1 /*
2 ** Copyright 2008, The Android Open Source Project
3 **
4 ** Licensed under the Apache License, Version 2.0 (the "License");
5 ** you may not use this file except in compliance with the License.
6 ** You may obtain a copy of the License at
7 **
8 ** http://www.apache.org/licenses/LICENSE-2.0
9 **
10 ** Unless required by applicable law or agreed to in writing, software
11 ** distributed under the License is distributed on an "AS IS" BASIS,
12 ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 ** See the License for the specific language governing permissions and
14 ** limitations under the License.
15 */
16
17 #include "installd.h"
18
19 #include <base/stringprintf.h>
20 #include <base/logging.h>
21
22 #define CACHE_NOISY(x) //x
23
24 using android::base::StringPrintf;
25
26 /**
27 * Check that given string is valid filename, and that it attempts no
28 * parent or child directory traversal.
29 */
is_valid_filename(const std::string & name)30 static bool is_valid_filename(const std::string& name) {
31 if (name.empty() || (name == ".") || (name == "..")
32 || (name.find('/') != std::string::npos)) {
33 return false;
34 } else {
35 return true;
36 }
37 }
38
39 /**
40 * Create the path name where package app contents should be stored for
41 * the given volume UUID and package name. An empty UUID is assumed to
42 * be internal storage.
43 */
create_data_app_package_path(const char * volume_uuid,const char * package_name)44 std::string create_data_app_package_path(const char* volume_uuid,
45 const char* package_name) {
46 CHECK(is_valid_filename(package_name));
47 CHECK(is_valid_package_name(package_name) == 0);
48
49 return StringPrintf("%s/%s",
50 create_data_app_path(volume_uuid).c_str(), package_name);
51 }
52
53 /**
54 * Create the path name where package data should be stored for the given
55 * volume UUID, package name, and user ID. An empty UUID is assumed to be
56 * internal storage.
57 */
create_data_user_package_path(const char * volume_uuid,userid_t user,const char * package_name)58 std::string create_data_user_package_path(const char* volume_uuid,
59 userid_t user, const char* package_name) {
60 CHECK(is_valid_filename(package_name));
61 CHECK(is_valid_package_name(package_name) == 0);
62
63 return StringPrintf("%s/%s",
64 create_data_user_path(volume_uuid, user).c_str(), package_name);
65 }
66
create_pkg_path(char path[PKG_PATH_MAX],const char * pkgname,const char * postfix,userid_t userid)67 int create_pkg_path(char path[PKG_PATH_MAX], const char *pkgname,
68 const char *postfix, userid_t userid) {
69 if (is_valid_package_name(pkgname) != 0) {
70 path[0] = '\0';
71 return -1;
72 }
73
74 std::string _tmp(create_data_user_package_path(nullptr, userid, pkgname) + postfix);
75 const char* tmp = _tmp.c_str();
76 if (strlen(tmp) >= PKG_PATH_MAX) {
77 path[0] = '\0';
78 return -1;
79 } else {
80 strcpy(path, tmp);
81 return 0;
82 }
83 }
84
create_data_path(const char * volume_uuid)85 std::string create_data_path(const char* volume_uuid) {
86 if (volume_uuid == nullptr) {
87 return "/data";
88 } else {
89 CHECK(is_valid_filename(volume_uuid));
90 return StringPrintf("/mnt/expand/%s", volume_uuid);
91 }
92 }
93
94 /**
95 * Create the path name for app data.
96 */
create_data_app_path(const char * volume_uuid)97 std::string create_data_app_path(const char* volume_uuid) {
98 return StringPrintf("%s/app", create_data_path(volume_uuid).c_str());
99 }
100
101 /**
102 * Create the path name for user data for a certain userid.
103 */
create_data_user_path(const char * volume_uuid,userid_t userid)104 std::string create_data_user_path(const char* volume_uuid, userid_t userid) {
105 std::string data(create_data_path(volume_uuid));
106 if (volume_uuid == nullptr) {
107 if (userid == 0) {
108 return StringPrintf("%s/data", data.c_str());
109 } else {
110 return StringPrintf("%s/user/%u", data.c_str(), userid);
111 }
112 } else {
113 return StringPrintf("%s/user/%u", data.c_str(), userid);
114 }
115 }
116
117 /**
118 * Create the path name for media for a certain userid.
119 */
create_data_media_path(const char * volume_uuid,userid_t userid)120 std::string create_data_media_path(const char* volume_uuid, userid_t userid) {
121 return StringPrintf("%s/media/%u", create_data_path(volume_uuid).c_str(), userid);
122 }
123
get_known_users(const char * volume_uuid)124 std::vector<userid_t> get_known_users(const char* volume_uuid) {
125 std::vector<userid_t> users;
126
127 // We always have an owner
128 users.push_back(0);
129
130 std::string path(create_data_path(volume_uuid) + "/" + SECONDARY_USER_PREFIX);
131 DIR* dir = opendir(path.c_str());
132 if (dir == NULL) {
133 // Unable to discover other users, but at least return owner
134 PLOG(ERROR) << "Failed to opendir " << path;
135 return users;
136 }
137
138 struct dirent* ent;
139 while ((ent = readdir(dir))) {
140 if (ent->d_type != DT_DIR) {
141 continue;
142 }
143
144 char* end;
145 userid_t user = strtol(ent->d_name, &end, 10);
146 if (*end == '\0' && user != 0) {
147 LOG(DEBUG) << "Found valid user " << user;
148 users.push_back(user);
149 }
150 }
151 closedir(dir);
152
153 return users;
154 }
155
156 /**
157 * Create the path name for config for a certain userid.
158 * Returns 0 on success, and -1 on failure.
