/* ** Copyright 2008, The Android Open Source Project ** ** Licensed under the Apache License, Version 2.0 (the "License"); ** you may not use this file except in compliance with the License. ** You may obtain a copy of the License at ** ** http://www.apache.org/licenses/LICENSE-2.0 ** ** Unless required by applicable law or agreed to in writing, software ** distributed under the License is distributed on an "AS IS" BASIS, ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ** See the License for the specific language governing permissions and ** limitations under the License. */ #include "utils.h" #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "globals.h" // extern variables. #ifndef LOG_TAG #define LOG_TAG "installd" #endif #define DEBUG_XATTRS 0 using android::base::StringPrintf; namespace android { namespace installd { /** * Check that given string is valid filename, and that it attempts no * parent or child directory traversal. */ bool is_valid_filename(const std::string& name) { if (name.empty() || (name == ".") || (name == "..") || (name.find('/') != std::string::npos)) { return false; } else { return true; } } static void check_package_name(const char* package_name) { CHECK(is_valid_filename(package_name)); CHECK(is_valid_package_name(package_name)); } /** * Create the path name where package app contents should be stored for * the given volume UUID and package name. An empty UUID is assumed to * be internal storage. */ std::string create_data_app_package_path(const char* volume_uuid, const char* package_name) { check_package_name(package_name); return StringPrintf("%s/%s", create_data_app_path(volume_uuid).c_str(), package_name); } /** * Create the path name where package data should be stored for the given * volume UUID, package name, and user ID. An empty UUID is assumed to be * internal storage. */ std::string create_data_user_ce_package_path(const char* volume_uuid, userid_t user, const char* package_name) { check_package_name(package_name); return StringPrintf("%s/%s", create_data_user_ce_path(volume_uuid, user).c_str(), package_name); } std::string create_data_user_ce_package_path(const char* volume_uuid, userid_t user, const char* package_name, ino_t ce_data_inode) { // For testing purposes, rely on the inode when defined; this could be // optimized to use access() in the future. auto fallback = create_data_user_ce_package_path(volume_uuid, user, package_name); if (ce_data_inode != 0) { auto user_path = create_data_user_ce_path(volume_uuid, user); DIR* dir = opendir(user_path.c_str()); if (dir == nullptr) { PLOG(ERROR) << "Failed to opendir " << user_path; return fallback; } struct dirent* ent; while ((ent = readdir(dir))) { if (ent->d_ino == ce_data_inode) { auto resolved = StringPrintf("%s/%s", user_path.c_str(), ent->d_name); #if DEBUG_XATTRS if (resolved != fallback) { LOG(DEBUG) << "Resolved path " << resolved << " for inode " << ce_data_inode << " instead of " << fallback; } #endif closedir(dir); return resolved; } } LOG(WARNING) << "Failed to resolve inode " << ce_data_inode << "; using " << fallback; closedir(dir); return fallback; } else { return fallback; } } std::string create_data_user_de_package_path(const char* volume_uuid, userid_t user, const char* package_name) { check_package_name(package_name); return StringPrintf("%s/%s", create_data_user_de_path(volume_uuid, user).c_str(), package_name); } int create_pkg_path(char path[PKG_PATH_MAX], const char *pkgname, const char *postfix, userid_t userid) { if (!is_valid_package_name(pkgname)) { path[0] = '\0'; return -1; } std::string _tmp(create_data_user_ce_package_path(nullptr, userid, pkgname) + postfix); const char* tmp = _tmp.c_str(); if (strlen(tmp) >= PKG_PATH_MAX) { path[0] = '\0'; return -1; } else { strcpy(path, tmp); return 0; } } std::string create_data_path(const char* volume_uuid) { if (volume_uuid == nullptr) { return "/data"; } else if (!strcmp(volume_uuid, "TEST")) { CHECK(property_get_bool("ro.debuggable", false)); return "/data/local/tmp"; } else { CHECK(is_valid_filename(volume_uuid)); return StringPrintf("/mnt/expand/%s", volume_uuid); } } /** * Create the path name for app data. */ std::string create_data_app_path(const char* volume_uuid) { return StringPrintf("%s/app", create_data_path(volume_uuid).c_str()); } /** * Create the path name for user data for a certain userid. */ std::string create_data_user_ce_path(const char* volume_uuid, userid_t userid) { std::string data(create_data_path(volume_uuid)); if (volume_uuid == nullptr) { if (userid == 0) { return StringPrintf("%s/data", data.c_str()); } else { return StringPrintf("%s/user/%u", data.c_str(), userid); } } else { return StringPrintf("%s/user/%u", data.c_str(), userid); } } /** * Create the path name for device encrypted user data for a certain userid. */ std::string create_data_user_de_path(const char* volume_uuid, userid_t userid) { std::string data(create_data_path(volume_uuid)); return StringPrintf("%s/user_de/%u", data.c_str(), userid); } /** * Create the path name for media for a certain userid. */ std::string create_data_media_path(const char* volume_uuid, userid_t userid) { return StringPrintf("%s/media/%u", create_data_path(volume_uuid).c_str(), userid); } std::string create_data_media_obb_path(const char* volume_uuid, const char* package_name) { return StringPrintf("%s/media/obb/%s", create_data_path(volume_uuid).c_str(), package_name); } std::string create_data_media_package_path(const char* volume_uuid, userid_t userid, const char* data_type, const char* package_name) { return StringPrintf("%s/Android/%s/%s", create_data_media_path(volume_uuid, userid).c_str(), data_type, package_name); } std::string create_data_misc_legacy_path(userid_t userid) { return StringPrintf("%s/misc/user/%u", create_data_path(nullptr).c_str(), userid); } std::string create_primary_cur_profile_dir_path(userid_t userid) { return StringPrintf("%s/cur/%u", android_profiles_dir.path, userid); } std::string create_primary_current_profile_package_dir_path(userid_t user, const std::string& package_name) { check_package_name(package_name.c_str()); return StringPrintf("%s/%s", create_primary_cur_profile_dir_path(user).c_str(), package_name.c_str()); } std::string create_primary_ref_profile_dir_path() { return StringPrintf("%s/ref", android_profiles_dir.path); } std::string create_primary_reference_profile_package_dir_path(const std::string& package_name) { check_package_name(package_name.c_str()); return StringPrintf("%s/ref/%s", android_profiles_dir.path, package_name.c_str()); } std::string create_data_dalvik_cache_path() { return "/data/dalvik-cache"; } // Keep profile paths in sync with ActivityThread and LoadedApk. const std::string PROFILE_EXT = ".prof"; const std::string PRIMARY_PROFILE_NAME = "primary" + PROFILE_EXT; std::string create_current_profile_path(userid_t user, const std::string& location, bool is_secondary_dex) { if (is_secondary_dex) { // Secondary dex profiles are stored next to the dex files using .prof extension. return