only if needed or forced.
2061     // Note that dexoptanalyzer is executed even if force compilation is enabled (because it
2062     // makes the code simpler; force compilation is only needed during tests).
2063     if (success &&
2064         (result != kSecondaryDexDexoptAnalyzerSkippedNoFile) &&
2065         ((dexopt_flags & DEXOPT_FORCE) != 0)) {
2066         *dexopt_needed_out = DEX2OAT_FROM_SCRATCH;
2067     }
2068 
2069     // Check if we should make the oat file public.
2070     // Note that if the dex file is not public the compiled code cannot be made public.
2071     // It is ok to check this flag outside in the parent process.
2072     *is_public_out = ((dexopt_flags & DEXOPT_PUBLIC) != 0) && is_file_public(dex_path);
2073 
2074     return success;
2075 }
2076 
format_dexopt_error(int status,const char * dex_path)2077 static std::string format_dexopt_error(int status, const char* dex_path) {
2078   if (WIFEXITED(status)) {
2079     int int_code = WEXITSTATUS(status);
2080     const char* code_name = get_return_code_name(static_cast<DexoptReturnCodes>(int_code));
2081     if (code_name != nullptr) {
2082       return StringPrintf("Dex2oat invocation for %s failed: %s", dex_path, code_name);
2083     }
2084   }
2085   return StringPrintf("Dex2oat invocation for %s failed with 0x%04x", dex_path, status);
2086 }
2087 
dexopt(const char * dex_path,uid_t uid,const char * pkgname,const char * instruction_set,int dexopt_needed,const char * oat_dir,int dexopt_flags,const char * compiler_filter,const char * volume_uuid,const char * class_loader_context,const char * se_info,bool downgrade,int target_sdk_version,const char * profile_name,const char * dex_metadata_path,const char * compilation_reason,std::string * error_msg)2088 int dexopt(const char* dex_path, uid_t uid, const char* pkgname, const char* instruction_set,
2089         int dexopt_needed, const char* oat_dir, int dexopt_flags, const char* compiler_filter,
2090         const char* volume_uuid, const char* class_loader_context, const char* se_info,
2091         bool downgrade, int target_sdk_version, const char* profile_name,
2092         const char* dex_metadata_path, const char* compilation_reason, std::string* error_msg) {
2093     CHECK(pkgname != nullptr);
2094     CHECK(pkgname[0] != 0);
2095     CHECK(error_msg != nullptr);
2096     CHECK_EQ(dexopt_flags & ~DEXOPT_MASK, 0)
2097         << "dexopt flags contains unknown fields: " << dexopt_flags;
2098 
2099     if (!validate_dex_path_size(dex_path)) {
2100         *error_msg = StringPrintf("Failed to validate %s", dex_path);
2101         return -1;
2102     }
2103 
2104     if (class_loader_context != nullptr && strlen(class_loader_context) > PKG_PATH_MAX) {
2105         *error_msg = StringPrintf("Class loader context exceeds the allowed size: %s",
2106                                   class_loader_context);
2107         LOG(ERROR) << *error_msg;
2108         return -1;
2109     }
2110 
2111     bool is_public = (dexopt_flags & DEXOPT_PUBLIC) != 0;
2112     bool debuggable = (dexopt_flags & DEXOPT_DEBUGGABLE) != 0;
2113     bool boot_complete = (dexopt_flags & DEXOPT_BOOTCOMPLETE) != 0;
2114     bool profile_guided = (dexopt_flags & DEXOPT_PROFILE_GUIDED) != 0;
2115     bool is_secondary_dex = (dexopt_flags & DEXOPT_SECONDARY_DEX) != 0;
2116     bool background_job_compile = (dexopt_flags & DEXOPT_IDLE_BACKGROUND_JOB) != 0;
2117     bool enable_hidden_api_checks = (dexopt_flags & DEXOPT_ENABLE_HIDDEN_API_CHECKS) != 0;
2118     bool generate_compact_dex = (dexopt_flags & DEXOPT_GENERATE_COMPACT_DEX) != 0;
2119     bool generate_app_image = (dexopt_flags & DEXOPT_GENERATE_APP_IMAGE) != 0;
2120     bool for_restore = (dexopt_flags & DEXOPT_FOR_RESTORE) != 0;
2121 
2122     // Check if we're dealing with a secondary dex file and if we need to compile it.
2123     std::string oat_dir_str;
2124     std::vector<std::string> context_dex_paths;
2125     if (is_secondary_dex) {
2126         if (!get_class_loader_context_dex_paths(class_loader_context, uid, &context_dex_paths)) {
2127             *error_msg = "Failed acquiring context dex paths";
2128             return -1;  // We had an error, logged in the process method.
2129         }
2130 
2131         if (process_secondary_dex_dexopt(dex_path, pkgname, dexopt_flags, volume_uuid, uid,
2132                 instruction_set, compiler_filter, &is_public, &dexopt_needed, &oat_dir_str,
2133                 downgrade, class_loader_context, context_dex_paths, error_msg)) {
2134             oat_dir = oat_dir_str.c_str();
2135             if (dexopt_needed == NO_DEXOPT_NEEDED) {
2136                 return 0;  // Nothing to do, report success.
2137             }
2138         } else {
2139             if (error_msg->empty()) {  // TODO: Make this a CHECK.
2140                 *error_msg = "Failed processing secondary.";
2141             }
2142             return -1;  // We had an error, logged in the process method.
2143         }
2144     } else {
2145         // Currently these flags are only used for secondary dex files.
2146         // Verify that they are not set for primary apks.
2147         CHECK((dexopt_flags & DEXOPT_STORAGE_CE) == 0);
2148         CHECK((dexopt_flags & DEXOPT_STORAGE_DE) == 0);
2149     }
2150 
2151     // Open the input file.