159 */
create_user_config_path(char path[PATH_MAX],userid_t userid)160 int create_user_config_path(char path[PATH_MAX], userid_t userid) {
161 if (snprintf(path, PATH_MAX, "%s%d", "/data/misc/user/", userid) > PATH_MAX) {
162 return -1;
163 }
164 return 0;
165 }
166
create_move_path(char path[PKG_PATH_MAX],const char * pkgname,const char * leaf,userid_t userid __unused)167 int create_move_path(char path[PKG_PATH_MAX],
168 const char* pkgname,
169 const char* leaf,
170 userid_t userid __unused)
171 {
172 if ((android_data_dir.len + strlen(PRIMARY_USER_PREFIX) + strlen(pkgname) + strlen(leaf) + 1)
173 >= PKG_PATH_MAX) {
174 return -1;
175 }
176
177 sprintf(path, "%s%s%s/%s", android_data_dir.path, PRIMARY_USER_PREFIX, pkgname, leaf);
178 return 0;
179 }
180
181 /**
182 * Checks whether the package name is valid. Returns -1 on error and
183 * 0 on success.
184 */
is_valid_package_name(const char * pkgname)185 int is_valid_package_name(const char* pkgname) {
186 const char *x = pkgname;
187 int alpha = -1;
188
189 if (strlen(pkgname) > PKG_NAME_MAX) {
190 return -1;
191 }
192
193 while (*x) {
194 if (isalnum(*x) || (*x == '_')) {
195 /* alphanumeric or underscore are fine */
196 } else if (*x == '.') {
197 if ((x == pkgname) || (x[1] == '.') || (x[1] == 0)) {
198 /* periods must not be first, last, or doubled */
199 ALOGE("invalid package name '%s'\n", pkgname);
200 return -1;
201 }
202 } else if (*x == '-') {
203 /* Suffix -X is fine to let versioning of packages.
204 But whatever follows should be alphanumeric.*/
205 alpha = 1;
206 } else {
207 /* anything not A-Z, a-z, 0-9, _, or . is invalid */
208 ALOGE("invalid package name '%s'\n", pkgname);
209 return -1;
210 }
211
212 x++;
213 }
214
215 if (alpha == 1) {
216 // Skip current character
217 x++;
218 while (*x) {
219 if (!isalnum(*x)) {
220 ALOGE("invalid package name '%s' should include only numbers after -\n", pkgname);
221 return -1;
222 }
223 x++;
224 }
225 }
226
227 return 0;
228 }
229
_delete_dir_contents(DIR * d,int (* exclusion_predicate)(const char * name,const int is_dir))230 static int _delete_dir_contents(DIR *d,
231 int (*exclusion_predicate)(const char *name, const int is_dir))
232 {
233 int result = 0;
234 struct dirent *de;
235 int dfd;
236
237 dfd = dirfd(d);
238
239 if (dfd < 0) return -1;
240
241 while ((de = readdir(d))) {
242 const char *name = de->d_name;
243
244 /* check using the exclusion predicate, if provided */
245 if (exclusion_predicate && exclusion_predicate(name, (de->d_type == DT_DIR))) {
246 continue;
247 }
248
249 if (de->d_type == DT_DIR) {
250 int subfd;
251 DIR *subdir;
252
253 /* always skip "." and ".." */
254 if (name[0] == '.') {
255 if (name[1] == 0) continue;
256 if ((name[1] == '.') && (name[2] == 0)) continue;
257 }
258
259 subfd = openat(dfd, name, O_RDONLY | O_DIRECTORY);
260 if (subfd < 0) {
261 ALOGE("Couldn't openat %s: %s\n", name, strerror(errno));
262 result = -1;
263 continue;
264 }
265 subdir = fdopendir(subfd);
266 if (subdir == NULL) {
267 ALOGE("Couldn't fdopendir %s: %s\n", name, strerror(errno));
268 close(subfd);
269 result = -1;
270 continue;
271 }
272 if (_delete_dir_contents(subdir, exclusion_predicate)) {
273 result = -1;
274 }
275 closedir(subdir);
276 if (unlinkat(dfd, name, AT_REMOVEDIR) < 0) {
277 ALOGE("Couldn't unlinkat %s: %s\n", name, strerror(errno));
278 result = -1;
279 }
280 } else {
281 if (unlinkat(dfd, name, 0) < 0) {
282 ALOGE("Couldn't unlinkat %s: %s\n", name, strerror(errno));
283 result = -1;
284 }
285 }
286 }
287
288 return result;
289 }
290
delete_dir_contents(const char * pathname,int also_delete_dir,int (* exclusion_predicate)(const char *,const int))291 int delete_dir_contents(const char *pathname,
292 int also_delete_dir,
293 int (*exclusion_predicate)(const char*, const int))
294 {
295 int res = 0;
296 DIR *d;
297
298 d = opendir(pathname);
299 if (d == NULL) {
300 ALOGE("Couldn't opendir %s: %s\n", pathname, strerror(errno));
301 return -errno;
302 }
303 res = _delete_dir_contents(d, exclusion_predicate);
304 closedir(d);
305 if (also_delete_dir) {
306 if (rmdir(pathname)) {
307 ALOGE("Couldn't rmdir %s: %s\n", pathname, strerror(errno));
308 res = -1;
309 }
310 }
311 return res;
312 }
313
delete_dir_contents_fd(int dfd,const char * name)314 int delete_dir_contents_fd(int dfd, const char *name)
315 {
316 int fd, res;
317 DIR *d;
318
319 fd = openat(dfd, name, O_RDONLY | O_DIRECTORY);
320 if (fd < 0) {
321 ALOGE("Couldn't openat %s: %s\n", name, strerror(errno));
322 return -1;
323 }
324 d = fdopendir(fd);
325 if (d == NULL) {
326 ALOGE("Couldn't fdopendir %s: %s\n", name, strerror(errno));
327 close(fd);
328 return -1;
329 }
330 res = _delete_dir_contents(d, 0);
331 closedir(d);
332 return res;
