1 /*
2 * Copyright (C) 2015 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include "android-base/file.h"
18
19 #include <errno.h>
20 #include <fcntl.h>
21 #include <ftw.h>
22 #include <libgen.h>
23 #include <stdio.h>
24 #include <stdlib.h>
25 #include <string.h>
26 #include <sys/stat.h>
27 #include <sys/types.h>
28 #include <unistd.h>
29
30 #include <memory>
31 #include <mutex>
32 #include <string>
33 #include <vector>
34
35 #if defined(__APPLE__)
36 #include <mach-o/dyld.h>
37 #endif
38 #if defined(_WIN32)
39 #include <direct.h>
40 #include <windows.h>
41 #define O_NOFOLLOW 0
42 #define OS_PATH_SEPARATOR '\\'
43 #else
44 #define OS_PATH_SEPARATOR '/'
45 #endif
46
47 #include "android-base/logging.h" // and must be after windows.h for ERROR
48 #include "android-base/macros.h" // For TEMP_FAILURE_RETRY on Darwin.
49 #include "android-base/unique_fd.h"
50 #include "android-base/utf8.h"
51
52 namespace {
53
54 #ifdef _WIN32
mkstemp(char * name_template,size_t size_in_chars)55 static int mkstemp(char* name_template, size_t size_in_chars) {
56 std::wstring path;
57 CHECK(android::base::UTF8ToWide(name_template, &path))
58 << "path can't be converted to wchar: " << name_template;
59 if (_wmktemp_s(path.data(), path.size() + 1) != 0) {
60 return -1;
61 }
62
63 // Use open() to match the close() that TemporaryFile's destructor does.
64 // Use O_BINARY to match base file APIs.
65 int fd = _wopen(path.c_str(), O_CREAT | O_EXCL | O_RDWR | O_BINARY, S_IRUSR | S_IWUSR);
66 if (fd < 0) {
67 return -1;
68 }
69
70 std::string path_utf8;
71 CHECK(android::base::WideToUTF8(path, &path_utf8)) << "path can't be converted to utf8";
72 CHECK(strcpy_s(name_template, size_in_chars, path_utf8.c_str()) == 0)
73 << "utf8 path can't be assigned back to name_template";
74
75 return fd;
76 }
77
mkdtemp(char * name_template,size_t size_in_chars)78 static char* mkdtemp(char* name_template, size_t size_in_chars) {
79 std::wstring path;
80 CHECK(android::base::UTF8ToWide(name_template, &path))
81 << "path can't be converted to wchar: " << name_template;
82
83 if (_wmktemp_s(path.data(), path.size() + 1) != 0) {
84 return nullptr;
85 }
86
87 if (_wmkdir(path.c_str()) != 0) {
88 return nullptr;
89 }
90
91 std::string path_utf8;
92 CHECK(android::base::WideToUTF8(path, &path_utf8)) << "path can't be converted to utf8";
93 CHECK(strcpy_s(name_template, size_in_chars, path_utf8.c_str()) == 0)
94 << "utf8 path can't be assigned back to name_template";
95
96 return name_template;
97 }
98 #endif
99
GetSystemTempDir()100 std::string GetSystemTempDir() {
101 #if defined(__ANDROID__)
102 const auto* tmpdir = getenv("TMPDIR");
103 if (tmpdir == nullptr) tmpdir = "/data/local/tmp";
104 if (access(tmpdir, R_OK | W_OK | X_OK) == 0) {
105 return tmpdir;
106 }
107 // Tests running in app context can't access /data/local/tmp,
108 // so try current directory if /data/local/tmp is not accessible.
109 return ".";
110 #elif defined(_WIN32)
111 wchar_t tmp_dir_w[MAX_PATH];
112 DWORD result = GetTempPathW(std::size(tmp_dir_w), tmp_dir_w); // checks TMP env
113 CHECK_NE(result, 0ul) << "GetTempPathW failed, error: " << GetLastError();
114 CHECK_LT(result, std::size(tmp_dir_w)) << "path truncated to: " << result;
115
116 // GetTempPath() returns a path with a trailing slash, but init()
117 // does not expect that, so remove it.
