1 /*
2 ** Copyright 2008, The Android Open Source Project
3 **
4 ** Licensed under the Apache License, Version 2.0 (the "License");
5 ** you may not use this file except in compliance with the License.
6 ** You may obtain a copy of the License at
7 **
8 ** http://www.apache.org/licenses/LICENSE-2.0
9 **
10 ** Unless required by applicable law or agreed to in writing, software
11 ** distributed under the License is distributed on an "AS IS" BASIS,
12 ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 ** See the License for the specific language governing permissions and
14 ** limitations under the License.
15 */
16
17 #include "commands.h"
18
19 #include <errno.h>
20 #include <inttypes.h>
21 #include <stdlib.h>
22 #include <sys/capability.h>
23 #include <sys/file.h>
24 #include <sys/resource.h>
25 #include <sys/stat.h>
26 #include <sys/types.h>
27 #include <sys/wait.h>
28 #include <sys/xattr.h>
29 #include <unistd.h>
30
31 #include <android-base/stringprintf.h>
32 #include <android-base/strings.h>
33 #include <android-base/logging.h>
34 #include <android-base/unique_fd.h>
35 #include <cutils/fs.h>
36 #include <cutils/log.h> // TODO: Move everything to base/logging.
37 #include <cutils/sched_policy.h>
38 #include <diskusage/dirsize.h>
39 #include <logwrap/logwrap.h>
40 #include <private/android_filesystem_config.h>
41 #include <selinux/android.h>
42 #include <system/thread_defs.h>
43
44 #include <globals.h>
45 #include <installd_deps.h>
46 #include <utils.h>
47
48 #ifndef LOG_TAG
49 #define LOG_TAG "installd"
50 #endif
51
52 using android::base::StringPrintf;
53
54 namespace android {
55 namespace installd {
56
57 static constexpr const char* kCpPath = "/system/bin/cp";
58 static constexpr const char* kXattrDefault = "user.default";
59
60 #define MIN_RESTRICTED_HOME_SDK_VERSION 24 // > M
61
62 typedef int fd_t;
63
property_get_bool(const char * property_name,bool default_value=false)64 static bool property_get_bool(const char* property_name, bool default_value = false) {
65 char tmp_property_value[kPropertyValueMax];
66 bool have_property = get_property(property_name, tmp_property_value, nullptr) > 0;
67 if (!have_property) {
68 return default_value;
69 }
70 return strcmp(tmp_property_value, "true") == 0;
71 }
72
73 // Keep profile paths in sync with ActivityThread.
74 constexpr const char* PRIMARY_PROFILE_NAME = "primary.prof";
create_primary_profile(const std::string & profile_dir)75 static std::string create_primary_profile(const std::string& profile_dir) {
76 return StringPrintf("%s/%s", profile_dir.c_str(), PRIMARY_PROFILE_NAME);
77 }
78
create_app_data(const char * uuid,const char * pkgname,userid_t userid,int flags,appid_t appid,const char * seinfo,int target_sdk_version)79 int create_app_data(const char *uuid, const char *pkgname, userid_t userid, int flags,
80 appid_t appid, const char* seinfo, int target_sdk_version) {
81 uid_t uid = multiuser_get_uid(userid, appid);
82 int target_mode = target_sdk_version >= MIN_RESTRICTED_HOME_SDK_VERSION ? 0700 : 0751;
83 if (flags & FLAG_STORAGE_CE) {
84 auto path = create_data_user_ce_package_path(uuid, userid, pkgname);
85 if (fs_prepare_dir_strict(path.c_str(), target_mode, uid, uid) != 0) {
86 PLOG(ERROR) << "Failed to prepare " << path;
87 return -1;
88 }
89 if (selinux_android_setfilecon(path.c_str(), pkgname, seinfo, uid) < 0) {
90 PLOG(ERROR) << "Failed to setfilecon " << path;
91 return -1;
92 }
93 }
94 if (flags & FLAG_STORAGE_DE) {
95 auto path = create_data_user_de_package_path(uuid, userid, pkgname);
96 if (fs_prepare_dir_strict(path.c_str(), target_mode, uid, uid) == -1) {
97 PLOG(ERROR) << "Failed to prepare " << path;
98 // TODO: include result once 25796509 is fixed
99 return 0;
100 }
101 if (selinux_android_setfilecon(path.c_str(), pkgname, seinfo, uid) < 0) {
102 PLOG(ERROR) << "Failed to setfilecon " << path;
103 // TODO: include result once 25796509 is fixed
104 return 0;
105 }
106
107 if (property_get_bool("dalvik.vm.usejitprofiles")) {
108 const std::string profile_path = create_data_user_profile_package_path(userid, pkgname);
109 // read-write-execute only for the app user.
110 if (fs_prepare_dir_strict(profile_path.c_str(), 0700, uid, uid) != 0) {
111 PLOG(ERROR) << "Failed to prepare " << profile_path;
112 return -1;
113 }
114 std::string profile_file = create_primary_profile(profile_path);
115 // read-write only for the app user.
116 if (fs_prepare_file_strict(profile_file.c_str(), 0600, uid, uid) != 0) {
117 PLOG(ERROR) << "Failed to prepare " << profile_path;
118 return -1;
119 }
120 const std::string ref_profile_path = create_data_ref_profile_package_path(pkgname);
121 // dex2oat/profman runs under the shared app gid and it needs to read/write reference
122 // profiles.
123 appid_t shared_app_gid = multiuser_get_shared_app_gid(uid);
124 if (fs_prepare_dir_strict(
125 ref_profile_path.c_str(), 0700, shared_app_gid, shared_app_gid) != 0) {
126 PLOG(ERROR) << "Failed to prepare " << ref_profile_path;
127 return -1;
128 }
129 }
130 }
131 return 0;
132 }
133
migrate_app_data(const char * uuid,const char * pkgname,userid_t userid,int flags)134 int migrate_app_data(const char *uuid, const char *pkgname, userid_t userid, int flags) {
135 // This method only exists to upgrade system apps that have requested
136 // forceDeviceEncrypted, so their default storage always lives in a
137 // consistent location. This only works on non-FBE devices, since we
138 // never want to risk exposing data on a device with real CE/DE storage.
139
140 auto ce_path = create_data_user_ce_package_path(uuid, userid, pkgname);
141 auto de_path = create_data_user_de_package_path(uuid, userid, pkgname);
142
143 // If neither directory is marked as default, assume CE is default
144 if (getxattr(ce_path.c_str(), kXattrDefault, nullptr, 0) == -1
145 && getxattr(de_path.c_str(), kXattrDefault, nullptr, 0) == -1) {
146 if (setxattr(ce_path.c_str(), kXattrDefault, nullptr, 0, 0) != 0) {
147 PLOG(ERROR) << "Failed to mark default storage " << ce_path;
148 return -1;
149 }
150 }
151
152 // Migrate default data location if needed
153 auto target = (flags & FLAG_STORAGE_DE) ? de_path : ce_path;
154 auto source = (flags & FLAG_STORAGE_DE) ? ce_path : de_path;
155
156 if (getxattr(target.c_str(), kXattrDefault, nullptr, 0) == -1) {
157 LOG(WARNING) << "Requested default storage " << target
158 << " is not active; migrating from " << source;
159 if (delete_dir_contents_and_dir(target) != 0) {
160 PLOG(ERROR) << "Failed to delete";
161 return -1;
162 }
163 if (rename(source.c_str(), target.c_str()) != 0) {
164 PLOG(ERROR) << "Failed to rename";
165 return -1;
166 }
167 }
168
169 return 0;
170 }
171
clear_profile(const std::string & profile)172 static bool clear_profile(const std::string& profile) {
173 base::unique_fd ufd(open(profile.c_str(), O_WRONLY | O_NOFOLLOW | O_CLOEXEC));
174 if (ufd.get() < 0) {
175 if (errno != ENOENT) {
176 PLOG(WARNING) << "Could not open profile " << profile;
177 return false;
178 } else {
179 // Nothing to clear. That's ok.
180 return true;
181 }
182 }
183
184 if (flock(ufd.get(), LOCK_EX | LOCK_NB) != 0) {
185 if (errno != EWOULDBLOCK) {
186 PLOG(WARNING) << "Error locking profile " << profile;
187 }
188 // This implies that the app owning this profile is running
189 // (and has acquired the lock).
190 //
191 // If we can't acquire the lock bail out since clearing is useless anyway
192 // (the app will write again to the profile).
193 //
194 // Note:
195 // This does not impact the this is not an issue for the profiling correctness.
196 // In case this is needed because of an app upgrade, profiles will still be
197 // eventually cleared by the app itself due to checksum mismatch.
198 // If this is needed because profman advised, then keeping the data around
199 // until the next run is again not an issue.
200 //
201 // If the app attempts to acquire a lock while we've held one here,
202 // it will simply skip the current write cycle.