333 }
334
_copy_owner_permissions(int srcfd,int dstfd)335 static int _copy_owner_permissions(int srcfd, int dstfd)
336 {
337 struct stat st;
338 if (fstat(srcfd, &st) != 0) {
339 return -1;
340 }
341 if (fchmod(dstfd, st.st_mode) != 0) {
342 return -1;
343 }
344 return 0;
345 }
346
_copy_dir_files(int sdfd,int ddfd,uid_t owner,gid_t group)347 static int _copy_dir_files(int sdfd, int ddfd, uid_t owner, gid_t group)
348 {
349 int result = 0;
350 if (_copy_owner_permissions(sdfd, ddfd) != 0) {
351 ALOGE("_copy_dir_files failed to copy dir permissions\n");
352 }
353 if (fchown(ddfd, owner, group) != 0) {
354 ALOGE("_copy_dir_files failed to change dir owner\n");
355 }
356
357 DIR *ds = fdopendir(sdfd);
358 if (ds == NULL) {
359 ALOGE("Couldn't fdopendir: %s\n", strerror(errno));
360 return -1;
361 }
362 struct dirent *de;
363 while ((de = readdir(ds))) {
364 if (de->d_type != DT_REG) {
365 continue;
366 }
367
368 const char *name = de->d_name;
369 int fsfd = openat(sdfd, name, O_RDONLY | O_NOFOLLOW | O_CLOEXEC);
370 int fdfd = openat(ddfd, name, O_WRONLY | O_NOFOLLOW | O_CLOEXEC | O_CREAT, 0600);
371 if (fsfd == -1 || fdfd == -1) {
372 ALOGW("Couldn't copy %s: %s\n", name, strerror(errno));
373 } else {
374 if (_copy_owner_permissions(fsfd, fdfd) != 0) {
375 ALOGE("Failed to change file permissions\n");
376 }
377 if (fchown(fdfd, owner, group) != 0) {
378 ALOGE("Failed to change file owner\n");
379 }
380
381 char buf[8192];
382 ssize_t size;
383 while ((size = read(fsfd, buf, sizeof(buf))) > 0) {
384 write(fdfd, buf, size);
385 }
386 if (size < 0) {
387 ALOGW("Couldn't copy %s: %s\n", name, strerror(errno));
388 result = -1;
389 }
390 }
391 close(fdfd);
392 close(fsfd);
393 }
394
395 return result;
396 }
397
copy_dir_files(const char * srcname,const char * dstname,uid_t owner,uid_t group)398 int copy_dir_files(const char *srcname,
399 const char *dstname,
400 uid_t owner,
401 uid_t group)
402 {
403 int res = 0;
404 DIR *ds = NULL;
405 DIR *dd = NULL;
406
407 ds = opendir(srcname);
408 if (ds == NULL) {
409 ALOGE("Couldn't opendir %s: %s\n", srcname, strerror(errno));
410 return -errno;
411 }
412
413 mkdir(dstname, 0600);
414 dd = opendir(dstname);
415 if (dd == NULL) {
416 ALOGE("Couldn't opendir %s: %s\n", dstname, strerror(errno));
417 closedir(ds);
418 return -errno;
419 }
420
421 int sdfd = dirfd(ds);
422 int ddfd = dirfd(dd);
423 if (sdfd != -1 && ddfd != -1) {
424 res = _copy_dir_files(sdfd, ddfd, owner, group);
425 } else {
426 res = -errno;
427 }
428 closedir(dd);
429 closedir(ds);
430 return res;
431 }
432
lookup_media_dir(char basepath[PATH_MAX],const char * dir)433 int lookup_media_dir(char basepath[PATH_MAX], const char *dir)
434 {
435 DIR *d;
436 struct dirent *de;
437 struct stat s;
438 char* dirpos = basepath + strlen(basepath);
439
440 if ((*(dirpos-1)) != '/') {
441 *dirpos = '/';
442 dirpos++;
443 }
444
445 CACHE_NOISY(ALOGI("Looking up %s in %s\n", dir, basepath));
446 // Verify the path won't extend beyond our buffer, to avoid
447 // repeated checking later.
448 if ((dirpos-basepath+strlen(dir)) >= (PATH_MAX-1)) {
449 ALOGW("Path exceeds limit: %s%s", basepath, dir);
450 return -1;
451 }
452
453 // First, can we find this directory with the case that is given?
454 strcpy(dirpos, dir);
455 if (stat(basepath, &s) >= 0) {
456 CACHE_NOISY(ALOGI("Found direct: %s\n", basepath));
457 return 0;
458 }
459
460 // Not found with that case... search through all entries to find
461 // one that matches regardless of case.
462 *dirpos = 0;
463
464 d = opendir(basepath);
465 if (d == NULL) {
466 return -1;
467 }
468
469 while ((de = readdir(d))) {
470 if (strcasecmp(de->d_name, dir) == 0) {
471 strcpy(dirpos, de->d_name);
472 closedir(d);
473 CACHE_NOISY(ALOGI("Found search: %s\n", basepath));
474 return 0;
475 }
476 }
477
478 ALOGW("Couldn't find %s in %s", dir, basepath);
479 closedir(d);
480 return -1;
481 }
482
data_disk_free(const std::string & data_path)483 int64_t data_disk_free(const std::string& data_path)
484 {
485 struct statfs sfs;
486 if (statfs(data_path.c_str(), &sfs) == 0) {
487 return sfs.f_bavail * sfs.f_bsize;
488 } else {
489 PLOG(ERROR) << "Couldn't statfs " << data_path;
490 return -1;
491 }
492 }
493
start_cache_collection()494 cache_t* start_cache_collection()
495 {
496 cache_t* cache = (cache_t*)calloc(1, sizeof(cache_t));
497 return cache;
498 }
499
500 #define CACHE_BLOCK_SIZE (512*1024)
501
_cache_malloc(cache_t * cache,size_t len)502 static void* _cache_malloc(cache_t* cache, size_t len)
503 {
504 len = (len+3)&~3;
505 if (len > (CACHE_BLOCK_SIZE/2)) {
506 // It doesn't make sense to try to put this allocation into one
507 // of our blocks, because it is so big. Instead, make a new dedicated
508 // block for it.
