1 /*
2  * Copyright (C) 2021 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #include "tools/tools.h"
18 
19 #include <errno.h>
20 #include <fnmatch.h>
21 #include <poll.h>
22 #include <signal.h>
23 #include <stdio.h>
24 #include <unistd.h>
25 
26 #include <algorithm>
27 #include <cstdint>
28 #include <ctime>
29 #include <filesystem>
30 #include <functional>
31 #include <regex>
32 #include <string>
33 #include <string_view>
34 #include <system_error>
35 #include <unordered_map>
36 #include <utility>
37 #include <vector>
38 
39 #include "android-base/errors.h"
40 #include "android-base/file.h"
41 #include "android-base/function_ref.h"
42 #include "android-base/logging.h"
43 #include "android-base/process.h"
44 #include "android-base/result.h"
45 #include "android-base/strings.h"
46 #include "android-base/unique_fd.h"
47 #include "base/macros.h"
48 #include "base/pidfd.h"
49 #include "fstab/fstab.h"
50 
51 namespace art {
52 namespace tools {
53 
54 namespace {
55 
56 using ::android::base::AllPids;
57 using ::android::base::ConsumeSuffix;
58 using ::android::base::function_ref;
59 using ::android::base::ReadFileToString;
60 using ::android::base::Readlink;
61 using ::android::base::Result;
62 using ::android::base::unique_fd;
63 using ::android::fs_mgr::Fstab;
64 using ::android::fs_mgr::FstabEntry;
65 using ::android::fs_mgr::ReadFstabFromProcMounts;
66 using ::std::placeholders::_1;
67 
MilliTime()68 uint64_t MilliTime() {
69   timespec now;
70   clock_gettime(CLOCK_MONOTONIC, &now);
71   return static_cast<uint64_t>(now.tv_sec) * UINT64_C(1000) + now.tv_nsec / UINT64_C(1000000);
72 }
73 
74 // Returns true if `path_prefix` matches `pattern` or can be a prefix of a path that matches
75 // `pattern` (i.e., `path_prefix` represents a directory that may contain a file whose path matches
76 // `pattern`).
PartialMatch(const std::filesystem::path & pattern,const std::filesystem::path & path_prefix)77 bool PartialMatch(const std::filesystem::path& pattern, const std::filesystem::path& path_prefix) {
78   for (std::filesystem::path::const_iterator pattern_it = pattern.begin(),
79                                              path_prefix_it = path_prefix.begin();
80        ;  // NOLINT
81        pattern_it++, path_prefix_it++) {
82     if (path_prefix_it == path_prefix.end()) {
83       return true;
84     }
85     if (pattern_it == pattern.end()) {
86       return false;
87     }
88     if (*pattern_it == "**") {
89       return true;
90     }
91     if (fnmatch(pattern_it->c_str(), path_prefix_it->c_str(), /*flags=*/0) != 0) {
92       return false;
93     }
94   }
95 }
96 
FullMatchRecursive(const std::filesystem::path & pattern,std::filesystem::path::const_iterator pattern_it,const std::filesystem::path & path,std::filesystem::path::const_iterator path_it,bool double_asterisk_visited=false)97 bool FullMatchRecursive(const std::filesystem::path& pattern,
98                         std::filesystem::path::const_iterator pattern_it,
99                         const std::filesystem::path& path,
100                         std::filesystem::path::const_iterator path_it,
101                         bool double_asterisk_visited = false) {
102   if (pattern_it == pattern.end() && path_it == path.end()) {
103     return true;
104   }
105   if (pattern_it == pattern.end()) {
106     return false;
107   }
108   if (*pattern_it == "**") {
109     DCHECK(!double_asterisk_visited);
110     std::filesystem::path::const_iterator next_pattern_it = pattern_it;
111     return FullMatchRecursive(
112                pattern, ++next_pattern_it, path, path_it, /*double_asterisk_visited=*/true) ||
113            (path_it != path.end() && FullMatchRecursive(pattern, pattern_it, path, ++path_it));
114   }
115   if (path_it == path.end()) {
116     return false;
117   }
118   if (fnmatch(pattern_it->c_str(), path_it->c_str(), /*flags=*/0) != 0) {
119     return false;
120   }
121   return FullMatchRecursive(pattern, ++pattern_it, path, ++path_it);
122 }
123 
124 // Returns true if `path` fully matches `pattern`.