203 return false;
204 }
205
206 bool truncated = ftruncate(ufd.get(), 0) == 0;
207 if (!truncated) {
208 PLOG(WARNING) << "Could not truncate " << profile;
209 }
210 if (flock(ufd.get(), LOCK_UN) != 0) {
211 PLOG(WARNING) << "Error unlocking profile " << profile;
212 }
213 return truncated;
214 }
215
clear_reference_profile(const char * pkgname)216 static bool clear_reference_profile(const char* pkgname) {
217 std::string reference_profile_dir = create_data_ref_profile_package_path(pkgname);
218 std::string reference_profile = create_primary_profile(reference_profile_dir);
219 return clear_profile(reference_profile);
220 }
221
clear_current_profile(const char * pkgname,userid_t user)222 static bool clear_current_profile(const char* pkgname, userid_t user) {
223 std::string profile_dir = create_data_user_profile_package_path(user, pkgname);
224 std::string profile = create_primary_profile(profile_dir);
225 return clear_profile(profile);
226 }
227
clear_current_profiles(const char * pkgname)228 static bool clear_current_profiles(const char* pkgname) {
229 bool success = true;
230 std::vector<userid_t> users = get_known_users(/*volume_uuid*/ nullptr);
231 for (auto user : users) {
232 success &= clear_current_profile(pkgname, user);
233 }
234 return success;
235 }
236
clear_app_profiles(const char * pkgname)237 int clear_app_profiles(const char* pkgname) {
238 bool success = true;
239 success &= clear_reference_profile(pkgname);
240 success &= clear_current_profiles(pkgname);
241 return success ? 0 : -1;
242 }
243
clear_app_data(const char * uuid,const char * pkgname,userid_t userid,int flags,ino_t ce_data_inode)244 int clear_app_data(const char *uuid, const char *pkgname, userid_t userid, int flags,
245 ino_t ce_data_inode) {
246 std::string suffix = "";
247 bool only_cache = false;
248 if (flags & FLAG_CLEAR_CACHE_ONLY) {
249 suffix = CACHE_DIR_POSTFIX;
250 only_cache = true;
251 } else if (flags & FLAG_CLEAR_CODE_CACHE_ONLY) {
252 suffix = CODE_CACHE_DIR_POSTFIX;
253 only_cache = true;
254 }
255
256 int res = 0;
257 if (flags & FLAG_STORAGE_CE) {
258 auto path = create_data_user_ce_package_path(uuid, userid, pkgname, ce_data_inode) + suffix;
259 if (access(path.c_str(), F_OK) == 0) {
260 res |= delete_dir_contents(path);
261 }
262 }
263 if (flags & FLAG_STORAGE_DE) {
264 auto path = create_data_user_de_package_path(uuid, userid, pkgname) + suffix;
265 if (access(path.c_str(), F_OK) == 0) {
266 // TODO: include result once 25796509 is fixed
267 delete_dir_contents(path);
268 }
269 if (!only_cache) {
270 if (!clear_current_profile(pkgname, userid)) {
271 res |= -1;
272 }
273 }
274 }
275 return res;
276 }
277
destroy_app_reference_profile(const char * pkgname)278 static int destroy_app_reference_profile(const char *pkgname) {
279 return delete_dir_contents_and_dir(
280 create_data_ref_profile_package_path(pkgname),
281 /*ignore_if_missing*/ true);
282 }
283
destroy_app_current_profiles(const char * pkgname,userid_t userid)284 static int destroy_app_current_profiles(const char *pkgname, userid_t userid) {
285 return delete_dir_contents_and_dir(
286 create_data_user_profile_package_path(userid, pkgname),
287 /*ignore_if_missing*/ true);
288 }
289
destroy_app_profiles(const char * pkgname)290 int destroy_app_profiles(const char *pkgname) {
291 int result = 0;
292 std::vector<userid_t> users = get_known_users(/*volume_uuid*/ nullptr);
293 for (auto user : users) {
294 result |= destroy_app_current_profiles(pkgname, user);
295 }
296 result |= destroy_app_reference_profile(pkgname);
297 return result;
298 }
299
destroy_app_data(const char * uuid,const char * pkgname,userid_t userid,int flags,ino_t ce_data_inode)300 int destroy_app_data(const char *uuid, const char *pkgname, userid_t userid, int flags,
301 ino_t ce_data_inode) {
302 int res = 0;
303 if (flags & FLAG_STORAGE_CE) {
304 res |= delete_dir_contents_and_dir(
305 create_data_user_ce_package_path(uuid, userid, pkgname, ce_data_inode));
306 }
307 if (flags & FLAG_STORAGE_DE) {
308 res |= delete_dir_contents_and_dir(
309 create_data_user_de_package_path(uuid, userid, pkgname));
310 destroy_app_current_profiles(pkgname, userid);
311 // TODO(calin): If the package is still installed by other users it's probably
312 // beneficial to keep the reference profile around.
313 // Verify if it's ok to do that.
314 destroy_app_reference_profile(pkgname);
315 }
316 return res;
317 }
318
move_complete_app(const char * from_uuid,const char * to_uuid,const char * package_name,const char * data_app_name,appid_t appid,const char * seinfo,int target_sdk_version)319 int move_complete_app(const char *from_uuid, const char *to_uuid, const char *package_name,
320 const char *data_app_name, appid_t appid, const char* seinfo, int target_sdk_version) {
321 std::vector<userid_t> users = get_known_users(from_uuid);
322
323 // Copy app
324 {
325 auto from = create_data_app_package_path(from_uuid, data_app_name);
326 auto to = create_data_app_package_path(to_uuid, data_app_name);
327 auto to_parent = create_data_app_path(to_uuid);
328
329 char *argv[] = {
330 (char*) kCpPath,
331 (char*) "-F", /* delete any existing destination file first (--remove-destination) */
332 (char*) "-p", /* preserve timestamps, ownership, and permissions */
333 (char*) "-R", /* recurse into subdirectories (DEST must be a directory) */
334 (char*) "-P", /* Do not follow symlinks [default] */
335 (char*) "-d", /* don't dereference symlinks */
336 (char*) from.c_str(),
337 (char*) to_parent.c_str()
338 };
339
340 LOG(DEBUG) << "Copying " << from << " to " << to;
341 int rc = android_fork_execvp(ARRAY_SIZE(argv), argv, NULL, false, true);
342
343 if (rc != 0) {
344 LOG(ERROR) << "Failed copying " << from << " to " << to
345 << ": status " << rc;
346 goto fail;
347 }
348
349 if (selinux_android_restorecon(to.c_str(), SELINUX_ANDROID_RESTORECON_RECURSE) != 0) {
350 LOG(ERROR) << "Failed to restorecon " << to;
351 goto fail;
352 }
353 }
354
355 // Copy private data for all known users
356 for (auto user : users) {
357
358 // Data source may not exist for all users; that's okay
359 auto from_ce = create_data_user_ce_package_path(from_uuid, user, package_name);
360 if (access(from_ce.c_str(), F_OK) != 0) {
361 LOG(INFO) << "Missing source " << from_ce;
362 continue;
363 }
364
365 if (create_app_data(to_uuid, package_name, user, FLAG_STORAGE_CE | FLAG_STORAGE_DE,
366 appid, seinfo, target_sdk_version) != 0) {
367 LOG(ERROR) << "Failed to create package target on " << to_uuid;
368 goto fail;
369 }
370
371 char *argv[] = {
372 (char*) kCpPath,
373 (char*) "-F", /* delete any existing destination file first (--remove-destination) */
374 (char*) "-p", /* preserve timestamps, ownership, and permissions */
375 (char*) "-R", /* recurse into subdirectories (DEST must be a directory) */
376 (char*) "-P", /* Do not follow symlinks [default] */
377 (char*) "-d", /* don't dereference symlinks */
378 nullptr,
379 nullptr
380 };
381
382 {
383 auto from = create_data_user_de_package_path(from_uuid, user, package_name);
384 auto to = create_data_user_de_path(to_uuid, user);
385 argv[6] = (char*) from.c_str();
386 argv[7] = (char*) to.c_str();
387
388 LOG(DEBUG) << "Copying " << from << " to " << to;
389 int rc = android_fork_execvp(ARRAY_SIZE(argv), argv, NULL, false, true);
390 if (rc != 0) {
391 LOG(ERROR) << "Failed copying " << from << " to " << to << " with status " << rc;
392 goto fail;
393 }
394 }
395 {
396 auto from = create_data_user_ce_package_path(from_uuid, user, package_name);
397 auto to = create_data_user_ce_path(to_uuid, user);
398 argv[6] = (char*) from.c_str();
399 argv[7] = (char*) to.c_str();
400
401 LOG(DEBUG) << "Copying " << from << " to " << to;
402 int rc = android_fork_execvp(ARRAY_SIZE(argv), argv, NULL, false, true);
403 if (rc != 0) {
404 LOG(ERROR) << "Failed copying " << from << " to " << to << " with status " << rc;
405 goto fail;
406 }
407 }
408
409 if (restorecon_app_data(to_uuid, package_name, user, FLAG_STORAGE_CE | FLAG_STORAGE_DE,
410 appid, seinfo) != 0) {
411 LOG(ERROR) << "Failed to restorecon";
412 goto fail;
413 }
414 }
415
416 // We let the framework scan the new location and persist that before
417 // deleting the data in the old location; this ordering ensures that
418 // we can recover from things like battery pulls.
419 return 0;
420
421 fail:
422 // Nuke everything we might have already copied
423 {
424 auto to = create_data_app_package_path(to_uuid, data_app_name);
425 if (delete_dir_contents(to.c_str(), 1, NULL) != 0) {
426 LOG(WARNING) << "Failed to rollback " << to;
427 }
428 }
429 for (auto user : users) {
430 {
431 auto to = create_data_user_de_package_path(to_uuid, user, package_name);
432 if (delete_dir_contents(to.c_str(), 1, NULL) != 0) {
433 LOG(WARNING) << "Failed to rollback " << to;
434 }
435 }
436 {
437 auto to = create_data_user_ce_package_path(to_uuid, user, package_name);
438 if (delete_dir_contents(to.c_str(), 1, NULL) != 0) {
439 LOG(WARNING) << "Failed to rollback " << to;
440 }
441 }
442 }
443 return -1;
444 }
445
create_user_data(const char * uuid,userid_t userid,int user_serial ATTRIBUTE_UNUSED,int flags)446 int create_user_data(const char *uuid, userid_t userid, int user_serial ATTRIBUTE_UNUSED,
447 int flags) {
448 if (flags & FLAG_STORAGE_DE) {
449 if (uuid == nullptr) {
450 return ensure_config_user_dirs(userid);
451 }
452 }
453 return 0;
454 }
455
destroy_user_data(const char * uuid,userid_t userid,int flags)456 int destroy_user_data(const char *uuid, userid_t userid, int flags) {
457 int res = 0;
458 if (flags & FLAG_STORAGE_DE) {
459 res |= delete_dir_contents_and_dir(create_data_user_de_path(uuid, userid), true);
460 if (uuid == nullptr) {
461 res |= delete_dir_contents_and_dir(create_data_misc_legacy_path(userid), true);
462 res |= delete_dir_contents_and_dir(create_data_user_profiles_path(userid), true);
463 }
464 }
465 if (flags & FLAG_STORAGE_CE) {
466 res |= delete_dir_contents_and_dir(create_data_user_ce_path(uuid, userid), true);
467 res |= delete_dir_contents_and_dir(create_data_media_path(uuid, userid), true);
468 }
469 return res;
470 }
471
472 /* Try to ensure free_size bytes of storage are available.
473 * Returns 0 on success.
474 * This is rather simple-minded because doing a full LRU would
475 * be potentially memory-intensive, and without atime it would
476 * also require that apps constantly modify file metadata even
477 * when just reading from the cache, which is pretty awful.
478 */
free_cache(const char * uuid,int64_t free_size)479 int free_cache(const char *uuid, int64_t free_size) {
480 cache_t* cache;
481 int64_t avail;
482
483 auto data_path = create_data_path(uuid);
484
485 avail = data_disk_free(data_path);
486 if (avail < 0) return -1;
487
488 ALOGI("free_cache(%" PRId64 ") avail %" PRId64 "\n", free_size, avail);
489 if (avail >= free_size) return 0;
490
491 cache = start_cache_collection();
492
493 auto users = get_known_users(uuid);
494 for (auto user : users) {
495 add_cache_files(cache, create_data_user_ce_path(uuid, user));
496 add_cache_files(cache, create_data_user_de_path(uuid, user));
497 add_cache_files(cache,
498 StringPrintf("%s/Android/data", create_data_media_path(uuid, user).c_str()));
499 }
500
501 clear_cache_files(data_path, cache, free_size);
502 finish_cache_collection(cache);
503
504 return data_disk_free(data_path) >= free_size ? 0 : -1;
505 }
506
rm_dex(const char * path,const char * instruction_set)507 int rm_dex(const char *path, const char *instruction_set)
508 {
509 char dex_path[PKG_PATH_MAX];
510
511 if (validate_apk_path(path) && validate_system_app_path(path)) {
512 ALOGE("invalid apk path '%s' (bad prefix)\n", path);
513 return -1;
514 }
515
516 if (!create_cache_path(dex_path, path, instruction_set)) return -1;
517
518 ALOGV("unlink %s\n", dex_path);
519 if (unlink(dex_path) < 0) {
520 if (errno != ENOENT) {
521 ALOGE("Couldn't unlink %s: %s\n", dex_path, strerror(errno));
522 }
523 return -1;
524 } else {
525 return 0;
526 }
527 }
528
add_app_data_size(std::string & path,int64_t * codesize,int64_t * datasize,int64_t * cachesize)529 static void add_app_data_size(std::string& path, int64_t *codesize, int64_t *datasize,
530 int64_t *cachesize) {
531 DIR *d;
532 int dfd;
533 struct dirent *de;
534 struct stat s;
535
536 d = opendir(path.c_str());
537 if (d == nullptr) {
538 PLOG(WARNING) << "Failed to open " << path;
539 return;
540 }
541 dfd = dirfd(d);
542 while ((de = readdir(d))) {
543 const char *name = de->d_name;
544
545 int64_t statsize = 0;
546 if (fstatat(dfd, name, &s, AT_SYMLINK_NOFOLLOW) == 0) {
547 statsize = stat_size(&s);
548 }
549
550 if (de->d_type == DT_DIR) {
551 int subfd;
552 int64_t dirsize = 0;
553 /* always skip "." and ".." */
554 if (name[0] == '.') {
555 if (name[1] == 0) continue;
556 if ((name[1] == '.') && (name[2] == 0)) continue;
557 }
558 subfd = openat(dfd, name, O_RDONLY | O_DIRECTORY);
559 if (subfd >= 0) {
560 dirsize = calculate_dir_size(subfd);
561 close(subfd);
562 }
563 // TODO: check xattrs!