2152     unique_fd input_fd(open(dex_path, O_RDONLY, 0));
2153     if (input_fd.get() < 0) {
2154         *error_msg = StringPrintf("installd cannot open '%s' for input during dexopt", dex_path);
2155         LOG(ERROR) << *error_msg;
2156         return -1;
2157     }
2158 
2159     // Open class loader context dex files.
2160     std::vector<unique_fd> context_input_fds;
2161     if (open_dex_paths(context_dex_paths, &context_input_fds, error_msg) != 0) {
2162         LOG(ERROR) << *error_msg;
2163         return -1;
2164     }
2165 
2166     // Create the output OAT file.
2167     char out_oat_path[PKG_PATH_MAX];
2168     Dex2oatFileWrapper out_oat_fd = open_oat_out_file(dex_path, oat_dir, is_public, uid,
2169             instruction_set, is_secondary_dex, out_oat_path);
2170     if (out_oat_fd.get() < 0) {
2171         *error_msg = "Could not open out oat file.";
2172         return -1;
2173     }
2174 
2175     // Open vdex files.
2176     Dex2oatFileWrapper in_vdex_fd;
2177     Dex2oatFileWrapper out_vdex_fd;
2178     if (!open_vdex_files_for_dex2oat(dex_path, out_oat_path, dexopt_needed, instruction_set,
2179             is_public, uid, is_secondary_dex, profile_guided, &in_vdex_fd, &out_vdex_fd)) {
2180         *error_msg = "Could not open vdex files.";
2181         return -1;
2182     }
2183 
2184     // Ensure that the oat dir and the compiler artifacts of secondary dex files have the correct
2185     // selinux context (we generate them on the fly during the dexopt invocation and they don't
2186     // fully inherit their parent context).
2187     // Note that for primary apk the oat files are created before, in a separate installd
2188     // call which also does the restorecon. TODO(calin): unify the paths.
2189     if (is_secondary_dex) {
2190         if (selinux_android_restorecon_pkgdir(oat_dir, se_info, uid,
2191                 SELINUX_ANDROID_RESTORECON_RECURSE)) {
2192             *error_msg = std::string("Failed to restorecon ").append(oat_dir);
2193             LOG(ERROR) << *error_msg;
2194             return -1;
2195         }
2196     }
2197 
2198     // Create a swap file if necessary.
2199     unique_fd swap_fd = maybe_open_dexopt_swap_file(out_oat_path);
2200 
2201     // Open the reference profile if needed.
2202     Dex2oatFileWrapper reference_profile_fd = maybe_open_reference_profile(
2203             pkgname, dex_path, profile_name, profile_guided, is_public, uid, is_secondary_dex);
2204 
2205     if (reference_profile_fd.get() == -1) {
2206         // We don't create an app image without reference profile since there is no speedup from
2207         // loading it in that case and instead will be a small overhead.
2208         generate_app_image = false;
2209     }
2210 
2211     // Create the app image file if needed.
2212     Dex2oatFileWrapper image_fd = maybe_open_app_image(
2213             out_oat_path, generate_app_image, is_public, uid, is_secondary_dex);
2214 
2215     unique_fd dex_metadata_fd;
2216     if (dex_metadata_path != nullptr) {
2217         dex_metadata_fd.reset(TEMP_FAILURE_RETRY(open(dex_metadata_path, O_RDONLY | O_NOFOLLOW)));
2218         if (dex_metadata_fd.get() < 0) {
2219             PLOG(ERROR) << "Failed to open dex metadata file " << dex_metadata_path;
2220         }
2221     }
2222 
2223     LOG(VERBOSE) << "DexInv: --- BEGIN '" << dex_path << "' ---";
2224 
2225     RunDex2Oat runner(input_fd.get(),
2226                       out_oat_fd.get(),
2227                       in_vdex_fd.get(),
2228                       out_vdex_fd.get(),
2229                       image_fd.get(),
2230                       dex_path,
2231                       out_oat_path,
2232                       swap_fd.get(),
2233                       instruction_set,
2234                       compiler_filter,
2235                       debuggable,
2236                       boot_complete,
2237                       for_restore,
2238                       background_job_compile,
2239                       reference_profile_fd.get(),
2240                       class_loader_context,
2241                       join_fds(context_input_fds),
2242                       target_sdk_version,
2243                       enable_hidden_api_checks,
2244                       generate_compact_dex,
2245                       dex_metadata_fd.get(),
2246                       compilation_reason);
2247 
2248     pid_t pid = fork();
2249     if (pid == 0) {
2250         /* child -- drop privileges before continuing */
2251         drop_capabilities(uid);
2252 
2253         SetDex2OatScheduling(boot_complete);
2254         if (flock(out_oat_fd.get(), LOCK_EX | LOCK_NB) != 0) {
2255             PLOG(ERROR) << "flock(" << out_oat_path << ") failed";
2256             _exit(DexoptReturnCodes::kFlock);
2257         }
2258 
2259         runner.Exec(DexoptReturnCodes::kDex2oatExec);
2260     } else {
2261         int res = wait_child(pid);
2262         if (res == 0) {
2263             LOG(VERBOSE) << "DexInv: --- END '" << dex_path << "' (success) ---";
2264         } else {
2265             LOG(VERBOSE) << "DexInv: --- END '" << dex_path << "' --- status=0x"
2266                          << std::hex << std::setw(4) << res << ", process failed";
2267             *error_msg = format_dexopt_error(res, dex_path);
2268             return res;
2269         }
2270     }
2271 
2272     update_out_oat_access_times(dex_path, out_oat_path);
2273 
2274     // We've been successful, don't delete output.
