1 /*
2 **
3 ** Copyright 2008, The Android Open Source Project
4 **
5 ** Licensed under the Apache License, Version 2.0 (the "License");
6 ** you may not use this file except in compliance with the License.
7 ** You may obtain a copy of the License at
8 **
9 **     http://www.apache.org/licenses/LICENSE-2.0
10 **
11 ** Unless required by applicable law or agreed to in writing, software
12 ** distributed under the License is distributed on an "AS IS" BASIS,
13 ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 ** See the License for the specific language governing permissions and
15 ** limitations under the License.
16 */
17 
18 #ifndef COMMANDS_H_
19 #define COMMANDS_H_
20 
21 #include <inttypes.h>
22 #include <sys/stat.h>
23 #include <unistd.h>
24 
25 #include <shared_mutex>
26 #include <unordered_map>
27 #include <vector>
28 
29 #include <android-base/macros.h>
30 #include <binder/BinderService.h>
31 #include <cutils/multiuser.h>
32 
33 #include "android/os/BnInstalld.h"
34 #include "installd_constants.h"
35 
36 namespace android {
37 namespace installd {
38 
39 using IFsveritySetupAuthToken = android::os::IInstalld::IFsveritySetupAuthToken;
40 
41 class InstalldNativeService : public BinderService<InstalldNativeService>, public os::BnInstalld {
42 public:
43     class FsveritySetupAuthToken : public os::IInstalld::BnFsveritySetupAuthToken {
44     public:
FsveritySetupAuthToken()45         FsveritySetupAuthToken() : mStatFromAuthFd() {}
46 
47         binder::Status authenticate(const android::os::ParcelFileDescriptor& authFd, int32_t uid);
48         bool isSameStat(const struct stat& st) const;
49 
50     private:
51         // Not copyable or movable
52         FsveritySetupAuthToken(const FsveritySetupAuthToken&) = delete;
53         FsveritySetupAuthToken& operator=(const FsveritySetupAuthToken&) = delete;
54 
55         struct stat mStatFromAuthFd;
56     };
57 
58     static status_t start();
getServiceName()59     static char const* getServiceName() { return "installd"; }
60     virtual status_t dump(int fd, const Vector<String16> &args) override;
61 
62     binder::Status createUserData(const std::optional<std::string>& uuid, int32_t userId,
63             int32_t userSerial, int32_t flags);
64     binder::Status destroyUserData(const std::optional<std::string>& uuid, int32_t userId,
65             int32_t flags);
66 
67     binder::Status createAppData(const std::optional<std::string>& uuid,
68                                  const std::string& packageName, int32_t userId, int32_t flags,
69                                  int32_t appId, int32_t previousAppId, const std::string& seInfo,
70                                  int32_t targetSdkVersion, int64_t* ceDataInode,
71                                  int64_t* deDataInode);
72 
73     binder::Status createAppData(
74             const android::os::CreateAppDataArgs& args,
75             android::os::CreateAppDataResult* _aidl_return);
76     binder::Status createAppDataBatched(
77             const std::vector<android::os::CreateAppDataArgs>& args,
78             std::vector<android::os::CreateAppDataResult>* _aidl_return);
79 
80     binder::Status reconcileSdkData(const android::os::ReconcileSdkDataArgs& args);
81 
82     binder::Status restoreconAppData(const std::optional<std::string>& uuid,
83             const std::string& packageName, int32_t userId, int32_t flags, int32_t appId,
84             const std::string& seInfo);
85 
86     binder::Status migrateAppData(const std::optional<std::string>& uuid,
87             const std::string& packageName, int32_t userId, int32_t flags);
88     binder::Status clearAppData(const std::optional<std::string>& uuid,
89             const std::string& packageName, int32_t userId, int32_t flags, int64_t ceDataInode);
90     binder::Status destroyAppData(const std::optional<std::string>& uuid,
91             const std::string& packageName, int32_t userId, int32_t flags, int64_t ceDataInode);
92 
93     binder::Status fixupAppData(const std::optional<std::string>& uuid, int32_t flags);
94 
95     binder::Status snapshotAppData(const std::optional<std::string>& volumeUuid,
96             const std::string& packageName, const int32_t user, const int32_t snapshotId,
97             int32_t storageFlags, int64_t* _aidl_return);
98     binder::Status restoreAppDataSnapshot(const std::optional<std::string>& volumeUuid,
99             const std::string& packageName, const int32_t appId, const std::string& seInfo,
100             const int32_t user, const int32_t snapshotId, int32_t storageFlags);
101     binder::Status destroyAppDataSnapshot(const std::optional<std::string> &volumeUuid,
102             const std::string& packageName, const int32_t user, const int64_t ceSnapshotInode,
103             const int32_t snapshotId, int32_t storageFlags);
104     binder::Status destroyCeSnapshotsNotSpecified(const std::optional<std::string> &volumeUuid,
105             const int32_t user, const std::vector<int32_t>& retainSnapshotIds);
106 
107     binder::Status getAppSize(const std::optional<std::string>& uuid,
108             const std::vector<std::string>& packageNames, int32_t userId, int32_t flags,
109             int32_t appId, const std::vector<int64_t>& ceDataInodes,