564 if (!strcmp(name, "cache") || !strcmp(name, "code_cache")) {
565 *datasize += statsize;
566 *cachesize += dirsize;
567 } else {
568 *datasize += dirsize + statsize;
569 }
570 } else if (de->d_type == DT_LNK && !strcmp(name, "lib")) {
571 *codesize += statsize;
572 } else {
573 *datasize += statsize;
574 }
575 }
576 closedir(d);
577 }
578
get_app_size(const char * uuid,const char * pkgname,int userid,int flags,ino_t ce_data_inode,const char * code_path,int64_t * codesize,int64_t * datasize,int64_t * cachesize,int64_t * asecsize)579 int get_app_size(const char *uuid, const char *pkgname, int userid, int flags, ino_t ce_data_inode,
580 const char *code_path, int64_t *codesize, int64_t *datasize, int64_t *cachesize,
581 int64_t* asecsize) {
582 DIR *d;
583 int dfd;
584
585 d = opendir(code_path);
586 if (d != nullptr) {
587 dfd = dirfd(d);
588 *codesize += calculate_dir_size(dfd);
589 closedir(d);
590 }
591
592 if (flags & FLAG_STORAGE_CE) {
593 auto path = create_data_user_ce_package_path(uuid, userid, pkgname, ce_data_inode);
594 add_app_data_size(path, codesize, datasize, cachesize);
595 }
596 if (flags & FLAG_STORAGE_DE) {
597 auto path = create_data_user_de_package_path(uuid, userid, pkgname);
598 add_app_data_size(path, codesize, datasize, cachesize);
599 }
600
601 *asecsize = 0;
602
603 return 0;
604 }
605
get_app_data_inode(const char * uuid,const char * pkgname,int userid,int flags,ino_t * inode)606 int get_app_data_inode(const char *uuid, const char *pkgname, int userid, int flags, ino_t *inode) {
607 struct stat buf;
608 memset(&buf, 0, sizeof(buf));
609 if (flags & FLAG_STORAGE_CE) {
610 auto path = create_data_user_ce_package_path(uuid, userid, pkgname);
611 if (stat(path.c_str(), &buf) == 0) {
612 *inode = buf.st_ino;
613 return 0;
614 }
615 }
616 return -1;
617 }
618
split_count(const char * str)619 static int split_count(const char *str)
620 {
621 char *ctx;
622 int count = 0;
623 char buf[kPropertyValueMax];
624
625 strncpy(buf, str, sizeof(buf));
626 char *pBuf = buf;
627
628 while(strtok_r(pBuf, " ", &ctx) != NULL) {
629 count++;
630 pBuf = NULL;
631 }
632
633 return count;
634 }
635
split(char * buf,const char ** argv)636 static int split(char *buf, const char **argv)
637 {
638 char *ctx;
639 int count = 0;
640 char *tok;
641 char *pBuf = buf;
642
643 while((tok = strtok_r(pBuf, " ", &ctx)) != NULL) {
644 argv[count++] = tok;
645 pBuf = NULL;
646 }
647
648 return count;
649 }
650
run_patchoat(int input_fd,int oat_fd,const char * input_file_name,const char * output_file_name,const char * pkgname ATTRIBUTE_UNUSED,const char * instruction_set)651 static void run_patchoat(int input_fd, int oat_fd, const char* input_file_name,
652 const char* output_file_name, const char *pkgname ATTRIBUTE_UNUSED, const char *instruction_set)
653 {
654 static const int MAX_INT_LEN = 12; // '-'+10dig+'\0' -OR- 0x+8dig
655 static const unsigned int MAX_INSTRUCTION_SET_LEN = 7;
656
657 static const char* PATCHOAT_BIN = "/system/bin/patchoat";
658 if (strlen(instruction_set) >= MAX_INSTRUCTION_SET_LEN) {
659 ALOGE("Instruction set %s longer than max length of %d",
660 instruction_set, MAX_INSTRUCTION_SET_LEN);
661 return;
662 }
663
664 /* input_file_name/input_fd should be the .odex/.oat file that is precompiled. I think*/
665 char instruction_set_arg[strlen("--instruction-set=") + MAX_INSTRUCTION_SET_LEN];
666 char output_oat_fd_arg[strlen("--output-oat-fd=") + MAX_INT_LEN];
667 char input_oat_fd_arg[strlen("--input-oat-fd=") + MAX_INT_LEN];
668 const char* patched_image_location_arg = "--patched-image-location=/system/framework/boot.art";
669 // The caller has already gotten all the locks we need.
670 const char* no_lock_arg = "--no-lock-output";
671 sprintf(instruction_set_arg, "--instruction-set=%s", instruction_set);
672 sprintf(output_oat_fd_arg, "--output-oat-fd=%d", oat_fd);
673 sprintf(input_oat_fd_arg, "--input-oat-fd=%d", input_fd);
674 ALOGV("Running %s isa=%s in-fd=%d (%s) out-fd=%d (%s)\n",
675 PATCHOAT_BIN, instruction_set, input_fd, input_file_name, oat_fd, output_file_name);
676
677 /* patchoat, patched-image-location, no-lock, isa, input-fd, output-fd */
678 char* argv[7];
679 argv[0] = (char*) PATCHOAT_BIN;
680 argv[1] = (char*) patched_image_location_arg;
681 argv[2] = (char*) no_lock_arg;
682 argv[3] = instruction_set_arg;
683 argv[4] = output_oat_fd_arg;
684 argv[5] = input_oat_fd_arg;
685 argv[6] = NULL;
686
687 execv(PATCHOAT_BIN, (char* const *)argv);
688 ALOGE("execv(%s) failed: %s\n", PATCHOAT_BIN, strerror(errno));
689 }
690
run_dex2oat(int zip_fd,int oat_fd,int image_fd,const char * input_file_name,const char * output_file_name,int swap_fd,const char * instruction_set,const char * compiler_filter,bool vm_safe_mode,bool debuggable,bool post_bootcomplete,int profile_fd,const char * shared_libraries)691 static void run_dex2oat(int zip_fd, int oat_fd, int image_fd, const char* input_file_name,
692 const char* output_file_name, int swap_fd, const char *instruction_set,
693 const char* compiler_filter, bool vm_safe_mode, bool debuggable, bool post_bootcomplete,
694 int profile_fd, const char* shared_libraries) {
695 static const unsigned int MAX_INSTRUCTION_SET_LEN = 7;
696
697 if (strlen(instruction_set) >= MAX_INSTRUCTION_SET_LEN) {
698 ALOGE("Instruction set %s longer than max length of %d",
699 instruction_set, MAX_INSTRUCTION_SET_LEN);
700 return;
701 }
702
703 char dex2oat_Xms_flag[kPropertyValueMax];
704 bool have_dex2oat_Xms_flag = get_property("dalvik.vm.dex2oat-Xms", dex2oat_Xms_flag, NULL) > 0;
705
706 char dex2oat_Xmx_flag[kPropertyValueMax];
707 bool have_dex2oat_Xmx_flag = get_property("dalvik.vm.dex2oat-Xmx", dex2oat_Xmx_flag, NULL) > 0;
708
709 char dex2oat_threads_buf[kPropertyValueMax];
710 bool have_dex2oat_threads_flag = get_property(post_bootcomplete
711 ? "dalvik.vm.dex2oat-threads"
712 : "dalvik.vm.boot-dex2oat-threads",
713 dex2oat_threads_buf,
714 NULL) > 0;
715 char dex2oat_threads_arg[kPropertyValueMax + 2];
716 if (have_dex2oat_threads_flag) {
717 sprintf(dex2oat_threads_arg, "-j%s", dex2oat_threads_buf);
718 }
719
720 char dex2oat_isa_features_key[kPropertyKeyMax];
721 sprintf(dex2oat_isa_features_key, "dalvik.vm.isa.%s.features", instruction_set);
722 char dex2oat_isa_features[kPropertyValueMax];
723 bool have_dex2oat_isa_features = get_property(dex2oat_isa_features_key,
724 dex2oat_isa_features, NULL) > 0;
725
726 char dex2oat_isa_variant_key[kPropertyKeyMax];
727 sprintf(dex2oat_isa_variant_key, "dalvik.vm.isa.%s.variant", instruction_set);
728 char dex2oat_isa_variant[kPropertyValueMax];
729 bool have_dex2oat_isa_variant = get_property(dex2oat_isa_variant_key,
730 dex2oat_isa_variant, NULL) > 0;
731
732 const char *dex2oat_norelocation = "-Xnorelocate";
733 bool have_dex2oat_relocation_skip_flag = false;
734
735 char dex2oat_flags[kPropertyValueMax];
736 int dex2oat_flags_count = get_property("dalvik.vm.dex2oat-flags",
737 dex2oat_flags, NULL) <= 0 ? 0 : split_count(dex2oat_flags);
738 ALOGV("dalvik.vm.dex2oat-flags=%s\n", dex2oat_flags);
739
740 // If we booting without the real /data, don't spend time compiling.