FullMatch(const std::filesystem::path & pattern,const std::filesystem::path & path)125 bool FullMatch(const std::filesystem::path& pattern, const std::filesystem::path& path) {
126   return FullMatchRecursive(pattern, pattern.begin(), path, path.begin());
127 }
128 
MatchGlobRecursive(const std::vector<std::filesystem::path> & patterns,const std::filesystem::path & root_dir,std::vector<std::string> * results)129 void MatchGlobRecursive(const std::vector<std::filesystem::path>& patterns,
130                         const std::filesystem::path& root_dir,
131                         /*out*/ std::vector<std::string>* results) {
132   std::error_code ec;
133   for (auto it = std::filesystem::recursive_directory_iterator(
134            root_dir, std::filesystem::directory_options::skip_permission_denied, ec);
135        !ec && it != std::filesystem::end(it);
136        it.increment(ec)) {
137     const std::filesystem::directory_entry& entry = *it;
138     if (std::none_of(patterns.begin(), patterns.end(), std::bind(PartialMatch, _1, entry.path()))) {
139       // Avoid unnecessary I/O and SELinux denials.
140       it.disable_recursion_pending();
141       continue;
142     }
143     std::error_code ec2;
144     if (entry.is_regular_file(ec2) &&
145         std::any_of(patterns.begin(), patterns.end(), std::bind(FullMatch, _1, entry.path()))) {
146       results->push_back(entry.path());
147     }
148     if (ec2) {
149       // It's expected that we don't have permission to stat some dirs/files, and we don't care
150       // about them.
151       if (ec2.value() != EACCES) {
152         LOG(ERROR) << ART_FORMAT("Unable to lstat '{}': {}", entry.path().string(), ec2.message());
153       }
154       continue;
155     }
156   }
157   if (ec) {
158     LOG(ERROR) << ART_FORMAT("Unable to walk through '{}': {}", root_dir.string(), ec.message());
159   }
160 }
161 
162 }  // namespace
163 
Glob(const std::vector<std::string> & patterns,std::string_view root_dir)164 std::vector<std::string> Glob(const std::vector<std::string>& patterns, std::string_view root_dir) {
165   std::vector<std::filesystem::path> parsed_patterns;
166   parsed_patterns.reserve(patterns.size());
167   for (std::string_view pattern : patterns) {
168     parsed_patterns.emplace_back(pattern);
169   }
170   std::vector<std::string> results;
171   MatchGlobRecursive(parsed_patterns, root_dir, &results);
172   return results;
173 }
174 
EscapeGlob(const std::string & str)175 std::string EscapeGlob(const std::string& str) {
176   return std::regex_replace(str, std::regex(R"re(\*|\?|\[)re"), "[$&]");
177 }
178 
PathStartsWith(std::string_view path,std::string_view prefix)179 bool PathStartsWith(std::string_view path, std::string_view prefix) {
180   CHECK(!prefix.empty() && !path.empty() && prefix[0] == '/' && path[0] == '/')
181       << ART_FORMAT("path={}, prefix={}", path, prefix);
182   ConsumeSuffix(&prefix, "/");
183   return path.starts_with(prefix) &&
184          (path.length() == prefix.length() || path[prefix.length()] == '/');
185 }
186 
GetProcMountsMatches(function_ref<bool (std::string_view)> predicate)187 static Result<std::vector<FstabEntry>> GetProcMountsMatches(
188     function_ref<bool(std::string_view)> predicate) {
189   Fstab fstab;
190   if (!ReadFstabFromProcMounts(&fstab)) {
191     return Errorf("Failed to read fstab from /proc/mounts");
192   }
193   std::vector<FstabEntry> entries;
194   for (FstabEntry& entry : fstab) {
195     // Ignore swap areas as a swap area doesn't have a meaningful `mount_point` (a.k.a., `fs_file`)
196     // field, according to fstab(5). In addition, ignore any other entries whose mount points are
197     // not absolute paths, just in case there are other fs types that also have an meaningless mount
198     // point.
199     if (entry.fs_type == "swap" || !entry.mount_point.starts_with('/')) {
200       continue;
201     }
202     if (predicate(entry.mount_point)) {
203       entries.push_back(std::move(entry));
204     }
205   }
206   return entries;
207 }
208 
GetProcMountsAncestorsOfPath(std::string_view path)209 Result<std::vector<FstabEntry>> GetProcMountsAncestorsOfPath(std::string_view path) {
210   return GetProcMountsMatches(
211       [&](std::string_view mount_point) { return PathStartsWith(path, mount_point); });
212 }
213 
GetProcMountsDescendantsOfPath(std::string_view path)214 Result<std::vector<FstabEntry>> GetProcMountsDescendantsOfPath(std::string_view path) {
215   return GetProcMountsMatches(
216       [&](std::string_view mount_point) { return PathStartsWith(mount_point, path); });
217 }
218 
EnsureNoProcessInDir(const std::string & dir,uint32_t timeout_ms,bool try_kill)219 Result<void> EnsureNoProcessInDir(const std::string& dir, uint32_t timeout_ms, bool try_kill) {
220   // Pairs of pid and process name, indexed by pidfd.