StringPrintf("%s%s", location.c_str(), PROFILE_EXT.c_str()); } else { // Profiles for primary apks are under /data/misc/profiles/cur. std::string profile_dir = create_primary_current_profile_package_dir_path(user, location); return StringPrintf("%s/%s", profile_dir.c_str(), PRIMARY_PROFILE_NAME.c_str()); } } std::string create_reference_profile_path(const std::string& location, bool is_secondary_dex) { if (is_secondary_dex) { // Secondary dex reference profiles are stored next to the dex files under the oat folder. size_t dirIndex = location.rfind('/'); CHECK(dirIndex != std::string::npos) << "Unexpected dir structure for secondary dex " << location; std::string dex_dir = location.substr(0, dirIndex); std::string dex_name = location.substr(dirIndex +1); return StringPrintf("%s/oat/%s%s", dex_dir.c_str(), dex_name.c_str(), PROFILE_EXT.c_str()); } else { // Reference profiles for primary apks are stored in /data/misc/profile/ref. std::string profile_dir = create_primary_reference_profile_package_dir_path(location); return StringPrintf("%s/%s", profile_dir.c_str(), PRIMARY_PROFILE_NAME.c_str()); } } std::vector get_known_users(const char* volume_uuid) { std::vector users; // We always have an owner users.push_back(0); std::string path(create_data_path(volume_uuid) + "/" + SECONDARY_USER_PREFIX); DIR* dir = opendir(path.c_str()); if (dir == NULL) { // Unable to discover other users, but at least return owner PLOG(ERROR) << "Failed to opendir " << path; return users; } struct dirent* ent; while ((ent = readdir(dir))) { if (ent->d_type != DT_DIR) { continue; } char* end; userid_t user = strtol(ent->d_name, &end, 10); if (*end == '\0' && user != 0) { LOG(DEBUG) << "Found valid user " << user; users.push_back(user); } } closedir(dir); return users; } int calculate_tree_size(const std::string& path, int64_t* size, int32_t include_gid, int32_t exclude_gid, bool exclude_apps) { FTS *fts; FTSENT *p; int64_t matchedSize = 0; char *argv[] = { (char*) path.c_str(), nullptr }; if (!(fts = fts_open(argv, FTS_PHYSICAL | FTS_NOCHDIR | FTS_XDEV, NULL))) { if (errno != ENOENT) { PLOG(ERROR) << "Failed to fts_open " << path; } return -1; } while ((p = fts_read(fts)) != NULL) { switch (p->fts_info) { case FTS_D: case FTS_DEFAULT: case FTS_F: case FTS_SL: case FTS_SLNONE: int32_t uid = p->fts_statp->st_uid; int32_t gid = p->fts_statp->st_gid; int32_t user_uid = multiuser_get_app_id(uid); int32_t user_gid = multiuser_get_app_id(gid); if (exclude_apps && ((user_uid >= AID_APP_START && user_uid <= AID_APP_END) || (user_gid >= AID_CACHE_GID_START && user_gid <= AID_CACHE_GID_END) || (user_gid >= AID_SHARED_GID_START && user_gid <= AID_SHARED_GID_END))) { // Don't traverse inside or measure fts_set(fts, p, FTS_SKIP); break; } if (include_gid != -1 && gid != include_gid) { break; } if (exclude_gid != -1 && gid == exclude_gid) { break; } matchedSize += (p->fts_statp->st_blocks * 512); break; } } fts_close(fts); #if MEASURE_DEBUG if ((include_gid == -1) && (exclude_gid == -1)) { LOG(DEBUG) << "Measured " << path << " size " << matchedSize; } else { LOG(DEBUG) << "Measured " << path << " size " << matchedSize << "; include " << include_gid << " exclude " << exclude_gid; } #endif *size += matchedSize; return 0; } int create_move_path(char path[PKG_PATH_MAX], const char* pkgname, const char* leaf, userid_t userid ATTRIBUTE_UNUSED) { if ((android_data_dir.len + strlen(PRIMARY_USER_PREFIX) + strlen(pkgname) + strlen(leaf) + 1) >= PKG_PATH_MAX) { return -1; } sprintf(path, "%s%s%s/%s", android_data_dir.path, PRIMARY_USER_PREFIX, pkgname, leaf); return 0; } /** * Checks whether the package name is valid. Returns -1 on error and * 0 on success. */ bool is_valid_package_name(const std::string& packageName) { // This logic is borrowed from PackageParser.java bool hasSep = false; bool front = true; auto it = packageName.begin(); for (; it != packageName.end() && *it != '-'; it++) { char c = *it; if ((c >= 'a' && c <= 'z') || (c >= 'A' && c <= 'Z')) { front = false; continue; } if (!front) { if ((c >= '0' && c <= '9') || c == '_') { continue; } } if (c == '.') { hasSep = true; front = true; continue; } LOG(WARNING) << "Bad package character " << c << " in " << packageName; return false; } if (front) { LOG(WARNING) << "Missing separator in " << packageName; return false; } for (; it != packageName.end(); it++) { char c = *it; if ((c >= 'a' && c <= 'z') || (c >= 'A' && c <= 'Z')) continue; if ((c >= '0' && c <= '9') || c == '_' || c == '-' || c == '=') continue; LOG(WARNING) << "Bad suffix character " << c << " in " << packageName; return false; } return true; } static int _delete_dir_contents(DIR *d, int (*exclusion_predicate)(const char *name, const int is_dir)) { int result = 0; struct dirent *de; int dfd; dfd = dirfd(d); if (dfd < 0) return -1; while ((de = readdir(d))) { const char *name = de->d_name; /* check using the exclusion predicate, if provided */ if (exclusion_predicate && exclusion_predicate(name, (de->d_type == DT_DIR))) { continue; } if (de->d_type == DT_DIR) { int subfd; DIR *subdir; /* always skip "." and ".." */ if (name[0] == '.') { if (name[1] == 0) continue; if ((name[1] == '.') && (name[2] == 0)) continue; } subfd = openat(dfd, name, O_RDONLY | O_DIRECTORY | O_NOFOLLOW | O_CLOEXEC); if (subfd < 0) { ALOGE("Couldn't openat %s: %s\n", name, strerror(errno)); result = -1; continue; } subdir = fdopendir(subfd); if (subdir == NULL) { ALOGE("Couldn't fdopendir %s: %s\n", name, strerror(errno)); close(subfd); result = -1; continue; } if (_delete_dir_contents(subdir, exclusion_predicate)) { result = -1; } closedir(subdir); if (unlinkat(dfd, name, AT_REMOVEDIR) < 0) { ALOGE("Couldn't unlinkat %s: %s\n", name, strerror(errno)); result = -1; } } else { if (unlinkat(dfd, name, 0) < 0) { ALOGE("Couldn't unlinkat %s: %s\n", name, strerror(errno)); result = -1; } } } return result; } int delete_dir_contents(const std::string& pathname, bool ignore_if_missing) { return delete_dir_contents(pathname.c_str(), 0, NULL, ignore_if_missing); } int delete_dir_contents_and_dir(const std::string& pathname, bool ignore_if_missing) { return delete_dir_contents(pathname.c_str(), 1, NULL, ignore_if_missing); } int delete_dir_contents(const char *pathname, int also_delete_dir, int (*exclusion_predicate)(const char*, const int), bool ignore_if_missing) { int res = 0; DIR *d; d = opendir(pathname); if (d == NULL) { if (ignore_if_missing && (errno == ENOENT)) { return 0; } ALOGE("Couldn't opendir %s: %s\n", pathname, strerror(errno)); return -errno; } res = _delete_dir_contents(d, exclusion_predicate); closedir(d); if (also_delete_dir) { if (rmdir(pathname)) { ALOGE("Couldn't rmdir %s: %s\n", pathname, strerror(errno)); res = -1; } } return res; } int delete_dir_contents_fd(int dfd, const char *name) { int fd, res; DIR *d; fd = openat(dfd, name, O_RDONLY | O_DIRECTORY | O_NOFOLLOW | O_CLOEXEC); if (fd < 0) { ALOGE("Couldn't openat %s: %s\n", name, strerror(errno)); return -1; } d = fdopendir(fd); if (d == NULL) { ALOGE("Couldn't fdopendir %s: %s\n", name, strerror(errno)); close(fd); return -1; } res = _delete_dir_contents(d, 0); closedir(d); return res; } static int _copy_owner_permissions(int srcfd, int dstfd) { struct stat st; if (fstat(srcfd, &st) != 0) { return -1; } if (fchmod(dstfd, st.st_mode) != 0) { return -1; } return 0; } static int _copy_dir_files(int sdfd, int ddfd, uid_t owner, gid_t group) { int result = 0; if (_copy_owner_permissions(sdfd, ddfd) != 0) { ALOGE("_copy_dir_files failed to copy dir permissions\n"); } if (fchown(ddfd, owner, group) != 0) { ALOGE("_copy_dir_files failed to change dir owner\n"); } DIR *ds = fdopendir(sdfd); if (ds == NULL) { ALOGE("Couldn't fdopendir: %s\n", strerror(errno)); return -1; } struct dirent *de; while ((de = readdir(ds))) { if (de->d_type != DT_REG) { continue; } const char *name = de->d_name; int fsfd = openat(sdfd, name, O_RDONLY | O_NOFOLLOW | O_CLOEXEC); int fdfd = openat(ddfd, name, O_WRONLY | O_NOFOLLOW | O_CLOEXEC | O_CREAT, 0600); if (fsfd == -1 || fdfd == -1) { ALOGW("Couldn't copy %s: %s\n", name, strerror(errno)); } else { if (_copy_owner_permissions(fsfd, fdfd) != 0) { ALOGE("Failed to change file permissions\n"); } if (fchown(fdfd, owner, group) != 0) { ALOGE("Failed to change file owner\n"); } char buf[8192]; ssize_t size; while ((size = read(fsfd, buf, sizeof(buf))) > 0) { write(fdfd, buf, size); } if (size < 0) { ALOGW("Couldn't copy %s: %s\n", name, strerror(errno)); result = -1; } } close(fdfd); close(fsfd); } return result; } int copy_dir_files(const char *srcname, const char *dstname, uid_t owner, uid_t group) { int res = 0; DIR *ds = NULL; DIR *dd = NULL; ds = opendir(srcname); if (ds == NULL) { ALOGE("Couldn't opendir %s: %s\n", srcname, strerror(errno)); return -errno; } mkdir(dstname, 0600); dd = opendir(dstname); if (dd == NULL) { ALOGE("Couldn't opendir %s: %s\n", dstname, strerror(errno)); closedir(ds); return -errno; } int sdfd = dirfd(ds); int ddfd = dirfd(dd); if (sdfd != -1 && ddfd != -1) { res = _copy_dir_files(sdfd, ddfd, owner, group); } else { res = -errno; } closedir(dd); closedir(ds); return res; } int64_t data_disk_free(const std::string& data_path) { struct statvfs sfs; if (statvfs(data_path.c_str(), &sfs) == 0) { return sfs.f_bavail * sfs.f_frsize; } else { PLOG(ERROR) << "Couldn't statvfs " << data_path; return -1; } } int get_path_inode(const std::string& path, ino_t *inode) { struct stat buf; memset(&buf, 0, sizeof(buf)); if (stat(path.c_str(), &buf) != 0) { PLOG(WARNING) << "Failed to stat " << path; return -1; } else { *inode = buf.st_ino; return 0; } } /** * Write the inode of a specific child file into the given xattr on the * parent directory. This allows you to find the child later, even if its * name is encrypted. */ int write_path_inode(const std::string& parent, const char* name, const char* inode_xattr) { ino_t inode = 0; uint64_t inode_raw = 0; auto path = StringPrintf("%s/%s", parent.c_str(), name); if (get_path_inode(path, &inode) != 0) { // Path probably doesn't exist yet; ignore return 0; } // Check to see if already set correctly if (getxattr(parent.c_str(), inode_xattr, &inode_raw, sizeof(inode_raw)) == sizeof(inode_raw)) { if (inode_raw == inode) { // Already set correctly; skip writing return 0; } else { PLOG(WARNING) << "Mismatched inode value; found " << inode << " on disk but marked value was " << inode_raw << "; overwriting"; } } inode_raw = inode; if (setxattr(parent.c_str(), inode_xattr, &inode_raw, sizeof(inode_raw), 0) != 0 && errno != EOPNOTSUPP) { PLOG(ERROR) << "Failed to write