741 char vold_decrypt[kPropertyValueMax];
742 bool have_vold_decrypt = get_property("vold.decrypt", vold_decrypt, "") > 0;
743 bool skip_compilation = (have_vold_decrypt &&
744 (strcmp(vold_decrypt, "trigger_restart_min_framework") == 0 ||
745 (strcmp(vold_decrypt, "1") == 0)));
746
747 bool generate_debug_info = property_get_bool("debug.generate-debug-info");
748
749 char app_image_format[kPropertyValueMax];
750 char image_format_arg[strlen("--image-format=") + kPropertyValueMax];
751 bool have_app_image_format =
752 image_fd >= 0 && get_property("dalvik.vm.appimageformat", app_image_format, NULL) > 0;
753 if (have_app_image_format) {
754 sprintf(image_format_arg, "--image-format=%s", app_image_format);
755 }
756
757 static const char* DEX2OAT_BIN = "/system/bin/dex2oat";
758
759 static const char* RUNTIME_ARG = "--runtime-arg";
760
761 static const int MAX_INT_LEN = 12; // '-'+10dig+'\0' -OR- 0x+8dig
762
763 char zip_fd_arg[strlen("--zip-fd=") + MAX_INT_LEN];
764 char zip_location_arg[strlen("--zip-location=") + PKG_PATH_MAX];
765 char oat_fd_arg[strlen("--oat-fd=") + MAX_INT_LEN];
766 char oat_location_arg[strlen("--oat-location=") + PKG_PATH_MAX];
767 char instruction_set_arg[strlen("--instruction-set=") + MAX_INSTRUCTION_SET_LEN];
768 char instruction_set_variant_arg[strlen("--instruction-set-variant=") + kPropertyValueMax];
769 char instruction_set_features_arg[strlen("--instruction-set-features=") + kPropertyValueMax];
770 char dex2oat_Xms_arg[strlen("-Xms") + kPropertyValueMax];
771 char dex2oat_Xmx_arg[strlen("-Xmx") + kPropertyValueMax];
772 char dex2oat_compiler_filter_arg[strlen("--compiler-filter=") + kPropertyValueMax];
773 bool have_dex2oat_swap_fd = false;
774 char dex2oat_swap_fd[strlen("--swap-fd=") + MAX_INT_LEN];
775 bool have_dex2oat_image_fd = false;
776 char dex2oat_image_fd[strlen("--app-image-fd=") + MAX_INT_LEN];
777
778 sprintf(zip_fd_arg, "--zip-fd=%d", zip_fd);
779 sprintf(zip_location_arg, "--zip-location=%s", input_file_name);
780 sprintf(oat_fd_arg, "--oat-fd=%d", oat_fd);
781 sprintf(oat_location_arg, "--oat-location=%s", output_file_name);
782 sprintf(instruction_set_arg, "--instruction-set=%s", instruction_set);
783 sprintf(instruction_set_variant_arg, "--instruction-set-variant=%s", dex2oat_isa_variant);
784 sprintf(instruction_set_features_arg, "--instruction-set-features=%s", dex2oat_isa_features);
785 if (swap_fd >= 0) {
786 have_dex2oat_swap_fd = true;
787 sprintf(dex2oat_swap_fd, "--swap-fd=%d", swap_fd);
788 }
789 if (image_fd >= 0) {
790 have_dex2oat_image_fd = true;
791 sprintf(dex2oat_image_fd, "--app-image-fd=%d", image_fd);
792 }
793
794 if (have_dex2oat_Xms_flag) {
795 sprintf(dex2oat_Xms_arg, "-Xms%s", dex2oat_Xms_flag);
796 }
797 if (have_dex2oat_Xmx_flag) {
798 sprintf(dex2oat_Xmx_arg, "-Xmx%s", dex2oat_Xmx_flag);
799 }
800
801 // Compute compiler filter.
802
803 bool have_dex2oat_compiler_filter_flag;
804 if (skip_compilation) {
805 strcpy(dex2oat_compiler_filter_arg, "--compiler-filter=verify-none");
806 have_dex2oat_compiler_filter_flag = true;
807 have_dex2oat_relocation_skip_flag = true;
808 } else if (vm_safe_mode) {
809 strcpy(dex2oat_compiler_filter_arg, "--compiler-filter=interpret-only");
810 have_dex2oat_compiler_filter_flag = true;
811 } else if (compiler_filter != nullptr &&
812 strlen(compiler_filter) + strlen("--compiler-filter=") <
813 arraysize(dex2oat_compiler_filter_arg)) {
814 sprintf(dex2oat_compiler_filter_arg, "--compiler-filter=%s", compiler_filter);
815 have_dex2oat_compiler_filter_flag = true;
816 } else {
817 char dex2oat_compiler_filter_flag[kPropertyValueMax];
818 have_dex2oat_compiler_filter_flag = get_property("dalvik.vm.dex2oat-filter",
819 dex2oat_compiler_filter_flag, NULL) > 0;
820 if (have_dex2oat_compiler_filter_flag) {
821 sprintf(dex2oat_compiler_filter_arg,
822 "--compiler-filter=%s",
823 dex2oat_compiler_filter_flag);
824 }
825 }
826
827 // Check whether all apps should be compiled debuggable.
828 if (!debuggable) {
829 char prop_buf[kPropertyValueMax];
830 debuggable =
831 (get_property("dalvik.vm.always_debuggable", prop_buf, "0") > 0) &&
832 (prop_buf[0] == '1');
833 }
834 char profile_arg[strlen("--profile-file-fd=") + MAX_INT_LEN];
835 if (profile_fd != -1) {
836 sprintf(profile_arg, "--profile-file-fd=%d", profile_fd);
837 }
838
839
840 ALOGV("Running %s in=%s out=%s\n", DEX2OAT_BIN, input_file_name, output_file_name);
841
842 const char* argv[7 // program name, mandatory arguments and the final NULL
843 + (have_dex2oat_isa_variant ? 1 : 0)
844 + (have_dex2oat_isa_features ? 1 : 0)
845 + (have_dex2oat_Xms_flag ? 2 : 0)
846 + (have_dex2oat_Xmx_flag ? 2 : 0)
847 + (have_dex2oat_compiler_filter_flag ? 1 : 0)
848 + (have_dex2oat_threads_flag ? 1 : 0)
849 + (have_dex2oat_swap_fd ? 1 : 0)
850 + (have_dex2oat_image_fd ? 1 : 0)
851 + (have_dex2oat_relocation_skip_flag ? 2 : 0)
852 + (generate_debug_info ? 1 : 0)
853 + (debuggable ? 1 : 0)
854 + (have_app_image_format ? 1 : 0)
855 + dex2oat_flags_count
856 + (profile_fd == -1 ? 0 : 1)
857 + (shared_libraries != nullptr ? 4 : 0)];
858 int i = 0;
859 argv[i++] = DEX2OAT_BIN;
860 argv[i++] = zip_fd_arg;
861 argv[i++] = zip_location_arg;
862 argv[i++] = oat_fd_arg;
863 argv[i++] = oat_location_arg;
864 argv[i++] = instruction_set_arg;
865 if (have_dex2oat_isa_variant) {
866 argv[i++] = instruction_set_variant_arg;
867 }
868 if (have_dex2oat_isa_features) {
869 argv[i++] = instruction_set_features_arg;
870 }
871 if (have_dex2oat_Xms_flag) {
872 argv[i++] = RUNTIME_ARG;
873 argv[i++] = dex2oat_Xms_arg;
874 }
875 if (have_dex2oat_Xmx_flag) {
876 argv[i++] = RUNTIME_ARG;
877 argv[i++] = dex2oat_Xmx_arg;
878 }
879 if (have_dex2oat_compiler_filter_flag) {
880 argv[i++] = dex2oat_compiler_filter_arg;
881 }
882 if (have_dex2oat_threads_flag) {
883 argv[i++] = dex2oat_threads_arg;
884 }
885 if (have_dex2oat_swap_fd) {
886 argv[i++] = dex2oat_swap_fd;
887 }
888 if (have_dex2oat_image_fd) {
889 argv[i++] = dex2oat_image_fd;
890 }
891 if (generate_debug_info) {
892 argv[i++] = "--generate-debug-info";
893 }
894 if (debuggable) {
895 argv[i++] = "--debuggable";
896 }
897 if (have_app_image_format) {
898 argv[i++] = image_format_arg;
899 }
900 if (dex2oat_flags_count) {
901 i += split(dex2oat_flags, argv + i);
902 }
903 if (have_dex2oat_relocation_skip_flag) {
904 argv[i++] = RUNTIME_ARG;
905 argv[i++] = dex2oat_norelocation;
906 }
907 if (profile_fd != -1) {
908 argv[i++] = profile_arg;
909 }
910 if (shared_libraries != nullptr) {
911 argv[i++] = RUNTIME_ARG;
912 argv[i++] = "-classpath";
913 argv[i++] = RUNTIME_ARG;
914 argv[i++] = shared_libraries;
915 }
916 // Do not add after dex2oat_flags, they should override others for debugging.
917 argv[i] = NULL;
918
919 execv(DEX2OAT_BIN, (char * const *)argv);
920 ALOGE("execv(%s) failed: %s\n", DEX2OAT_BIN, strerror(errno));
921 }
922
923 /*
924 * Whether dexopt should use a swap file when compiling an APK.
925 *
926 * If kAlwaysProvideSwapFile, do this on all devices (dex2oat will make a more informed decision
927 * itself, anyways).
928 *
929 * Otherwise, read "dalvik.vm.dex2oat-swap". If the property exists, return whether it is "true".
930 *
931 * Otherwise, return true if this is a low-mem device.
932 *
933 * Otherwise, return default value.
934 */
935 static bool kAlwaysProvideSwapFile = false;
936 static bool kDefaultProvideSwapFile = true;
937
ShouldUseSwapFileForDexopt()938 static bool ShouldUseSwapFileForDexopt() {
939 if (kAlwaysProvideSwapFile) {
940 return true;
941 }
942
943 // Check the "override" property. If it exists, return value == "true".
944 char dex2oat_prop_buf[kPropertyValueMax];
945 if (get_property("dalvik.vm.dex2oat-swap", dex2oat_prop_buf, "") > 0) {
946 if (strcmp(dex2oat_prop_buf, "true") == 0) {
947 return true;
948 } else {
949 return false;
950 }
951 }
952
953 // Shortcut for default value. This is an implementation optimization for the process sketched
954 // above. If the default value is true, we can avoid to check whether this is a low-mem device,
955 // as low-mem is never returning false. The compiler will optimize this away if it can.
956 if (kDefaultProvideSwapFile) {
957 return true;
958 }
959
960 bool is_low_mem = property_get_bool("ro.config.low_ram");
961 if (is_low_mem) {
962 return true;
963 }
964
965 // Default value must be false here.
966 return kDefaultProvideSwapFile;
967 }
968
SetDex2OatAndPatchOatScheduling(bool set_to_bg)969 static void SetDex2OatAndPatchOatScheduling(bool set_to_bg) {
970 if (set_to_bg) {
971 if (set_sched_policy(0, SP_BACKGROUND) < 0) {
972 ALOGE("set_sched_policy failed: %s\n", strerror(errno));
973 exit(70);
974 }
975 if (setpriority(PRIO_PROCESS, 0, ANDROID_PRIORITY_BACKGROUND) < 0) {
976 ALOGE("setpriority failed: %s\n", strerror(errno));
977 exit(71);
978 }
979 }
980 }
981
close_all_fds(const std::vector<fd_t> & fds,const char * description)982 static void close_all_fds(const std::vector<fd_t>& fds, const char* description) {
983 for (size_t i = 0; i < fds.size(); i++) {
984 if (close(fds[i]) != 0) {
985 PLOG(WARNING) << "Failed to close fd for " << description << " at index " << i;
986 }
987 }
988 }
989
open_profile_dir(const std::string & profile_dir)990 static fd_t open_profile_dir(const std::string& profile_dir) {
991 fd_t profile_dir_fd = TEMP_FAILURE_RETRY(open(profile_dir.c_str(),
992 O_PATH | O_CLOEXEC | O_DIRECTORY | O_NOFOLLOW));
993 if (profile_dir_fd < 0) {
994 // In a multi-user environment, these directories can be created at
995 // different points and it's possible we'll attempt to open a profile
996 // dir before it exists.
