1 /*
2 * Copyright (C) 2017 The Android Open Source Project
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in
12 * the documentation and/or other materials provided with the
13 * distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
16 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
17 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
18 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
19 * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
21 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
22 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
23 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
24 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
25 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26 * SUCH DAMAGE.
27 */
28
29 #include "linker_config.h"
30
31 #include "linker_globals.h"
32 #include "linker_debug.h"
33 #include "linker_utils.h"
34
35 #include <android-base/file.h>
36 #include <android-base/properties.h>
37 #include <android-base/scopeguard.h>
38 #include <android-base/strings.h>
39
40 #include <async_safe/log.h>
41
42 #include <limits.h>
43 #include <stdlib.h>
44 #include <unistd.h>
45
46 #include <string>
47 #include <unordered_map>
48
49 #define _REALLY_INCLUDE_SYS__SYSTEM_PROPERTIES_H_
50 #include <sys/_system_properties.h>
51
52 class ConfigParser {
53 public:
54 enum {
55 kPropertyAssign,
56 kPropertyAppend,
57 kSection,
58 kEndOfFile,
59 kError,
60 };
61
ConfigParser(std::string && content)62 explicit ConfigParser(std::string&& content)
63 : content_(std::move(content)), p_(0), lineno_(0), was_end_of_file_(false) {}
64
65 /*
66 * Possible return values
67 * kPropertyAssign: name is set to property name and value is set to property value
68 * kPropertyAppend: same as kPropertyAssign, but the value should be appended
69 * kSection: name is set to section name.
70 * kEndOfFile: reached end of file.
71 * kError: error_msg is set.
72 */
next_token(std::string * name,std::string * value,std::string * error_msg)73 int next_token(std::string* name, std::string* value, std::string* error_msg) {
74 std::string line;
75 while(NextLine(&line)) {
76 size_t found = line.find('#');
77 line = android::base::Trim(line.substr(0, found));
78
79 if (line.empty()) {
80 continue;
81 }
82
83 if (line[0] == '[' && line.back() == ']') {
84 *name = line.substr(1, line.size() - 2);
85 return kSection;
86 }
87
88 size_t found_assign = line.find('=');
89 size_t found_append = line.find("+=");
90 if (found_assign != std::string::npos && found_append == std::string::npos) {
91 *name = android::base::Trim(line.substr(0, found_assign));
92 *value = android::base::Trim(line.substr(found_assign + 1));
93 return kPropertyAssign;
94 }
95
96 if (found_append != std::string::npos) {
97 *name = android::base::Trim(line.substr(0, found_append));
98 *value = android::base::Trim(line.substr(found_append + 2));
99 return kPropertyAppend;
100 }
101
102 *error_msg = std::string("invalid format: ") +
103 line +
104 ", expected \"name = property\", \"name += property\", or \"[section]\"";
105 return kError;
106 }
107
108 // to avoid infinite cycles when programmer makes a mistake
109 CHECK(!was_end_of_file_);
110 was_end_of_file_ = true;
111 return kEndOfFile;
112 }
113
lineno() const114 size_t lineno() const {
115 return lineno_;
116 }
117
118 private:
NextLine(std::string * line)119 bool NextLine(std::string* line) {
120 if (p_ == std::string::npos) {
121 return false;
122 }
123
124 size_t found = content_.find('\n', p_);
125 if (found != std::string::npos) {
126 *line = content_.substr(p_, found - p_);
127 p_ = found + 1;
128 } else {
129 *line = content_.substr(p_);
130 p_ = std::string::npos;
131 }
132