118 if (tmp_dir_w[result - 1] == L'\\') {
119 tmp_dir_w[result - 1] = L'\0';
120 }
121
122 std::string tmp_dir;
123 CHECK(android::base::WideToUTF8(tmp_dir_w, &tmp_dir)) << "path can't be converted to utf8";
124
125 return tmp_dir;
126 #else
127 const auto* tmpdir = getenv("TMPDIR");
128 if (tmpdir == nullptr) tmpdir = "/tmp";
129 return tmpdir;
130 #endif
131 }
132
133 } // namespace
134
TemporaryFile()135 TemporaryFile::TemporaryFile() {
136 init(GetSystemTempDir());
137 }
138
TemporaryFile(const std::string & tmp_dir)139 TemporaryFile::TemporaryFile(const std::string& tmp_dir) {
140 init(tmp_dir);
141 }
142
~TemporaryFile()143 TemporaryFile::~TemporaryFile() {
144 if (fd != -1) {
145 close(fd);
146 }
147 if (remove_file_) {
148 unlink(path);
149 }
150 }
151
release()152 int TemporaryFile::release() {
153 int result = fd;
154 fd = -1;
155 return result;
156 }
157
init(const std::string & tmp_dir)158 void TemporaryFile::init(const std::string& tmp_dir) {
159 snprintf(path, sizeof(path), "%s%cTemporaryFile-XXXXXX", tmp_dir.c_str(), OS_PATH_SEPARATOR);
160 #if defined(_WIN32)
161 fd = mkstemp(path, sizeof(path));
162 #else
163 fd = mkstemp(path);
164 #endif
165 }
166
TemporaryDir()167 TemporaryDir::TemporaryDir() {
168 init(GetSystemTempDir());
169 }
170
~TemporaryDir()171 TemporaryDir::~TemporaryDir() {
172 if (!remove_dir_and_contents_) return;
173
174 auto callback = [](const char* child, const struct stat*, int file_type, struct FTW*) -> int {
175 switch (file_type) {
176 case FTW_D:
177 case FTW_DP:
178 case FTW_DNR:
179 if (rmdir(child) == -1) {
180 PLOG(ERROR) << "rmdir " << child;
181 }
182 break;
183 case FTW_NS:
184 default:
185 if (rmdir(child) != -1) break;
186 // FALLTHRU (for gcc, lint, pcc, etc; and following for clang)
187 FALLTHROUGH_INTENDED;
188 case FTW_F:
189 case FTW_SL:
190 case FTW_SLN:
191 if (unlink(child) == -1) {
192 PLOG(ERROR) << "unlink " << child;
193 }
194 break;
195 }
196 return 0;
197 };
198
199 nftw(path, callback, 128, FTW_DEPTH | FTW_MOUNT | FTW_PHYS);
200 }
201
init(const std::string & tmp_dir)202 bool TemporaryDir::init(const std::string& tmp_dir) {
203 snprintf(path, sizeof(path), "%s%cTemporaryDir-XXXXXX", tmp_dir.c_str(), OS_PATH_SEPARATOR);
204 #if defined(_WIN32)
205 return (mkdtemp(path, sizeof(path)) != nullptr);
206 #else
207 return (mkdtemp(path) != nullptr);
208 #endif
209 }
210
211 namespace android {
212 namespace base {
213
214 // Versions of standard library APIs that support UTF-8 strings.
215 using namespace android::base::utf8;
216
ReadFdToString(borrowed_fd fd,std::string * content)217 bool ReadFdToString(borrowed_fd fd, std::string* content) {
218 content->clear();
219
220 // Although original we had small files in mind, this code gets used for
221 // very large files too, where the std::string growth heuristics might not
222 // be suitable. https://code.google.com/p/android/issues/detail?id=258500.