xattr " << inode_xattr << " at " << parent; return -1; } else { return 0; } } /** * Read the inode of a specific child file from the given xattr on the * parent directory. Returns a currently valid path for that child, which * might have an encrypted name. */ std::string read_path_inode(const std::string& parent, const char* name, const char* inode_xattr) { ino_t inode = 0; uint64_t inode_raw = 0; auto fallback = StringPrintf("%s/%s", parent.c_str(), name); // Lookup the inode value written earlier if (getxattr(parent.c_str(), inode_xattr, &inode_raw, sizeof(inode_raw)) == sizeof(inode_raw)) { inode = inode_raw; } // For testing purposes, rely on the inode when defined; this could be // optimized to use access() in the future. if (inode != 0) { DIR* dir = opendir(parent.c_str()); if (dir == nullptr) { PLOG(ERROR) << "Failed to opendir " << parent; return fallback; } struct dirent* ent; while ((ent = readdir(dir))) { if (ent->d_ino == inode) { auto resolved = StringPrintf("%s/%s", parent.c_str(), ent->d_name); #if DEBUG_XATTRS if (resolved != fallback) { LOG(DEBUG) << "Resolved path " << resolved << " for inode " << inode << " instead of " << fallback; } #endif closedir(dir); return resolved; } } LOG(WARNING) << "Failed to resolve inode " << inode << "; using " << fallback; closedir(dir); return fallback; } else { return fallback; } } /** * Validate that the path is valid in the context of the provided directory. * The path is allowed to have at most one subdirectory and no indirections * to top level directories (i.e. have ".."). */ static int validate_path(const dir_rec_t* dir, const char* path, int maxSubdirs) { size_t dir_len = dir->len; const char* subdir = strchr(path + dir_len, '/'); // Only allow the path to have at most one subdirectory. if (subdir != NULL) { ++subdir; if ((--maxSubdirs == 0) && strchr(subdir, '/') != NULL) { ALOGE("invalid apk path '%s' (subdir?)\n", path); return -1; } } // Directories can't have a period directly after the directory markers to prevent "..". if ((path[dir_len] == '.') || ((subdir != NULL) && (*subdir == '.'))) { ALOGE("invalid apk path '%s' (trickery)\n", path); return -1; } return 0; } /** * Checks whether a path points to a system app (.apk file). Returns 0 * if it is a system app or -1 if it is not. */ int validate_system_app_path(const char* path) { size_t i; for (i = 0; i < android_system_dirs.count; i++) { const size_t dir_len = android_system_dirs.dirs[i].len; if (!strncmp(path, android_system_dirs.dirs[i].path, dir_len)) { return validate_path(android_system_dirs.dirs + i, path, 1); } } return -1; } bool validate_secondary_dex_path(const std::string& pkgname, const std::string& dex_path, const char* volume_uuid, int uid, int storage_flag) { CHECK(storage_flag == FLAG_STORAGE_CE || storage_flag == FLAG_STORAGE_DE); std::string app_private_dir = storage_flag == FLAG_STORAGE_CE ? create_data_user_ce_package_path( volume_uuid, multiuser_get_user_id(uid), pkgname.c_str()) : create_data_user_de_package_path( volume_uuid, multiuser_get_user_id(uid), pkgname.c_str()); dir_rec_t dir; if (get_path_from_string(&dir, app_private_dir.c_str()) != 0) { LOG(WARNING) << "Could not get dir rec for " << app_private_dir; return false; } // Usually secondary dex files have a nested directory structure. // Pick at most 10 subdirectories when validating (arbitrary value). // If the secondary dex file is >10 directory nested then validation will // fail and the file will not be compiled. return validate_path(&dir, dex_path.c_str(), /*max_subdirs*/ 