509 int8_t* res = (int8_t*)malloc(len+sizeof(void*));
510 if (res == NULL) {
511 return NULL;
512 }
513 CACHE_NOISY(ALOGI("Allocated large cache mem block: %p size %d", res, len));
514 // Link it into our list of blocks, not disrupting the current one.
515 if (cache->memBlocks == NULL) {
516 *(void**)res = NULL;
517 cache->memBlocks = res;
518 } else {
519 *(void**)res = *(void**)cache->memBlocks;
520 *(void**)cache->memBlocks = res;
521 }
522 return res + sizeof(void*);
523 }
524 int8_t* res = cache->curMemBlockAvail;
525 int8_t* nextPos = res + len;
526 if (cache->memBlocks == NULL || nextPos > cache->curMemBlockEnd) {
527 int8_t* newBlock = (int8_t*) malloc(CACHE_BLOCK_SIZE);
528 if (newBlock == NULL) {
529 return NULL;
530 }
531 CACHE_NOISY(ALOGI("Allocated new cache mem block: %p", newBlock));
532 *(void**)newBlock = cache->memBlocks;
533 cache->memBlocks = newBlock;
534 res = cache->curMemBlockAvail = newBlock + sizeof(void*);
535 cache->curMemBlockEnd = newBlock + CACHE_BLOCK_SIZE;
536 nextPos = res + len;
537 }
538 CACHE_NOISY(ALOGI("cache_malloc: ret %p size %d, block=%p, nextPos=%p",
539 res, len, cache->memBlocks, nextPos));
540 cache->curMemBlockAvail = nextPos;
541 return res;
542 }
543
_cache_realloc(cache_t * cache,void * cur,size_t origLen,size_t len)544 static void* _cache_realloc(cache_t* cache, void* cur, size_t origLen, size_t len)
545 {
546 // This isn't really a realloc, but it is good enough for our purposes here.
547 void* alloc = _cache_malloc(cache, len);
548 if (alloc != NULL && cur != NULL) {
549 memcpy(alloc, cur, origLen < len ? origLen : len);
550 }
551 return alloc;
552 }
553
_inc_num_cache_collected(cache_t * cache)554 static void _inc_num_cache_collected(cache_t* cache)
555 {
556 cache->numCollected++;
557 if ((cache->numCollected%20000) == 0) {
558 ALOGI("Collected cache so far: %zd directories, %zd files",
559 cache->numDirs, cache->numFiles);
560 }
561 }
562
_add_cache_dir_t(cache_t * cache,cache_dir_t * parent,const char * name)563 static cache_dir_t* _add_cache_dir_t(cache_t* cache, cache_dir_t* parent, const char *name)
564 {
565 size_t nameLen = strlen(name);
566 cache_dir_t* dir = (cache_dir_t*)_cache_malloc(cache, sizeof(cache_dir_t)+nameLen+1);
567 if (dir != NULL) {
568 dir->parent = parent;
569 dir->childCount = 0;
570 dir->hiddenCount = 0;
571 dir->deleted = 0;
572 strcpy(dir->name, name);
573 if (cache->numDirs >= cache->availDirs) {
574 size_t newAvail = cache->availDirs < 1000 ? 1000 : cache->availDirs*2;
575 cache_dir_t** newDirs = (cache_dir_t**)_cache_realloc(cache, cache->dirs,
576 cache->availDirs*sizeof(cache_dir_t*), newAvail*sizeof(cache_dir_t*));
577 if (newDirs == NULL) {
578 ALOGE("Failure growing cache dirs array for %s\n", name);
579 return NULL;
580 }
581 cache->availDirs = newAvail;
582 cache->dirs = newDirs;
583 }
584 cache->dirs[cache->numDirs] = dir;
585 cache->numDirs++;
586 if (parent != NULL) {
587 parent->childCount++;
588 }
589 _inc_num_cache_collected(cache);
590 } else {
591 ALOGE("Failure allocating cache_dir_t for %s\n", name);
592 }
593 return dir;
594 }
595
_add_cache_file_t(cache_t * cache,cache_dir_t * dir,time_t modTime,const char * name)596 static cache_file_t* _add_cache_file_t(cache_t* cache, cache_dir_t* dir, time_t modTime,
597 const char *name)
598 {
599 size_t nameLen = strlen(name);
600 cache_file_t* file = (cache_file_t*)_cache_malloc(cache, sizeof(cache_file_t)+nameLen+1);
601 if (file != NULL) {
602 file->dir = dir;
603 file->modTime = modTime;
604 strcpy(file->name, name);
605 if (cache->numFiles >= cache->availFiles) {
606 size_t newAvail = cache->availFiles < 1000 ? 1000 : cache->availFiles*2;
607 cache_file_t** newFiles = (cache_file_t**)_cache_realloc(cache, cache->files,
608 cache->availFiles*sizeof(cache_file_t*), newAvail*sizeof(cache_file_t*));
609 if (newFiles == NULL) {
610 ALOGE("Failure growing cache file array for %s\n", name);
611 return NULL;
612 }
613 cache->availFiles = newAvail;
614 cache->files = newFiles;
615 }
616 CACHE_NOISY(ALOGI("Setting file %p at position %d in array %p", file,
617 cache->numFiles, cache->files));
618 cache->files[cache->numFiles] = file;
619 cache->numFiles++;
620 dir->childCount++;
621 _inc_num_cache_collected(cache);
622 } else {
623 ALOGE("Failure allocating cache_file_t for %s\n", name);
624 }
625 return file;
626 }
627
_add_cache_files(cache_t * cache,cache_dir_t * parentDir,const char * dirName,DIR * dir,char * pathBase,char * pathPos,size_t pathAvailLen)628 static int _add_cache_files(cache_t *cache, cache_dir_t *parentDir, const char *dirName,
629 DIR* dir, char *pathBase, char *pathPos, size_t pathAvailLen)
630 {
631 struct dirent *de;
632 cache_dir_t* cacheDir = NULL;
633 int dfd;
634
635 CACHE_NOISY(ALOGI("_add_cache_files: parent=%p dirName=%s dir=%p pathBase=%s",
636 parentDir, dirName, dir, pathBase));
637
638 dfd = dirfd(dir);
639
640 if (dfd < 0) return 0;
641
642 // Sub-directories always get added to the data structure, so if they
643 // are empty we will know about them to delete them later.