2275     out_oat_fd.SetCleanup(false);
2276     out_vdex_fd.SetCleanup(false);
2277     image_fd.SetCleanup(false);
2278     reference_profile_fd.SetCleanup(false);
2279 
2280     return 0;
2281 }
2282 
2283 // Try to remove the given directory. Log an error if the directory exists
2284 // and is empty but could not be removed.
rmdir_if_empty(const char * dir)2285 static bool rmdir_if_empty(const char* dir) {
2286     if (rmdir(dir) == 0) {
2287         return true;
2288     }
2289     if (errno == ENOENT || errno == ENOTEMPTY) {
2290         return true;
2291     }
2292     PLOG(ERROR) << "Failed to remove dir: " << dir;
2293     return false;
2294 }
2295 
2296 // Try to unlink the given file. Log an error if the file exists and could not
2297 // be unlinked.
unlink_if_exists(const std::string & file)2298 static bool unlink_if_exists(const std::string& file) {
2299     if (unlink(file.c_str()) == 0) {
2300         return true;
2301     }
2302     if (errno == ENOENT) {
2303         return true;
2304 
2305     }
2306     PLOG(ERROR) << "Could not unlink: " << file;
2307     return false;
2308 }
2309 
2310 enum ReconcileSecondaryDexResult {
2311     kReconcileSecondaryDexExists = 0,
2312     kReconcileSecondaryDexCleanedUp = 1,
2313     kReconcileSecondaryDexValidationError = 2,
2314     kReconcileSecondaryDexCleanUpError = 3,
2315     kReconcileSecondaryDexAccessIOError = 4,
2316 };
2317 
2318 // Reconcile the secondary dex 'dex_path' and its generated oat files.
2319 // Return true if all the parameters are valid and the secondary dex file was
2320 //   processed successfully (i.e. the dex_path either exists, or if not, its corresponding
2321 //   oat/vdex/art files where deleted successfully). In this case, out_secondary_dex_exists
2322 //   will be true if the secondary dex file still exists. If the secondary dex file does not exist,
2323 //   the method cleans up any previously generated compiler artifacts (oat, vdex, art).
2324 // Return false if there were errors during processing. In this case
2325 //   out_secondary_dex_exists will be set to false.
reconcile_secondary_dex_file(const std::string & dex_path,const std::string & pkgname,int uid,const std::vector<std::string> & isas,const std::unique_ptr<std::string> & volume_uuid,int storage_flag,bool * out_secondary_dex_exists)2326 bool reconcile_secondary_dex_file(const std::string& dex_path,
2327         const std::string& pkgname, int uid, const std::vector<std::string>& isas,
2328         const std::unique_ptr<std::string>& volume_uuid, int storage_flag,
2329         /*out*/bool* out_secondary_dex_exists) {
2330     *out_secondary_dex_exists = false;  // start by assuming the file does not exist.
2331     if (isas.size() == 0) {
2332         LOG(ERROR) << "reconcile_secondary_dex_file called with empty isas vector";
2333         return false;
2334     }
2335 
2336     if (storage_flag != FLAG_STORAGE_CE && storage_flag != FLAG_STORAGE_DE) {
2337         LOG(ERROR) << "reconcile_secondary_dex_file called with invalid storage_flag: "
2338                 << storage_flag;
2339         return false;
2340     }
2341 
2342     // As a security measure we want to unlink art artifacts with the reduced capabilities
2343     // of the package user id. So we fork and drop capabilities in the child.
2344     pid_t pid = fork();
2345     if (pid == 0) {
2346         /* child -- drop privileges before continuing */
2347         drop_capabilities(uid);
2348 
2349         const char* volume_uuid_cstr = volume_uuid == nullptr ? nullptr : volume_uuid->c_str();
2350         if (!validate_secondary_dex_path(pkgname, dex_path, volume_uuid_cstr,
2351                 uid, storage_flag)) {
2352             LOG(ERROR) << "Could not validate secondary dex path " << dex_path;
2353             _exit(kReconcileSecondaryDexValidationError);
2354         }
2355 
2356         SecondaryDexAccess access_check = check_secondary_dex_access(dex_path);
2357         switch (access_check) {
2358             case kSecondaryDexAccessDoesNotExist:
2359                  // File does not exist. Proceed with cleaning.
2360                 break;
2361             case kSecondaryDexAccessReadOk: _exit(kReconcileSecondaryDexExists);
2362             case kSecondaryDexAccessIOError: _exit(kReconcileSecondaryDexAccessIOError);
2363             case kSecondaryDexAccessPermissionError: _exit(kReconcileSecondaryDexValidationError);
2364             default:
2365                 LOG(ERROR) << "Unexpected result from check_secondary_dex_access: " << access_check;
2366                 _exit(kReconcileSecondaryDexValidationError);
2367         }
2368 
2369         // The secondary dex does not exist anymore or it's. Clear any generated files.
2370         char oat_path[PKG_PATH_MAX];
2371         char oat_dir[PKG_PATH_MAX];
2372         char oat_isa_dir[PKG_PATH_MAX];
2373         bool result = true;
2374         for (size_t i = 0; i < isas.size(); i++) {
2375             std::string error_msg;
2376             if (!create_secondary_dex_oat_layout(
2377                     dex_path,isas[i], oat_dir, oat_isa_dir, oat_path, &error_msg)) {
2378                 LOG(ERROR) << error_msg;
2379                 _exit(kReconcileSecondaryDexValidationError);
2380             }
2381 
2382             // Delete oat/vdex/art files.
2383             result = unlink_if_exists(oat_path) && result;
2384             result = unlink_if_exists(create_vdex_filename(oat_path)) && result;
2385             result = unlink_if_exists(create_image_filename(oat_path)) && result;
2386 
2387             // Delete profiles.
