1 /* 2 * Copyright (C) 2017 The Android Open Source Project 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * * Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * * Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in 12 * the documentation and/or other materials provided with the 13 * distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 16 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 17 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 18 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 19 * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 21 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS 22 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 23 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 24 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 25 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 */ 28 29 #include "linker_config.h" 30 31 #include "linker_globals.h" 32 #include "linker_debug.h" 33 #include "linker_utils.h" 34 35 #include <android-base/file.h> 36 #include <android-base/properties.h> 37 #include <android-base/scopeguard.h> 38 #include <android-base/strings.h> 39 40 #include <async_safe/log.h> 41 42 #include <limits.h> 43 #include <stdlib.h> 44 #include <unistd.h> 45 46 #include <string> 47 #include <unordered_map> 48 49 #define _REALLY_INCLUDE_SYS__SYSTEM_PROPERTIES_H_ 50 #include <sys/_system_properties.h> 51 52 class ConfigParser { 53 public: 54 enum { 55 kPropertyAssign, 56 kPropertyAppend, 57 kSection, 58 kEndOfFile, 59 kError, 60 }; 61 ConfigParser(std::string && content)62 explicit ConfigParser(std::string&& content) 63 : content_(std::move(content)), p_(0), lineno_(0), was_end_of_file_(false) {} 64 65 /* 66 * Possible return values 67 * kPropertyAssign: name is set to property name and value is set to property value 68 * kPropertyAppend: same as kPropertyAssign, but the value should be appended 69 * kSection: name is set to section name. 70 * kEndOfFile: reached end of file. 71 * kError: error_msg is set. 72 */ next_token(std::string * name,std::string * value,std::string * error_msg)73 int next_token(std::string* name, std::string* value, std::string* error_msg) { 74 std::string line; 75 while(NextLine(&line)) { 76 size_t found = line.find('#'); 77 line = android::base::Trim(line.substr(0, found)); 78 79 if (line.empty()) { 80 continue; 81 } 82 83 if (line[0] == '[' && line.back() == ']') { 84 *name = line.substr(1, line.size() - 2); 85 return kSection; 86 } 87 88 size_t found_assign = line.find('='); 89 size_t found_append = line.find("+="); 90 if (found_assign != std::string::npos && found_append == std::string::npos) { 91 *name = android::base::Trim(line.substr(0, found_assign)); 92 *value = android::base::Trim(line.substr(found_assign + 1)); 93 return kPropertyAssign; 94 } 95 96 if (found_append != std::string::npos) { 97 *name = android::base::Trim(line.substr(0, found_append)); 98 *value = android::base::Trim(line.substr(found_append + 2)); 99 return kPropertyAppend; 100 } 101 102 *error_msg = std::string("invalid format: ") + 103 line + 104 ", expected \"name = property\", \"name += property\", or \"[section]\""; 105 return kError; 106 } 107 108 // to avoid infinite cycles when programmer makes a mistake 109 CHECK(!was_end_of_file_); 110 was_end_of_file_ = true; 111 return kEndOfFile; 112 } 113 lineno() const114 size_t lineno() const { 115 return lineno_; 116 } 117 118 private: NextLine(std::string * line)119 bool NextLine(std::string* line) { 120 if (p_ == std::string::npos) { 121 return false; 122 } 123 124 size_t found = content_.find('\n', p_); 125 if (found != std::string::npos) { 126 *line = content_.substr(p_, found - p_); 127 p_ = found + 1; 128 } else { 129 *line = content_.substr(p_); 130 p_ = std::string::npos; 131 } 132 133 lineno_++; 134 return true; 135 } 136 137 std::string content_; 138 size_t p_; 139 size_t lineno_; 140 bool was_end_of_file_; 141 142 DISALLOW_IMPLICIT_CONSTRUCTORS(ConfigParser); 143 }; 144 145 class PropertyValue { 146 public: 147 PropertyValue() = default; 148 PropertyValue(std::string && value,size_t