997 if (errno != ENOENT) {
998 PLOG(ERROR) << "Failed to open profile_dir: " << profile_dir;
999 }
1000 }
1001 return profile_dir_fd;
1002 }
1003
open_primary_profile_file_from_dir(const std::string & profile_dir,mode_t open_mode)1004 static fd_t open_primary_profile_file_from_dir(const std::string& profile_dir, mode_t open_mode) {
1005 fd_t profile_dir_fd = open_profile_dir(profile_dir);
1006 if (profile_dir_fd < 0) {
1007 return -1;
1008 }
1009
1010 fd_t profile_fd = -1;
1011 std::string profile_file = create_primary_profile(profile_dir);
1012
1013 profile_fd = TEMP_FAILURE_RETRY(open(profile_file.c_str(), open_mode | O_NOFOLLOW));
1014 if (profile_fd == -1) {
1015 // It's not an error if the profile file does not exist.
1016 if (errno != ENOENT) {
1017 PLOG(ERROR) << "Failed to lstat profile_dir: " << profile_dir;
1018 }
1019 }
1020 // TODO(calin): use AutoCloseFD instead of closing the fd manually.
1021 if (close(profile_dir_fd) != 0) {
1022 PLOG(WARNING) << "Could not close profile dir " << profile_dir;
1023 }
1024 return profile_fd;
1025 }
1026
open_primary_profile_file(userid_t user,const char * pkgname)1027 static fd_t open_primary_profile_file(userid_t user, const char* pkgname) {
1028 std::string profile_dir = create_data_user_profile_package_path(user, pkgname);
1029 return open_primary_profile_file_from_dir(profile_dir, O_RDONLY);
1030 }
1031
open_reference_profile(uid_t uid,const char * pkgname,bool read_write)1032 static fd_t open_reference_profile(uid_t uid, const char* pkgname, bool read_write) {
1033 std::string reference_profile_dir = create_data_ref_profile_package_path(pkgname);
1034 int flags = read_write ? O_RDWR | O_CREAT : O_RDONLY;
1035 fd_t fd = open_primary_profile_file_from_dir(reference_profile_dir, flags);
1036 if (fd < 0) {
1037 return -1;
1038 }
1039 if (read_write) {
1040 // Fix the owner.
1041 if (fchown(fd, uid, uid) < 0) {
1042 close(fd);
1043 return -1;
1044 }
1045 }
1046 return fd;
1047 }
1048
open_profile_files(uid_t uid,const char * pkgname,std::vector<fd_t> * profiles_fd,fd_t * reference_profile_fd)1049 static void open_profile_files(uid_t uid, const char* pkgname,
1050 /*out*/ std::vector<fd_t>* profiles_fd, /*out*/ fd_t* reference_profile_fd) {
1051 // Open the reference profile in read-write mode as profman might need to save the merge.
1052 *reference_profile_fd = open_reference_profile(uid, pkgname, /*read_write*/ true);
1053 if (*reference_profile_fd < 0) {
1054 // We can't access the reference profile file.
1055 return;
1056 }
1057
1058 std::vector<userid_t> users = get_known_users(/*volume_uuid*/ nullptr);
1059 for (auto user : users) {
1060 fd_t profile_fd = open_primary_profile_file(user, pkgname);
1061 // Add to the lists only if both fds are valid.
1062 if (profile_fd >= 0) {
1063 profiles_fd->push_back(profile_fd);
1064 }
1065 }
1066 }
1067
drop_capabilities(uid_t uid)1068 static void drop_capabilities(uid_t uid) {
1069 if (setgid(uid) != 0) {
1070 ALOGE("setgid(%d) failed in installd during dexopt\n", uid);
1071 exit(64);
1072 }
1073 if (setuid(uid) != 0) {
1074 ALOGE("setuid(%d) failed in installd during dexopt\n", uid);
1075 exit(65);
1076 }
1077 // drop capabilities
1078 struct __user_cap_header_struct capheader;
1079 struct __user_cap_data_struct capdata[2];
1080 memset(&capheader, 0, sizeof(capheader));
1081 memset(&capdata, 0, sizeof(capdata));
1082 capheader.version = _LINUX_CAPABILITY_VERSION_3;
1083 if (capset(&capheader, &capdata[0]) < 0) {
1084 ALOGE("capset failed: %s\n", strerror(errno));
1085 exit(66);
1086 }
1087 }
1088
1089 static constexpr int PROFMAN_BIN_RETURN_CODE_COMPILE = 0;
1090 static constexpr int PROFMAN_BIN_RETURN_CODE_SKIP_COMPILATION = 1;
1091 static constexpr int PROFMAN_BIN_RETURN_CODE_BAD_PROFILES = 2;
1092 static constexpr int PROFMAN_BIN_RETURN_CODE_ERROR_IO = 3;
1093 static constexpr int PROFMAN_BIN_RETURN_CODE_ERROR_LOCKING = 4;
1094
run_profman_merge(const std::vector<fd_t> & profiles_fd,fd_t reference_profile_fd)1095 static void run_profman_merge(const std::vector<fd_t>& profiles_fd, fd_t reference_profile_fd) {
1096 static const size_t MAX_INT_LEN = 32;
1097 static const char* PROFMAN_BIN = "/system/bin/profman";
1098
1099 std::vector<std::string> profile_args(profiles_fd.size());
1100 char profile_buf[strlen("--profile-file-fd=") + MAX_INT_LEN];
1101 for (size_t k = 0; k < profiles_fd.size(); k++) {
1102 sprintf(profile_buf, "--profile-file-fd=%d", profiles_fd[k]);
1103 profile_args[k].assign(profile_buf);
1104 }
1105 char reference_profile_arg[strlen("--reference-profile-file-fd=") + MAX_INT_LEN];
1106 sprintf(reference_profile_arg, "--reference-profile-file-fd=%d", reference_profile_fd);
1107
1108 // program name, reference profile fd, the final NULL and the profile fds
1109 const char* argv[3 + profiles_fd.size()];
1110 int i = 0;
1111 argv[i++] = PROFMAN_BIN;
1112 argv[i++] = reference_profile_arg;
1113 for (size_t k = 0; k < profile_args.size(); k++) {
1114 argv[i++] = profile_args[k].c_str();
1115 }
1116 // Do not add after dex2oat_flags, they should override others for debugging.
1117 argv[i] = NULL;
1118
1119 execv(PROFMAN_BIN, (char * const *)argv);
1120 ALOGE("execv(%s) failed: %s\n", PROFMAN_BIN, strerror(errno));
1121 exit(68); /* only get here on exec failure */
1122 }
1123
1124 // Decides if profile guided compilation is needed or not based on existing profiles.
1125 // Returns true if there is enough information in the current profiles that worth
1126 // a re-compilation of the package.
1127 // If the return value is true all the current profiles would have been merged into
1128 // the reference profiles accessible with open_reference_profile().
analyse_profiles(uid_t uid,const char * pkgname)1129 static bool analyse_profiles(uid_t uid, const char* pkgname) {
1130 std::vector<fd_t> profiles_fd;
1131 fd_t reference_profile_fd = -1;
1132 open_profile_files(uid, pkgname, &profiles_fd, &reference_profile_fd);
1133 if (profiles_fd.empty() || (reference_profile_fd == -1)) {
1134 // Skip profile guided compilation because no profiles were found.
1135 // Or if the reference profile info couldn't be opened.
1136 close_all_fds(profiles_fd, "profiles_fd");
1137 if ((reference_profile_fd != - 1) && (close(reference_profile_fd) != 0)) {
1138 PLOG(WARNING) << "Failed to close fd for reference profile";
1139 }
1140 return false;
1141 }
1142
1143 ALOGV("PROFMAN (MERGE): --- BEGIN '%s' ---\n", pkgname);
1144
1145 pid_t pid = fork();
1146 if (pid == 0) {
1147 /* child -- drop privileges before continuing */
1148 drop_capabilities(uid);
1149 run_profman_merge(profiles_fd, reference_profile_fd);
1150 exit(68); /* only get here on exec failure */
1151 }
1152 /* parent */
1153 int return_code = wait_child(pid);
1154 bool need_to_compile = false;
1155 bool should_clear_current_profiles = false;
1156 bool should_clear_reference_profile = false;
1157 if (!WIFEXITED(return_code)) {
1158 LOG(WARNING) << "profman failed for package " << pkgname << ": " << return_code;
1159 } else {
1160 return_code = WEXITSTATUS(return_code);
1161 switch (return_code) {
1162 case PROFMAN_BIN_RETURN_CODE_COMPILE:
1163 need_to_compile = true;
1164 should_clear_current_profiles = true;
1165 should_clear_reference_profile = false;
1166 break;
1167 case PROFMAN_BIN_RETURN_CODE_SKIP_COMPILATION:
1168 need_to_compile = false;
1169 should_clear_current_profiles = false;
1170 should_clear_reference_profile = false;
1171 break;
1172 case PROFMAN_BIN_RETURN_CODE_BAD_PROFILES:
1173 LOG(WARNING) << "Bad profiles for package " << pkgname;
1174 need_to_compile = false;
1175 should_clear_current_profiles = true;
1176 should_clear_reference_profile = true;
1177 break;
1178 case PROFMAN_BIN_RETURN_CODE_ERROR_IO: // fall-through
1179 case PROFMAN_BIN_RETURN_CODE_ERROR_LOCKING:
1180 // Temporary IO problem (e.g. locking). Ignore but log a warning.
1181 LOG(WARNING) << "IO error while reading profiles for package " << pkgname;
1182 need_to_compile = false;
1183 should_clear_current_profiles = false;
1184 should_clear_reference_profile = false;
1185 break;
1186 default:
1187 // Unknown return code or error. Unlink profiles.