133 lineno_++;
134 return true;
135 }
136
137 std::string content_;
138 size_t p_;
139 size_t lineno_;
140 bool was_end_of_file_;
141
142 DISALLOW_IMPLICIT_CONSTRUCTORS(ConfigParser);
143 };
144
145 class PropertyValue {
146 public:
147 PropertyValue() = default;
148
PropertyValue(std::string && value,size_t lineno)149 PropertyValue(std::string&& value, size_t lineno)
150 : value_(std::move(value)), lineno_(lineno) {}
151
value() const152 const std::string& value() const {
153 return value_;
154 }
155
append_value(std::string && value)156 void append_value(std::string&& value) {
157 value_ = value_ + value;
158 // lineno isn't updated as we might have cases like this:
159 // property.x = blah
160 // property.y = blah
161 // property.x += blah
162 }
163
lineno() const164 size_t lineno() const {
165 return lineno_;
166 }
167
168 private:
169 std::string value_;
170 size_t lineno_;
171 };
172
create_error_msg(const char * file,size_t lineno,const std::string & msg)173 static std::string create_error_msg(const char* file,
174 size_t lineno,
175 const std::string& msg) {
176 char buf[1024];
177 async_safe_format_buffer(buf, sizeof(buf), "%s:%zu: error: %s", file, lineno, msg.c_str());
178
179 return std::string(buf);
180 }
181
parse_config_file(const char * ld_config_file_path,const char * binary_realpath,std::unordered_map<std::string,PropertyValue> * properties,std::string * error_msg)182 static bool parse_config_file(const char* ld_config_file_path,
183 const char* binary_realpath,
184 std::unordered_map<std::string, PropertyValue>* properties,
185 std::string* error_msg) {
186 std::string content;
187 if (!android::base::ReadFileToString(ld_config_file_path, &content)) {
188 if (errno != ENOENT) {
189 *error_msg = std::string("error reading file \"") +
190 ld_config_file_path + "\": " + strerror(errno);
191 }
192 return false;
193 }
194
195 ConfigParser cp(std::move(content));
196
197 std::string section_name;
198
199 while (true) {
200 std::string name;
201 std::string value;
202 std::string error;
203
204 int result = cp.next_token(&name, &value, &error);
205 if (result == ConfigParser::kError) {
206 DL_WARN("%s:%zd: warning: couldn't parse %s (ignoring this line)",
207 ld_config_file_path,
208 cp.lineno(),
209 error.c_str());
210 continue;
211 }
212
213 if (result == ConfigParser::kSection || result == ConfigParser::kEndOfFile) {
214 return false;
215 }
216
217 if (result == ConfigParser::kPropertyAssign) {
218 if (!android::base::StartsWith(name, "dir.")) {
219 DL_WARN("%s:%zd: warning: unexpected property name \"%s\", "
220 "expected format dir.<section_name> (ignoring this line)",
221 ld_config_file_path,
222 cp.lineno(),
223 name.c_str());
224 continue;
225 }
226
227 // remove trailing '/'
228 while (!value.empty() && value.back() == '/') {
229 value.pop_back();
230 }
231
232 if (value.empty()) {
233 DL_WARN("%s:%zd: warning: property value is empty (ignoring this line)",
234 ld_config_file_path,
235 cp.lineno());
236 continue;
237 }
238
239 // If the path can be resolved, resolve it
240 char buf[PATH_MAX];
241 std::string resolved_path;
242 if (access(value.c_str(), R_OK) != 0) {
243 if (errno == ENOENT) {
244 // no need to test for non-existing path. skip.
245 continue;
246 }
247 // If not accessible, don't call realpath as it will just cause
248 // SELinux denial spam. Use the path unresolved.
249 resolved_path = value;
250 } else if (realpath(value.c_str(), buf)) {
251 resolved_path = buf;
252 } else {
253 // realpath is expected to fail with EPERM in some situations, so log
254 // the failure with INFO rather than DL_WARN. e.g. A binary in
255 // /data/local/tmp may attempt to stat /postinstall. See
256 // http://b/120996057.