644 cacheDir = _add_cache_dir_t(cache, parentDir, dirName);
645
646 while ((de = readdir(dir))) {
647 const char *name = de->d_name;
648
649 if (de->d_type == DT_DIR) {
650 int subfd;
651 DIR *subdir;
652
653 /* always skip "." and ".." */
654 if (name[0] == '.') {
655 if (name[1] == 0) continue;
656 if ((name[1] == '.') && (name[2] == 0)) continue;
657 }
658
659 subfd = openat(dfd, name, O_RDONLY | O_DIRECTORY);
660 if (subfd < 0) {
661 ALOGE("Couldn't openat %s: %s\n", name, strerror(errno));
662 continue;
663 }
664 subdir = fdopendir(subfd);
665 if (subdir == NULL) {
666 ALOGE("Couldn't fdopendir %s: %s\n", name, strerror(errno));
667 close(subfd);
668 continue;
669 }
670 if (cacheDir == NULL) {
671 cacheDir = _add_cache_dir_t(cache, parentDir, dirName);
672 }
673 if (cacheDir != NULL) {
674 // Update pathBase for the new path... this may change dirName
675 // if that is also pointing to the path, but we are done with it
676 // now.
677 size_t finallen = snprintf(pathPos, pathAvailLen, "/%s", name);
678 CACHE_NOISY(ALOGI("Collecting dir %s\n", pathBase));
679 if (finallen < pathAvailLen) {
680 _add_cache_files(cache, cacheDir, name, subdir, pathBase,
681 pathPos+finallen, pathAvailLen-finallen);
682 } else {
683 // Whoops, the final path is too long! We'll just delete
684 // this directory.
685 ALOGW("Cache dir %s truncated in path %s; deleting dir\n",
686 name, pathBase);
687 _delete_dir_contents(subdir, NULL);
688 if (unlinkat(dfd, name, AT_REMOVEDIR) < 0) {
689 ALOGE("Couldn't unlinkat %s: %s\n", name, strerror(errno));
690 }
691 }
692 }
693 closedir(subdir);
694 } else if (de->d_type == DT_REG) {
695 // Skip files that start with '.'; they will be deleted if
696 // their entire directory is deleted. This allows for metadata
697 // like ".nomedia" to remain in the directory until the entire
698 // directory is deleted.
699 if (cacheDir == NULL) {
700 cacheDir = _add_cache_dir_t(cache, parentDir, dirName);
701 }
702 if (name[0] == '.') {
703 cacheDir->hiddenCount++;
704 continue;
705 }
706 if (cacheDir != NULL) {
707 // Build final full path for file... this may change dirName
708 // if that is also pointing to the path, but we are done with it
709 // now.
710 size_t finallen = snprintf(pathPos, pathAvailLen, "/%s", name);
711 CACHE_NOISY(ALOGI("Collecting file %s\n", pathBase));
712 if (finallen < pathAvailLen) {
713 struct stat s;
714 if (stat(pathBase, &s) >= 0) {
715 _add_cache_file_t(cache, cacheDir, s.st_mtime, name);
716 } else {
717 ALOGW("Unable to stat cache file %s; deleting\n", pathBase);
718 if (unlink(pathBase) < 0) {
719 ALOGE("Couldn't unlink %s: %s\n", pathBase, strerror(errno));
720 }
721 }
722 } else {
723 // Whoops, the final path is too long! We'll just delete
724 // this file.