2388             std::string current_profile = create_current_profile_path(
2389                 multiuser_get_user_id(uid), pkgname, dex_path, /*is_secondary*/true);
2390             std::string reference_profile = create_reference_profile_path(
2391                 pkgname, dex_path, /*is_secondary*/true);
2392             result = unlink_if_exists(current_profile) && result;
2393             result = unlink_if_exists(reference_profile) && result;
2394 
2395             // We upgraded once the location of current profile for secondary dex files.
2396             // Check for any previous left-overs and remove them as well.
2397             std::string old_current_profile = dex_path + ".prof";
2398             result = unlink_if_exists(old_current_profile);
2399 
2400             // Try removing the directories as well, they might be empty.
2401             result = rmdir_if_empty(oat_isa_dir) && result;
2402             result = rmdir_if_empty(oat_dir) && result;
2403         }
2404         if (!result) {
2405             PLOG(ERROR) << "Failed to clean secondary dex artifacts for location " << dex_path;
2406         }
2407         _exit(result ? kReconcileSecondaryDexCleanedUp : kReconcileSecondaryDexAccessIOError);
2408     }
2409 
2410     int return_code = wait_child(pid);
2411     if (!WIFEXITED(return_code)) {
2412         LOG(WARNING) << "reconcile dex failed for location " << dex_path << ": " << return_code;
2413     } else {
2414         return_code = WEXITSTATUS(return_code);
2415     }
2416 
2417     LOG(DEBUG) << "Reconcile secondary dex path " << dex_path << " result=" << return_code;
2418 
2419     switch (return_code) {
2420         case kReconcileSecondaryDexCleanedUp:
2421         case kReconcileSecondaryDexValidationError:
2422             // If we couldn't validate assume the dex file does not exist.
2423             // This will purge the entry from the PM records.
2424             *out_secondary_dex_exists = false;
2425             return true;
2426         case kReconcileSecondaryDexExists:
2427             *out_secondary_dex_exists = true;
2428             return true;
2429         case kReconcileSecondaryDexAccessIOError:
2430             // We had an access IO error.
2431             // Return false so that we can try again.
2432             // The value of out_secondary_dex_exists does not matter in this case and by convention
2433             // is set to false.
2434             *out_secondary_dex_exists = false;
2435             return false;
2436         default:
2437             LOG(ERROR) << "Unexpected code from reconcile_secondary_dex_file: " << return_code;
2438             *out_secondary_dex_exists = false;
2439             return false;
2440     }
2441 }
2442 
2443 // Compute and return the hash (SHA-256) of the secondary dex file at dex_path.
2444 // Returns true if all parameters are valid and the hash successfully computed and stored in
2445 // out_secondary_dex_hash.
2446 // Also returns true with an empty hash if the file does not currently exist or is not accessible to
2447 // the app.
2448 // For any other errors (e.g. if any of the parameters are invalid) returns false.
hash_secondary_dex_file(const std::string & dex_path,const std::string & pkgname,int uid,const std::unique_ptr<std::string> & volume_uuid,int storage_flag,std::vector<uint8_t> * out_secondary_dex_hash)2449 bool hash_secondary_dex_file(const std::string& dex_path, const std::string& pkgname, int uid,
2450         const std::unique_ptr<std::string>& volume_uuid, int storage_flag,
2451         std::vector<uint8_t>* out_secondary_dex_hash) {
2452     out_secondary_dex_hash->clear();
2453 
2454     const char* volume_uuid_cstr = volume_uuid == nullptr ? nullptr : volume_uuid->c_str();
2455 
2456     if (storage_flag != FLAG_STORAGE_CE && storage_flag != FLAG_STORAGE_DE) {
2457         LOG(ERROR) << "hash_secondary_dex_file called with invalid storage_flag: "
2458                 << storage_flag;
2459         return false;
2460     }
2461 
2462     // Pipe to get the hash result back from our child process.
2463     unique_fd pipe_read, pipe_write;
2464     if (!Pipe(&pipe_read, &pipe_write)) {
2465         PLOG(ERROR) << "Failed to create pipe";
2466         return false;
2467     }
2468 
2469     // Fork so that actual access to the files is done in the app's own UID, to ensure we only
2470     // access data the app itself can access.
2471     pid_t pid = fork();
2472     if (pid == 0) {
2473         // child -- drop privileges before continuing
2474         drop_capabilities(uid);
2475         pipe_read.reset();
2476 
2477         if (!validate_secondary_dex_path(pkgname, dex_path, volume_uuid_cstr, uid, storage_flag)) {
2478             LOG(ERROR) << "Could not validate secondary dex path " << dex_path;
2479             _exit(DexoptReturnCodes::kHashValidatePath);
2480         }
2481 
2482         unique_fd fd(TEMP_FAILURE_RETRY(open(dex_path.c_str(), O_RDONLY | O_CLOEXEC | O_NOFOLLOW)));
2483         if (fd == -1) {
2484             if (errno == EACCES || errno == ENOENT) {
2485                 // Not treated as an error.
2486                 _exit(0);
2487             }
2488             PLOG(ERROR) << "Failed to open secondary dex " << dex_path;
2489             _exit(DexoptReturnCodes::kHashOpenPath);
2490         }
2491 
2492         SHA256_CTX ctx;
2493         SHA256_Init(&ctx);
2494 
2495         std::vector<uint8_t> buffer(65536);
2496         while (true) {
2497             ssize_t bytes_read = TEMP_FAILURE_RETRY(read(fd, buffer.data(), buffer.size()));
2498             if (bytes_read == 0) {
2499                 break;
2500             } else if (bytes_read == -1) {
2501                 PLOG(ERROR) << "Failed to read secondary dex " << dex_path;
2502                 _exit(DexoptReturnCodes::kHashReadDex);
2503             }
2504 
2505             SHA256_Update(&ctx, buffer.data(), bytes_read);
2506         }
2507 
2508         std::array<uint8_t, SHA256_DIGEST_LENGTH> hash;
2509         SHA256_Final(hash.data(), &ctx);
2510         if (!WriteFully(pipe_write, hash.data(), hash.size())) {
2511             _exit(DexoptReturnCodes::kHashWrite);
2512         }
2513 
2514         _exit(0);
2515     }
2516 
2517     // parent
2518     pipe_write.reset();
2519 
2520     out_secondary_dex_hash->resize(SHA256_DIGEST_LENGTH);
2521     if (!ReadFully(pipe_read, out_secondary_dex_hash->data(), out_secondary_dex_hash->size())) {
2522         out_secondary_dex_hash->clear();
2523     }
2524     return wait_child(pid) == 0;
2525 }
2526 
2527 // Helper for move_ab, so that we can have common failure-case cleanup.
