1 /*
2 * Copyright (C) 2017 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <cstdlib>
18 #include <fcntl.h>
19 #include <stdlib.h>
20 #include <string.h>
21 #include <sys/types.h>
22 #include <sys/stat.h>
23
24 #include <android-base/file.h>
25 #include <android-base/logging.h>
26 #include <android-base/properties.h>
27 #include <android-base/scopeguard.h>
28 #include <android-base/stringprintf.h>
29 #include <android-base/unique_fd.h>
30 #include <binder/Status.h>
31 #include <cutils/properties.h>
32
33 #include <gtest/gtest.h>
34
35 #include <selinux/android.h>
36 #include <selinux/avc.h>
37
38 #include "binder_test_utils.h"
39 #include "dexopt.h"
40 #include "InstalldNativeService.h"
41 #include "globals.h"
42 #include "tests/test_utils.h"
43 #include "utils.h"
44 #include "ziparchive/zip_writer.h"
45
46 using android::base::ReadFully;
47 using android::base::unique_fd;
48
49 namespace android {
50 namespace installd {
51
52 // TODO(calin): try to dedup this code.
53 #if defined(__arm__)
54 static const std::string kRuntimeIsa = "arm";
55 #elif defined(__aarch64__)
56 static const std::string kRuntimeIsa = "arm64";
57 #elif defined(__mips__) && !defined(__LP64__)
58 static const std::string kRuntimeIsa = "mips";
59 #elif defined(__mips__) && defined(__LP64__)
60 static const std::string kRuntimeIsa = "mips64";
61 #elif defined(__i386__)
62 static const std::string kRuntimeIsa = "x86";
63 #elif defined(__x86_64__)
64 static const std::string kRuntimeIsa = "x86_64";
65 #else
66 static const std::string kRuntimeIsa = "none";
67 #endif
68
get_property(const char * key,char * value,const char * default_value)69 int get_property(const char *key, char *value, const char *default_value) {
70 return property_get(key, value, default_value);
71 }
72
calculate_oat_file_path(char path[PKG_PATH_MAX],const char * oat_dir,const char * apk_path,const char * instruction_set)73 bool calculate_oat_file_path(char path[PKG_PATH_MAX], const char *oat_dir, const char *apk_path,
74 const char *instruction_set) {
75 return calculate_oat_file_path_default(path, oat_dir, apk_path, instruction_set);
76 }
77
calculate_odex_file_path(char path[PKG_PATH_MAX],const char * apk_path,const char * instruction_set)78 bool calculate_odex_file_path(char path[PKG_PATH_MAX], const char *apk_path,
79 const char *instruction_set) {
80 return calculate_odex_file_path_default(path, apk_path, instruction_set);
81 }
82
create_cache_path(char path[PKG_PATH_MAX],const char * src,const char * instruction_set)83 bool create_cache_path(char path[PKG_PATH_MAX], const char *src, const char *instruction_set) {
84 return create_cache_path_default(path, src, instruction_set);
85 }
86
run_cmd(const std::string & cmd)87 static void run_cmd(const std::string& cmd) {
88 system(cmd.c_str());
89 }
90
91 template <typename Visitor>
run_cmd_and_process_output(const std::string & cmd,const Visitor & visitor)92 static void run_cmd_and_process_output(const std::string& cmd, const Visitor& visitor) {
93 FILE* file = popen(cmd.c_str(), "r");
94 CHECK(file != nullptr) << "Failed to ptrace " << cmd;
95 char* line = nullptr;
96 while (true) {
97 size_t n = 0u;
98 ssize_t value = getline(&line, &n, file);
99 if (value == -1) {
100 break;
101 }
102 visitor(line);
103 }
104 free(line);
105 fclose(file);
106 }
107
mkdir(const std::string & path,uid_t owner,gid_t group,mode_t mode)108 static int mkdir(const std::string& path, uid_t owner, gid_t group, mode_t mode) {
109 int ret = ::mkdir(path.c_str(), mode);
110 if (ret != 0) {
111 return ret;
112 }
113 ret = ::chown(path.c_str(), owner, group);
114 if (ret != 0) {
115 return ret;
116 }
117 return ::chmod(path.c_str(), mode);
118 }
119
log_callback(int type,const char * fmt,...)120 static int log_callback(int type, const char *fmt, ...) { // NOLINT
121 va_list ap;
122 int priority;
123
124 switch (type) {
125 case SELINUX_WARNING:
126 priority = ANDROID_LOG_WARN;
127 break;
128 case SELINUX_INFO:
129 priority = ANDROID_LOG_INFO;
130 break;
131 default:
132 priority = ANDROID_LOG_ERROR;
133 break;
134 }
135 va_start(ap, fmt);
136 LOG_PRI_VA(priority, "SELinux", fmt, ap);
137 va_end(ap);
138 return 0;
139 }
140
init_selinux()141 static bool init_selinux() {
142 int selinux_enabled = (is_selinux_enabled() > 0);
143
144 union selinux_callback cb;
145 cb.func_log = log_callback;
146 selinux_set_callback(SELINUX_CB_LOG, cb);
147
148 if (selinux_enabled && selinux_status_open(true) < 0) {
149 LOG(ERROR) << "Could not open selinux status; exiting";
150 return false;
151 }
152
153 return true;
154 }
155
156 // Base64 encoding of a simple dex files with 2 methods.
157 static const char kDexFile[] =
158 "UEsDBBQAAAAIAOiOYUs9y6BLCgEAABQCAAALABwAY2xhc3Nlcy5kZXhVVAkAA/Ns+lkOHv1ZdXgL"
159 "AAEEI+UCAASIEwAAS0mt4DIwNmX4qpn7j/2wA7v7N+ZvoQpCJRlVx5SWa4YaiDAxMBQwMDBUhJkI"
160 "MUBBDyMDAzsDRJwFxAdioBDDHAYEYAbiFUAM1M5wAIhFGCGKDIDYAogdgNgDiH2BOAiI0xghekDm"
161 "sQIxGxQzM6ACRijNhCbOhCZfyohdPYyuh8szgtVkMkLsLhAAqeCDi+ejibPZZOZlltgxsDnqZSWW"
162 "JTKwOUFoZh9HayDhZM0g5AMS0M9JzEvX90/KSk0usWZgDAMaws5nAyXBzmpoYGlgAjsAyJoBMp0b"
163 "zQ8gGhbOTEhhzYwU3qxIYc2GFN6MClC/AhUyKUDMAYU9M1Qc5F8GKBscVgIQM0FxCwBQSwECHgMU"
164 "AAAACADojmFLPcugSwoBAAAUAgAACwAYAAAAAAAAAAAAoIEAAAAAY2xhc3Nlcy5kZXhVVAUAA/Ns"
165 "+ll1eAsAAQQj5QIABIgTAABQSwUGAAAAAAEAAQBRAAAATwEAAAAA";
166
167 class DexoptTestEnvTest : public testing::Test {
168 };
169
TEST_F(DexoptTestEnvTest,CheckSelinux)170 TEST_F(DexoptTestEnvTest, CheckSelinux) {
171 ASSERT_EQ(1, is_selinux_enabled());
172
173 // Crude cutout for virtual devices.
174 #if !defined(__i386__) && !defined(__x86_64__)
175 constexpr bool kIsX86 = false;
176 #else
177 constexpr bool kIsX86 = true;
178 #endif
179 ASSERT_TRUE(1 == security_getenforce() || kIsX86 || true /* b/119032200 */);
180 }
181
182 class DexoptTest : public testing::Test {
183 protected:
184 static constexpr bool kDebug = false;
185 static constexpr uid_t kSystemUid = 1000;
186 static constexpr uid_t kSystemGid = 1000;
187 static constexpr int32_t kOSdkVersion = 25;
188 static constexpr int32_t kAppDataFlags = FLAG_STORAGE_CE | FLAG_STORAGE_DE;
189 static constexpr int32_t kTestUserId = 0;
190 static constexpr uid_t kTestAppId = 19999;
191
192 const gid_t kTestAppUid = multiuser_get_uid(kTestUserId, kTestAppId);
193 const uid_t kTestAppGid = multiuser_get_shared_gid(kTestUserId, kTestAppId);
194
195 InstalldNativeService* service_;
196 std::unique_ptr<std::string> volume_uuid_;
197 std::string package_name_;
198 std::string apk_path_;
199 std::string empty_dm_file_;
200 std::string app_apk_dir_;
201 std::string app_private_dir_ce_;
202 std::string app_private_dir_de_;
203 std::string se_info_;
204 std::string app_oat_dir_;
205
206 int64_t ce_data_inode_;
207
208 std::string secondary_dex_ce_;
209 std::string secondary_dex_ce_link_;
210 std::string secondary_dex_de_;
211
SetUp()212 virtual void SetUp() {
213 setenv("ANDROID_LOG_TAGS", "*:v", 1);
214 android::base::InitLogging(nullptr);
215 // Initialize the globals holding the file system main paths (/data/, /system/ etc..).