10) == 0; } /** * Get the contents of a environment variable that contains a path. Caller * owns the string that is inserted into the directory record. Returns * 0 on success and -1 on error. */ int get_path_from_env(dir_rec_t* rec, const char* var) { const char* path = getenv(var); int ret = get_path_from_string(rec, path); if (ret < 0) { ALOGW("Problem finding value for environment variable %s\n", var); } return ret; } /** * Puts the string into the record as a directory. Appends '/' to the end * of all paths. Caller owns the string that is inserted into the directory * record. A null value will result in an error. * * Returns 0 on success and -1 on error. */ int get_path_from_string(dir_rec_t* rec, const char* path) { if (path == NULL) { return -1; } else { const size_t path_len = strlen(path); if (path_len <= 0) { return -1; } // Make sure path is absolute. if (path[0] != '/') { return -1; } if (path[path_len - 1] == '/') { // Path ends with a forward slash. Make our own copy. rec->path = strdup(path); if (rec->path == NULL) { return -1; } rec->len = path_len; } else { // Path does not end with a slash. Generate a new string. char *dst; // Add space for slash and terminating null. size_t dst_size = path_len + 2; rec->path = (char*) malloc(dst_size); if (rec->path == NULL) { return -1; } dst = rec->path; if (append_and_increment(&dst, path, &dst_size) < 0 || append_and_increment(&dst, "/", &dst_size)) { ALOGE("Error canonicalizing path"); return -1; } rec->len = dst - rec->path; } } return 0; } int copy_and_append(dir_rec_t* dst, const dir_rec_t* src, const char* suffix) { dst->len = src->len + strlen(suffix); const size_t dstSize = dst->len + 1; dst->path = (char*) malloc(dstSize); if (dst->path == NULL || snprintf(dst->path, dstSize, "%s%s", src->path, suffix) != (ssize_t) dst->len) { ALOGE("Could not allocate memory to hold appended path; aborting\n"); return -1; } return 0; } /** * Check whether path points to a valid path for an APK file. The path must * begin with a whitelisted prefix path and must be no deeper than |maxSubdirs| within * that path. Returns -1 when an invalid path is encountered and 0 when a valid path * is encountered. */ static int validate_apk_path_internal(const char *path, int maxSubdirs) { const dir_rec_t* dir = NULL; if (!strncmp(path, android_app_dir.path, android_app_dir.len)) { dir = &android_app_dir; } else if (!strncmp(path, android_app_private_dir.path, android_app_private_dir.len)) { dir = &android_app_private_dir; } else if (!strncmp(path, android_app_ephemeral_dir.path, android_app_ephemeral_dir.len)) { dir = &android_app_ephemeral_dir; } else if (!strncmp(path, android_asec_dir.path, android_asec_dir.len)) { dir = &android_asec_dir; } else if (!strncmp(path, android_mnt_expand_dir.path, android_mnt_expand_dir.len)) { dir = &android_mnt_expand_dir; if (maxSubdirs < 2) { maxSubdirs = 2; } } else { return -1; } return validate_path(dir, path, maxSubdirs); } int validate_apk_path(const char* path) { return validate_apk_path_internal(path, 1 /* maxSubdirs */); } int validate_apk_path_subdirs(const char* path) { return validate_apk_path_internal(path, 3 /* maxSubdirs */); } int append_and_increment(char** dst, const char* src, size_t* dst_size) { ssize_t ret = strlcpy(*dst, src, *dst_size); if (ret < 0 || (size_t) ret >= *dst_size) { return -1; } *dst += ret; *dst_size -= ret; return 0; } char *build_string2(const char *s1, const char *s2) { if (s1 == NULL || s2 == NULL) return NULL; int len_s1 = strlen(s1); int len_s2 = strlen(s2); int len = len_s1 + len_s2 + 1; char *result = (char *) malloc(len); if (result == NULL) return NULL; strcpy(result, s1); strcpy(result + len_s1, s2); return result; } char *build_string3(const char *s1, const char *s2, const char *s3) { if (s1 == NULL || s2 == NULL || s3 == NULL) return NULL; int len_s1 = strlen(s1); int len_s2 = strlen(s2); int len_s3 = strlen(s3); int len = len_s1 + len_s2 + len_s3 + 1; char *result = (char *) malloc(len); if (result == NULL) return NULL; strcpy(result, s1); strcpy(result + len_s1, s2); strcpy(result + len_s1 + len_s2, s3); return result; } int ensure_config_user_dirs(userid_t userid) { // writable by system, readable by any app within the same user const int uid = multiuser_get_uid(userid, AID_SYSTEM); const int gid = multiuser_get_uid(userid, AID_EVERYBODY); // Ensure /data/misc/user/ exists auto path = create_data_misc_legacy_path(userid); return fs_prepare_dir(path.c_str(), 0750, uid, gid); } int wait_child(pid_t pid) { int status; pid_t got_pid; while (1) { got_pid = waitpid(pid, &status, 0); if (got_pid == -1 && errno == EINTR) { printf("waitpid interrupted, retrying\n"); } else { break; } } if (got_pid != pid) { ALOGW("waitpid failed: wanted %d, got %d: %s\n", (int) pid, (int) got_pid, strerror(errno)); return 1; } if (WIFEXITED(status) && WEXITSTATUS(status) == 0) { return 0; } else { return status; /* always nonzero */ } } /** * Prepare an app cache directory, which offers to fix-up the GID and * directory mode flags during a platform upgrade. * The app cache directory path will be 'parent'/'name'. */ int prepare_app_cache_dir(const std::string& parent, const char* name, mode_t target_mode, uid_t uid, gid_t gid) { auto path = StringPrintf("%s/%s", parent.c_str(), name); struct stat st; if (stat(path.c_str(), &st) != 0) { if (errno == ENOENT) { // This is fine, just create it if (fs_prepare_dir_strict(path.c_str(), target_mode, uid, gid) != 0) { PLOG(ERROR) << "Failed to prepare " << path; return -1; } else { return 0; } } else { PLOG(ERROR) << "Failed to stat " << path; return -1; } } mode_t actual_mode = st.st_mode & (S_IRWXU | S_IRWXG | S_IRWXO | S_ISGID); if (st.st_uid != uid) { // Mismatched UID is real trouble; we can't recover LOG(ERROR) << "Mismatched UID at " << path << ": found " << st.st_uid << " but expected " << uid; return -1; } else if (st.st_gid == gid && actual_mode == target_mode) { // Everything looks good! return 0; } else { // Mismatched GID/mode is recoverable; fall through to update LOG(DEBUG) << "Mismatched cache GID/mode at " << path << ": found " << st.st_gid << " but expected " << gid; } // Directory is owned correctly, but GID or mode mismatch means it's // probably a platform upgrade so we need to fix them FTS *fts; FTSENT *p; char *argv[] = { (char*) path.c_str(), nullptr }; if (!(fts = fts_open(argv, FTS_PHYSICAL | FTS_NOCHDIR | FTS_XDEV, NULL))) { PLOG(ERROR) << "Failed to fts_open " << path; return -1; } while ((p = fts_read(fts)) != NULL) { switch (p->fts_info) { case FTS_DP: if (chmod(p->fts_path, target_mode) != 0) { PLOG(WARNING) << "Failed to chmod " << p->fts_path; } // Intentional fall through to also set GID case FTS_F: if (chown(p->fts_path, -1, gid) != 0) { PLOG(WARNING) << "Failed to chown " << p->fts_path; } break; case FTS_SL: case FTS_SLNONE: if (lchown(p->fts_path, -1, gid) != 0) { PLOG(WARNING) << "Failed to chown " << p->fts_path; } break; } } fts_close(fts); return 0; } } // namespace installd } // namespace android