110             const std::vector<std::string>& codePaths, std::vector<int64_t>* _aidl_return);
111     binder::Status getUserSize(const std::optional<std::string>& uuid,
112             int32_t userId, int32_t flags, const std::vector<int32_t>& appIds,
113             std::vector<int64_t>* _aidl_return);
114     binder::Status getExternalSize(const std::optional<std::string>& uuid,
115             int32_t userId, int32_t flags, const std::vector<int32_t>& appIds,
116             std::vector<int64_t>* _aidl_return);
117 
118     binder::Status getAppCrates(const std::optional<std::string>& uuid,
119             const std::vector<std::string>& packageNames,
120             int32_t userId,
121             std::optional<std::vector<std::optional<android::os::storage::CrateMetadata>>>*
122                     _aidl_return);
123     binder::Status getUserCrates(
124             const std::optional<std::string>& uuid, int32_t userId,
125             std::optional<std::vector<std::optional<android::os::storage::CrateMetadata>>>*
126                     _aidl_return);
127 
128     binder::Status setAppQuota(const std::optional<std::string>& uuid,
129             int32_t userId, int32_t appId, int64_t cacheQuota);
130 
131     binder::Status moveCompleteApp(const std::optional<std::string>& fromUuid,
132             const std::optional<std::string>& toUuid, const std::string& packageName,
133             int32_t appId, const std::string& seInfo,
134             int32_t targetSdkVersion, const std::string& fromCodePath);
135 
136     binder::Status dexopt(const std::string& apkPath, int32_t uid, const std::string& packageName,
137                           const std::string& instructionSet, int32_t dexoptNeeded,
138                           const std::optional<std::string>& outputPath, int32_t dexFlags,
139                           const std::string& compilerFilter, const std::optional<std::string>& uuid,
140                           const std::optional<std::string>& classLoaderContext,
141                           const std::optional<std::string>& seInfo, bool downgrade,
142                           int32_t targetSdkVersion, const std::optional<std::string>& profileName,
143                           const std::optional<std::string>& dexMetadataPath,
144                           const std::optional<std::string>& compilationReason, bool* aidl_return);
145 
146     binder::Status controlDexOptBlocking(bool block);
147 
148     binder::Status rmdex(const std::string& codePath, const std::string& instructionSet);
149 
150     binder::Status mergeProfiles(int32_t uid, const std::string& packageName,
151             const std::string& profileName, int* _aidl_return);
152     binder::Status dumpProfiles(int32_t uid, const std::string& packageName,
153                                 const std::string& profileName, const std::string& codePath,
154                                 bool dumpClassesAndMethods, bool* _aidl_return);
155     binder::Status copySystemProfile(const std::string& systemProfile,
156             int32_t uid, const std::string& packageName, const std::string& profileName,
157             bool* _aidl_return);
158     binder::Status clearAppProfiles(const std::string& packageName, const std::string& profileName);
159     binder::Status destroyAppProfiles(const std::string& packageName);
160     binder::Status deleteReferenceProfile(const std::string& packageName,
161                                           const std::string& profileName);
162 
163     binder::Status createProfileSnapshot(int32_t appId, const std::string& packageName,
164             const std::string& profileName, const std::string& classpath, bool* _aidl_return);
165     binder::Status destroyProfileSnapshot(const std::string& packageName,
166             const std::string& profileName);
167 
168     binder::Status rmPackageDir(const std::string& packageName, const std::string& packageDir);
169     binder::Status freeCache(const std::optional<std::string>& uuid, int64_t targetFreeBytes,
170             int32_t flags);
171     binder::Status linkNativeLibraryDirectory(const std::optional<std::string>& uuid,
172             const std::string& packageName, const std::string& nativeLibPath32, int32_t userId);
173     binder::Status createOatDir(const std::string& packageName, const std::string& oatDir,
174                                 const std::string& instructionSet);
175     binder::Status linkFile(const std::string& packageName, const std::string& relativePath,
176                             const std::string& fromBase, const std::string& toBase);
177     binder::Status moveAb(const std::string& packageName, const std::string& apkPath,
178                           const std::string& instructionSet, const std::string& outputPath);
179     binder::Status deleteOdex(const std::string& packageName, const std::string& apkPath,
180                               const std::string& instructionSet,
181                               const std::optional<std::string>& outputPath, int64_t* _aidl_return);
182     binder::Status reconcileSecondaryDexFile(const std::string& dexPath,
183         const std::string& packageName, int32_t uid, const std::vector<std::string>& isa,