257 INFO("%s:%zd: warning: path \"%s\" couldn't be resolved: %s",
258 ld_config_file_path,
259 cp.lineno(),
260 value.c_str(),
261 strerror(errno));
262 resolved_path = value;
263 }
264
265 if (file_is_under_dir(binary_realpath, resolved_path)) {
266 section_name = name.substr(4);
267 break;
268 }
269 }
270 }
271
272 INFO("[ Using config section \"%s\" ]", section_name.c_str());
273
274 // skip everything until we meet a correct section
275 while (true) {
276 std::string name;
277 std::string value;
278 std::string error;
279
280 int result = cp.next_token(&name, &value, &error);
281
282 if (result == ConfigParser::kSection && name == section_name) {
283 break;
284 }
285
286 if (result == ConfigParser::kEndOfFile) {
287 *error_msg = create_error_msg(ld_config_file_path,
288 cp.lineno(),
289 std::string("section \"") + section_name + "\" not found");
290 return false;
291 }
292 }
293
294 // found the section - parse it
295 while (true) {
296 std::string name;
297 std::string value;
298 std::string error;
299
300 int result = cp.next_token(&name, &value, &error);
301
302 if (result == ConfigParser::kEndOfFile || result == ConfigParser::kSection) {
303 break;
304 }
305
306 if (result == ConfigParser::kPropertyAssign) {
307 if (properties->find(name) != properties->end()) {
308 DL_WARN("%s:%zd: warning: redefining property \"%s\" (overriding previous value)",
309 ld_config_file_path,
310 cp.lineno(),
311 name.c_str());
312 }
313
314 (*properties)[name] = PropertyValue(std::move(value), cp.lineno());
315 } else if (result == ConfigParser::kPropertyAppend) {
316 if (properties->find(name) == properties->end()) {
317 DL_WARN("%s:%zd: warning: appending to undefined property \"%s\" (treating as assignment)",
318 ld_config_file_path,
319 cp.lineno(),
320 name.c_str());
321 (*properties)[name] = PropertyValue(std::move(value), cp.lineno());
322 } else {
323 if (android::base::EndsWith(name, ".links") ||
324 android::base::EndsWith(name, ".namespaces")) {
325 value = "," + value;
326 (*properties)[name].append_value(std::move(value));
327 } else if (android::base::EndsWith(name, ".paths") ||
328 android::base::EndsWith(name, ".shared_libs") ||
329 android::base::EndsWith(name, ".whitelisted") ||
330 android::base::EndsWith(name, ".allowed_libs")) {
331 value = ":" + value;
332 (*properties)[name].append_value(std::move(value));
333 } else {
334 DL_WARN("%s:%zd: warning: += isn't allowed for property \"%s\" (ignoring)",
335 ld_config_file_path,
336 cp.lineno(),
337 name.c_str());
338 }
339 }
340 }
341
342 if (result == ConfigParser::kError) {
343 DL_WARN("%s:%zd: warning: couldn't parse %s (ignoring this line)",
344 ld_config_file_path,
345 cp.lineno(),
346 error.c_str());
347 continue;
348 }
349 }
350
351 return true;
352 }
353
354 static Config g_config;
355
356 static constexpr const char* kDefaultConfigName = "default";
357 static constexpr const char* kPropertyAdditionalNamespaces = "additional.namespaces";
358
359 class Properties {
360 public:
Properties(std::unordered_map<std::string,PropertyValue> && properties)361 explicit Properties(std::unordered_map<std::string, PropertyValue>&& properties)
362 : properties_(std::move(properties)), target_sdk_version_(__ANDROID_API__) {}
363
get_strings(const std::string & name,size_t * lineno=nullptr) const364 std::vector<std::string> get_strings(const std::string& name, size_t* lineno = nullptr) const {
365 auto it = find_property(name, lineno);
366 if (it == properties_.end()) {
367 // return empty vector
368 return std::vector<std::string>();
369 }
370
371 std::vector<std::string> strings = android::base::Split(it->second.value(), ",");
372
373 for (size_t i = 0; i < strings.size(); ++i) {
374 strings[i] = android::base::Trim(strings[i]);
375 }
376
377 return strings;
378 }
379
get_bool(const std::string & name,size_t * lineno=nullptr) const380 bool get_bool(const std::string& name, size_t* lineno = nullptr) const {
381 auto it = find_property(name, lineno);
382 if (it == properties_.end()) {
383 return false;
384 }
385
386 return it->second.value() == "true";
387 }
388
get_string(const std::string & name,size_t * lineno=nullptr) const389 std::string get_string(const std::string& name, size_t* lineno = nullptr) const {
390 auto it = find_property(name, lineno);