1188 LOG(WARNING) << "Unknown error code while processing profiles for package " << pkgname
1189 << ": " << return_code;
1190 need_to_compile = false;
1191 should_clear_current_profiles = true;
1192 should_clear_reference_profile = true;
1193 break;
1194 }
1195 }
1196 close_all_fds(profiles_fd, "profiles_fd");
1197 if (close(reference_profile_fd) != 0) {
1198 PLOG(WARNING) << "Failed to close fd for reference profile";
1199 }
1200 if (should_clear_current_profiles) {
1201 clear_current_profiles(pkgname);
1202 }
1203 if (should_clear_reference_profile) {
1204 clear_reference_profile(pkgname);
1205 }
1206 return need_to_compile;
1207 }
1208
run_profman_dump(const std::vector<fd_t> & profile_fds,fd_t reference_profile_fd,const std::vector<std::string> & dex_locations,const std::vector<fd_t> & apk_fds,fd_t output_fd)1209 static void run_profman_dump(const std::vector<fd_t>& profile_fds,
1210 fd_t reference_profile_fd,
1211 const std::vector<std::string>& dex_locations,
1212 const std::vector<fd_t>& apk_fds,
1213 fd_t output_fd) {
1214 std::vector<std::string> profman_args;
1215 static const char* PROFMAN_BIN = "/system/bin/profman";
1216 profman_args.push_back(PROFMAN_BIN);
1217 profman_args.push_back("--dump-only");
1218 profman_args.push_back(StringPrintf("--dump-output-to-fd=%d", output_fd));
1219 if (reference_profile_fd != -1) {
1220 profman_args.push_back(StringPrintf("--reference-profile-file-fd=%d",
1221 reference_profile_fd));
1222 }
1223 for (fd_t profile_fd : profile_fds) {
1224 profman_args.push_back(StringPrintf("--profile-file-fd=%d", profile_fd));
1225 }
1226 for (const std::string& dex_location : dex_locations) {
1227 profman_args.push_back(StringPrintf("--dex-location=%s", dex_location.c_str()));
1228 }
1229 for (fd_t apk_fd : apk_fds) {
1230 profman_args.push_back(StringPrintf("--apk-fd=%d", apk_fd));
1231 }
1232 const char **argv = new const char*[profman_args.size() + 1];
1233 size_t i = 0;
1234 for (const std::string& profman_arg : profman_args) {
1235 argv[i++] = profman_arg.c_str();
1236 }
1237 argv[i] = NULL;
1238
1239 execv(PROFMAN_BIN, (char * const *)argv);
1240 ALOGE("execv(%s) failed: %s\n", PROFMAN_BIN, strerror(errno));
1241 exit(68); /* only get here on exec failure */
1242 }
1243
get_location_from_path(const char * path)1244 static const char* get_location_from_path(const char* path) {
1245 static constexpr char kLocationSeparator = '/';
1246 const char *location = strrchr(path, kLocationSeparator);
1247 if (location == NULL) {
1248 return path;
1249 } else {
1250 // Skip the separator character.
1251 return location + 1;
1252 }
1253 }
1254
1255 // Dumps the contents of a profile file, using pkgname's dex files for pretty
1256 // printing the result.
dump_profile(uid_t uid,const char * pkgname,const char * code_path_string)1257 bool dump_profile(uid_t uid, const char* pkgname, const char* code_path_string) {
1258 std::vector<fd_t> profile_fds;
1259 fd_t reference_profile_fd = -1;
1260 std::string out_file_name = StringPrintf("/data/misc/profman/%s.txt", pkgname);
1261
1262 ALOGV("PROFMAN (DUMP): --- BEGIN '%s' ---\n", pkgname);
1263
1264 open_profile_files(uid, pkgname, &profile_fds, &reference_profile_fd);
1265
1266 const bool has_reference_profile = (reference_profile_fd != -1);
1267 const bool has_profiles = !profile_fds.empty();
1268
1269 if (!has_reference_profile && !has_profiles) {
1270 ALOGE("profman dump: no profiles to dump for '%s'", pkgname);
1271 return false;
1272 }
1273
1274 fd_t output_fd = open(out_file_name.c_str(), O_WRONLY | O_CREAT | O_TRUNC | O_NOFOLLOW);
1275 if (fchmod(output_fd, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH) < 0) {
1276 ALOGE("installd cannot chmod '%s' dump_profile\n", out_file_name.c_str());
1277 return false;
1278 }
1279 std::vector<std::string> code_full_paths = base::Split(code_path_string, ";");
1280 std::vector<std::string> dex_locations;
1281 std::vector<fd_t> apk_fds;
1282 for (const std::string& code_full_path : code_full_paths) {
1283 const char* full_path = code_full_path.c_str();
1284 fd_t apk_fd = open(full_path, O_RDONLY | O_NOFOLLOW);
1285 if (apk_fd == -1) {
1286 ALOGE("installd cannot open '%s'\n", full_path);
1287 return false;
1288 }
1289 dex_locations.push_back(get_location_from_path(full_path));
1290 apk_fds.push_back(apk_fd);
1291 }
1292
1293 pid_t pid = fork();
1294 if (pid == 0) {
1295 /* child -- drop privileges before continuing */
1296 drop_capabilities(uid);
1297 run_profman_dump(profile_fds, reference_profile_fd, dex_locations,
1298 apk_fds, output_fd);
1299 exit(68); /* only get here on exec failure */
1300 }
1301 /* parent */
1302 close_all_fds(apk_fds, "apk_fds");
1303 close_all_fds(profile_fds, "profile_fds");
1304 if (close(reference_profile_fd) != 0) {
1305 PLOG(WARNING) << "Failed to close fd for reference profile";
1306 }
1307 int return_code = wait_child(pid);
1308 if (!WIFEXITED(return_code)) {
1309 LOG(WARNING) << "profman failed for package " << pkgname << ": "
1310 << return_code;
1311 return false;
1312 }
1313 return true;
1314 }
1315
trim_extension(char * path)1316 static void trim_extension(char* path) {
1317 // Trim the extension.
1318 int pos = strlen(path);
1319 for (; pos >= 0 && path[pos] != '.'; --pos) {}
1320 if (pos >= 0) {
1321 path[pos] = '\0'; // Trim extension
1322 }
1323 }
1324
add_extension_to_file_name(char * file_name,const char * extension)1325 static bool add_extension_to_file_name(char* file_name, const char* extension) {
1326 if (strlen(file_name) + strlen(extension) + 1 > PKG_PATH_MAX) {
1327 return false;
1328 }
1329 strcat(file_name, extension);
1330 return true;
1331 }
1332
open_output_file(char * file_name,bool recreate,int permissions)1333 static int open_output_file(char* file_name, bool recreate, int permissions) {
1334 int flags = O_RDWR | O_CREAT;
1335 if (recreate) {
1336 if (unlink(file_name) < 0) {
1337 if (errno != ENOENT) {
1338 PLOG(ERROR) << "open_output_file: Couldn't unlink " << file_name;
1339 }
1340 }
1341 flags |= O_EXCL;
1342 }
1343 return open(file_name, flags, permissions);
1344 }
1345
set_permissions_and_ownership(int fd,bool is_public,int uid,const char * path)1346 static bool set_permissions_and_ownership(int fd, bool is_public, int uid, const char* path) {
1347 if (fchmod(fd,
1348 S_IRUSR|S_IWUSR|S_IRGRP |
1349 (is_public ? S_IROTH : 0)) < 0) {
1350 ALOGE("installd cannot chmod '%s' during dexopt\n", path);
1351 return false;
1352 } else if (fchown(fd, AID_SYSTEM, uid) < 0) {
1353 ALOGE("installd cannot chown '%s' during dexopt\n", path);
1354 return false;
1355 }
1356 return true;
1357 }
1358
create_oat_out_path(const char * apk_path,const char * instruction_set,const char * oat_dir,char * out_path)1359 static bool create_oat_out_path(const char* apk_path, const char* instruction_set,
1360 const char* oat_dir, /*out*/ char* out_path) {
1361 // Early best-effort check whether we can fit the the path into our buffers.
1362 // Note: the cache path will require an additional 5 bytes for ".swap", but we'll try to run
1363 // without a swap file, if necessary. Reference profiles file also add an extra ".prof"
1364 // extension to the cache path (5 bytes).
1365 if (strlen(apk_path) >= (PKG_PATH_MAX - 8)) {
1366 ALOGE("apk_path too long '%s'\n", apk_path);
1367 return false;
1368 }
1369
1370 if (oat_dir != NULL && oat_dir[0] != '!') {
1371 if (validate_apk_path(oat_dir)) {
1372 ALOGE("invalid oat_dir '%s'\n", oat_dir);
1373 return false;
1374 }
1375 if (!calculate_oat_file_path(out_path, oat_dir, apk_path, instruction_set)) {
1376 return false;
1377 }
1378 } else {
1379 if (!create_cache_path(out_path, apk_path, instruction_set)) {
1380 return false;
1381 }
1382 }
1383 return true;
1384 }
1385
1386 // TODO: Consider returning error codes.
merge_profiles(uid_t uid,const char * pkgname)1387 bool merge_profiles(uid_t uid, const char *pkgname) {
1388 return analyse_profiles(uid, pkgname);
1389 }
1390
dexopt(const char * apk_path,uid_t uid,const char * pkgname,const char * instruction_set,int dexopt_needed,const char * oat_dir,int dexopt_flags,const char * compiler_filter,const char * volume_uuid ATTRIBUTE_UNUSED,const char * shared_libraries)1391 int dexopt(const char* apk_path, uid_t uid, const char* pkgname, const char* instruction_set,
1392 int dexopt_needed, const char* oat_dir, int dexopt_flags, const char* compiler_filter,
1393 const char* volume_uuid ATTRIBUTE_UNUSED, const char* shared_libraries)
1394 {
1395 struct utimbuf ut;
1396 struct stat input_stat;
1397 char out_path[PKG_PATH_MAX];
1398 char swap_file_name[PKG_PATH_MAX];
1399 char image_path[PKG_PATH_MAX];
1400 const char *input_file;
1401 char in_odex_path[PKG_PATH_MAX];
1402 int res;
1403 fd_t input_fd=-1, out_fd=-1, image_fd=-1, swap_fd=-1;
1404 bool is_public = ((dexopt_flags & DEXOPT_PUBLIC) != 0);
1405 bool vm_safe_mode = (dexopt_flags & DEXOPT_SAFEMODE) != 0;
1406 bool debuggable = (dexopt_flags & DEXOPT_DEBUGGABLE) != 0;
1407 bool boot_complete = (dexopt_flags & DEXOPT_BOOTCOMPLETE) != 0;
1408 bool profile_guided = (dexopt_flags & DEXOPT_PROFILE_GUIDED) != 0;
1409
1410 CHECK(pkgname != nullptr);
1411 CHECK(pkgname[0] != 0);
1412
1413 fd_t reference_profile_fd = -1;
1414 // Public apps should not be compiled with profile information ever. Same goes for the special
1415 // package '*' used for the system server.
1416 if (!is_public && pkgname[0] != '*') {
1417 // Open reference profile in read only mode as dex2oat does not get write permissions.
1418 reference_profile_fd = open_reference_profile(uid, pkgname, /*read_write*/ false);
1419 // Note: it's OK to not find a profile here.
1420 }
1421
1422 if ((dexopt_flags & ~DEXOPT_MASK) != 0) {
1423 LOG_FATAL("dexopt flags contains unknown fields\n");
1424 }
1425
1426 if (!create_oat_out_path(apk_path, instruction_set, oat_dir, out_path)) {
1427 return false;
1428 }
1429
1430 switch (dexopt_needed) {
1431 case DEXOPT_DEX2OAT_NEEDED:
1432 input_file = apk_path;
1433 break;
1434
1435 case DEXOPT_PATCHOAT_NEEDED:
1436 if (!calculate_odex_file_path(in_odex_path, apk_path, instruction_set)) {
1437 return -1;
1438 }
1439 input_file = in_odex_path;
1440 break;
1441
1442 case DEXOPT_SELF_PATCHOAT_NEEDED:
1443 input_file = out_path;
1444 break;
1445
1446 default:
1447 ALOGE("Invalid dexopt needed: %d\n", dexopt_needed);
1448 exit(72);
1449 }
1450
1451 memset(&input_stat, 0, sizeof(input_stat));
1452 stat(input_file, &input_stat);
1453
1454 input_fd = open(input_file, O_RDONLY, 0);
1455 if (input_fd < 0) {
1456 ALOGE("installd cannot open '%s' for input during dexopt\n", input_file);
1457 return -1;
1458 }
1459
1460 out_fd = open_output_file(out_path, /*recreate*/true, /*permissions*/0644);
1461 if (out_fd < 0) {
1462 ALOGE("installd cannot open '%s' for output during dexopt\n", out_path);
1463 goto fail;
1464 }
1465 if (!set_permissions_and_ownership(out_fd, is_public, uid, out_path)) {
1466 goto fail;
1467 }
1468
1469 // Create a swap file if necessary.