216 // This is needed in order to compute the application and profile paths.
217 ASSERT_TRUE(init_globals_from_data_and_root());
218 // Initialize selinux log callbacks.
219 // This ensures that selinux is up and running and re-directs the selinux messages
220 // to logcat (in order to make it easier to investigate test results).
221 ASSERT_TRUE(init_selinux());
222 service_ = new InstalldNativeService();
223
224 volume_uuid_ = nullptr;
225 package_name_ = "com.installd.test.dexopt";
226 se_info_ = "default";
227 app_apk_dir_ = android_app_dir + package_name_;
228
229 ASSERT_TRUE(create_mock_app());
230 }
231
TearDown()232 virtual void TearDown() {
233 if (!kDebug) {
234 service_->destroyAppData(
235 volume_uuid_, package_name_, kTestUserId, kAppDataFlags, ce_data_inode_);
236 run_cmd("rm -rf " + app_apk_dir_);
237 run_cmd("rm -rf " + app_private_dir_ce_);
238 run_cmd("rm -rf " + app_private_dir_de_);
239 }
240 delete service_;
241 }
242
create_mock_app()243 ::testing::AssertionResult create_mock_app() {
244 // For debug mode, the directory might already exist. Avoid erroring out.
245 if (mkdir(app_apk_dir_, kSystemUid, kSystemGid, 0755) != 0 && !kDebug) {
246 return ::testing::AssertionFailure() << "Could not create app dir " << app_apk_dir_
247 << " : " << strerror(errno);
248 }
249
250 // Initialize the oat dir path.
251 app_oat_dir_ = app_apk_dir_ + "/oat";
252
253 // Copy the primary apk.
254 apk_path_ = app_apk_dir_ + "/base.jar";
255 std::string error_msg;
256 if (!WriteBase64ToFile(kDexFile, apk_path_, kSystemUid, kSystemGid, 0644, &error_msg)) {
257 return ::testing::AssertionFailure() << "Could not write base64 file to " << apk_path_
258 << " : " << error_msg;
259 }
260
261 // Create an empty dm file.
262 empty_dm_file_ = apk_path_ + ".dm";
263 {
264 int fd = open(empty_dm_file_.c_str(), O_WRONLY | O_CREAT, S_IRUSR | S_IWUSR);
265 if (fd < 0) {
266 return ::testing::AssertionFailure() << "Could not open " << empty_dm_file_;
267 }
268 FILE* file = fdopen(fd, "wb");
269 if (file == nullptr) {
270 return ::testing::AssertionFailure() << "Null file for " << empty_dm_file_
271 << " fd=" << fd;
272 }
273 ZipWriter writer(file);
274 // Add vdex to zip.
275 writer.StartEntry("primary.prof", ZipWriter::kCompress);
276 writer.FinishEntry();
277 writer.Finish();
278 fclose(file);
279 }
280
281 // Create the app user data.
282 binder::Status status = service_->createAppData(
283 volume_uuid_,
284 package_name_,
285 kTestUserId,
286 kAppDataFlags,
287 kTestAppUid,
288 se_info_,
289 kOSdkVersion,
290 &ce_data_inode_);
291 if (!status.isOk()) {
292 return ::testing::AssertionFailure() << "Could not create app data: "
293 << status.toString8().c_str();
294 }
295
296 // Create a secondary dex file on CE storage
297 const char* volume_uuid_cstr = volume_uuid_ == nullptr ? nullptr : volume_uuid_->c_str();
298 app_private_dir_ce_ = create_data_user_ce_package_path(
299 volume_uuid_cstr, kTestUserId, package_name_.c_str());
300 secondary_dex_ce_ = app_private_dir_ce_ + "/secondary_ce.jar";
301 if (!WriteBase64ToFile(kDexFile,
302 secondary_dex_ce_,
303 kTestAppUid,
304 kTestAppGid,
305 0600,
306 &error_msg)) {
307 return ::testing::AssertionFailure() << "Could not write base64 file to "
308 << secondary_dex_ce_ << " : " << error_msg;
309 }
310 std::string app_private_dir_ce_link = create_data_user_ce_package_path_as_user_link(
311 volume_uuid_cstr, kTestUserId, package_name_.c_str());
312 secondary_dex_ce_link_ = app_private_dir_ce_link + "/secondary_ce.jar";
313
314 // Create a secondary dex file on DE storage.
315 app_private_dir_de_ = create_data_user_de_package_path(
316 volume_uuid_cstr, kTestUserId, package_name_.c_str());
317 secondary_dex_de_ = app_private_dir_de_ + "/secondary_de.jar";
318 if (!WriteBase64ToFile(kDexFile,
319 secondary_dex_de_,
320 kTestAppUid,
321 kTestAppGid,
322 0600,
323 &error_msg)) {
324 return ::testing::AssertionFailure() << "Could not write base64 file to "
325 << secondary_dex_de_ << " : " << error_msg;
326 }
327
328 // Fix app data uid.
329 status = service_->fixupAppData(volume_uuid_, kTestUserId);
330 if (!status.isOk()) {
331 return ::testing::AssertionFailure() << "Could not fixup app data: "
332 << status.toString8().c_str();
333 }
334
335 return ::testing::AssertionSuccess();
336 }
337
338
GetSecondaryDexArtifact(const std::string & path,const std::string & type)339 std::string GetSecondaryDexArtifact(const std::string& path, const std::string& type) {
340 std::string::size_type end = path.rfind('.');
341 std::string::size_type start = path.rfind('/', end);
342 return path.substr(0, start) + "/oat/" + kRuntimeIsa + "/" +
343 path.substr(start + 1, end - start) + type;
344 }
345
CompileSecondaryDex(const std::string & path,int32_t dex_storage_flag,bool should_binder_call_succeed,bool should_dex_be_compiled=true,binder::Status * binder_result=nullptr,int32_t uid=-1,const char * class_loader_context=nullptr)346 void CompileSecondaryDex(const std::string& path, int32_t dex_storage_flag,
347 bool should_binder_call_succeed, bool should_dex_be_compiled = true,
348 /*out */ binder::Status* binder_result = nullptr, int32_t uid = -1,
349 const char* class_loader_context = nullptr) {
350 if (uid == -1) {
351 uid = kTestAppUid;
352 }
353 if (class_loader_context == nullptr) {
354 class_loader_context = "&";
355 }
356 std::unique_ptr<std::string> package_name_ptr(new std::string(package_name_));
357 int32_t dexopt_needed = 0; // does not matter;
358 std::unique_ptr<std::string> out_path = nullptr; // does not matter
359 int32_t dex_flags = DEXOPT_SECONDARY_DEX | dex_storage_flag;
360 std::string compiler_filter = "speed-profile";
361 std::unique_ptr<std::string> class_loader_context_ptr(
362 new std::string(class_loader_context));
363 std::unique_ptr<std::string> se_info_ptr(new std::string(se_info_));
364 bool downgrade = false;
365 int32_t target_sdk_version = 0; // default
366 std::unique_ptr<std::string> profile_name_ptr = nullptr;
367 std::unique_ptr<std::string> dm_path_ptr = nullptr;
368 std::unique_ptr<std::string> compilation_reason_ptr = nullptr;
369
370 binder::Status result = service_->dexopt(path,
371 uid,
372 package_name_ptr,
373 kRuntimeIsa,
374 dexopt_needed,
375 out_path,
376 dex_flags,
377 compiler_filter,
378 volume_uuid_,
379 class_loader_context_ptr,
380 se_info_ptr,
381 downgrade,
382 target_sdk_version,
383 profile_name_ptr,
384 dm_path_ptr,
385 compilation_reason_ptr);
386 ASSERT_EQ(should_binder_call_succeed, result.isOk()) << result.toString8().c_str();
387 int expected_access = should_dex_be_compiled ? 0 : -1;
388 std::string odex = GetSecondaryDexArtifact(path, "odex");
389 std::string vdex = GetSecondaryDexArtifact(path, "vdex");
390 std::string art = GetSecondaryDexArtifact(path, "art");