unlink_and_rename(const char * from,const char * to)2528 static bool unlink_and_rename(const char* from, const char* to) {
2529     // Check whether "from" exists, and if so whether it's regular. If it is, unlink. Otherwise,
2530     // return a failure.
2531     struct stat s;
2532     if (stat(to, &s) == 0) {
2533         if (!S_ISREG(s.st_mode)) {
2534             LOG(ERROR) << from << " is not a regular file to replace for A/B.";
2535             return false;
2536         }
2537         if (unlink(to) != 0) {
2538             LOG(ERROR) << "Could not unlink " << to << " to move A/B.";
2539             return false;
2540         }
2541     } else {
2542         // This may be a permission problem. We could investigate the error code, but we'll just
2543         // let the rename failure do the work for us.
2544     }
2545 
2546     // Try to rename "to" to "from."
2547     if (rename(from, to) != 0) {
2548         PLOG(ERROR) << "Could not rename " << from << " to " << to;
2549         return false;
2550     }
2551     return true;
2552 }
2553 
2554 // Move/rename a B artifact (from) to an A artifact (to).
move_ab_path(const std::string & b_path,const std::string & a_path)2555 static bool move_ab_path(const std::string& b_path, const std::string& a_path) {
2556     // Check whether B exists.
2557     {
2558         struct stat s;
2559         if (stat(b_path.c_str(), &s) != 0) {
2560             // Silently ignore for now. The service calling this isn't smart enough to understand
2561             // lack of artifacts at the moment.
2562             return false;
2563         }
2564         if (!S_ISREG(s.st_mode)) {
2565             LOG(ERROR) << "A/B artifact " << b_path << " is not a regular file.";
2566             // Try to unlink, but swallow errors.
2567             unlink(b_path.c_str());
2568             return false;
2569         }
2570     }
2571 
2572     // Rename B to A.
2573     if (!unlink_and_rename(b_path.c_str(), a_path.c_str())) {
2574         // Delete the b_path so we don't try again (or fail earlier).
2575         if (unlink(b_path.c_str()) != 0) {
2576             PLOG(ERROR) << "Could not unlink " << b_path;
2577         }
2578 
2579         return false;
2580     }
2581 
2582     return true;
2583 }
2584 
move_ab(const char * apk_path,const char * instruction_set,const char * oat_dir)2585 bool move_ab(const char* apk_path, const char* instruction_set, const char* oat_dir) {
2586     // Get the current slot suffix. No suffix, no A/B.
2587     const std::string slot_suffix = GetProperty("ro.boot.slot_suffix", "");
2588     if (slot_suffix.empty()) {
2589         return false;
2590     }
2591 
2592     if (!ValidateTargetSlotSuffix(slot_suffix)) {
2593         LOG(ERROR) << "Target slot suffix not legal: " << slot_suffix;
2594         return false;
2595     }
2596 
2597     // Validate other inputs.
2598     if (validate_apk_path(apk_path) != 0) {
2599         LOG(ERROR) << "Invalid apk_path: " << apk_path;
2600         return false;
2601     }
2602     if (validate_apk_path(oat_dir) != 0) {
2603         LOG(ERROR) << "Invalid oat_dir: " << oat_dir;
2604         return false;
2605     }
2606 
2607     char a_path[PKG_PATH_MAX];
2608     if (!calculate_oat_file_path(a_path, oat_dir, apk_path, instruction_set)) {
2609         return false;
2610     }
2611     const std::string a_vdex_path = create_vdex_filename(a_path);
2612     const std::string a_image_path = create_image_filename(a_path);
2613 
2614     // B path = A path + slot suffix.
2615     const std::string b_path = StringPrintf("%s.%s", a_path, slot_suffix.c_str());
2616     const std::string b_vdex_path = StringPrintf("%s.%s", a_vdex_path.c_str(), slot_suffix.c_str());
2617     const std::string b_image_path = StringPrintf("%s.%s",
2618                                                   a_image_path.c_str(),
2619                                                   slot_suffix.c_str());
2620 
2621     bool success = true;
2622     if (move_ab_path(b_path, a_path)) {
2623         if (move_ab_path(b_vdex_path, a_vdex_path)) {
2624             // Note: we can live without an app image. As such, ignore failure to move the image file.
2625             //       If we decide to require the app image, or the app image being moved correctly,
2626             //       then change accordingly.
2627             constexpr bool kIgnoreAppImageFailure = true;
2628 
2629             if (!a_image_path.empty()) {
2630                 if (!move_ab_path(b_image_path, a_image_path)) {
2631                     unlink(a_image_path.c_str());
2632                     if (!kIgnoreAppImageFailure) {
2633                         success = false;
2634                     }
2635                 }
2636             }
2637         } else {
2638             // Cleanup: delete B image, ignore errors.
2639             unlink(b_image_path.c_str());
2640             success = false;
2641         }
2642     } else {
2643         // Cleanup: delete B image, ignore errors.