223 struct stat sb;
224 if (fstat(fd.get(), &sb) != -1 && sb.st_size > 0) {
225 content->reserve(sb.st_size);
226 }
227
228 char buf[BUFSIZ] __attribute__((__uninitialized__));
229 ssize_t n;
230 while ((n = TEMP_FAILURE_RETRY(read(fd.get(), &buf[0], sizeof(buf)))) > 0) {
231 content->append(buf, n);
232 }
233 return (n == 0) ? true : false;
234 }
235
ReadFileToString(const std::string & path,std::string * content,bool follow_symlinks)236 bool ReadFileToString(const std::string& path, std::string* content, bool follow_symlinks) {
237 content->clear();
238
239 int flags = O_RDONLY | O_CLOEXEC | O_BINARY | (follow_symlinks ? 0 : O_NOFOLLOW);
240 android::base::unique_fd fd(TEMP_FAILURE_RETRY(open(path.c_str(), flags)));
241 if (fd == -1) {
242 return false;
243 }
244 return ReadFdToString(fd, content);
245 }
246
WriteStringToFd(const std::string & content,borrowed_fd fd)247 bool WriteStringToFd(const std::string& content, borrowed_fd fd) {
248 const char* p = content.data();
249 size_t left = content.size();
250 while (left > 0) {
251 ssize_t n = TEMP_FAILURE_RETRY(write(fd.get(), p, left));
252 if (n == -1) {
253 return false;
254 }
255 p += n;
256 left -= n;
257 }
258 return true;
259 }
260
CleanUpAfterFailedWrite(const std::string & path)261 static bool CleanUpAfterFailedWrite(const std::string& path) {
262 // Something went wrong. Let's not leave a corrupt file lying around.
263 int saved_errno = errno;
264 unlink(path.c_str());
265 errno = saved_errno;
266 return false;
267 }
268
269 #if !defined(_WIN32)
WriteStringToFile(const std::string & content,const std::string & path,mode_t mode,uid_t owner,gid_t group,bool follow_symlinks)270 bool WriteStringToFile(const std::string& content, const std::string& path,
271 mode_t mode, uid_t owner, gid_t group,
272 bool follow_symlinks) {
273 int flags = O_WRONLY | O_CREAT | O_TRUNC | O_CLOEXEC | O_BINARY |
274 (follow_symlinks ? 0 : O_NOFOLLOW);
275 android::base::unique_fd fd(TEMP_FAILURE_RETRY(open(path.c_str(), flags, mode)));
276 if (fd == -1) {
277 PLOG(ERROR) << "android::WriteStringToFile open failed";
278 return false;
279 }
280
281 // We do an explicit fchmod here because we assume that the caller really
282 // meant what they said and doesn't want the umask-influenced mode.
283 if (fchmod(fd, mode) == -1) {
284 PLOG(ERROR) << "android::WriteStringToFile fchmod failed";
285 return CleanUpAfterFailedWrite(path);
286 }
287 if (fchown(fd, owner, group) == -1) {
288 PLOG(ERROR) << "android::WriteStringToFile fchown failed";
289 return CleanUpAfterFailedWrite(path);
290 }
291 if (!WriteStringToFd(content, fd)) {
292 PLOG(ERROR) << "android::WriteStringToFile write failed";
293 return CleanUpAfterFailedWrite(path);
294 }
295 return true;
296 }
297 #endif
298
WriteStringToFile(const std::string & content,const std::string & path,bool follow_symlinks)299 bool WriteStringToFile(const std::string& content, const std::string& path,
300 bool follow_symlinks) {
301 int flags = O_WRONLY | O_CREAT | O_TRUNC | O_CLOEXEC | O_BINARY |
302 (follow_symlinks ? 0 : O_NOFOLLOW);
303 android::base::unique_fd fd(TEMP_FAILURE_RETRY(open(path.c_str(), flags, 0666)));
304 if (fd == -1) {
305 return false;
306 }
307 return WriteStringToFd(content, fd) || CleanUpAfterFailedWrite(path);
308 }
309
ReadFully(borrowed_fd fd,void * data,size_t byte_count)310 bool ReadFully(borrowed_fd fd, void* data, size_t byte_count) {
311 uint8_t* p = reinterpret_cast<uint8_t*>(data);
312 size_t remaining = byte_count;
313 while (remaining > 0) {
314 ssize_t n = TEMP_FAILURE_RETRY(read(fd.get(), p, remaining));
315 if (n <= 0) return false;
316 p += n;
317 remaining -= n;
318 }
319 return true;
320 }
321
322 #if defined(_WIN32)
323 // Windows implementation of pread. Note that this DOES move the file descriptors read position,
324 // but it does so atomically.