725 ALOGW("Cache file %s truncated in path %s; deleting\n",
726 name, pathBase);
727 if (unlinkat(dfd, name, 0) < 0) {
728 *pathPos = 0;
729 ALOGE("Couldn't unlinkat %s in %s: %s\n", name, pathBase,
730 strerror(errno));
731 }
732 }
733 }
734 } else {
735 cacheDir->hiddenCount++;
736 }
737 }
738 return 0;
739 }
740
add_cache_files(cache_t * cache,const char * basepath,const char * cachedir)741 void add_cache_files(cache_t* cache, const char *basepath, const char *cachedir)
742 {
743 DIR *d;
744 struct dirent *de;
745 char dirname[PATH_MAX];
746
747 CACHE_NOISY(ALOGI("add_cache_files: base=%s cachedir=%s\n", basepath, cachedir));
748
749 d = opendir(basepath);
750 if (d == NULL) {
751 return;
752 }
753
754 while ((de = readdir(d))) {
755 if (de->d_type == DT_DIR) {
756 DIR* subdir;
757 const char *name = de->d_name;
758 char* pathpos;
759
760 /* always skip "." and ".." */
761 if (name[0] == '.') {
762 if (name[1] == 0) continue;
763 if ((name[1] == '.') && (name[2] == 0)) continue;
764 }
765
766 strcpy(dirname, basepath);
767 pathpos = dirname + strlen(dirname);
768 if ((*(pathpos-1)) != '/') {
769 *pathpos = '/';
770 pathpos++;
771 *pathpos = 0;
772 }
773 if (cachedir != NULL) {
774 snprintf(pathpos, sizeof(dirname)-(pathpos-dirname), "%s/%s", name, cachedir);
775 } else {
776 snprintf(pathpos, sizeof(dirname)-(pathpos-dirname), "%s", name);
777 }
778 CACHE_NOISY(ALOGI("Adding cache files from dir: %s\n", dirname));
779 subdir = opendir(dirname);
780 if (subdir != NULL) {
781 size_t dirnameLen = strlen(dirname);
782 _add_cache_files(cache, NULL, dirname, subdir, dirname, dirname+dirnameLen,
783 PATH_MAX - dirnameLen);
784 closedir(subdir);
785 }
786 }
787 }
788
789 closedir(d);
790 }
791
create_dir_path(char path[PATH_MAX],cache_dir_t * dir)792 static char *create_dir_path(char path[PATH_MAX], cache_dir_t* dir)
793 {
794 char *pos = path;
795 if (dir->parent != NULL) {
796 pos = create_dir_path(path, dir->parent);
797 }
798 // Note that we don't need to worry about going beyond the buffer,
799 // since when we were constructing the cache entries our maximum
800 // buffer size for full paths was PATH_MAX.
801 strcpy(pos, dir->name);
802 pos += strlen(pos);
803 *pos = '/';
804 pos++;
805 *pos = 0;
806 return pos;
807 }
808
delete_cache_dir(char path[PATH_MAX],cache_dir_t * dir)809 static void delete_cache_dir(char path[PATH_MAX], cache_dir_t* dir)
810 {
811 if (dir->parent != NULL) {
812 create_dir_path(path, dir);
813 ALOGI("DEL DIR %s\n", path);
814 if (dir->hiddenCount <= 0) {
815 if (rmdir(path)) {
816 ALOGE("Couldn't rmdir %s: %s\n", path, strerror(errno));
817 return;
818 }
819 } else {
820 // The directory contains hidden files so we need to delete
821 // them along with the directory itself.
822 if (delete_dir_contents(path, 1, NULL)) {
823 return;
824 }
825 }
826 dir->parent->childCount--;
827 dir->deleted = 1;
828 if (dir->parent->childCount <= 0) {
829 delete_cache_dir(path, dir->parent);
830 }
831 } else if (dir->hiddenCount > 0) {
832 // This is a root directory, but it has hidden files. Get rid of
833 // all of those files, but not the directory itself.
834 create_dir_path(path, dir);
835 ALOGI("DEL CONTENTS %s\n", path);
836 delete_dir_contents(path, 0, NULL);
837 }
838 }
839
cache_modtime_sort(const void * lhsP,const void * rhsP)840 static int cache_modtime_sort(const void *lhsP, const void *rhsP)
841 {
842 const cache_file_t *lhs = *(const cache_file_t**)lhsP;
843 const cache_file_t *rhs = *(const cache_file_t**)rhsP;
844 return lhs->modTime < rhs->modTime ? -1 : (lhs->modTime > rhs->modTime ? 1 : 0);
845 }
846
clear_cache_files(const std::string & data_path,cache_t * cache,int64_t free_size)847 void clear_cache_files(const std::string& data_path, cache_t* cache, int64_t free_size)
848 {
849 size_t i;
850 int skip = 0;
851 char path[PATH_MAX];
852
853 ALOGI("Collected cache files: %zd directories, %zd files",
854 cache->numDirs, cache->numFiles);
855
856 CACHE_NOISY(ALOGI("Sorting files..."));
857 qsort(cache->files, cache->numFiles, sizeof(cache_file_t*),
858 cache_modtime_sort);
859
860 CACHE_NOISY(ALOGI("Cleaning empty directories..."));
861 for (i=cache->numDirs; i>0; i--) {
862 cache_dir_t* dir = cache->dirs[i-1];
863 if (dir->childCount <= 0 && !dir->deleted) {
864 delete_cache_dir(path, dir);
865 }
866 }
867
868 CACHE_NOISY(ALOGI("Trimming files..."));
869 for (i=0; i<cache->numFiles; i++) {
870 skip++;
871 if (skip > 10) {
872 if (data_disk_free(data_path) > free_size) {
873 return;
874 }
875 skip = 0;
876 }
877 cache_file_t* file = cache->files[i];
878 strcpy(create_dir_path(path, file->dir), file->name);
879 ALOGI("DEL (mod %d) %s\n", (int)file->modTime, path);
880 if (unlink(path) < 0) {
881 ALOGE("Couldn't unlink %s: %s\n", path, strerror(errno));
882 }
883 file->dir->childCount--;
884 if (file->dir->childCount <= 0) {
885 delete_cache_dir(path, file->dir);
886 }
887 }
888 }
889
finish_cache_collection(cache_t * cache)890 void finish_cache_collection(cache_t* cache)
891 {
892 CACHE_NOISY(size_t i;)
893
894 CACHE_NOISY(ALOGI("clear_cache_files: %d dirs, %d files\n", cache->numDirs, cache->numFiles));
895 CACHE_NOISY(
896 for (i=0; i<cache->numDirs; i++) {
897 cache_dir_t* dir = cache->dirs[i];
898 ALOGI("dir #%d: %p %s parent=%p\n", i, dir, dir->name, dir->parent);
899 })
900 CACHE_NOISY(
901 for (i=0; i<cache->numFiles; i++) {
902 cache_file_t* file = cache->files[i];
903 ALOGI("file #%d: %p %s time=%d dir=%p\n", i, file, file->name,
904 (int)file->modTime, file->dir);
905 })
906 void* block = cache->memBlocks;
907 while (block != NULL) {
908 void* nextBlock = *(void**)block;
909 CACHE_NOISY(ALOGI("Freeing cache mem block: %p", block));
910 free(block);
911 block = nextBlock;
912 }
913 free(cache);
914 }
915
916 /**
917 * Validate that the path is valid in the context of the provided directory.