2644         unlink(b_vdex_path.c_str());
2645         unlink(b_image_path.c_str());
2646         success = false;
2647     }
2648     return success;
2649 }
2650 
delete_odex(const char * apk_path,const char * instruction_set,const char * oat_dir)2651 bool delete_odex(const char* apk_path, const char* instruction_set, const char* oat_dir) {
2652     // Delete the oat/odex file.
2653     char out_path[PKG_PATH_MAX];
2654     if (!create_oat_out_path(apk_path, instruction_set, oat_dir,
2655             /*is_secondary_dex*/false, out_path)) {
2656         return false;
2657     }
2658 
2659     // In case of a permission failure report the issue. Otherwise just print a warning.
2660     auto unlink_and_check = [](const char* path) -> bool {
2661         int result = unlink(path);
2662         if (result != 0) {
2663             if (errno == EACCES || errno == EPERM) {
2664                 PLOG(ERROR) << "Could not unlink " << path;
2665                 return false;
2666             }
2667             PLOG(WARNING) << "Could not unlink " << path;
2668         }
2669         return true;
2670     };
2671 
2672     // Delete the oat/odex file.
2673     bool return_value_oat = unlink_and_check(out_path);
2674 
2675     // Derive and delete the app image.
2676     bool return_value_art = unlink_and_check(create_image_filename(out_path).c_str());
2677 
2678     // Derive and delete the vdex file.
2679     bool return_value_vdex = unlink_and_check(create_vdex_filename(out_path).c_str());
2680 
2681     // Report success.
2682     return return_value_oat && return_value_art && return_value_vdex;
2683 }
2684 
is_absolute_path(const std::string & path)2685 static bool is_absolute_path(const std::string& path) {
2686     if (path.find('/') != 0 || path.find("..") != std::string::npos) {
2687         LOG(ERROR) << "Invalid absolute path " << path;
2688         return false;
2689     } else {
2690         return true;
2691     }
2692 }
2693 
is_valid_instruction_set(const std::string & instruction_set)2694 static bool is_valid_instruction_set(const std::string& instruction_set) {
2695     // TODO: add explicit whitelisting of instruction sets
2696     if (instruction_set.find('/') != std::string::npos) {
2697         LOG(ERROR) << "Invalid instruction set " << instruction_set;
2698         return false;
2699     } else {
2700         return true;
2701     }
2702 }
2703 
calculate_oat_file_path_default(char path[PKG_PATH_MAX],const char * oat_dir,const char * apk_path,const char * instruction_set)2704 bool calculate_oat_file_path_default(char path[PKG_PATH_MAX], const char *oat_dir,
2705         const char *apk_path, const char *instruction_set) {
2706     std::string oat_dir_ = oat_dir;
2707     std::string apk_path_ = apk_path;
2708     std::string instruction_set_ = instruction_set;
2709 
2710     if (!is_absolute_path(oat_dir_)) return false;
2711     if (!is_absolute_path(apk_path_)) return false;
2712     if (!is_valid_instruction_set(instruction_set_)) return false;
2713 
2714     std::string::size_type end = apk_path_.rfind('.');
2715     std::string::size_type start = apk_path_.rfind('/', end);
2716     if (end == std::string::npos || start == std::string::npos) {
2717         LOG(ERROR) << "Invalid apk_path " << apk_path_;
2718         return false;
2719     }
2720 
2721     std::string res_ = oat_dir_ + '/' + instruction_set + '/'
2722             + apk_path_.substr(start + 1, end - start - 1) + ".odex";
2723     const char* res = res_.c_str();
2724     if (strlen(res) >= PKG_PATH_MAX) {
2725         LOG(ERROR) << "Result too large";
2726         return false;
2727     } else {
2728         strlcpy(path, res, PKG_PATH_MAX);
2729         return true;
2730     }
2731 }
2732 
calculate_odex_file_path_default(char path[PKG_PATH_MAX],const char * apk_path,const char * instruction_set)2733 bool calculate_odex_file_path_default(char path[PKG_PATH_MAX], const char *apk_path,
2734         const char *instruction_set) {
2735     std::string apk_path_ = apk_path;
2736     std::string instruction_set_ = instruction_set;
2737 
2738     if (!is_absolute_path(apk_path_)) return false;
2739     if (!is_valid_instruction_set(instruction_set_)) return false;
2740 
2741     std::string::size_type end = apk_path_.rfind('.');
2742     std::string::size_type start = apk_path_.rfind('/', end);
2743     if (end == std::string::npos || start == std::string::npos) {
2744         LOG(ERROR) << "Invalid apk_path " << apk_path_;
2745         return false;
2746     }
2747 
2748     std::string oat_dir = apk_path_.substr(0, start + 1) + "oat";
2749     return calculate_oat_file_path_default(path, oat_dir.c_str(), apk_path, instruction_set);
2750 }
2751 
create_cache_path_default(char path[PKG_PATH_MAX],const char * src,const char * instruction_set)2752 bool create_cache_path_default(char path[PKG_PATH_MAX], const char *src,
2753         const char *instruction_set) {
2754     std::string src_ = src;
2755     std::string instruction_set_ = instruction_set;
2756 
2757     if (!is_absolute_path(src_)) return false;
2758     if (!is_valid_instruction_set(instruction_set_)) return false;
2759 
2760     for (auto it = src_.begin() + 1; it < src_.end(); ++it) {
2761         if (*it == '/') {
2762             *it = '@';
2763         }
2764     }
2765 
2766     std::string res_ = android_data_dir + DALVIK_CACHE + '/' + instruction_set_ + src_
2767             + DALVIK_CACHE_POSTFIX;
2768     const char* res = res_.c_str();
2769     if (strlen(res) >= PKG_PATH_MAX) {
2770         LOG(ERROR) << "Result too large";
2771         return false;
2772     } else {
2773         strlcpy(path, res, PKG_PATH_MAX);
2774         return true;
2775     }
2776 }
2777 
open_classpath_files(const std::string & classpath,std::vector<unique_fd> * apk_fds,std::vector<std::string> * dex_locations)2778 bool open_classpath_files(const std::string& classpath, std::vector<unique_fd>* apk_fds,
2779         std::vector<std::string>* dex_locations) {