391 ASSERT_EQ(expected_access, access(odex.c_str(), R_OK));
392 ASSERT_EQ(expected_access, access(vdex.c_str(), R_OK));
393 ASSERT_EQ(-1, access(art.c_str(), R_OK)); // empty profiles do not generate an image.
394 if (binder_result != nullptr) {
395 *binder_result = result;
396 }
397 }
398
reconcile_secondary_dex(const std::string & path,int32_t storage_flag,bool should_binder_call_succeed,bool should_dex_exist,bool should_dex_be_deleted,int32_t uid=-1,std::string * package_override=nullptr)399 void reconcile_secondary_dex(const std::string& path, int32_t storage_flag,
400 bool should_binder_call_succeed, bool should_dex_exist, bool should_dex_be_deleted,
401 int32_t uid = -1, std::string* package_override = nullptr) {
402 if (uid == -1) {
403 uid = kTestAppUid;
404 }
405 std::vector<std::string> isas;
406 isas.push_back(kRuntimeIsa);
407 bool out_secondary_dex_exists = false;
408 binder::Status result = service_->reconcileSecondaryDexFile(
409 path,
410 package_override == nullptr ? package_name_ : *package_override,
411 uid,
412 isas,
413 volume_uuid_,
414 storage_flag,
415 &out_secondary_dex_exists);
416
417 ASSERT_EQ(should_binder_call_succeed, result.isOk()) << result.toString8().c_str();
418 ASSERT_EQ(should_dex_exist, out_secondary_dex_exists);
419
420 int expected_access = should_dex_be_deleted ? -1 : 0;
421 std::string odex = GetSecondaryDexArtifact(path, "odex");
422 std::string vdex = GetSecondaryDexArtifact(path, "vdex");
423 std::string art = GetSecondaryDexArtifact(path, "art");
424 ASSERT_EQ(expected_access, access(odex.c_str(), F_OK));
425 ASSERT_EQ(expected_access, access(vdex.c_str(), F_OK));
426 ASSERT_EQ(-1, access(art.c_str(), R_OK)); // empty profiles do not generate an image.
427 }
428
CheckFileAccess(const std::string & file,uid_t uid,gid_t gid,mode_t mode)429 void CheckFileAccess(const std::string& file, uid_t uid, gid_t gid, mode_t mode) {
430 struct stat st;
431 ASSERT_EQ(0, stat(file.c_str(), &st));
432 ASSERT_EQ(uid, st.st_uid);
433 ASSERT_EQ(gid, st.st_gid);
434 ASSERT_EQ(mode, st.st_mode);
435 }
436
CompilePrimaryDexOk(std::string compiler_filter,int32_t dex_flags,const char * oat_dir,int32_t uid,int32_t dexopt_needed,binder::Status * binder_result=nullptr,const char * dm_path=nullptr,bool downgrade=false)437 void CompilePrimaryDexOk(std::string compiler_filter,
438 int32_t dex_flags,
439 const char* oat_dir,
440 int32_t uid,
441 int32_t dexopt_needed,
442 binder::Status* binder_result = nullptr,
443 const char* dm_path = nullptr,
444 bool downgrade = false) {
445 CompilePrimaryDex(compiler_filter,
446 dex_flags,
447 oat_dir,
448 uid,
449 dexopt_needed,
450 dm_path,
451 downgrade,
452 true,
453 binder_result);
454 }
455
CompilePrimaryDexFail(std::string compiler_filter,int32_t dex_flags,const char * oat_dir,int32_t uid,int32_t dexopt_needed,binder::Status * binder_result=nullptr,const char * dm_path=nullptr,bool downgrade=false)456 void CompilePrimaryDexFail(std::string compiler_filter,
457 int32_t dex_flags,
458 const char* oat_dir,
459 int32_t uid,
460 int32_t dexopt_needed,
461 binder::Status* binder_result = nullptr,
462 const char* dm_path = nullptr,
463 bool downgrade = false) {
464 CompilePrimaryDex(compiler_filter,
465 dex_flags,
466 oat_dir,
467 uid,
468 dexopt_needed,
469 dm_path,
470 downgrade,
471 false,
472 binder_result);
473 }
474
CompilePrimaryDex(std::string compiler_filter,int32_t dex_flags,const char * oat_dir,int32_t uid,int32_t dexopt_needed,const char * dm_path,bool downgrade,bool should_binder_call_succeed,binder::Status * binder_result)475 void CompilePrimaryDex(std::string compiler_filter,
476 int32_t dex_flags,
477 const char* oat_dir,
478 int32_t uid,
479 int32_t dexopt_needed,
480 const char* dm_path,
481 bool downgrade,
482 bool should_binder_call_succeed,
483 /*out */ binder::Status* binder_result) {
484 std::unique_ptr<std::string> package_name_ptr(new std::string(package_name_));
485 std::unique_ptr<std::string> out_path(
486 oat_dir == nullptr ? nullptr : new std::string(oat_dir));
487 std::unique_ptr<std::string> class_loader_context_ptr(new std::string("&"));
488 std::unique_ptr<std::string> se_info_ptr(new std::string(se_info_));
489 int32_t target_sdk_version = 0; // default
490 std::unique_ptr<std::string> profile_name_ptr(new std::string("primary.prof"));
491 std::unique_ptr<std::string> dm_path_ptr = nullptr;
492 if (dm_path != nullptr) {
493 dm_path_ptr.reset(new std::string(dm_path));
494 }
495 std::unique_ptr<std::string> compilation_reason_ptr(new std::string("test-reason"));
496
497 bool prof_result;
498 ASSERT_BINDER_SUCCESS(service_->prepareAppProfile(
499 package_name_, kTestUserId, kTestAppId, *profile_name_ptr, apk_path_,
500 dm_path_ptr, &prof_result));
501 ASSERT_TRUE(prof_result);
502
503 binder::Status result = service_->dexopt(apk_path_,
504 uid,
505 package_name_ptr,
506 kRuntimeIsa,
507 dexopt_needed,
508 out_path,
509 dex_flags,
510 compiler_filter,
511 volume_uuid_,
512 class_loader_context_ptr,
513 se_info_ptr,
514 downgrade,
515 target_sdk_version,
516 profile_name_ptr,
517 dm_path_ptr,
518 compilation_reason_ptr);
519 ASSERT_EQ(should_binder_call_succeed, result.isOk()) << result.toString8().c_str();
520
521 if (!should_binder_call_succeed) {
522 if (binder_result != nullptr) {
523 *binder_result = result;
524 }
525 return;
526 }
527 // Check the access to the compiler output.
528 // - speed-profile artifacts are not world-wide readable.
529 // - files are owned by the system uid.
530 std::string odex = GetPrimaryDexArtifact(oat_dir, apk_path_, "odex");
531 std::string vdex = GetPrimaryDexArtifact(oat_dir, apk_path_, "vdex");
532 std::string art = GetPrimaryDexArtifact(oat_dir, apk_path_, "art");
533
534 bool is_public = (dex_flags & DEXOPT_PUBLIC) != 0;
535 mode_t mode = S_IFREG | (is_public ? 0644 : 0640);
536 CheckFileAccess(odex, kSystemUid, uid, mode);
537 CheckFileAccess(vdex, kSystemUid, uid, mode);
538
539 if (compiler_filter == "speed-profile") {
540 CheckFileAccess(art, kSystemUid, uid, mode);
541 }
542 if (binder_result != nullptr) {
543 *binder_result = result;
544 }
545 }
546
GetPrimaryDexArtifact(const char * oat_dir,const std::string & dex_path,const std::string & type)547 std::string GetPrimaryDexArtifact(const char* oat_dir,
548 const std::string& dex_path,
549 const std::string& type) {
550 if (oat_dir == nullptr) {
551 std::string path = dex_path;
552 for (auto it = path.begin() + 1; it < path.end(); ++it) {
553 if (*it == '/') {
554 *it = '@';
555 }
556 }
557 return android_data_dir + DALVIK_CACHE + '/' + kRuntimeIsa + "/" + path
558 + "@classes.dex";
559 } else {
560 std::string::size_type name_end = dex_path.rfind('.');
561 std::string::size_type name_start = dex_path.rfind('/');
562 return std::string(oat_dir) + "/" + kRuntimeIsa + "/" +
563 dex_path.substr(name_start + 1, name_end - name_start) + type;
564 }
565 }
566 };
567
568
TEST_F(DexoptTest,DexoptSecondaryCe)569 TEST_F(DexoptTest, DexoptSecondaryCe) {
570 LOG(INFO) << "DexoptSecondaryCe";
571 CompileSecondaryDex(secondary_dex_ce_, DEXOPT_STORAGE_CE,
572 /*binder_ok*/ true, /*compile_ok*/ true);
573 }
574
TEST_F(DexoptTest,DexoptSecondaryCeLink)575 TEST_F(DexoptTest, DexoptSecondaryCeLink) {
576 LOG(INFO) << "DexoptSecondaryCeLink";
577 CompileSecondaryDex(secondary_dex_ce_link_, DEXOPT_STORAGE_CE,
578 /*binder_ok*/ true, /*compile_ok*/ true);
579 }
580
TEST_F(DexoptTest,DexoptSecondaryCeWithContext)581 TEST_F(DexoptTest, DexoptSecondaryCeWithContext) {
582 LOG(INFO) << "DexoptSecondaryCeWithContext";
583 std::string class_loader_context = "PCL[" + secondary_dex_ce_ + "]";
584 CompileSecondaryDex(secondary_dex_ce_, DEXOPT_STORAGE_CE,
585 /*binder_ok*/ true, /*compile_ok*/ true, nullptr, -1, class_loader_context.c_str());
586 }
587
TEST_F(DexoptTest,DexoptSecondaryDe)588 TEST_F(DexoptTest, DexoptSecondaryDe) {
589 LOG(INFO) << "DexoptSecondaryDe";
590 CompileSecondaryDex(secondary_dex_de_, DEXOPT_STORAGE_DE,
591 /*binder_ok*/ true, /*compile_ok*/ true);
592 }
593
TEST_F(DexoptTest,DexoptSecondaryDeWithContext)594 TEST_F(DexoptTest, DexoptSecondaryDeWithContext) {
595 LOG(INFO) << "DexoptSecondaryDeWithContext";
596 std::string class_loader_context = "PCL[" + secondary_dex_de_ + "]";
597 CompileSecondaryDex(secondary_dex_de_, DEXOPT_STORAGE_DE,
598 /*binder_ok*/ true, /*compile_ok*/ true, nullptr, -1, class_loader_context.c_str());
599 }
600
TEST_F(DexoptTest,DexoptSecondaryDoesNotExist)601 TEST_F(DexoptTest, DexoptSecondaryDoesNotExist) {
602 LOG(INFO) << "DexoptSecondaryDoesNotExist";
603 // If the file validates but does not exist we do not treat it as an error.