918 * The path is allowed to have at most one subdirectory and no indirections
919 * to top level directories (i.e. have "..").
920 */
validate_path(const dir_rec_t * dir,const char * path,int maxSubdirs)921 static int validate_path(const dir_rec_t* dir, const char* path, int maxSubdirs) {
922 size_t dir_len = dir->len;
923 const char* subdir = strchr(path + dir_len, '/');
924
925 // Only allow the path to have at most one subdirectory.
926 if (subdir != NULL) {
927 ++subdir;
928 if ((--maxSubdirs == 0) && strchr(subdir, '/') != NULL) {
929 ALOGE("invalid apk path '%s' (subdir?)\n", path);
930 return -1;
931 }
932 }
933
934 // Directories can't have a period directly after the directory markers to prevent "..".
935 if ((path[dir_len] == '.') || ((subdir != NULL) && (*subdir == '.'))) {
936 ALOGE("invalid apk path '%s' (trickery)\n", path);
937 return -1;
938 }
939
940 return 0;
941 }
942
943 /**
944 * Checks whether a path points to a system app (.apk file). Returns 0
945 * if it is a system app or -1 if it is not.
946 */
validate_system_app_path(const char * path)947 int validate_system_app_path(const char* path) {
948 size_t i;
949
950 for (i = 0; i < android_system_dirs.count; i++) {
951 const size_t dir_len = android_system_dirs.dirs[i].len;
952 if (!strncmp(path, android_system_dirs.dirs[i].path, dir_len)) {
953 return validate_path(android_system_dirs.dirs + i, path, 1);
954 }
955 }
956
957 return -1;
958 }
959
960 /**
961 * Get the contents of a environment variable that contains a path. Caller
962 * owns the string that is inserted into the directory record. Returns
963 * 0 on success and -1 on error.
964 */
get_path_from_env(dir_rec_t * rec,const char * var)965 int get_path_from_env(dir_rec_t* rec, const char* var) {
966 const char* path = getenv(var);
967 int ret = get_path_from_string(rec, path);
968 if (ret < 0) {
969 ALOGW("Problem finding value for environment variable %s\n", var);
970 }
971 return ret;
972 }
973
974 /**
975 * Puts the string into the record as a directory. Appends '/' to the end
976 * of all paths. Caller owns the string that is inserted into the directory
977 * record. A null value will result in an error.
978 *
979 * Returns 0 on success and -1 on error.
980 */
get_path_from_string(dir_rec_t * rec,const char * path)981 int get_path_from_string(dir_rec_t* rec, const char* path) {
982 if (path == NULL) {
983 return -1;
984 } else {
985 const size_t path_len = strlen(path);
986 if (path_len <= 0) {
987 return -1;
988 }
989
990 // Make sure path is absolute.
991 if (path[0] != '/') {
992 return -1;
993 }
994
995 if (path[path_len - 1] == '/') {
996 // Path ends with a forward slash. Make our own copy.
997
998 rec->path = strdup(path);
999 if (rec->path == NULL) {
1000 return -1;
1001 }
1002
1003 rec->len = path_len;
1004 } else {
1005 // Path does not end with a slash. Generate a new string.
1006 char *dst;
1007
1008 // Add space for slash and terminating null.
1009 size_t dst_size = path_len + 2;
1010
1011 rec->path = (char*) malloc(dst_size);
1012 if (rec->path == NULL) {
1013 return -1;
1014 }
1015
1016 dst = rec->path;
1017
1018 if (append_and_increment(&dst, path, &dst_size) < 0
1019 || append_and_increment(&dst, "/", &dst_size)) {
1020 ALOGE("Error canonicalizing path");
1021 return -1;
1022 }
1023
1024 rec->len = dst - rec->path;
1025 }
1026 }
1027 return 0;
1028 }
1029
copy_and_append(dir_rec_t * dst,const dir_rec_t * src,const char * suffix)1030 int copy_and_append(dir_rec_t* dst, const dir_rec_t* src, const char* suffix) {
1031 dst->len = src->len + strlen(suffix);
1032 const size_t dstSize = dst->len + 1;
1033 dst->path = (char*) malloc(dstSize);
1034
1035 if (dst->path == NULL
1036 || snprintf(dst->path, dstSize, "%s%s", src->path, suffix)
1037 != (ssize_t) dst->len) {
1038 ALOGE("Could not allocate memory to hold appended path; aborting\n");
1039 return -1;
1040 }
1041
1042 return 0;
1043 }
1044
1045 /**
1046 * Check whether path points to a valid path for an APK file. The path must
1047 * begin with a whitelisted prefix path and must be no deeper than |maxSubdirs| within
1048 * that path. Returns -1 when an invalid path is encountered and 0 when a valid path
1049 * is encountered.