pread(borrowed_fd fd,void * data,size_t byte_count,off64_t offset)325 static ssize_t pread(borrowed_fd fd, void* data, size_t byte_count, off64_t offset) {
326 DWORD bytes_read;
327 OVERLAPPED overlapped;
328 memset(&overlapped, 0, sizeof(OVERLAPPED));
329 overlapped.Offset = static_cast<DWORD>(offset);
330 overlapped.OffsetHigh = static_cast<DWORD>(offset >> 32);
331 if (!ReadFile(reinterpret_cast<HANDLE>(_get_osfhandle(fd.get())), data,
332 static_cast<DWORD>(byte_count), &bytes_read, &overlapped)) {
333 // In case someone tries to read errno (since this is masquerading as a POSIX call)
334 errno = EIO;
335 return -1;
336 }
337 return static_cast<ssize_t>(bytes_read);
338 }
339 #endif
340
ReadFullyAtOffset(borrowed_fd fd,void * data,size_t byte_count,off64_t offset)341 bool ReadFullyAtOffset(borrowed_fd fd, void* data, size_t byte_count, off64_t offset) {
342 uint8_t* p = reinterpret_cast<uint8_t*>(data);
343 while (byte_count > 0) {
344 ssize_t n = TEMP_FAILURE_RETRY(pread(fd.get(), p, byte_count, offset));
345 if (n <= 0) return false;
346 p += n;
347 byte_count -= n;
348 offset += n;
349 }
350 return true;
351 }
352
WriteFully(borrowed_fd fd,const void * data,size_t byte_count)353 bool WriteFully(borrowed_fd fd, const void* data, size_t byte_count) {
354 const uint8_t* p = reinterpret_cast<const uint8_t*>(data);
355 size_t remaining = byte_count;
356 while (remaining > 0) {
357 ssize_t n = TEMP_FAILURE_RETRY(write(fd.get(), p, remaining));
358 if (n == -1) return false;
359 p += n;
360 remaining -= n;
361 }
362 return true;
363 }
364
RemoveFileIfExists(const std::string & path,std::string * err)365 bool RemoveFileIfExists(const std::string& path, std::string* err) {
366 struct stat st;
367 #if defined(_WIN32)
368 // TODO: Windows version can't handle symbolic links correctly.
369 int result = stat(path.c_str(), &st);
370 bool file_type_removable = (result == 0 && S_ISREG(st.st_mode));
371 #else
372 int result = lstat(path.c_str(), &st);
373 bool file_type_removable = (result == 0 && (S_ISREG(st.st_mode) || S_ISLNK(st.st_mode)));
374 #endif
375 if (result == -1) {
376 if (errno == ENOENT || errno == ENOTDIR) return true;
377 if (err != nullptr) *err = strerror(errno);
378 return false;
379 }
380
381 if (result == 0) {
382 if (!file_type_removable) {
383 if (err != nullptr) {
384 *err = "is not a regular file or symbolic link";
385 }
386 return false;
387 }
388 if (unlink(path.c_str()) == -1) {
389 if (err != nullptr) {
390 *err = strerror(errno);
391 }
392 return false;
393 }
394 }
395 return true;
396 }
397
398 #if !defined(_WIN32)
Readlink(const std::string & path,std::string * result)399 bool Readlink(const std::string& path, std::string* result) {
400 result->clear();
401
402 // Most Linux file systems (ext2 and ext4, say) limit symbolic links to
403 // 4095 bytes. Since we'll copy out into the string anyway, it doesn't
404 // waste memory to just start there. We add 1 so that we can recognize
405 // whether it actually fit (rather than being truncated to 4095).
406 std::vector<char> buf(4095 + 1);
407 while (true) {
408 ssize_t size = readlink(path.c_str(), &buf[0], buf.size());
409 // Unrecoverable error?