604 binder::Status status;
605 CompileSecondaryDex(secondary_dex_ce_ + "not.there", DEXOPT_STORAGE_CE,
606 /*binder_ok*/ true, /*compile_ok*/ false, &status);
607 EXPECT_STREQ(status.toString8().c_str(), "No error");
608 }
609
TEST_F(DexoptTest,DexoptSecondaryStorageValidationError)610 TEST_F(DexoptTest, DexoptSecondaryStorageValidationError) {
611 LOG(INFO) << "DexoptSecondaryStorageValidationError";
612 binder::Status status;
613 CompileSecondaryDex(secondary_dex_ce_, DEXOPT_STORAGE_DE,
614 /*binder_ok*/ false, /*compile_ok*/ false, &status);
615 EXPECT_STREQ(status.toString8().c_str(),
616 "Status(-8, EX_SERVICE_SPECIFIC): '-1: Dexoptanalyzer path validation failed'");
617 }
618
TEST_F(DexoptTest,DexoptSecondaryAppOwnershipValidationError)619 TEST_F(DexoptTest, DexoptSecondaryAppOwnershipValidationError) {
620 LOG(INFO) << "DexoptSecondaryAppOwnershipValidationError";
621 binder::Status status;
622 CompileSecondaryDex("/data/data/random.app/secondary.jar", DEXOPT_STORAGE_CE,
623 /*binder_ok*/ false, /*compile_ok*/ false, &status);
624 EXPECT_STREQ(status.toString8().c_str(),
625 "Status(-8, EX_SERVICE_SPECIFIC): '-1: Dexoptanalyzer path validation failed'");
626 }
627
TEST_F(DexoptTest,DexoptSecondaryAcessViaDifferentUidError)628 TEST_F(DexoptTest, DexoptSecondaryAcessViaDifferentUidError) {
629 LOG(INFO) << "DexoptSecondaryAcessViaDifferentUidError";
630 binder::Status status;
631 CompileSecondaryDex(secondary_dex_ce_, DEXOPT_STORAGE_CE,
632 /*binder_ok*/ false, /*compile_ok*/ false, &status, kSystemUid);
633 EXPECT_STREQ(status.toString8().c_str(),
634 "Status(-8, EX_SERVICE_SPECIFIC): '-1: Dexoptanalyzer open zip failed'");
635 }
636
TEST_F(DexoptTest,DexoptPrimaryPublic)637 TEST_F(DexoptTest, DexoptPrimaryPublic) {
638 LOG(INFO) << "DexoptPrimaryPublic";
639 CompilePrimaryDexOk("verify",
640 DEXOPT_BOOTCOMPLETE | DEXOPT_PUBLIC,
641 app_oat_dir_.c_str(),
642 kTestAppGid,
643 DEX2OAT_FROM_SCRATCH);
644 }
645
TEST_F(DexoptTest,DexoptPrimaryPublicCreateOatDir)646 TEST_F(DexoptTest, DexoptPrimaryPublicCreateOatDir) {
647 LOG(INFO) << "DexoptPrimaryPublic";
648 ASSERT_BINDER_SUCCESS(service_->createOatDir(app_oat_dir_, kRuntimeIsa));
649 CompilePrimaryDexOk("verify",
650 DEXOPT_BOOTCOMPLETE | DEXOPT_PUBLIC,
651 app_oat_dir_.c_str(),
652 kTestAppGid,
653 DEX2OAT_FROM_SCRATCH);
654 }
655
TEST_F(DexoptTest,DexoptPrimaryPublicRestore)656 TEST_F(DexoptTest, DexoptPrimaryPublicRestore) {
657 LOG(INFO) << "DexoptPrimaryPublicRestore";
658 CompilePrimaryDexOk("verify",
659 DEXOPT_FOR_RESTORE | DEXOPT_BOOTCOMPLETE | DEXOPT_PUBLIC,
660 app_oat_dir_.c_str(),
661 kTestAppGid,
662 DEX2OAT_FROM_SCRATCH);
663 }
664
TEST_F(DexoptTest,DexoptPrimaryFailedInvalidFilter)665 TEST_F(DexoptTest, DexoptPrimaryFailedInvalidFilter) {
666 LOG(INFO) << "DexoptPrimaryFailedInvalidFilter";
667 binder::Status status;
668 CompilePrimaryDexFail("awesome-filter",
669 DEXOPT_IDLE_BACKGROUND_JOB | DEXOPT_PUBLIC,
670 app_oat_dir_.c_str(),
671 kTestAppGid,
672 DEX2OAT_FROM_SCRATCH,
673 &status);
674 EXPECT_STREQ(status.toString8().c_str(),
675 "Status(-8, EX_SERVICE_SPECIFIC): \'256: Dex2oat invocation for "
676 "/data/app/com.installd.test.dexopt/base.jar failed: unspecified dex2oat error'");
677 }
678
TEST_F(DexoptTest,DexoptPrimaryProfileNonPublic)679 TEST_F(DexoptTest, DexoptPrimaryProfileNonPublic) {
680 LOG(INFO) << "DexoptPrimaryProfileNonPublic";
681 CompilePrimaryDexOk("speed-profile",
682 DEXOPT_BOOTCOMPLETE | DEXOPT_PROFILE_GUIDED | DEXOPT_GENERATE_APP_IMAGE,
683 app_oat_dir_.c_str(),
684 kTestAppGid,
685 DEX2OAT_FROM_SCRATCH,
686 /*binder_result=*/nullptr,
687 empty_dm_file_.c_str());
688 }
689
TEST_F(DexoptTest,DexoptPrimaryProfilePublic)690 TEST_F(DexoptTest, DexoptPrimaryProfilePublic) {
691 LOG(INFO) << "DexoptPrimaryProfilePublic";
692 CompilePrimaryDexOk("speed-profile",
693 DEXOPT_BOOTCOMPLETE | DEXOPT_PROFILE_GUIDED | DEXOPT_PUBLIC |
694 DEXOPT_GENERATE_APP_IMAGE,
695 app_oat_dir_.c_str(),
696 kTestAppGid,
697 DEX2OAT_FROM_SCRATCH,
698 /*binder_result=*/nullptr,
699 empty_dm_file_.c_str());
700 }
701
TEST_F(DexoptTest,DexoptPrimaryBackgroundOk)702 TEST_F(DexoptTest, DexoptPrimaryBackgroundOk) {
703 LOG(INFO) << "DexoptPrimaryBackgroundOk";
704 CompilePrimaryDexOk("speed-profile",
705 DEXOPT_IDLE_BACKGROUND_JOB | DEXOPT_PROFILE_GUIDED |
706 DEXOPT_GENERATE_APP_IMAGE,
707 app_oat_dir_.c_str(),
708 kTestAppGid,
709 DEX2OAT_FROM_SCRATCH,
710 /*binder_result=*/nullptr,
711 empty_dm_file_.c_str());
712 }
713
TEST_F(DexoptTest,ResolveStartupConstStrings)714 TEST_F(DexoptTest, ResolveStartupConstStrings) {
715 LOG(INFO) << "DexoptDex2oatResolveStartupStrings";
716 const std::string property = "persist.device_config.runtime.dex2oat_resolve_startup_strings";
717 const std::string previous_value = android::base::GetProperty(property, "");
718 auto restore_property = android::base::make_scope_guard([=]() {
719 android::base::SetProperty(property, previous_value);
720 });
721 std::string odex = GetPrimaryDexArtifact(app_oat_dir_.c_str(), apk_path_, "odex");
722 // Disable the property to start.