1050 */
validate_apk_path_internal(const char * path,int maxSubdirs)1051 static int validate_apk_path_internal(const char *path, int maxSubdirs) {
1052 const dir_rec_t* dir = NULL;
1053 if (!strncmp(path, android_app_dir.path, android_app_dir.len)) {
1054 dir = &android_app_dir;
1055 } else if (!strncmp(path, android_app_private_dir.path, android_app_private_dir.len)) {
1056 dir = &android_app_private_dir;
1057 } else if (!strncmp(path, android_asec_dir.path, android_asec_dir.len)) {
1058 dir = &android_asec_dir;
1059 } else if (!strncmp(path, android_mnt_expand_dir.path, android_mnt_expand_dir.len)) {
1060 dir = &android_mnt_expand_dir;
1061 if (maxSubdirs < 2) {
1062 maxSubdirs = 2;
1063 }
1064 } else {
1065 return -1;
1066 }
1067
1068 return validate_path(dir, path, maxSubdirs);
1069 }
1070
validate_apk_path(const char * path)1071 int validate_apk_path(const char* path) {
1072 return validate_apk_path_internal(path, 1 /* maxSubdirs */);
1073 }
1074
validate_apk_path_subdirs(const char * path)1075 int validate_apk_path_subdirs(const char* path) {
1076 return validate_apk_path_internal(path, 3 /* maxSubdirs */);
1077 }
1078
append_and_increment(char ** dst,const char * src,size_t * dst_size)1079 int append_and_increment(char** dst, const char* src, size_t* dst_size) {
1080 ssize_t ret = strlcpy(*dst, src, *dst_size);
1081 if (ret < 0 || (size_t) ret >= *dst_size) {
1082 return -1;
1083 }
1084 *dst += ret;
1085 *dst_size -= ret;
1086 return 0;
1087 }
1088
build_string2(const char * s1,const char * s2)1089 char *build_string2(const char *s1, const char *s2) {
1090 if (s1 == NULL || s2 == NULL) return NULL;
1091
1092 int len_s1 = strlen(s1);
1093 int len_s2 = strlen(s2);
1094 int len = len_s1 + len_s2 + 1;
1095 char *result = (char *) malloc(len);
1096 if (result == NULL) return NULL;
1097
1098 strcpy(result, s1);
1099 strcpy(result + len_s1, s2);
1100
1101 return result;
1102 }
1103
build_string3(const char * s1,const char * s2,const char * s3)1104 char *build_string3(const char *s1, const char *s2, const char *s3) {
1105 if (s1 == NULL || s2 == NULL || s3 == NULL) return NULL;
1106
1107 int len_s1 = strlen(s1);
1108 int len_s2 = strlen(s2);
1109 int len_s3 = strlen(s3);
1110 int len = len_s1 + len_s2 + len_s3 + 1;
1111 char *result = (char *) malloc(len);
1112 if (result == NULL) return NULL;
1113
1114 strcpy(result, s1);
1115 strcpy(result + len_s1, s2);
1116 strcpy(result + len_s1 + len_s2, s3);
1117
1118 return result;
1119 }
1120
1121 /* Ensure that /data/media directories are prepared for given user. */
ensure_media_user_dirs(const char * uuid,userid_t userid)1122 int ensure_media_user_dirs(const char* uuid, userid_t userid) {
1123 std::string media_user_path(create_data_media_path(uuid, userid));
1124 if (fs_prepare_dir(media_user_path.c_str(), 0770, AID_MEDIA_RW, AID_MEDIA_RW) == -1) {
1125 return -1;
1126 }
1127
1128 return 0;
1129 }
1130
ensure_config_user_dirs(userid_t userid)1131 int ensure_config_user_dirs(userid_t userid) {
1132 char config_user_path[PATH_MAX];
1133
1134 // writable by system, readable by any app within the same user
1135 const int uid = multiuser_get_uid(userid, AID_SYSTEM);
1136 const int gid = multiuser_get_uid(userid, AID_EVERYBODY);
1137
1138 // Ensure /data/misc/user/<userid> exists
1139 create_user_config_path(config_user_path, userid);
1140 if (fs_prepare_dir(config_user_path, 0750, uid, gid) == -1) {
1141 return -1;
1142 }
1143
1144 return 0;
1145 }
1146
create_profile_file(const char * pkgname,gid_t gid)1147 int create_profile_file(const char *pkgname, gid_t gid) {
1148 const char *profile_dir = DALVIK_CACHE_PREFIX "profiles";
1149 char profile_file[PKG_PATH_MAX];
1150
1151 snprintf(profile_file, sizeof(profile_file), "%s/%s", profile_dir, pkgname);
1152
1153 // The 'system' user needs to be able to read the profile to determine if dex2oat
1154 // needs to be run. This is done in dalvik.system.DexFile.isDexOptNeededInternal(). So
1155 // we assign ownership to AID_SYSTEM and ensure it's not world-readable.
1156
1157 int fd = open(profile_file, O_WRONLY | O_CREAT | O_NOFOLLOW | O_CLOEXEC, 0660);
1158
1159 // Always set the uid/gid/permissions. The file could have been previously created
1160 // with different permissions.
1161 if (fd >= 0) {
1162 if (fchown(fd, AID_SYSTEM, gid) < 0) {
1163 ALOGE("cannot chown profile file '%s': %s\n", profile_file, strerror(errno));
1164 close(fd);
1165 unlink(profile_file);
1166 return -1;
1167 }
1168
1169 if (fchmod(fd, 0660) < 0) {
1170 ALOGE("cannot chmod profile file '%s': %s\n", profile_file, strerror(errno));
1171 close(fd);
1172 unlink(profile_file);
1173 return -1;
1174 }
1175 close(fd);
1176 }
1177 return 0;
1178 }
1179
remove_profile_file(const char * pkgname)1180 void remove_profile_file(const char *pkgname) {
1181 char profile_file[PKG_PATH_MAX];
1182 snprintf(profile_file, sizeof(profile_file), "%s/%s", DALVIK_CACHE_PREFIX "profiles", pkgname);
1183 unlink(profile_file);
1184 }
1185