1 /*
2  * Copyright (C) 2022 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #include "androidfw/ApkParsing.h"
18 #include <algorithm>
19 #include <array>
20 #include <stdlib.h>
21 #include <string_view>
22 #include <sys/types.h>
23 
24 const std::string_view APK_LIB = "lib/";
25 const size_t APK_LIB_LEN = APK_LIB.size();
26 
27 const std::string_view LIB_PREFIX = "/lib";
28 const size_t LIB_PREFIX_LEN = LIB_PREFIX.size();
29 
30 const std::string_view LIB_SUFFIX = ".so";
31 const size_t LIB_SUFFIX_LEN = LIB_SUFFIX.size();
32 
33 static const std::array<std::string_view, 2> abis = {"arm64-v8a", "x86_64"};
34 
35 namespace android::util {
ValidLibraryPathLastSlash(const char * fileName,bool suppress64Bit,bool debuggable)36 const char* ValidLibraryPathLastSlash(const char* fileName, bool suppress64Bit, bool debuggable) {
37     // Make sure the filename is at least to the minimum library name size.
38     const size_t fileNameLen = strlen(fileName);
39     static const size_t minLength = APK_LIB_LEN + 2 + LIB_PREFIX_LEN + 1 + LIB_SUFFIX_LEN;
40     if (fileNameLen < minLength) {
41         return nullptr;
42     }
43 
44     const char* lastSlash = strrchr(fileName, '/');
45     if (!lastSlash) {
46         return nullptr;
47     }
48 
49     // Skip directories.
50     if (*(lastSlash + 1) == 0) {
51         return nullptr;
52     }
53 
54     // Make sure the filename is safe.
55     if (!isFilenameSafe(lastSlash + 1)) {
56         return nullptr;
57     }
58 
59     // Make sure file starts with 'lib/' prefix.
60     if (strncmp(fileName, APK_LIB.data(), APK_LIB_LEN) != 0) {
61         return nullptr;
62     }
63 
64     // Make sure there aren't subdirectories by checking if the next / after lib/ is the last slash
65     if (memchr(fileName + APK_LIB_LEN, '/', fileNameLen - APK_LIB_LEN) != lastSlash) {
66         return nullptr;
67     }
68 
69     if (!debuggable) {
70         // Make sure the filename starts with lib and ends with ".so".
71         if (strncmp(fileName + fileNameLen - LIB_SUFFIX_LEN, LIB_SUFFIX.data(), LIB_SUFFIX_LEN) != 0
72             || strncmp(lastSlash, LIB_PREFIX.data(), LIB_PREFIX_LEN) != 0) {
73             return nullptr;
74         }
75     }
76 
77     // Don't include 64 bit versions if they are suppressed
78     if (suppress64Bit && std::find(abis.begin(), abis.end(), std::string_view(
79         fileName + APK_LIB_LEN, lastSlash - fileName - APK_LIB_LEN)) != abis.end()) {
80       return nullptr;
81     }
82 
83     return lastSlash;
84 }
85 
isFilenameSafe(const char * filename)86 bool isFilenameSafe(const char* filename) {
87     off_t offset = 0;
88     for (;;) {
89         switch (*(filename + offset)) {
90         case 0:
91             // Null.
92             // If we've reached the end, all the other characters are good.
93             return true;
94 
95         case 'A' ... 'Z':
96         case 'a' ... 'z':
97         case '0' ... '9':
98         case '+':
99         case ',':
100         case '-':
101         case '.':
102         case '/':
103         case '=':
104         case '_':
105             offset++;
106             break;
107 
108         default:
109             // We found something that is not good.
110             return false;
111         }
112     }
113     // Should not reach here.
114 }
115 }