723 bool found_disable = false;
724 ASSERT_TRUE(android::base::SetProperty(property, "false")) << property;
725 CompilePrimaryDexOk("speed-profile",
726 DEXOPT_IDLE_BACKGROUND_JOB | DEXOPT_PROFILE_GUIDED |
727 DEXOPT_GENERATE_APP_IMAGE,
728 app_oat_dir_.c_str(),
729 kTestAppGid,
730 DEX2OAT_FROM_SCRATCH,
731 /*binder_result=*/nullptr,
732 empty_dm_file_.c_str());
733 run_cmd_and_process_output(
734 "oatdump --header-only --oat-file=" + odex,
735 [&](const std::string& line) {
736 if (line.find("--resolve-startup-const-strings=false") != std::string::npos) {
737 found_disable = true;
738 }
739 });
740 EXPECT_TRUE(found_disable);
741 // Enable the property and inspect that .art artifact is larger.
742 bool found_enable = false;
743 ASSERT_TRUE(android::base::SetProperty(property, "true")) << property;
744 CompilePrimaryDexOk("speed-profile",
745 DEXOPT_IDLE_BACKGROUND_JOB | DEXOPT_PROFILE_GUIDED |
746 DEXOPT_GENERATE_APP_IMAGE,
747 app_oat_dir_.c_str(),
748 kTestAppGid,
749 DEX2OAT_FROM_SCRATCH,
750 /*binder_result=*/nullptr,
751 empty_dm_file_.c_str());
752 run_cmd_and_process_output(
753 "oatdump --header-only --oat-file=" + odex,
754 [&](const std::string& line) {
755 if (line.find("--resolve-startup-const-strings=true") != std::string::npos) {
756 found_enable = true;
757 }
758 });
759 EXPECT_TRUE(found_enable);
760 }
761
TEST_F(DexoptTest,DexoptDex2oat64Enabled)762 TEST_F(DexoptTest, DexoptDex2oat64Enabled) {
763 LOG(INFO) << "DexoptDex2oat64Enabled";
764 const std::string property = "dalvik.vm.dex2oat64.enabled";
765 const std::string previous_value = android::base::GetProperty(property, "");
766 auto restore_property = android::base::make_scope_guard([=]() {
767 android::base::SetProperty(property, previous_value);
768 });
769 std::string odex = GetPrimaryDexArtifact(app_oat_dir_.c_str(), apk_path_, "odex");
770 // Disable the property and use dex2oat32.
771 ASSERT_TRUE(android::base::SetProperty(property, "false")) << property;
772 CompilePrimaryDexOk("speed-profile",
773 DEXOPT_IDLE_BACKGROUND_JOB | DEXOPT_PROFILE_GUIDED |
774 DEXOPT_GENERATE_APP_IMAGE,
775 app_oat_dir_.c_str(),
776 kTestAppGid,
777 DEX2OAT_FROM_SCRATCH,
778 /*binder_result=*/nullptr,
779 empty_dm_file_.c_str());
780 // Enable the property and use dex2oat64.
781 ASSERT_TRUE(android::base::SetProperty(property, "true")) << property;
782 CompilePrimaryDexOk("speed-profile",
783 DEXOPT_IDLE_BACKGROUND_JOB | DEXOPT_PROFILE_GUIDED |
784 DEXOPT_GENERATE_APP_IMAGE,
785 app_oat_dir_.c_str(),
786 kTestAppGid,
787 DEX2OAT_FROM_SCRATCH,
788 /*binder_result=*/nullptr,
789 empty_dm_file_.c_str());
790 }
791
792 class PrimaryDexReCompilationTest : public DexoptTest {
793 public:
SetUp()794 virtual void SetUp() {
795 DexoptTest::SetUp();
796 CompilePrimaryDexOk("verify",
797 DEXOPT_BOOTCOMPLETE | DEXOPT_PUBLIC,
798 app_oat_dir_.c_str(),
799 kTestAppGid,
800 DEX2OAT_FROM_SCRATCH);
801 std::string odex = GetSecondaryDexArtifact(apk_path_, "odex");
802 std::string vdex = GetSecondaryDexArtifact(apk_path_, "vdex");
803
804 first_compilation_odex_fd_.reset(open(odex.c_str(), O_RDONLY));
805 first_compilation_vdex_fd_.reset(open(vdex.c_str(), O_RDONLY));
806 }
807
TearDown()808 virtual void TearDown() {
809 first_compilation_odex_fd_.reset(-1);
810 first_compilation_vdex_fd_.reset(-1);
811 DexoptTest::TearDown();
812 }
813
814 protected:
815 unique_fd first_compilation_odex_fd_;
816 unique_fd first_compilation_vdex_fd_;
817 };
818
TEST_F(PrimaryDexReCompilationTest,DexoptPrimaryUpdateInPlaceVdex)819 TEST_F(PrimaryDexReCompilationTest, DexoptPrimaryUpdateInPlaceVdex) {
820 LOG(INFO) << "DexoptPrimaryUpdateInPlaceVdex";
821
822 CompilePrimaryDexOk("verify",
823 DEXOPT_IDLE_BACKGROUND_JOB | DEXOPT_PUBLIC,
824 app_oat_dir_.c_str(),
825 kTestAppGid,
826 DEX2OAT_FOR_BOOT_IMAGE);
827 }
828
829 class ReconcileTest : public DexoptTest {
SetUp()830 virtual void SetUp() {
831 DexoptTest::SetUp();
832 CompileSecondaryDex(secondary_dex_ce_, DEXOPT_STORAGE_CE,
833 /*binder_ok*/ true, /*compile_ok*/ true);
834 CompileSecondaryDex(secondary_dex_de_, DEXOPT_STORAGE_DE,
835 /*binder_ok*/ true, /*compile_ok*/ true);
836 }
837 };
838
TEST_F(ReconcileTest,ReconcileSecondaryCeExists)839 TEST_F(ReconcileTest, ReconcileSecondaryCeExists) {
840 LOG(INFO) << "ReconcileSecondaryCeExists";
841 reconcile_secondary_dex(secondary_dex_ce_, FLAG_STORAGE_CE,
842 /*binder_ok*/ true, /*dex_ok */ true, /*odex_deleted*/ false);
843 }
844
TEST_F(ReconcileTest,ReconcileSecondaryCeLinkExists)845 TEST_F(ReconcileTest, ReconcileSecondaryCeLinkExists) {
846 LOG(INFO) << "ReconcileSecondaryCeLinkExists";
847 reconcile_secondary_dex(secondary_dex_ce_link_, FLAG_STORAGE_CE,
848 /*binder_ok*/ true, /*dex_ok */ true, /*odex_deleted*/ false);
849 }
850
TEST_F(ReconcileTest,ReconcileSecondaryDeExists)851 TEST_F(ReconcileTest, ReconcileSecondaryDeExists) {
852 LOG(INFO) << "ReconcileSecondaryDeExists";
853 reconcile_secondary_dex(secondary_dex_de_, FLAG_STORAGE_DE,
854 /*binder_ok*/ true, /*dex_ok */ true, /*odex_deleted*/ false);
855 }
856
TEST_F(ReconcileTest,ReconcileSecondaryDeDoesNotExist)857 TEST_F(ReconcileTest, ReconcileSecondaryDeDoesNotExist) {
858 LOG(INFO) << "ReconcileSecondaryDeDoesNotExist";
859 run_cmd("rm -rf " + secondary_dex_de_);
860 reconcile_secondary_dex(secondary_dex_de_, FLAG_STORAGE_DE,
861 /*binder_ok*/ true, /*dex_ok */ false, /*odex_deleted*/ true);
862 }
863
TEST_F(ReconcileTest,ReconcileSecondaryStorageValidationError)864 TEST_F(ReconcileTest, ReconcileSecondaryStorageValidationError) {
865 // Validation errors will not clean the odex/vdex/art files but will mark
866 // the file as non existent so that the PM knows it should purge it from its
867 // records.