391 return (it == properties_.end()) ? "" : it->second.value();
392 }
393
get_paths(const std::string & name,bool resolve,size_t * lineno=nullptr)394 std::vector<std::string> get_paths(const std::string& name, bool resolve, size_t* lineno = nullptr) {
395 std::string paths_str = get_string(name, lineno);
396
397 std::vector<std::string> paths;
398 split_path(paths_str.c_str(), ":", &paths);
399
400 std::vector<std::pair<std::string, std::string>> params;
401 params.push_back({ "LIB", kLibPath });
402 if (target_sdk_version_ != 0) {
403 char buf[16];
404 async_safe_format_buffer(buf, sizeof(buf), "%d", target_sdk_version_);
405 params.push_back({ "SDK_VER", buf });
406 }
407
408 static std::string vndk_ver = Config::get_vndk_version_string('-');
409 params.push_back({ "VNDK_VER", vndk_ver });
410 static std::string vndk_apex_ver = Config::get_vndk_version_string('v');
411 params.push_back({ "VNDK_APEX_VER", vndk_apex_ver });
412
413 for (auto& path : paths) {
414 format_string(&path, params);
415 }
416
417 if (resolve) {
418 std::vector<std::string> resolved_paths;
419 for (const auto& path : paths) {
420 if (path.empty()) {
421 continue;
422 }
423 // this is single threaded. no need to lock
424 auto cached = resolved_paths_.find(path);
425 if (cached == resolved_paths_.end()) {
426 resolved_paths_[path] = resolve_path(path);
427 cached = resolved_paths_.find(path);
428 }
429 CHECK(cached != resolved_paths_.end());
430 if (cached->second.empty()) {
431 continue;
432 }
433 resolved_paths.push_back(cached->second);
434 }
435
436 return resolved_paths;
437 } else {
438 return paths;
439 }
440 }
441
set_target_sdk_version(int target_sdk_version)442 void set_target_sdk_version(int target_sdk_version) {
443 target_sdk_version_ = target_sdk_version;
444 }
445
446 private:
447 std::unordered_map<std::string, PropertyValue>::const_iterator
find_property(const std::string & name,size_t * lineno) const448 find_property(const std::string& name, size_t* lineno) const {
449 auto it = properties_.find(name);
450 if (it != properties_.end() && lineno != nullptr) {
451 *lineno = it->second.lineno();
452 }
453
454 return it;
455 }
456 std::unordered_map<std::string, PropertyValue> properties_;
457 std::unordered_map<std::string, std::string> resolved_paths_;
458 int target_sdk_version_;
459
460 DISALLOW_IMPLICIT_CONSTRUCTORS(Properties);
461 };
462
read_binary_config(const char * ld_config_file_path,const char * binary_realpath,bool is_asan,const Config ** config,std::string * error_msg)463 bool Config::read_binary_config(const char* ld_config_file_path,
464 const char* binary_realpath,
465 bool is_asan,
466 const Config** config,
467 std::string* error_msg) {
468 g_config.clear();
469
470 std::unordered_map<std::string, PropertyValue> property_map;
471 if (!parse_config_file(ld_config_file_path, binary_realpath, &property_map, error_msg)) {
472 return false;
473 }
474
475 Properties properties(std::move(property_map));
476
477 auto failure_guard = android::base::make_scope_guard([] { g_config.clear(); });
478
479 std::unordered_map<std::string, NamespaceConfig*> namespace_configs;
480
481 namespace_configs[kDefaultConfigName] = g_config.create_namespace_config(kDefaultConfigName);
482
483 std::vector<std::string> additional_namespaces = properties.get_strings(kPropertyAdditionalNamespaces);
484 for (const auto& name : additional_namespaces) {
485 namespace_configs[name] = g_config.create_namespace_config(name);
486 }
487
488 bool versioning_enabled = properties.get_bool("enable.target.sdk.version");
489 int target_sdk_version = __ANDROID_API__;
490 if (versioning_enabled) {
491 std::string version_file = dirname(binary_realpath) + "/.version";
492 std::string content;
493 if (!android::base::ReadFileToString(version_file, &content)) {
494 if (errno != ENOENT) {
495 *error_msg = std::string("error reading version file \"") +
496 version_file + "\": " + strerror(errno);
497 return false;
498 }
499 } else {
500 content = android::base::Trim(content);
501 errno = 0;
502 char* end = nullptr;
503 const char* content_str = content.c_str();
504 int result = strtol(content_str, &end, 10);
505 if (errno == 0 && *end == '\0' && result > 0) {
506 target_sdk_version = result;
507 properties.set_target_sdk_version(target_sdk_version);
508 } else {