221   std::unordered_map<int, std::pair<pid_t, std::string>> running_processes;
222   std::vector<struct pollfd> pollfds;
223   std::vector<unique_fd> pidfds;
224 
225   for (pid_t pid : AllPids()) {
226     std::string exe;
227     if (!Readlink(ART_FORMAT("/proc/{}/exe", pid), &exe)) {
228       // The caller may not have access to all processes. That's okay. When using this method, we
229       // must grant the caller access to the processes that we are interested in.
230       continue;
231     }
232 
233     if (PathStartsWith(exe, dir)) {
234       unique_fd pidfd = PidfdOpen(pid, /*flags=*/0);
235       if (pidfd < 0) {
236         if (errno == ESRCH) {
237           // The process has gone now.
238           continue;
239         }
240         return ErrnoErrorf("Failed to pidfd_open {}", pid);
241       }
242 
243       std::string name;
244       if (!ReadFileToString(ART_FORMAT("/proc/{}/comm", pid), &name)) {
245         PLOG(WARNING) << "Failed to get process name for pid " << pid;
246       }
247       size_t pos = name.find_first_of("\n\0");
248       if (pos != std::string::npos) {
249         name.resize(pos);
250       }
251       LOG(INFO) << ART_FORMAT(
252           "Process '{}' (pid: {}) is still running. Waiting for it to exit", name, pid);
253 
254       struct pollfd& pollfd = pollfds.emplace_back();
255       pollfd.fd = pidfd.get();
256       pollfd.events = POLLIN;
257 
258       running_processes[pidfd.get()] = std::make_pair(pid, std::move(name));
259       pidfds.push_back(std::move(pidfd));
260     }
261   }
262 
263   auto wait_for_processes = [&]() -> Result<void> {
264     uint64_t start_time_ms = MilliTime();
265     uint64_t remaining_timeout_ms = timeout_ms;
266     while (!running_processes.empty() && remaining_timeout_ms > 0) {
267       int poll_ret = TEMP_FAILURE_RETRY(poll(pollfds.data(), pollfds.size(), remaining_timeout_ms));
268       if (poll_ret < 0) {
269         return ErrnoErrorf("Failed to poll pidfd's");
270       }
271       if (poll_ret == 0) {
272         // Timeout.
273         break;
274       }
275       uint64_t elapsed_time_ms = MilliTime() - start_time_ms;
276       for (struct pollfd& pollfd : pollfds) {
277         if (pollfd.fd < 0) {
278           continue;
279         }
280         if ((pollfd.revents & POLLIN) != 0) {
281           const auto& [pid, name] = running_processes[pollfd.fd];
282           LOG(INFO) << ART_FORMAT(
283               "Process '{}' (pid: {}) exited in {}ms", name, pid, elapsed_time_ms);
284           running_processes.erase(pollfd.fd);
285           pollfd.fd = -1;
286         }
287       }
288       remaining_timeout_ms = timeout_ms - elapsed_time_ms;
289     }
290     return {};
291   };
292 
293   OR_RETURN(wait_for_processes());
294 
295   bool process_killed = false;
296   for (const auto& [pidfd, pair] : running_processes) {
297     const auto& [pid, name] = pair;
298     LOG(ERROR) << ART_FORMAT(
299         "Process '{}' (pid: {}) is still running after {}ms", name, pid, timeout_ms);
300     if (try_kill) {
301       LOG(INFO) << ART_FORMAT("Killing '{}' (pid: {})", name, pid);
302       if (kill(pid, SIGKILL) != 0) {
303         PLOG(ERROR) << ART_FORMAT("Failed to kill '{}' (pid: {})", name, pid);
304       }
305       process_killed = true;
306     }
307   }
308 
309   if (process_killed) {
310     // Wait another round for processes to exit after being killed.
311     OR_RETURN(wait_for_processes());
312   }
313   if (!running_processes.empty()) {
314     return Errorf("Some process(es) are still running after {}ms", timeout_ms);
315   }
316   return {};
317 }
318 
319 }  // namespace tools
320 }  // namespace art
321