410 if (size == -1) return false;
411 // It fit! (If size == buf.size(), it may have been truncated.)
412 if (static_cast<size_t>(size) < buf.size()) {
413 result->assign(&buf[0], size);
414 return true;
415 }
416 // Double our buffer and try again.
417 buf.resize(buf.size() * 2);
418 }
419 }
420 #endif
421
422 #if !defined(_WIN32)
Realpath(const std::string & path,std::string * result)423 bool Realpath(const std::string& path, std::string* result) {
424 result->clear();
425
426 // realpath may exit with EINTR. Retry if so.
427 char* realpath_buf = nullptr;
428 do {
429 realpath_buf = realpath(path.c_str(), nullptr);
430 } while (realpath_buf == nullptr && errno == EINTR);
431
432 if (realpath_buf == nullptr) {
433 return false;
434 }
435 result->assign(realpath_buf);
436 free(realpath_buf);
437 return true;
438 }
439 #endif
440
GetExecutablePath()441 std::string GetExecutablePath() {
442 #if defined(__linux__)
443 std::string path;
444 android::base::Readlink("/proc/self/exe", &path);
445 return path;
446 #elif defined(__APPLE__)
447 char path[PATH_MAX + 1];
448 uint32_t path_len = sizeof(path);
449 int rc = _NSGetExecutablePath(path, &path_len);
450 if (rc < 0) {
451 std::unique_ptr<char> path_buf(new char[path_len]);
452 _NSGetExecutablePath(path_buf.get(), &path_len);
453 return path_buf.get();
454 }
455 return path;
456 #elif defined(_WIN32)
457 char path[PATH_MAX + 1];
458 DWORD result = GetModuleFileName(NULL, path, sizeof(path) - 1);
459 if (result == 0 || result == sizeof(path) - 1) return "";
460 path[PATH_MAX - 1] = 0;
461 return path;
462 #else
463 #error unknown OS
464 #endif
465 }
466
GetExecutableDirectory()467 std::string GetExecutableDirectory() {
468 return Dirname(GetExecutablePath());
469 }
470
Basename(const std::string & path)471 std::string Basename(const std::string& path) {
472 // Copy path because basename may modify the string passed in.
473 std::string result(path);
474
475 #if !defined(__BIONIC__)
476 // Use lock because basename() may write to a process global and return a
477 // pointer to that. Note that this locking strategy only works if all other
478 // callers to basename in the process also grab this same lock, but its
479 // better than nothing. Bionic's basename returns a thread-local buffer.
480 static std::mutex& basename_lock = *new std::mutex();
481 std::lock_guard<std::mutex> lock(basename_lock);
482 #endif
483
484 // Note that if std::string uses copy-on-write strings, &str[0] will cause
485 // the copy to be made, so there is no chance of us accidentally writing to
486 // the storage for 'path'.
487 char* name = basename(&result[0]);
488
489 // In case basename returned a pointer to a process global, copy that string
490 // before leaving the lock.
491 result.assign(name);
492
493 return result;
494 }
495
Dirname(const std::string & path)496 std::string Dirname(const std::string& path) {
497 // Copy path because dirname may modify the string passed in.
498 std::string result(path);
499
500 #if !defined(__BIONIC__)
501 // Use lock because dirname() may write to a process global and return a
502 // pointer to that. Note that this locking strategy only works if all other
503 // callers to dirname in the process also grab this same lock, but its
504 // better than nothing. Bionic's dirname returns a thread-local buffer.
505 static std::mutex& dirname_lock = *new std::mutex();
506 std::lock_guard<std::mutex> lock(dirname_lock);
507 #endif
508
509 // Note that if std::string uses copy-on-write strings, &str[0] will cause
510 // the copy to be made, so there is no chance of us accidentally writing to
511 // the storage for 'path'.
512 char* parent = dirname(&result[0]);
513
514 // In case dirname returned a pointer to a process global, copy that string
515 // before leaving the lock.
516 result.assign(parent);
517
518 return result;
519 }
520
521 } // namespace base
522 } // namespace android
523