868 LOG(INFO) << "ReconcileSecondaryStorageValidationError";
869 reconcile_secondary_dex(secondary_dex_ce_, FLAG_STORAGE_DE,
870 /*binder_ok*/ true, /*dex_ok */ false, /*odex_deleted*/ false);
871 }
872
TEST_F(ReconcileTest,ReconcileSecondaryAppOwnershipValidationError)873 TEST_F(ReconcileTest, ReconcileSecondaryAppOwnershipValidationError) {
874 LOG(INFO) << "ReconcileSecondaryAppOwnershipValidationError";
875 // Attempt to reconcile the dex files of the test app from a different app.
876 std::string another_app = "another.app";
877 reconcile_secondary_dex(secondary_dex_ce_, FLAG_STORAGE_CE,
878 /*binder_ok*/ true, /*dex_ok */ false, /*odex_deleted*/ false, kSystemUid, &another_app);
879 }
880
TEST_F(ReconcileTest,ReconcileSecondaryAcessViaDifferentUidError)881 TEST_F(ReconcileTest, ReconcileSecondaryAcessViaDifferentUidError) {
882 LOG(INFO) << "ReconcileSecondaryAcessViaDifferentUidError";
883 reconcile_secondary_dex(secondary_dex_ce_, FLAG_STORAGE_CE,
884 /*binder_ok*/ true, /*dex_ok */ false, /*odex_deleted*/ false, kSystemUid);
885 }
886
887 class ProfileTest : public DexoptTest {
888 protected:
889 std::string cur_profile_;
890 std::string ref_profile_;
891 std::string snap_profile_;
892
893 static constexpr const char* kPrimaryProfile = "primary.prof";
894
SetUp()895 virtual void SetUp() {
896 DexoptTest::SetUp();
897 cur_profile_ = create_current_profile_path(
898 kTestUserId, package_name_, kPrimaryProfile, /*is_secondary_dex*/ false);
899 ref_profile_ = create_reference_profile_path(package_name_, kPrimaryProfile,
900 /*is_secondary_dex*/ false);
901 snap_profile_ = create_snapshot_profile_path(package_name_, kPrimaryProfile);
902 }
903
SetupProfile(const std::string & path,uid_t uid,gid_t gid,mode_t mode,int32_t num_dex)904 void SetupProfile(const std::string& path, uid_t uid, gid_t gid, mode_t mode,
905 int32_t num_dex) {
906 run_cmd("profman --generate-test-profile-seed=" + std::to_string(num_dex) +
907 " --generate-test-profile-num-dex=" + std::to_string(num_dex) +
908 " --generate-test-profile=" + path);
909 ::chmod(path.c_str(), mode);
910 ::chown(path.c_str(), uid, gid);
911 }
912
SetupProfiles(bool setup_ref)913 void SetupProfiles(bool setup_ref) {
914 SetupProfile(cur_profile_, kTestAppUid, kTestAppGid, 0600, 1);
915 if (setup_ref) {
916 SetupProfile(ref_profile_, kTestAppUid, kTestAppGid, 0600, 2);
917 }
918 }
919
createProfileSnapshot(int32_t appid,const std::string & package_name,bool expected_result)920 void createProfileSnapshot(int32_t appid, const std::string& package_name,
921 bool expected_result) {
922 bool result;
923 ASSERT_BINDER_SUCCESS(service_->createProfileSnapshot(
924 appid, package_name, kPrimaryProfile, apk_path_, &result));
925 ASSERT_EQ(expected_result, result);
926
927 if (!expected_result) {
928 // Do not check the files if we expect to fail.
929 return;
930 }
931
932 // Check that the snapshot was created witht he expected acess flags.
933 CheckFileAccess(snap_profile_, kSystemUid, kSystemGid, 0600 | S_IFREG);
934
935 // The snapshot should be equivalent to the merge of profiles.
936 std::string expected_profile_content = snap_profile_ + ".expected";
937 run_cmd("rm -f " + expected_profile_content);
938 run_cmd("touch " + expected_profile_content);
939 // We force merging when creating the expected profile to make sure
940 // that the random profiles do not affect the output.
941 run_cmd("profman --force-merge --profile-file=" + cur_profile_ +
942 " --profile-file=" + ref_profile_ +
943 " --reference-profile-file=" + expected_profile_content +
944 " --apk=" + apk_path_);
945
946 ASSERT_TRUE(AreFilesEqual(expected_profile_content, snap_profile_));
947
948 pid_t pid = fork();
949 if (pid == 0) {
950 /* child */
951 TransitionToSystemServer();
952
953 // System server should be able to open the the spanshot.
954 unique_fd fd(open(snap_profile_.c_str(), O_RDONLY));
955 ASSERT_TRUE(fd > -1) << "Failed to open profile as kSystemUid: " << strerror(errno);
956 _exit(0);
957 }
958 /* parent */
959 ASSERT_TRUE(WIFEXITED(wait_child(pid)));
960 }
961
mergePackageProfiles(const std::string & package_name,const std::string & code_path,bool expected_result)962 void mergePackageProfiles(const std::string& package_name,
963 const std::string& code_path,
964 bool expected_result) {
965 bool result;
966 ASSERT_BINDER_SUCCESS(service_->mergeProfiles(
967 kTestAppUid, package_name, code_path, &result));
968 ASSERT_EQ(expected_result, result);
969
970 if (!expected_result) {
971 // Do not check the files if we expect to fail.
972 return;
973 }
974
975 // Check that the snapshot was created witht he expected acess flags.
976 CheckFileAccess(ref_profile_, kTestAppUid, kTestAppUid, 0600 | S_IFREG);
977
978 // The snapshot should be equivalent to the merge of profiles.
979 std::string ref_profile_content = ref_profile_ + ".expected";
980 run_cmd("rm -f " + ref_profile_content);
981 run_cmd("touch " + ref_profile_content);
982 run_cmd("profman --profile-file=" + cur_profile_ +
983 " --profile-file=" + ref_profile_ +
984 " --reference-profile-file=" + ref_profile_content);
985
986 ASSERT_TRUE(AreFilesEqual(ref_profile_content, ref_profile_));
987 }
988
989 // TODO(calin): add dex metadata tests once the ART change is merged.
preparePackageProfile(const std::string & package_name,const std::string & profile_name,bool expected_result)990 void preparePackageProfile(const std::string& package_name, const std::string& profile_name,
991 bool expected_result) {
992 bool result;
993 ASSERT_BINDER_SUCCESS(service_->prepareAppProfile(
994 package_name, kTestUserId, kTestAppId, profile_name, apk_path_,
995 /*dex_metadata*/ nullptr, &result));
996 ASSERT_EQ(expected_result, result);
997
998 if (!expected_result) {
999 // Do not check the files if we expect to fail.
1000 return;
1001 }
1002
1003 std::string code_path_cur_prof = create_current_profile_path(
1004 kTestUserId, package_name, profile_name, /*is_secondary_dex*/ false);
1005 std::string code_path_ref_profile = create_reference_profile_path(package_name,
1006 profile_name, /*is_secondary_dex*/ false);
1007
1008 // Check that we created the current profile.
1009 CheckFileAccess(code_path_cur_prof, kTestAppUid, kTestAppUid, 0600 | S_IFREG);
1010
1011 // Without dex metadata we don't generate a reference profile.
1012 ASSERT_EQ(-1, access(code_path_ref_profile.c_str(), R_OK));
1013 }
1014
1015 protected:
TransitionToSystemServer()1016 void TransitionToSystemServer() {
1017 ASSERT_TRUE(DropCapabilities(kSystemUid, kSystemGid));
1018 int32_t res = selinux_android_setcon("u:r:system_server:s0");
1019 ASSERT_EQ(0, res) << "Failed to setcon " << strerror(errno);
1020 }
1021
AreFilesEqual(const std::string & file1,const std::string & file2)1022 bool AreFilesEqual(const std::string& file1, const std::string& file2) {
1023 std::vector<uint8_t> content1;
1024 std::vector<uint8_t> content2;
1025
1026 if (!ReadAll(file1, &content1)) return false;
1027 if (!ReadAll(file2, &content2)) return false;
1028 return content1 == content2;
1029 }
1030
ReadAll(const std::string & file,std::vector<uint8_t> * content)1031 bool ReadAll(const std::string& file, std::vector<uint8_t>* content) {
1032 unique_fd fd(open(file.c_str(), O_RDONLY));
1033 if (fd < 0) {
1034 PLOG(ERROR) << "Failed to open " << file;
1035 return false;
1036 }
1037 struct stat st;
1038 if (fstat(fd, &st) != 0) {
1039 PLOG(ERROR) << "Failed to stat " << file;
1040 return false;
1041 }
1042 content->resize(st.st_size);
1043 bool result = ReadFully(fd, content->data(), content->size());
1044 if (!result) {
1045 PLOG(ERROR) << "Failed to read " << file;
1046 }
1047 return result;
1048 }
1049 };
1050
TEST_F(ProfileTest,ProfileSnapshotOk)1051 TEST_F(ProfileTest, ProfileSnapshotOk) {
1052 LOG(INFO) << "ProfileSnapshotOk";
1053
1054 SetupProfiles(/*setup_ref*/ true);
1055 createProfileSnapshot(kTestAppId, package_name_, /*expected_result*/ true);
1056 }
1057
1058 // The reference profile is created on the fly. We need to be able to
1059 // snapshot without one.