2780     std::vector<std::string> classpaths_elems = base::Split(classpath, ":");
2781     for (const std::string& elem : classpaths_elems) {
2782         unique_fd fd(TEMP_FAILURE_RETRY(open(elem.c_str(), O_RDONLY)));
2783         if (fd < 0) {
2784             PLOG(ERROR) << "Could not open classpath elem " << elem;
2785             return false;
2786         } else {
2787             apk_fds->push_back(std::move(fd));
2788             dex_locations->push_back(elem);
2789         }
2790     }
2791     return true;
2792 }
2793 
create_app_profile_snapshot(int32_t app_id,const std::string & package_name,const std::string & profile_name,const std::string & classpath)2794 static bool create_app_profile_snapshot(int32_t app_id,
2795                                         const std::string& package_name,
2796                                         const std::string& profile_name,
2797                                         const std::string& classpath) {
2798     int app_shared_gid = multiuser_get_shared_gid(/*user_id*/ 0, app_id);
2799 
2800     unique_fd snapshot_fd = open_spnashot_profile(AID_SYSTEM, package_name, profile_name);
2801     if (snapshot_fd < 0) {
2802         return false;
2803     }
2804 
2805     std::vector<unique_fd> profiles_fd;
2806     unique_fd reference_profile_fd;
2807     open_profile_files(app_shared_gid, package_name, profile_name, /*is_secondary_dex*/ false,
2808             &profiles_fd, &reference_profile_fd);
2809     if (profiles_fd.empty() || (reference_profile_fd.get() < 0)) {
2810         return false;
2811     }
2812 
2813     profiles_fd.push_back(std::move(reference_profile_fd));
2814 
2815     // Open the class paths elements. These will be used to filter out profile data that does
2816     // not belong to the classpath during merge.
2817     std::vector<unique_fd> apk_fds;
2818     std::vector<std::string> dex_locations;
2819     if (!open_classpath_files(classpath, &apk_fds, &dex_locations)) {
2820         return false;
2821     }
2822 
2823     RunProfman args;
2824     // This is specifically a snapshot for an app, so don't use boot image profiles.
2825     args.SetupMerge(profiles_fd,
2826             snapshot_fd,
2827             apk_fds,
2828             dex_locations,
2829             /* for_snapshot= */ true,
2830             /* for_boot_image= */ false);
2831     pid_t pid = fork();
2832     if (pid == 0) {
2833         /* child -- drop privileges before continuing */
2834         drop_capabilities(app_shared_gid);
2835         args.Exec();
2836     }
2837 
2838     /* parent */
2839     int return_code = wait_child(pid);
2840     if (!WIFEXITED(return_code)) {
2841         LOG(WARNING) << "profman failed for " << package_name << ":" << profile_name;
2842         return false;
2843     }
2844 
2845     // Verify that profman finished successfully.
2846     int profman_code = WEXITSTATUS(return_code);
2847     if (profman_code != PROFMAN_BIN_RETURN_CODE_SUCCESS) {
2848         LOG(WARNING) << "profman error for " << package_name << ":" << profile_name
2849                 << ":" << profman_code;
2850         return false;
2851     }
2852     return true;
2853 }
2854 
create_boot_image_profile_snapshot(const std::string & package_name,const std::string & profile_name,const std::string & classpath)2855 static bool create_boot_image_profile_snapshot(const std::string& package_name,
2856                                                const std::string& profile_name,
2857                                                const std::string& classpath) {
2858     // The reference profile directory for the android package might not be prepared. Do it now.
2859     const std::string ref_profile_dir =
2860             create_primary_reference_profile_package_dir_path(package_name);
2861     if (fs_prepare_dir(ref_profile_dir.c_str(), 0770, AID_SYSTEM, AID_SYSTEM) != 0) {
2862         PLOG(ERROR) << "Failed to prepare " << ref_profile_dir;
2863         return false;
2864     }
2865 
2866     // Return false for empty class path since it may otherwise return true below if profiles is
2867     // empty.
2868     if (classpath.empty()) {
2869         PLOG(ERROR) << "Class path is empty";
2870         return false;
2871     }
2872 
2873     // Open and create the snapshot profile.
2874     unique_fd snapshot_fd = open_spnashot_profile(AID_SYSTEM, package_name, profile_name);
2875 
2876     // Collect all non empty profiles.
2877     // The collection will traverse all applications profiles and find the non empty files.
2878     // This has the potential of inspecting a large number of files and directories (depending
2879     // on the number of applications and users). So there is a slight increase in the chance
2880     // to get get occasionally I/O errors (e.g. for opening the file). When that happens do not
2881     // fail the snapshot and aggregate whatever profile we could open.
2882     //
2883     // The profile snapshot is a best effort based on available data it's ok if some data
2884     // from some apps is missing. It will be counter productive for the snapshot to fail
2885     // because we could not open or read some of the files.
2886     std::vector<std::string> profiles;
2887     if (!collect_profiles(&profiles)) {
2888         LOG(WARNING) << "There were errors while collecting the profiles for the boot image.";
2889     }
2890 
2891     // If we have no profiles return early.
2892     if (profiles.empty()) {
2893         return true;
2894     }
2895 
2896     // Open the classpath elements. These will be used to filter out profile data that does
2897     // not belong to the classpath during merge.
2898     std::vector<unique_fd> apk_fds;
2899     std::vector<std::string> dex_locations;
2900     if (!open_classpath_files(classpath, &apk_fds, &dex_locations)) {
2901         return false;
2902     }
2903 
2904     // If we could not open any files from the classpath return an error.