lineno)149 PropertyValue(std::string&& value, size_t lineno) 150 : value_(std::move(value)), lineno_(lineno) {} 151 value() const152 const std::string& value() const { 153 return value_; 154 } 155 append_value(std::string && value)156 void append_value(std::string&& value) { 157 value_ = value_ + value; 158 // lineno isn't updated as we might have cases like this: 159 // property.x = blah 160 // property.y = blah 161 // property.x += blah 162 } 163 lineno() const164 size_t lineno() const { 165 return lineno_; 166 } 167 168 private: 169 std::string value_; 170 size_t lineno_; 171 }; 172 create_error_msg(const char * file,size_t lineno,const std::string & msg)173 static std::string create_error_msg(const char* file, 174 size_t lineno, 175 const std::string& msg) { 176 char buf[1024]; 177 async_safe_format_buffer(buf, sizeof(buf), "%s:%zu: error: %s", file, lineno, msg.c_str()); 178 179 return std::string(buf); 180 } 181 parse_config_file(const char * ld_config_file_path,const char * binary_realpath,std::unordered_map<std::string,PropertyValue> * properties,std::string * error_msg)182 static bool parse_config_file(const char* ld_config_file_path, 183 const char* binary_realpath, 184 std::unordered_map<std::string, PropertyValue>* properties, 185 std::string* error_msg) { 186 std::string content; 187 if (!android::base::ReadFileToString(ld_config_file_path, &content)) { 188 if (errno != ENOENT) { 189 *error_msg = std::string("error reading file \"") + 190 ld_config_file_path + "\": " + strerror(errno); 191 } 192 return false; 193 } 194 195 ConfigParser cp(std::move(content)); 196 197 std::string section_name; 198 199 while (true) { 200 std::string name; 201 std::string value; 202 std::string error; 203 204 int result = cp.next_token(&name, &value, &error); 205 if (result == ConfigParser::kError) { 206 DL_WARN("%s:%zd: warning: couldn't parse %s (ignoring this line)", 207 ld_config_file_path, 208 cp.lineno(), 209 error.c_str()); 210 continue; 211 } 212 213 if (result == ConfigParser::kSection || result == ConfigParser::kEndOfFile) { 214 return false; 215 } 216 217 if (result == ConfigParser::kPropertyAssign) { 218 if (!android::base::StartsWith(name, "dir.")) { 219 DL_WARN("%s:%zd: warning: unexpected property name \"%s\", " 220 "expected format dir.<section_name> (ignoring this line)", 221 ld_config_file_path, 222 cp.lineno(), 223 name.c_str()); 224 continue; 225 } 226 227 // remove trailing '/' 228 while (!value.empty() && value.back() == '/') { 229 value.pop_back(); 230 } 231 232 if (value.empty()) { 233 DL_WARN("%s:%zd: warning: property value is empty (ignoring this line)", 234 ld_config_file_path, 235 cp.lineno()); 236 continue; 237 } 238 239 // If the path can be resolved, resolve it 240 char buf[PATH_MAX]; 241 std::string resolved_path; 242 if (access(value.c_str(), R_OK) != 0) { 243 if (errno == ENOENT) { 244 // no need to test for non-existing path. skip. 245 continue; 246 } 247 // If not accessible, don't call realpath as it will just cause 248 // SELinux denial spam. Use the path unresolved. 249 resolved_path = value; 250 } else if (realpath(value.c_str(), buf)) { 251 resolved_path = buf; 252 } else { 253 // realpath is expected to fail with EPERM in some situations, so log 254 // the failure with INFO rather than DL_WARN. e.g. A binary in 255 // /data/local/tmp may attempt to stat /postinstall. See 256 // http://b/120996057. 257 INFO("%s:%zd: warning: path \"%s\" couldn't be resolved: %s", 258 ld_config_file_path, 259 cp.lineno(), 260 value.c_str(), 261 strerror(errno)); 262 resolved_path = value; 263 } 264 265 if (file_is_under_dir(binary_realpath, resolved_path)) { 266 section_name = name.substr(4); 267 break; 268 } 269 } 270 } 271 272 INFO("[ Using config section \"%s\" ]", section_name.c_str()); 273 274 // skip everything until we meet a correct section 275 while (true) { 276 std::string name; 277 std::string value; 278 std::string error; 279 280 int result = cp.next_token(&name, &value, &error); 281 282 if (result == ConfigParser::kSection && name == section_name) { 283 break; 284 } 285 286 if (result == ConfigParser::kEndOfFile) { 287 *error_msg = create_error_msg(ld_config_file_path, 288 cp.lineno(), 289 std::string("section \"") + section_name + "\" not found"); 290 return false; 291 } 292 } 293 294 // found the section - parse it 295 while (true) { 296 std::string name; 297 std::string value; 298 std::string error; 299 300 int result = cp.next_token(&name, &value, &error); 301 302 if (result == ConfigParser::kEndOfFile || result == ConfigParser::kSection) { 303 break; 304 } 305 306 if (result == ConfigParser::kPropertyAssign) { 307 if (properties->find(name) != properties->end()) { 308 DL_WARN("%s:%zd: warning: redefining property \"%s\" (overriding previous value)", 309 ld_config_file_path, 310 cp.lineno(), 311 name.c_str()); 312 } 313 314 (*properties)[name] = PropertyValue(std::move(value), cp.lineno()); 315 } else if (result == ConfigParser::kPropertyAppend) { 316 if (properties->find(name) == properties->end()) { 317 DL_WARN("%s:%zd: warning: appending to undefined property \"%s\" (treating as assignment)", 318 ld_config_file_path, 319 cp.lineno(), 320 name.c_str()); 321 (*properties)[name] = PropertyValue(std::move(value), cp.lineno()); 322 } else { 323 if (android::base::EndsWith(name, ".links") || 324 android::base::EndsWith(name, ".namespaces")) { 325 value = "," + value; 326 (*properties)[name].append_value(std::move(value)); 327 } else if (android::base::EndsWith(name, ".paths") || 328 android::base::EndsWith(name, ".shared_libs") || 329 android::base::EndsWith(name, ".whitelisted") || 330 android::base::EndsWith(name, ".allowed_libs")) { 331 value = ":" + value; 332 (*properties)[name].append_value(std::move(value)); 333 } else { 334 DL_WARN("%s:%zd: warning: += isn't allowed for property \"%s\" (ignoring)", 335 ld_config_file_path, 336 cp.lineno(), 337 name.c_str()); 338 } 339 } 340 } 341 342 if (result == ConfigParser::kError) { 343 DL_WARN("%s:%zd: warning: couldn't parse %s (ignoring this line)", 344 ld_config_file_path, 345 cp.lineno(), 346 error.c_str()); 347 continue; 348 } 349 } 350 351 return true; 352 } 353 354 static Config g_config; 355 356 static constexpr const char* kDefaultConfigName = "default"; 357 static constexpr const char* kPropertyAdditionalNamespaces = "additional.namespaces"; 358 359 class Properties { 360 public: Properties(std::unordered_map<std::string,PropertyValue> && properties)361 explicit Properties(std::unordered_map<std::string, PropertyValue>&& properties) 362 : properties_(std::move(properties)), target_sdk_version_(__ANDROID_API__) {} 363 get_strings(const std::string & name,size_t * lineno=nullptr) const364 std::vector<std::string> get_strings(const std::string& name, size_t* lineno = nullptr) const { 365 auto it = find_property(name, lineno); 366 if (it == properties_.end()) { 367 // return empty vector 368 return std::vector<std::string>(); 369 } 370 371 std::vector<std::string> strings = android::base::Split(it->second.value(), ","); 372 373 for (size_t i = 0; i < strings.size(); ++i) { 374 strings[i] = android::base::Trim(strings[i]); 375 } 376 377 return strings; 378 } 379 get_bool(const std::string & name,size_t * lineno=nullptr) const380 bool get_bool(const std::string& name, size_t* lineno = nullptr) const { 381 auto it = find_property(name, lineno); 382 if (it == properties_.end()) { 383 return false; 384 } 385 386 return it->second.value() == "true"; 387 } 388 get_string(const std::string & name,size_t * lineno=nullptr) const389 std::string get_string(const std::string& name, size_t* lineno = nullptr) const { 390 auto it = find_property(name, lineno); 391 return (it == properties_.end()) ? "" : it->second.value(); 392 } 393 get_paths(const std::string & name,bool resolve,size_t * lineno=nullptr)394 std::vector<std::string> get_paths(const std::string& name, bool resolve, size_t* lineno = nullptr) { 395 std::string paths_str = get_string(name, lineno); 396 397 std::vector<std::string> paths; 398 split_path(paths_str.c_str(), ":", &paths); 399 400 std::vector<std::pair<std::string, std::string>> params; 401 params.push_back({ "LIB", kLibPath }); 402 if (target_sdk_version_ != 0) { 403 char buf[16]; 404 async_safe_format_buffer(buf, sizeof(buf), "%d", target_sdk_version_); 405 params.push_back({ "SDK_VER", buf }); 406 } 407 408 static std::string vndk_ver = Config::get_vndk_version_string('-'); 409 params.push_back({ "VNDK_VER", vndk_ver }); 410 static std::string vndk_apex_ver = Config::get_vndk_version_string('v'); 411 params.push_back({ "VNDK_APEX_VER", vndk_apex_ver }); 412 413 for (auto& path : paths) { 414 format_string(&path, params); 415 } 416 417 if (resolve) { 418 std::vector<std::string> resolved_paths; 419 for (const auto& path : paths) { 420 if (path.empty()) { 421 continue; 422 } 423 // this is single threaded. no need to lock 424 auto cached = resolved_paths_.find(path); 425 if (cached == resolved_paths_.end()) { 426 resolved_paths_[path] = resolve_path(path); 427 cached = resolved_paths_.find(path); 428 } 429 CHECK(cached != resolved_paths_.end()); 430 if (cached->second.empty()) { 431 continue; 432 } 433 resolved_paths.push_back(cached->second); 434 } 435 436 return resolved_paths; 437 } else { 438 return paths; 439 } 440 } 441 set_target_sdk_version(int target_sdk_version)442 void set_target_sdk_version(int target_sdk_version) { 443 target_sdk_version_ = target_sdk_version; 444 } 445 446 private: 447 std::unordered_map<std::string, PropertyValue>::const_iterator find_property(const std::string & name,size_t * lineno) const448 find_property(const std::string& name, size_t* lineno) const { 449 auto it = properties_.find(name); 450 if (it != properties_.end() && lineno != nullptr) { 451 *lineno = it->second.lineno(); 452 } 453 454 return it; 455 } 456 std::unordered_map<std::string, PropertyValue> properties_; 457 std::unordered_map<std::string, std::string> resolved_paths_; 458 int target_sdk_version_; 459 460 DISALLOW_IMPLICIT_CONSTRUCTORS(Properties); 461 }; 462 read_binary_config(const char * ld_config_file_path,const char * binary_realpath,bool is_asan,bool is_hwasan,const Config ** config,std::string * error_msg)463 bool Config::read_binary_config(const char* ld_config_file_path, 464 const char* binary_realpath, 465 bool is_asan, 466 bool is_hwasan, 467 const Config** config, 468 std::string* error_msg) { 469 g_config.clear(); 470 471 std::unordered_map<std::string, PropertyValue> property_map; 472 if (!parse_config_file(ld_config_file_path, binary_realpath, &property_map, error_msg)) { 473 return false; 474 } 475 476 Properties properties(std::move(property_map)); 477 478 auto failure_guard = android::base::make_scope_guard([] { g_config.clear(); }); 479 480 std::unordered_map<std::string, NamespaceConfig*> namespace_configs; 481 482 namespace_configs[kDefaultConfigName] = g_config.create_namespace_config(kDefaultConfigName); 483 484 std::vector<std::string> additional_namespaces = properties.get_strings(kPropertyAdditionalNamespaces); 485 for (const auto& name : additional_namespaces) { 486 namespace_configs[name] = g_config.create_namespace_config(name); 487 } 488 489 bool versioning_enabled = properties.get_bool("enable.target.sdk.version"); 490 int target_sdk_version = __ANDROID_API__; 491 if (versioning_enabled) { 492 std::string version_file = dirname(binary_realpath) + "/.version"; 493 std::string content; 494 if (!android::base::ReadFileToString(version_file, &content)) { 495 if (errno != ENOENT) { 496 *error_msg = std::string("error reading version file \"") + 497 version_file + "\": " + strerror(errno); 498 return false; 499 } 500 } else { 501 content = android::base::Trim(content); 502 errno = 0; 503 char* end = nullptr; 504 const char* content_str = content.c_str(); 505 int result = strtol(content_str, &end, 10); 506 if (errno == 0 && *end == '\0' && result > 0) { 507 target_sdk_version = result; 508 properties.set_target_sdk_version(target_sdk_version); 509 } else { 510 *error_msg = std::string("invalid version \"") + version_file + "\": \"" + content +"\""; 511 return false; 512 } 513 } 514 } 515 516 g_config.set_target_sdk_version(target_sdk_version); 517 518 for (const auto& ns_config_it : namespace_configs) { 519 auto& name = ns_config_it.first; 520 NamespaceConfig* ns_config = ns_config_it.second; 521 522 std::string property_name_prefix = std::string("namespace.") + name; 523 524 size_t lineno = 0; 525 std::vector<std::string> linked_namespaces = 526 properties.get_strings(property_name_prefix + ".links", &lineno); 527 528 for (const auto& linked_ns_name : linked_namespaces) { 529 if (namespace_configs.find(linked_ns_name) == namespace_configs.end()) { 530 *error_msg = create_error_msg(ld_config_file_path, 531 lineno, 532 std::string("undefined namespace: ") + linked_ns_name); 533 return false; 534 } 535 536 bool allow_all_shared_libs = properties.get_bool(property_name_prefix + ".link." + 537 linked_ns_name + ".allow_all_shared_libs"); 538 539 std::string shared_libs = properties.get_string(property_name_prefix + 540 ".link." + 541 linked_ns_name + 542 ".shared_libs", &lineno); 543 544 if (!allow_all_shared_libs && shared_libs.empty()) { 545 *error_msg = create_error_msg(ld_config_file_path, 546 lineno, 547 std::string("list of shared_libs for ") + 548 name + 549 "->" + 550 linked_ns_name + 551 " link is not specified or is empty."); 552 return false; 553 } 554 555 if (allow_all_shared_libs && !shared_libs.empty()) { 556 *error_msg = create_error_msg(ld_config_file_path, lineno, 557 std::string("both shared_libs and allow_all_shared_libs " 558 "are set for ") + 559 name + "->" + linked_ns_name + " link."); 560 return false; 561 } 562 563 ns_config->add_namespace_link(linked_ns_name, shared_libs, allow_all_shared_libs); 564 } 565 566 ns_config->set_isolated(properties.get_bool(property_name_prefix + ".isolated")); 567 ns_config->set_visible(properties.get_bool(property_name_prefix + ".visible")); 568 569 std::string allowed_libs = 570 properties.get_string(property_name_prefix + ".whitelisted", &lineno); 571 const std::string libs = properties.get_string(property_name_prefix + ".allowed_libs", &lineno); 572 if (!allowed_libs.empty() && !libs.empty()) { 573 allowed_libs += ":"; 574 } 575 allowed_libs += libs; 576 if (!allowed_libs.empty()) { 577 ns_config->set_allowed_libs(android::base::Split(allowed_libs, ":")); 578 } 579 580 // these are affected by is_asan flag 581 if (is_asan) { 582 property_name_prefix += ".asan"; 583 } else if (is_hwasan) { 584 property_name_prefix += ".hwasan"; 585 } 586 587 // search paths are resolved (canonicalized). This is required mainly for 588 // the case when /vendor is a symlink to /system/vendor, which is true for 589 // non Treble-ized legacy devices. 590 ns_config->set_search_paths(properties.get_paths(property_name_prefix + ".search.paths", true)); 591 592 // However, for permitted paths, we are not required to resolve the paths 593 // since they are only set for isolated namespaces, which implies the device 594 // is Treble-ized (= /vendor is not a symlink to /system/vendor). 595 // In fact, the resolving is causing an unexpected side effect of selinux 596 // denials on some executables which are not allowed to access some of the 597 // permitted paths. 598 ns_config->set_permitted_paths(properties.get_paths(property_name_prefix + ".permitted.paths", false)); 599 } 600 601 failure_guard.Disable(); 602 *config = &g_config; 603 return true; 604 } 605 get_vndk_version_string(const char delimiter)606 std::string Config::get_vndk_version_string(const char delimiter) { 607 std::string version = android::base::GetProperty("ro.vndk.version", ""); 608 if (version != "" && version != "current") { 609 //add the delimiter char in front of the string and return it. 610 return version.insert(0, 1, delimiter); 611 } 612 return ""; 613 } 614 create_namespace_config(const std::string & name)615 NamespaceConfig* Config::create_namespace_config(const std::string& name) { 616 namespace_configs_.push_back(std::unique_ptr<NamespaceConfig>(new NamespaceConfig(name))); 617 NamespaceConfig* ns_config_ptr = namespace_configs_.back().get(); 618 namespace_configs_map_[name] = ns_config_ptr; 619 return ns_config_ptr; 620 } 621 clear()622 void Config::clear() { 623 namespace_configs_.clear(); 624 namespace_configs_map_.clear(); 625 } 626