TEST_F(ProfileTest,ProfileSnapshotOkNoReference)1060 TEST_F(ProfileTest, ProfileSnapshotOkNoReference) {
1061 LOG(INFO) << "ProfileSnapshotOkNoReference";
1062
1063 SetupProfiles(/*setup_ref*/ false);
1064 createProfileSnapshot(kTestAppId, package_name_, /*expected_result*/ true);
1065 }
1066
TEST_F(ProfileTest,ProfileSnapshotFailWrongPackage)1067 TEST_F(ProfileTest, ProfileSnapshotFailWrongPackage) {
1068 LOG(INFO) << "ProfileSnapshotFailWrongPackage";
1069
1070 SetupProfiles(/*setup_ref*/ true);
1071 createProfileSnapshot(kTestAppId, "not.there", /*expected_result*/ false);
1072 }
1073
TEST_F(ProfileTest,ProfileSnapshotDestroySnapshot)1074 TEST_F(ProfileTest, ProfileSnapshotDestroySnapshot) {
1075 LOG(INFO) << "ProfileSnapshotDestroySnapshot";
1076
1077 SetupProfiles(/*setup_ref*/ true);
1078 createProfileSnapshot(kTestAppId, package_name_, /*expected_result*/ true);
1079
1080 ASSERT_BINDER_SUCCESS(service_->destroyProfileSnapshot(package_name_, kPrimaryProfile));
1081 struct stat st;
1082 ASSERT_EQ(-1, stat(snap_profile_.c_str(), &st));
1083 ASSERT_EQ(ENOENT, errno);
1084 }
1085
TEST_F(ProfileTest,ProfileMergeOk)1086 TEST_F(ProfileTest, ProfileMergeOk) {
1087 LOG(INFO) << "ProfileMergeOk";
1088
1089 SetupProfiles(/*setup_ref*/ true);
1090 mergePackageProfiles(package_name_, "primary.prof", /*expected_result*/ true);
1091 }
1092
1093 // The reference profile is created on the fly. We need to be able to
1094 // merge without one.
TEST_F(ProfileTest,ProfileMergeOkNoReference)1095 TEST_F(ProfileTest, ProfileMergeOkNoReference) {
1096 LOG(INFO) << "ProfileMergeOkNoReference";
1097
1098 SetupProfiles(/*setup_ref*/ false);
1099 mergePackageProfiles(package_name_, "primary.prof", /*expected_result*/ true);
1100 }
1101
TEST_F(ProfileTest,ProfileMergeFailWrongPackage)1102 TEST_F(ProfileTest, ProfileMergeFailWrongPackage) {
1103 LOG(INFO) << "ProfileMergeFailWrongPackage";
1104
1105 SetupProfiles(/*setup_ref*/ true);
1106 mergePackageProfiles("not.there", "primary.prof", /*expected_result*/ false);
1107 }
1108
TEST_F(ProfileTest,ProfileDirOk)1109 TEST_F(ProfileTest, ProfileDirOk) {
1110 LOG(INFO) << "ProfileDirOk";
1111
1112 std::string cur_profile_dir = create_primary_current_profile_package_dir_path(
1113 kTestUserId, package_name_);
1114 std::string cur_profile_file = create_current_profile_path(kTestUserId, package_name_,
1115 kPrimaryProfile, /*is_secondary_dex*/false);
1116 std::string ref_profile_dir = create_primary_reference_profile_package_dir_path(package_name_);
1117
1118 CheckFileAccess(cur_profile_dir, kTestAppUid, kTestAppUid, 0700 | S_IFDIR);
1119 CheckFileAccess(ref_profile_dir, kSystemUid, kTestAppGid, 0770 | S_IFDIR);
1120 }
1121
1122 // Verify that the profile directories are fixed up during an upgrade.
1123 // (The reference profile directory is prepared lazily).
TEST_F(ProfileTest,ProfileDirOkAfterFixup)1124 TEST_F(ProfileTest, ProfileDirOkAfterFixup) {
1125 LOG(INFO) << "ProfileDirOkAfterFixup";
1126
1127 std::string cur_profile_dir = create_primary_current_profile_package_dir_path(
1128 kTestUserId, package_name_);
1129 std::string cur_profile_file = create_current_profile_path(kTestUserId, package_name_,
1130 kPrimaryProfile, /*is_secondary_dex*/false);
1131 std::string ref_profile_dir = create_primary_reference_profile_package_dir_path(package_name_);
1132
1133 // Simulate a pre-P setup by changing the owner to kTestAppGid and permissions to 0700.
1134 ASSERT_EQ(0, chown(ref_profile_dir.c_str(), kTestAppGid, kTestAppGid));
1135 ASSERT_EQ(0, chmod(ref_profile_dir.c_str(), 0700));
1136
1137 // Run createAppData again which will offer to fix-up the profile directories.
1138 ASSERT_BINDER_SUCCESS(service_->createAppData(
1139 volume_uuid_,
1140 package_name_,
1141 kTestUserId,
1142 kAppDataFlags,
1143 kTestAppUid,
1144 se_info_,
1145 kOSdkVersion,
1146 &ce_data_inode_));
1147
1148 // Check the file access.
1149 CheckFileAccess(cur_profile_dir, kTestAppUid, kTestAppUid, 0700 | S_IFDIR);
1150 CheckFileAccess(ref_profile_dir, kSystemUid, kTestAppGid, 0770 | S_IFDIR);
1151 }
1152
TEST_F(ProfileTest,ProfilePrepareOk)1153 TEST_F(ProfileTest, ProfilePrepareOk) {
1154 LOG(INFO) << "ProfilePrepareOk";
1155 preparePackageProfile(package_name_, "split.prof", /*expected_result*/ true);
1156 }
1157
TEST_F(ProfileTest,ProfilePrepareFailInvalidPackage)1158 TEST_F(ProfileTest, ProfilePrepareFailInvalidPackage) {
1159 LOG(INFO) << "ProfilePrepareFailInvalidPackage";
1160 preparePackageProfile("not.there.package", "split.prof", /*expected_result*/ false);
1161 }
1162
TEST_F(ProfileTest,ProfilePrepareFailProfileChangedUid)1163 TEST_F(ProfileTest, ProfilePrepareFailProfileChangedUid) {
1164 LOG(INFO) << "ProfilePrepareFailProfileChangedUid";
1165 SetupProfiles(/*setup_ref*/ false);
1166 // Change the uid on the profile to trigger a failure.
1167 ::chown(cur_profile_.c_str(), kTestAppUid + 1, kTestAppGid + 1);
1168 preparePackageProfile(package_name_, "primary.prof", /*expected_result*/ false);
1169 }
1170
1171
1172 class BootProfileTest : public ProfileTest {
1173 public:
1174 std::vector<const std::string> extra_apps_;
1175 std::vector<int64_t> extra_ce_data_inodes_;
1176
SetUp()1177 virtual void SetUp() {
1178
1179 ProfileTest::SetUp();
1180 intial_android_profiles_dir = android_profiles_dir;
1181 // Generate profiles for some extra apps.
1182 // When merging boot profile we split profiles into small groups to avoid
1183 // opening a lot of file descriptors at the same time.
1184 // (Currently the group size for aggregation is 10)
1185 //
1186 // To stress test that works fine, create profile for more apps.