2905     if (apk_fds.empty()) {
2906         LOG(ERROR) << "Could not open any of the classpath elements.";
2907         return false;
2908     }
2909 
2910     // Aggregate the profiles in batches of kAggregationBatchSize.
2911     // We do this to avoid opening a huge a amount of files.
2912     static constexpr size_t kAggregationBatchSize = 10;
2913 
2914     for (size_t i = 0; i < profiles.size(); )  {
2915         std::vector<unique_fd> profiles_fd;
2916         for (size_t k = 0; k < kAggregationBatchSize && i < profiles.size(); k++, i++) {
2917             unique_fd fd = open_profile(AID_SYSTEM, profiles[i], O_RDONLY);
2918             if (fd.get() >= 0) {
2919                 profiles_fd.push_back(std::move(fd));
2920             }
2921         }
2922 
2923         // We aggregate (read & write) into the same fd multiple times in a row.
2924         // We need to reset the cursor every time to ensure we read the whole file every time.
2925         if (TEMP_FAILURE_RETRY(lseek(snapshot_fd, 0, SEEK_SET)) == static_cast<off_t>(-1)) {
2926             PLOG(ERROR) << "Cannot reset position for snapshot profile";
2927             return false;
2928         }
2929 
2930         RunProfman args;
2931         args.SetupMerge(profiles_fd,
2932                         snapshot_fd,
2933                         apk_fds,
2934                         dex_locations,
2935                         /*for_snapshot=*/true,
2936                         /*for_boot_image=*/true);
2937         pid_t pid = fork();
2938         if (pid == 0) {
2939             /* child -- drop privileges before continuing */
2940             drop_capabilities(AID_SYSTEM);
2941 
2942             // The introduction of new access flags into boot jars causes them to
2943             // fail dex file verification.
2944             args.Exec();
2945         }
2946 
2947         /* parent */
2948         int return_code = wait_child(pid);
2949 
2950         if (!WIFEXITED(return_code)) {
2951             PLOG(WARNING) << "profman failed for " << package_name << ":" << profile_name;
2952             return false;
2953         }
2954 
2955         // Verify that profman finished successfully.
2956         int profman_code = WEXITSTATUS(return_code);
2957         if (profman_code != PROFMAN_BIN_RETURN_CODE_SUCCESS) {
2958             LOG(WARNING) << "profman error for " << package_name << ":" << profile_name
2959                     << ":" << profman_code;
2960             return false;
2961         }
2962     }
2963 
2964     return true;
2965 }
2966 
create_profile_snapshot(int32_t app_id,const std::string & package_name,const std::string & profile_name,const std::string & classpath)2967 bool create_profile_snapshot(int32_t app_id, const std::string& package_name,
2968         const std::string& profile_name, const std::string& classpath) {
2969     if (app_id == -1) {
2970         return create_boot_image_profile_snapshot(package_name, profile_name, classpath);
2971     } else {
2972         return create_app_profile_snapshot(app_id, package_name, profile_name, classpath);
2973     }
2974 }
2975 
prepare_app_profile(const std::string & package_name,userid_t user_id,appid_t app_id,const std::string & profile_name,const std::string & code_path,const std::unique_ptr<std::string> & dex_metadata)2976 bool prepare_app_profile(const std::string& package_name,
2977                          userid_t user_id,
2978                          appid_t app_id,
2979                          const std::string& profile_name,
2980                          const std::string& code_path,
2981                          const std::unique_ptr<std::string>& dex_metadata) {
2982     // Prepare the current profile.
2983     std::string cur_profile  = create_current_profile_path(user_id, package_name, profile_name,
2984             /*is_secondary_dex*/ false);
2985     uid_t uid = multiuser_get_uid(user_id, app_id);
2986     if (fs_prepare_file_strict(cur_profile.c_str(), 0600, uid, uid) != 0) {
2987         PLOG(ERROR) << "Failed to prepare " << cur_profile;
2988         return false;
2989     }
2990 
2991     // Check if we need to install the profile from the dex metadata.
2992     if (dex_metadata == nullptr) {
2993         return true;
2994     }
2995 
2996     // We have a dex metdata. Merge the profile into the reference profile.
2997     unique_fd ref_profile_fd = open_reference_profile(uid, package_name, profile_name,
2998             /*read_write*/ true, /*is_secondary_dex*/ false);
2999     unique_fd dex_metadata_fd(TEMP_FAILURE_RETRY(
3000             open(dex_metadata->c_str(), O_RDONLY | O_NOFOLLOW)));
3001     unique_fd apk_fd(TEMP_FAILURE_RETRY(open(code_path.c_str(), O_RDONLY | O_NOFOLLOW)));
3002     if (apk_fd < 0) {
3003         PLOG(ERROR) << "Could not open code path " << code_path;
3004         return false;
3005     }
3006 
3007     RunProfman args;
3008     args.SetupCopyAndUpdate(std::move(dex_metadata_fd),
3009                             std::move(ref_profile_fd),
3010                             std::move(apk_fd),
3011                             code_path);
3012     pid_t pid = fork();
3013     if (pid == 0) {
3014         /* child -- drop privileges before continuing */
3015         gid_t app_shared_gid = multiuser_get_shared_gid(user_id, app_id);
3016         drop_capabilities(app_shared_gid);
3017 
3018         // The copy and update takes ownership over the fds.
3019         args.Exec();
3020     }
3021 
3022     /* parent */
3023     int return_code = wait_child(pid);
3024     if (!WIFEXITED(return_code)) {
3025         PLOG(WARNING) << "profman failed for " << package_name << ":" << profile_name;
3026         return false;
3027     }
3028     return true;
3029 }
3030 
3031 }  // namespace installd
3032 }  // namespace android
3033