509 *error_msg = std::string("invalid version \"") + version_file + "\": \"" + content +"\"";
510 return false;
511 }
512 }
513 }
514
515 g_config.set_target_sdk_version(target_sdk_version);
516
517 for (const auto& ns_config_it : namespace_configs) {
518 auto& name = ns_config_it.first;
519 NamespaceConfig* ns_config = ns_config_it.second;
520
521 std::string property_name_prefix = std::string("namespace.") + name;
522
523 size_t lineno = 0;
524 std::vector<std::string> linked_namespaces =
525 properties.get_strings(property_name_prefix + ".links", &lineno);
526
527 for (const auto& linked_ns_name : linked_namespaces) {
528 if (namespace_configs.find(linked_ns_name) == namespace_configs.end()) {
529 *error_msg = create_error_msg(ld_config_file_path,
530 lineno,
531 std::string("undefined namespace: ") + linked_ns_name);
532 return false;
533 }
534
535 bool allow_all_shared_libs = properties.get_bool(property_name_prefix + ".link." +
536 linked_ns_name + ".allow_all_shared_libs");
537
538 std::string shared_libs = properties.get_string(property_name_prefix +
539 ".link." +
540 linked_ns_name +
541 ".shared_libs", &lineno);
542
543 if (!allow_all_shared_libs && shared_libs.empty()) {
544 *error_msg = create_error_msg(ld_config_file_path,
545 lineno,
546 std::string("list of shared_libs for ") +
547 name +
548 "->" +
549 linked_ns_name +
550 " link is not specified or is empty.");
551 return false;
552 }
553
554 if (allow_all_shared_libs && !shared_libs.empty()) {
555 *error_msg = create_error_msg(ld_config_file_path, lineno,
556 std::string("both shared_libs and allow_all_shared_libs "
557 "are set for ") +
558 name + "->" + linked_ns_name + " link.");
559 return false;
560 }
561
562 ns_config->add_namespace_link(linked_ns_name, shared_libs, allow_all_shared_libs);
563 }
564
565 ns_config->set_isolated(properties.get_bool(property_name_prefix + ".isolated"));
566 ns_config->set_visible(properties.get_bool(property_name_prefix + ".visible"));
567
568 std::string allowed_libs =
569 properties.get_string(property_name_prefix + ".whitelisted", &lineno);
570 const std::string libs = properties.get_string(property_name_prefix + ".allowed_libs", &lineno);
571 if (!allowed_libs.empty() && !libs.empty()) {
572 allowed_libs += ":";
573 }
574 allowed_libs += libs;
575 if (!allowed_libs.empty()) {
576 ns_config->set_allowed_libs(android::base::Split(allowed_libs, ":"));
577 }
578
579 // these are affected by is_asan flag
580 if (is_asan) {
581 property_name_prefix += ".asan";
582 }
583
584 // search paths are resolved (canonicalized). This is required mainly for
585 // the case when /vendor is a symlink to /system/vendor, which is true for
586 // non Treble-ized legacy devices.
587 ns_config->set_search_paths(properties.get_paths(property_name_prefix + ".search.paths", true));
588
589 // However, for permitted paths, we are not required to resolve the paths
590 // since they are only set for isolated namespaces, which implies the device
591 // is Treble-ized (= /vendor is not a symlink to /system/vendor).
592 // In fact, the resolving is causing an unexpected side effect of selinux
593 // denials on some executables which are not allowed to access some of the
594 // permitted paths.
595 ns_config->set_permitted_paths(properties.get_paths(property_name_prefix + ".permitted.paths", false));
596 }
597
598 failure_guard.Disable();
599 *config = &g_config;
600 return true;
601 }
602
get_vndk_version_string(const char delimiter)603 std::string Config::get_vndk_version_string(const char delimiter) {
604 std::string version = android::base::GetProperty("ro.vndk.version", "");
605 if (version != "" && version != "current") {
606 //add the delimiter char in front of the string and return it.
607 return version.insert(0, 1, delimiter);
608 }
609 return "";
610 }
611
create_namespace_config(const std::string & name)612 NamespaceConfig* Config::create_namespace_config(const std::string& name) {
613 namespace_configs_.push_back(std::unique_ptr<NamespaceConfig>(new NamespaceConfig(name)));
614 NamespaceConfig* ns_config_ptr = namespace_configs_.back().get();
615 namespace_configs_map_[name] = ns_config_ptr;
616 return ns_config_ptr;
617 }
618
clear()619 void Config::clear() {
620 namespace_configs_.clear();
621 namespace_configs_map_.clear();
622 }
623