1187 createAppProfilesForBootMerge(21);
1188 }
1189
TearDown()1190 virtual void TearDown() {
1191 android_profiles_dir = intial_android_profiles_dir;
1192 deleteAppProfilesForBootMerge();
1193 ProfileTest::TearDown();
1194 }
1195
createAppProfilesForBootMerge(size_t number_of_profiles)1196 void createAppProfilesForBootMerge(size_t number_of_profiles) {
1197 for (size_t i = 0; i < number_of_profiles; i++) {
1198 int64_t ce_data_inode;
1199 std::string package_name = "dummy_test_pkg" + std::to_string(i);
1200 LOG(INFO) << package_name;
1201 ASSERT_BINDER_SUCCESS(service_->createAppData(
1202 volume_uuid_,
1203 package_name,
1204 kTestUserId,
1205 kAppDataFlags,
1206 kTestAppUid,
1207 se_info_,
1208 kOSdkVersion,
1209 &ce_data_inode));
1210 extra_apps_.push_back(package_name);
1211 extra_ce_data_inodes_.push_back(ce_data_inode);
1212 std::string profile = create_current_profile_path(
1213 kTestUserId, package_name, kPrimaryProfile, /*is_secondary_dex*/ false);
1214 SetupProfile(profile, kTestAppUid, kTestAppGid, 0600, 1);
1215 }
1216 }
1217
deleteAppProfilesForBootMerge()1218 void deleteAppProfilesForBootMerge() {
1219 if (kDebug) {
1220 return;
1221 }
1222 for (size_t i = 0; i < extra_apps_.size(); i++) {
1223 service_->destroyAppData(
1224 volume_uuid_, extra_apps_[i], kTestUserId, kAppDataFlags, extra_ce_data_inodes_[i]);
1225 }
1226 }
1227
UpdateAndroidProfilesDir(const std::string & profile_dir)1228 void UpdateAndroidProfilesDir(const std::string& profile_dir) {
1229 android_profiles_dir = profile_dir;
1230 // We need to create the reference profile directory in the new profile dir.
1231 run_cmd("mkdir -p " + profile_dir + "/ref");
1232 }
1233
createBootImageProfileSnapshot(const std::string & classpath,bool expected_result)1234 void createBootImageProfileSnapshot(const std::string& classpath, bool expected_result) {
1235 bool result;
1236 ASSERT_BINDER_SUCCESS(service_->createProfileSnapshot(
1237 -1, "android", "android.prof", classpath, &result));
1238 ASSERT_EQ(expected_result, result);
1239
1240 if (!expected_result) {
1241 // Do not check the files if we expect to fail.
1242 return;
1243 }
1244
1245 // Check that the snapshot was created with he expected access flags.
1246 const std::string boot_profile = create_snapshot_profile_path("android", "android.prof");
1247 CheckFileAccess(boot_profile, kSystemUid, kSystemGid, 0600 | S_IFREG);
1248
1249 pid_t pid = fork();
1250 if (pid == 0) {
1251 /* child */
1252 TransitionToSystemServer();
1253
1254 // System server should be able to open the snapshot.
1255 unique_fd fd(open(boot_profile.c_str(), O_RDONLY));
1256 ASSERT_TRUE(fd > -1) << "Failed to open profile as kSystemUid: " << strerror(errno);
1257 _exit(0);
1258 }
1259 /* parent */
1260 ASSERT_TRUE(WIFEXITED(wait_child(pid)));
1261 }
1262 protected:
1263 std::string intial_android_profiles_dir;
1264 };
1265
TEST_F(BootProfileTest,BootProfileSnapshotOk)1266 TEST_F(BootProfileTest, BootProfileSnapshotOk) {
1267 LOG(INFO) << "BootProfileSnapshotOk";
1268 char* boot_classpath = getenv("BOOTCLASSPATH");
1269 ASSERT_TRUE(boot_classpath != nullptr);
1270 createBootImageProfileSnapshot(boot_classpath, /*expected_result*/ true);
1271 }
1272
TEST_F(BootProfileTest,BootProfileSnapshotFailEmptyClasspath)1273 TEST_F(BootProfileTest, BootProfileSnapshotFailEmptyClasspath) {
1274 LOG(INFO) << "BootProfileSnapshotFailEmptyClasspath";
1275
1276 createBootImageProfileSnapshot(/*boot_classpath*/ "", /*expected_result*/ false);
1277 }
1278
TEST_F(BootProfileTest,BootProfileSnapshotOkNoProfiles)1279 TEST_F(BootProfileTest, BootProfileSnapshotOkNoProfiles) {
1280 LOG(INFO) << "BootProfileSnapshotOkNoProfiles";
1281 char* boot_classpath = getenv("BOOTCLASSPATH");
1282 ASSERT_TRUE(boot_classpath != nullptr);
1283
1284 // The app_apk_dir has no profiles. So we shouldn't be able to merge anything.
1285 // Still, this is not a failure case.
1286 UpdateAndroidProfilesDir(app_apk_dir_);
1287 createBootImageProfileSnapshot(boot_classpath, /*expected_result*/ true);
1288 }
1289
1290 // Verify that profile collection.
TEST_F(BootProfileTest,CollectProfiles)1291 TEST_F(BootProfileTest, CollectProfiles) {
1292 LOG(INFO) << "CollectProfiles";
1293
1294 // Create some profile directories mimicking the real profile structure.
1295 run_cmd("mkdir -p " + app_private_dir_de_ + "/profiles/ref");
1296 run_cmd("mkdir -p " + app_private_dir_de_ + "/profiles/cur/0/");
1297 run_cmd("mkdir -p " + app_private_dir_de_ + "/profiles/cur/1/");
1298 // Create an empty profile.
1299 run_cmd("touch " + app_private_dir_de_ + "/profiles/cur/1/primary.prof");
1300 // Create a random file.
1301 run_cmd("touch " + app_private_dir_de_ + "/profiles/cur/0/non.profile.file");
1302
1303 // Create some non-empty profiles.
1304 std::string current_prof = app_private_dir_de_ + "/profiles/cur/0/primary.prof";
1305 run_cmd("echo 1 > " + current_prof);
1306 std::string ref_prof = app_private_dir_de_ + "/profiles/ref/primary.prof";
1307 run_cmd("echo 1 > " + ref_prof);
1308
1309 UpdateAndroidProfilesDir(app_private_dir_de_ + "/profiles");
1310
1311 std::vector<std::string> profiles;
1312 collect_profiles(&profiles);
1313
1314 // Only two profiles should be in the output.
1315 ASSERT_EQ(2u, profiles.size());
1316 ASSERT_TRUE(std::find(profiles.begin(), profiles.end(), current_prof) != profiles.end());
1317 ASSERT_TRUE(std::find(profiles.begin(), profiles.end(), ref_prof) != profiles.end());
1318 }
1319
TEST_F(DexoptTest,select_execution_binary)1320 TEST_F(DexoptTest, select_execution_binary) {
1321 LOG(INFO) << "DexoptTestselect_execution_binary";
1322
1323 std::string release_str = app_private_dir_ce_ + "/release";
1324 std::string debug_str = app_private_dir_ce_ + "/debug";
1325
1326 // Setup the binaries. Note that we only need executable files to actually
1327 // test the execution binary selection
1328 run_cmd("touch " + release_str);
1329 run_cmd("touch " + debug_str);
1330 run_cmd("chmod 777 " + release_str);
1331 run_cmd("chmod 777 " + debug_str);
1332
1333 const char* release = release_str.c_str();
1334 const char* debug = debug_str.c_str();
1335
1336 ASSERT_STREQ(release, select_execution_binary(
1337 release,
1338 debug,
1339 /*background_job_compile=*/ false,
1340 /*is_debug_runtime=*/ false,
1341 /*is_release=*/ false,
1342 /*is_debuggable_build=*/ false));
1343
1344 ASSERT_STREQ(release, select_execution_binary(
1345 release,
1346 debug,
1347 /*background_job_compile=*/ true,
1348 /*is_debug_runtime=*/ false,
1349 /*is_release=*/ true,
1350 /*is_debuggable_build=*/ true));
1351
1352 ASSERT_STREQ(debug, select_execution_binary(
1353 release,
1354 debug,
1355 /*background_job_compile=*/ false,
1356 /*is_debug_runtime=*/ true,
1357 /*is_release=*/ false,
1358 /*is_debuggable_build=*/ false));
1359
1360 ASSERT_STREQ(debug, select_execution_binary(
1361 release,
1362 debug,
1363 /*background_job_compile=*/ true,
1364 /*is_debug_runtime=*/ false,
1365 /*is_release=*/ false,
1366 /*is_debuggable_build=*/ true));
1367
1368
1369 // Select the release when the debug file is not there.
1370 ASSERT_STREQ(release, select_execution_binary(
1371 release,
1372 "does_not_exist",
1373 /*background_job_compile=*/ false,
1374 /*is_debug_runtime=*/ true,
1375 /*is_release=*/ false,
1376 /*is_debuggable_build=*/ false));
1377 }
1378
1379 } // namespace installd
1380 } // namespace android
1381