184         const std::optional<std::string>& volumeUuid, int32_t storage_flag, bool* _aidl_return);
185     binder::Status hashSecondaryDexFile(const std::string& dexPath,
186         const std::string& packageName, int32_t uid, const std::optional<std::string>& volumeUuid,
187         int32_t storageFlag, std::vector<uint8_t>* _aidl_return);
188 
189     binder::Status invalidateMounts();
190     binder::Status setFirstBoot();
191     binder::Status isQuotaSupported(const std::optional<std::string>& volumeUuid,
192             bool* _aidl_return);
193     binder::Status tryMountDataMirror(const std::optional<std::string>& volumeUuid);
194     binder::Status onPrivateVolumeRemoved(const std::optional<std::string>& volumeUuid);
195 
196     binder::Status prepareAppProfile(const std::string& packageName,
197             int32_t userId, int32_t appId, const std::string& profileName,
198             const std::string& codePath, const std::optional<std::string>& dexMetadata,
199             bool* _aidl_return);
200 
201     binder::Status migrateLegacyObbData();
202 
203     binder::Status cleanupInvalidPackageDirs(const std::optional<std::string>& uuid, int32_t userId,
204                                              int32_t flags);
205 
206     binder::Status getOdexVisibility(const std::string& packageName, const std::string& apkPath,
207                                      const std::string& instructionSet,
208                                      const std::optional<std::string>& outputPath,
209                                      int32_t* _aidl_return);
210 
211     binder::Status createFsveritySetupAuthToken(const android::os::ParcelFileDescriptor& authFd,
212                                                 int32_t uid,
213                                                 android::sp<IFsveritySetupAuthToken>* _aidl_return);
214     binder::Status enableFsverity(const android::sp<IFsveritySetupAuthToken>& authToken,
215                                   const std::string& filePath, const std::string& packageName,
216                                   int32_t* _aidl_return);
217 
218 private:
219     std::recursive_mutex mLock;
220     std::unordered_map<userid_t, std::weak_ptr<std::shared_mutex>> mUserIdLock;
221     std::unordered_map<std::string, std::weak_ptr<std::recursive_mutex>> mPackageNameLock;
222 
223     std::recursive_mutex mMountsLock;
224     std::recursive_mutex mQuotasLock;
225 
226     /* Map of all storage mounts from source to target */
227     std::unordered_map<std::string, std::string> mStorageMounts;
228 
229     /* Map from UID to cache quota size */
230     std::unordered_map<uid_t, int64_t> mCacheQuotas;
231 
232     std::string findDataMediaPath(const std::optional<std::string>& uuid, userid_t userid);
233 
234     binder::Status createAppDataLocked(const std::optional<std::string>& uuid,
235                                        const std::string& packageName, int32_t userId,
236                                        int32_t flags, int32_t appId, int32_t previousAppId,
237                                        const std::string& seInfo, int32_t targetSdkVersion,
238                                        int64_t* ceDataInode, int64_t* deDataInode);
239     binder::Status restoreconAppDataLocked(const std::optional<std::string>& uuid,
240                                            const std::string& packageName, int32_t userId,
241                                            int32_t flags, int32_t appId, const std::string& seInfo);
242 
243     binder::Status createSdkSandboxDataPackageDirectory(const std::optional<std::string>& uuid,
244                                                         const std::string& packageName,
245                                                         int32_t userId, int32_t appId,
246                                                         int32_t flags);
247     binder::Status clearSdkSandboxDataPackageDirectory(const std::optional<std::string>& uuid,
248                                                        const std::string& packageName,
249                                                        int32_t userId, int32_t flags);
250     binder::Status destroySdkSandboxDataPackageDirectory(const std::optional<std::string>& uuid,
251                                                          const std::string& packageName,
252                                                          int32_t userId, int32_t flags);
253     binder::Status reconcileSdkData(const std::optional<std::string>& uuid,
254                                     const std::string& packageName,
255                                     const std::vector<std::string>& subDirNames, int32_t userId,
256                                     int32_t appId, int32_t previousAppId, const std::string& seInfo,
257                                     int flags);
258     binder::Status restoreconSdkDataLocked(const std::optional<std::string>& uuid,
259                                            const std::string& packageName, int32_t userId,
260                                            int32_t flags, int32_t appId, const std::string& seInfo);
261 };
262 
263 }  // namespace installd
264 }  // namespace android
265 
266 #endif  // COMMANDS_H_
267