1470 if (ShouldUseSwapFileForDexopt()) {
1471 // Make sure there really is enough space.
1472 strcpy(swap_file_name, out_path);
1473 if (add_extension_to_file_name(swap_file_name, ".swap")) {
1474 swap_fd = open_output_file(swap_file_name, /*recreate*/true, /*permissions*/0600);
1475 }
1476 if (swap_fd < 0) {
1477 // Could not create swap file. Optimistically go on and hope that we can compile
1478 // without it.
1479 ALOGE("installd could not create '%s' for swap during dexopt\n", swap_file_name);
1480 } else {
1481 // Immediately unlink. We don't really want to hit flash.
1482 if (unlink(swap_file_name) < 0) {
1483 PLOG(ERROR) << "Couldn't unlink swap file " << swap_file_name;
1484 }
1485 }
1486 }
1487
1488 // Avoid generating an app image for extract only since it will not contain any classes.
1489 strcpy(image_path, out_path);
1490 trim_extension(image_path);
1491 if (add_extension_to_file_name(image_path, ".art")) {
1492 char app_image_format[kPropertyValueMax];
1493 bool have_app_image_format =
1494 get_property("dalvik.vm.appimageformat", app_image_format, NULL) > 0;
1495 // Use app images only if it is enabled (by a set image format) and we are compiling
1496 // profile-guided (so the app image doesn't conservatively contain all classes).
1497 if (profile_guided && have_app_image_format) {
1498 // Recreate is true since we do not want to modify a mapped image. If the app is already
1499 // running and we modify the image file, it can cause crashes (b/27493510).
1500 image_fd = open_output_file(image_path, /*recreate*/true, /*permissions*/0600);
1501 if (image_fd < 0) {
1502 // Could not create application image file. Go on since we can compile without it.
1503 ALOGE("installd could not create '%s' for image file during dexopt\n", image_path);
1504 } else if (!set_permissions_and_ownership(image_fd, is_public, uid, image_path)) {
1505 image_fd = -1;
1506 }
1507 }
1508 // If we have a valid image file path but no image fd, erase the image file.
1509 if (image_fd < 0) {
1510 if (unlink(image_path) < 0) {
1511 if (errno != ENOENT) {
1512 PLOG(ERROR) << "Couldn't unlink image file " << image_path;
1513 }
1514 }
1515 }
1516 }
1517
1518 ALOGV("DexInv: --- BEGIN '%s' ---\n", input_file);
1519
1520 pid_t pid;
1521 pid = fork();
1522 if (pid == 0) {
1523 /* child -- drop privileges before continuing */
1524 drop_capabilities(uid);
1525
1526 SetDex2OatAndPatchOatScheduling(boot_complete);
1527 if (flock(out_fd, LOCK_EX | LOCK_NB) != 0) {
1528 ALOGE("flock(%s) failed: %s\n", out_path, strerror(errno));
1529 exit(67);
1530 }
1531
1532 if (dexopt_needed == DEXOPT_PATCHOAT_NEEDED
1533 || dexopt_needed == DEXOPT_SELF_PATCHOAT_NEEDED) {
1534 run_patchoat(input_fd, out_fd, input_file, out_path, pkgname, instruction_set);
1535 } else if (dexopt_needed == DEXOPT_DEX2OAT_NEEDED) {
1536 // Pass dex2oat the relative path to the input file.
1537 const char *input_file_name = get_location_from_path(input_file);
1538 run_dex2oat(input_fd, out_fd, image_fd, input_file_name, out_path, swap_fd,
1539 instruction_set, compiler_filter, vm_safe_mode, debuggable, boot_complete,
1540 reference_profile_fd, shared_libraries);
1541 } else {
1542 ALOGE("Invalid dexopt needed: %d\n", dexopt_needed);
1543 exit(73);
1544 }
1545 exit(68); /* only get here on exec failure */
1546 } else {
1547 res = wait_child(pid);
1548 if (res == 0) {
1549 ALOGV("DexInv: --- END '%s' (success) ---\n", input_file);
1550 } else {
1551 ALOGE("DexInv: --- END '%s' --- status=0x%04x, process failed\n", input_file, res);
1552 goto fail;
1553 }
1554 }
1555
1556 ut.actime = input_stat.st_atime;
1557 ut.modtime = input_stat.st_mtime;
1558 utime(out_path, &ut);
1559
1560 close(out_fd);
1561 close(input_fd);
1562 if (swap_fd >= 0) {
1563 close(swap_fd);
1564 }
1565 if (reference_profile_fd >= 0) {
1566 close(reference_profile_fd);
1567 }
1568 if (image_fd >= 0) {
1569 close(image_fd);
1570 }
1571 return 0;
1572
1573 fail:
1574 if (out_fd >= 0) {
1575 close(out_fd);
1576 unlink(out_path);
1577 }
1578 if (input_fd >= 0) {
1579 close(input_fd);
1580 }
1581 if (reference_profile_fd >= 0) {
1582 close(reference_profile_fd);
1583 // We failed to compile. Unlink the reference profile. Current profiles are already unlinked
1584 // when profmoan advises compilation.
1585 clear_reference_profile(pkgname);
1586 }
1587 if (swap_fd >= 0) {
1588 close(swap_fd);
1589 }
1590 if (image_fd >= 0) {
1591 close(image_fd);
1592 }
1593 return -1;
1594 }
1595
mark_boot_complete(const char * instruction_set)1596 int mark_boot_complete(const char* instruction_set)
1597 {
1598 char boot_marker_path[PKG_PATH_MAX];
1599 sprintf(boot_marker_path,
1600 "%s/%s/%s/.booting",
1601 android_data_dir.path,
1602 DALVIK_CACHE,
1603 instruction_set);
1604
1605 ALOGV("mark_boot_complete : %s", boot_marker_path);
1606 if (unlink(boot_marker_path) != 0) {
1607 ALOGE("Unable to unlink boot marker at %s, error=%s", boot_marker_path,
1608 strerror(errno));
1609 return -1;
1610 }
1611
1612 return 0;
1613 }
1614
mkinnerdirs(char * path,int basepos,mode_t mode,int uid,int gid,struct stat * statbuf)1615 void mkinnerdirs(char* path, int basepos, mode_t mode, int uid, int gid,
1616 struct stat* statbuf)
1617 {
1618 while (path[basepos] != 0) {
1619 if (path[basepos] == '/') {
1620 path[basepos] = 0;
1621 if (lstat(path, statbuf) < 0) {
1622 ALOGV("Making directory: %s\n", path);
1623 if (mkdir(path, mode) == 0) {
1624 chown(path, uid, gid);
1625 } else {
1626 ALOGW("Unable to make directory %s: %s\n", path, strerror(errno));
1627 }
1628 }
1629 path[basepos] = '/';
1630 basepos++;
1631 }
1632 basepos++;
1633 }
1634 }
1635
linklib(const char * uuid,const char * pkgname,const char * asecLibDir,int userId)1636 int linklib(const char* uuid, const char* pkgname, const char* asecLibDir, int userId)
1637 {
1638 struct stat s, libStat;
1639 int rc = 0;
1640
1641 std::string _pkgdir(create_data_user_ce_package_path(uuid, userId, pkgname));
1642 std::string _libsymlink(_pkgdir + PKG_LIB_POSTFIX);
1643
1644 const char* pkgdir = _pkgdir.c_str();
1645 const char* libsymlink = _libsymlink.c_str();
1646
1647 if (stat(pkgdir, &s) < 0) return -1;
1648
1649 if (chown(pkgdir, AID_INSTALL, AID_INSTALL) < 0) {
1650 ALOGE("failed to chown '%s': %s\n", pkgdir, strerror(errno));
1651 return -1;
1652 }
1653
1654 if (chmod(pkgdir, 0700) < 0) {
1655 ALOGE("linklib() 1: failed to chmod '%s': %s\n", pkgdir, strerror(errno));
1656 rc = -1;
1657 goto out;
1658 }
1659
1660 if (lstat(libsymlink, &libStat) < 0) {
1661 if (errno != ENOENT) {
1662 ALOGE("couldn't stat lib dir: %s\n", strerror(errno));
1663 rc = -1;
1664 goto out;
1665 }
1666 } else {
1667 if (S_ISDIR(libStat.st_mode)) {
1668 if (delete_dir_contents(libsymlink, 1, NULL) < 0) {
1669 rc = -1;
1670 goto out;
1671 }
1672 } else if (S_ISLNK(libStat.st_mode)) {
1673 if (unlink(libsymlink) < 0) {
1674 ALOGE("couldn't unlink lib dir: %s\n", strerror(errno));
1675 rc = -1;
1676 goto out;
1677 }
1678 }
1679 }
1680
1681 if (symlink(asecLibDir, libsymlink) < 0) {
1682 ALOGE("couldn't symlink directory '%s' -> '%s': %s\n", libsymlink, asecLibDir,
1683 strerror(errno));
1684 rc = -errno;
1685 goto out;
1686 }
1687
1688 out:
1689 if (chmod(pkgdir, s.st_mode) < 0) {
1690 ALOGE("linklib() 2: failed to chmod '%s': %s\n", pkgdir, strerror(errno));
1691 rc = -errno;
1692 }
1693
1694 if (chown(pkgdir, s.st_uid, s.st_gid) < 0) {
1695 ALOGE("failed to chown '%s' : %s\n", pkgdir, strerror(errno));
1696 return -errno;
1697 }
1698
1699 return rc;
1700 }
1701
run_idmap(const char * target_apk,const char * overlay_apk,int idmap_fd)1702 static void run_idmap(const char *target_apk, const char *overlay_apk, int idmap_fd)
1703 {
1704 static const char *IDMAP_BIN = "/system/bin/idmap";
1705 static const size_t MAX_INT_LEN = 32;
1706 char idmap_str[MAX_INT_LEN];
1707
1708 snprintf(idmap_str, sizeof(idmap_str), "%d", idmap_fd);
1709
1710 execl(IDMAP_BIN, IDMAP_BIN, "--fd", target_apk, overlay_apk, idmap_str, (char*)NULL);
1711 ALOGE("execl(%s) failed: %s\n", IDMAP_BIN, strerror(errno));
1712 }
1713
1714 // Transform string /a/b/c.apk to (prefix)/a@b@c.apk@(suffix)
1715 // eg /a/b/c.apk to /data/resource-cache/a@b@c.apk@idmap
flatten_path(const char * prefix,const char * suffix,const char * overlay_path,char * idmap_path,size_t N)1716 static int flatten_path(const char *prefix, const char *suffix,
1717 const char *overlay_path, char *idmap_path, size_t N)
1718 {
1719 if (overlay_path == NULL || idmap_path == NULL) {
1720 return -1;
1721 }
1722 const size_t len_overlay_path = strlen(overlay_path);
1723 // will access overlay_path + 1 further below; requires absolute path
1724 if (len_overlay_path < 2 || *overlay_path != '/') {
1725 return -1;
1726 }
1727 const size_t len_idmap_root = strlen(prefix);
1728 const size_t len_suffix = strlen(suffix);
1729 if (SIZE_MAX - len_idmap_root < len_overlay_path ||
1730 SIZE_MAX - (len_idmap_root + len_overlay_path) < len_suffix) {
1731 // additions below would cause overflow
1732 return -1;
1733 }
1734 if (N < len_idmap_root + len_overlay_path + len_suffix) {
1735 return -1;
1736 }
1737 memset(idmap_path, 0, N);
1738 snprintf(idmap_path, N, "%s%s%s", prefix, overlay_path + 1, suffix);
1739 char *ch = idmap_path + len_idmap_root;
1740 while (*ch != '\0') {
1741 if (*ch == '/') {
1742 *ch = '@';
1743 }
1744 ++ch;
1745 }
1746 return 0;
1747 }
1748
idmap(const char * target_apk,const char * overlay_apk,uid_t uid)1749 int idmap(const char *target_apk, const char *overlay_apk, uid_t uid)
1750 {
1751 ALOGV("idmap target_apk=%s overlay_apk=%s uid=%d\n", target_apk, overlay_apk, uid);
1752
1753 int idmap_fd = -1;
1754 char idmap_path[PATH_MAX];
1755
1756 if (flatten_path(IDMAP_PREFIX, IDMAP_SUFFIX, overlay_apk,
1757 idmap_path, sizeof(idmap_path)) == -1) {
1758 ALOGE("idmap cannot generate idmap path for overlay %s\n", overlay_apk);
1759 goto fail;
1760 }
1761
1762 unlink(idmap_path);
1763 idmap_fd = open(idmap_path, O_RDWR | O_CREAT | O_EXCL, 0644);
1764 if (idmap_fd < 0) {
1765 ALOGE("idmap cannot open '%s' for output: %s\n", idmap_path, strerror(errno));
1766 goto fail;
1767 }
1768 if (fchown(idmap_fd, AID_SYSTEM, uid) < 0) {
1769 ALOGE("idmap cannot chown '%s'\n", idmap_path);
1770 goto fail;
1771 }
1772 if (fchmod(idmap_fd, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH) < 0) {
1773 ALOGE("idmap cannot chmod '%s'\n", idmap_path);
1774 goto fail;
1775 }
1776
1777 pid_t pid;
1778 pid = fork();
1779 if (pid == 0) {
1780 /* child -- drop privileges before continuing */
1781 if (setgid(uid) != 0) {
1782 ALOGE("setgid(%d) failed during idmap\n", uid);
1783 exit(1);
1784 }
1785 if (setuid(uid) != 0) {
1786 ALOGE("setuid(%d) failed during idmap\n", uid);
1787 exit(1);
1788 }
1789 if (flock(idmap_fd, LOCK_EX | LOCK_NB) != 0) {
1790 ALOGE("flock(%s) failed during idmap: %s\n", idmap_path, strerror(errno));
1791 exit(1);
1792 }
1793
1794 run_idmap(target_apk, overlay_apk, idmap_fd);
1795 exit(1); /* only if exec call to idmap failed */
1796 } else {
1797 int status = wait_child(pid);
1798 if (status != 0) {
1799 ALOGE("idmap failed, status=0x%04x\n", status);
1800 goto fail;
1801 }
1802 }
1803
1804 close(idmap_fd);
1805 return 0;
1806 fail:
1807 if (idmap_fd >= 0) {
1808 close(idmap_fd);
1809 unlink(idmap_path);
1810 }
1811 return -1;
1812 }
1813
restorecon_app_data(const char * uuid,const char * pkgName,userid_t userid,int flags,appid_t appid,const char * seinfo)1814 int restorecon_app_data(const char* uuid, const char* pkgName, userid_t userid, int flags,
1815 appid_t appid, const char* seinfo) {
1816 int res = 0;
1817
1818 // SELINUX_ANDROID_RESTORECON_DATADATA flag is set by libselinux. Not needed here.
1819 unsigned int seflags = SELINUX_ANDROID_RESTORECON_RECURSE;
1820
1821 if (!pkgName || !seinfo) {
1822 ALOGE("Package name or seinfo tag is null when trying to restorecon.");
1823 return -1;
1824 }
1825
1826 uid_t uid = multiuser_get_uid(userid, appid);
1827 if (flags & FLAG_STORAGE_CE) {
1828 auto path = create_data_user_ce_package_path(uuid, userid, pkgName);
1829 if (selinux_android_restorecon_pkgdir(path.c_str(), seinfo, uid, seflags) < 0) {
1830 PLOG(ERROR) << "restorecon failed for " << path;
1831 res = -1;
1832 }
1833 }
1834 if (flags & FLAG_STORAGE_DE) {
1835 auto path = create_data_user_de_package_path(uuid, userid, pkgName);
1836 if (selinux_android_restorecon_pkgdir(path.c_str(), seinfo, uid, seflags) < 0) {
1837 PLOG(ERROR) << "restorecon failed for " << path;
1838 // TODO: include result once 25796509 is fixed
1839 }
1840 }
1841
1842 return res;
1843 }
1844
create_oat_dir(const char * oat_dir,const char * instruction_set)1845 int create_oat_dir(const char* oat_dir, const char* instruction_set)
1846 {
1847 char oat_instr_dir[PKG_PATH_MAX];
1848
1849 if (validate_apk_path(oat_dir)) {
1850 ALOGE("invalid apk path '%s' (bad prefix)\n", oat_dir);
1851 return -1;
1852 }
1853 if (fs_prepare_dir(oat_dir, S_IRWXU | S_IRWXG | S_IXOTH, AID_SYSTEM, AID_INSTALL)) {
1854 return -1;
1855 }
1856 if (selinux_android_restorecon(oat_dir, 0)) {
1857 ALOGE("cannot restorecon dir '%s': %s\n", oat_dir, strerror(errno));
1858 return -1;
1859 }
1860 snprintf(oat_instr_dir, PKG_PATH_MAX, "%s/%s", oat_dir, instruction_set);
1861 if (fs_prepare_dir(oat_instr_dir, S_IRWXU | S_IRWXG | S_IXOTH, AID_SYSTEM, AID_INSTALL)) {
1862 return -1;
1863 }
1864 return 0;
1865 }
1866
rm_package_dir(const char * apk_path)1867 int rm_package_dir(const char* apk_path)
1868 {
1869 if (validate_apk_path(apk_path)) {
1870 ALOGE("invalid apk path '%s' (bad prefix)\n", apk_path);
1871 return -1;
1872 }
1873 return delete_dir_contents(apk_path, 1 /* also_delete_dir */ , NULL /* exclusion_predicate */);
1874 }
1875
link_file(const char * relative_path,const char * from_base,const char * to_base)1876 int link_file(const char* relative_path, const char* from_base, const char* to_base) {
1877 char from_path[PKG_PATH_MAX];
1878 char to_path[PKG_PATH_MAX];
1879 snprintf(from_path, PKG_PATH_MAX, "%s/%s", from_base, relative_path);
1880 snprintf(to_path, PKG_PATH_MAX, "%s/%s", to_base, relative_path);
1881
1882 if (validate_apk_path_subdirs(from_path)) {
1883 ALOGE("invalid app data sub-path '%s' (bad prefix)\n", from_path);
1884 return -1;
1885 }
1886
1887 if (validate_apk_path_subdirs(to_path)) {
1888 ALOGE("invalid app data sub-path '%s' (bad prefix)\n", to_path);
1889 return -1;
1890 }
1891
1892 const int ret = link(from_path, to_path);
1893 if (ret < 0) {
1894 ALOGE("link(%s, %s) failed : %s", from_path, to_path, strerror(errno));
1895 return -1;
1896 }
1897
1898 return 0;
1899 }
1900
1901 // Helper for move_ab, so that we can have common failure-case cleanup.
unlink_and_rename(const char * from,const char * to)1902 static bool unlink_and_rename(const char* from, const char* to) {
1903 // Check whether "from" exists, and if so whether it's regular. If it is, unlink. Otherwise,
1904 // return a failure.
1905 struct stat s;
1906 if (stat(to, &s) == 0) {
1907 if (!S_ISREG(s.st_mode)) {
1908 LOG(ERROR) << from << " is not a regular file to replace for A/B.";
1909 return false;
1910 }
1911 if (unlink(to) != 0) {
1912 LOG(ERROR) << "Could not unlink " << to << " to move A/B.";
1913 return false;
1914 }
1915 } else {
1916 // This may be a permission problem. We could investigate the error code, but we'll just
1917 // let the rename failure do the work for us.
1918 }
1919
1920 // Try to rename "to" to "from."
1921 if (rename(from, to) != 0) {
1922 PLOG(ERROR) << "Could not rename " << from << " to " << to;
1923 return false;
1924 }
1925
1926 return true;
1927 }
1928
move_ab(const char * apk_path,const char * instruction_set,const char * oat_dir)1929 int move_ab(const char* apk_path, const char* instruction_set, const char* oat_dir) {
1930 if (apk_path == nullptr || instruction_set == nullptr || oat_dir == nullptr) {
1931 LOG(ERROR) << "Cannot move_ab with null input";
1932 return -1;
1933 }
1934 if (validate_apk_path(apk_path) != 0) {
1935 LOG(ERROR) << "invalid apk_path " << apk_path;
1936 return -1;
1937 }
1938 if (validate_apk_path(oat_dir) != 0) {
1939 LOG(ERROR) << "invalid oat_dir " << oat_dir;
1940 return -1;
1941 }
1942
1943 char a_path[PKG_PATH_MAX];
1944 if (!calculate_oat_file_path(a_path, oat_dir, apk_path, instruction_set)) {
1945 return -1;
1946 }
1947
1948 // B path = A path + ".b"
1949 std::string b_path = StringPrintf("%s.b", a_path);
1950
1951 // Check whether B exists.
1952 {
1953 struct stat s;
1954 if (stat(b_path.c_str(), &s) != 0) {
1955 // Silently ignore for now. The service calling this isn't smart enough to understand
1956 // lack of artifacts at the moment.
1957 return -1;
1958 }
1959 if (!S_ISREG(s.st_mode)) {
1960 LOG(ERROR) << "A/B artifact " << b_path << " is not a regular file.";
1961 // Try to unlink, but swallow errors.
1962 unlink(b_path.c_str());
1963 return -1;
1964 }
1965 }
1966
1967 // Rename B to A.
1968 if (!unlink_and_rename(b_path.c_str(), a_path)) {
1969 // Delete the b_path so we don't try again (or fail earlier).
1970 if (unlink(b_path.c_str()) != 0) {
1971 PLOG(ERROR) << "Could not unlink " << b_path;
1972 }
1973
1974 return -1;
1975 }
1976
1977 return 0;
1978 }
1979
1980 } // namespace installd
1981 } // namespace android
1982