1 /*
2 ** Copyright 2008, The Android Open Source Project
3 **
4 ** Licensed under the Apache License, Version 2.0 (the "License");
5 ** you may not use this file except in compliance with the License.
6 ** You may obtain a copy of the License at
7 **
8 ** http://www.apache.org/licenses/LICENSE-2.0
9 **
10 ** Unless required by applicable law or agreed to in writing, software
11 ** distributed under the License is distributed on an "AS IS" BASIS,
12 ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 ** See the License for the specific language governing permissions and
14 ** limitations under the License.
15 */
16
17 #include "utils.h"
18
19 #include <errno.h>
20 #include <fcntl.h>
21 #include <fts.h>
22 #include <stdlib.h>
23 #include <sys/stat.h>
24 #include <sys/wait.h>
25 #include <sys/xattr.h>
26 #include <sys/statvfs.h>
27
28 #include <android-base/logging.h>
29 #include <android-base/stringprintf.h>
30 #include <cutils/fs.h>
31 #include <cutils/properties.h>
32 #include <log/log.h>
33 #include <private/android_filesystem_config.h>
34
35 #include "globals.h" // extern variables.
36
37 #ifndef LOG_TAG
38 #define LOG_TAG "installd"
39 #endif
40
41 #define DEBUG_XATTRS 0
42
43 using android::base::StringPrintf;
44
45 namespace android {
46 namespace installd {
47
48 /**
49 * Check that given string is valid filename, and that it attempts no
50 * parent or child directory traversal.
51 */
is_valid_filename(const std::string & name)52 bool is_valid_filename(const std::string& name) {
53 if (name.empty() || (name == ".") || (name == "..")
54 || (name.find('/') != std::string::npos)) {
55 return false;
56 } else {
57 return true;
58 }
59 }
60
check_package_name(const char * package_name)61 static void check_package_name(const char* package_name) {
62 CHECK(is_valid_filename(package_name));
63 CHECK(is_valid_package_name(package_name));
64 }
65
66 /**
67 * Create the path name where package app contents should be stored for
68 * the given volume UUID and package name. An empty UUID is assumed to
69 * be internal storage.
70 */
create_data_app_package_path(const char * volume_uuid,const char * package_name)71 std::string create_data_app_package_path(const char* volume_uuid,
72 const char* package_name) {
73 check_package_name(package_name);
74 return StringPrintf("%s/%s",
75 create_data_app_path(volume_uuid).c_str(), package_name);
76 }
77
78 /**
79 * Create the path name where package data should be stored for the given
80 * volume UUID, package name, and user ID. An empty UUID is assumed to be
81 * internal storage.
82 */
create_data_user_ce_package_path(const char * volume_uuid,userid_t user,const char * package_name)83 std::string create_data_user_ce_package_path(const char* volume_uuid,
84 userid_t user, const char* package_name) {
85 check_package_name(package_name);
86 return StringPrintf("%s/%s",
87 create_data_user_ce_path(volume_uuid, user).c_str(), package_name);
88 }
89
create_data_user_ce_package_path(const char * volume_uuid,userid_t user,const char * package_name,ino_t ce_data_inode)90 std::string create_data_user_ce_package_path(const char* volume_uuid, userid_t user,
91 const char* package_name, ino_t ce_data_inode) {
92 // For testing purposes, rely on the inode when defined; this could be
93 // optimized to use access() in the future.
94 auto fallback = create_data_user_ce_package_path(volume_uuid, user, package_name);
95 if (ce_data_inode != 0) {
96 auto user_path = create_data_user_ce_path(volume_uuid, user);
97 DIR* dir = opendir(user_path.c_str());
98 if (dir == nullptr) {
99 PLOG(ERROR) << "Failed to opendir " << user_path;
100 return fallback;
101 }
102
103 struct dirent* ent;
104 while ((ent = readdir(dir))) {
105 if (ent->d_ino == ce_data_inode) {
106 auto resolved = StringPrintf("%s/%s", user_path.c_str(), ent->d_name);
107 #if DEBUG_XATTRS
108 if (resolved != fallback) {
109 LOG(DEBUG) << "Resolved path " << resolved << " for inode " << ce_data_inode
110 << " instead of " << fallback;
111 }
112 #endif
113 closedir(dir);
114 return resolved;
115 }
116 }
117 LOG(WARNING) << "Failed to resolve inode " << ce_data_inode << "; using " << fallback;
118 closedir(dir);
119 return fallback;
120 } else {
121 return fallback;
122 }
123 }
124
create_data_user_de_package_path(const char * volume_uuid,userid_t user,const char * package_name)125 std::string create_data_user_de_package_path(const char* volume_uuid,
126 userid_t user, const char* package_name) {
127 check_package_name(package_name);
128 return StringPrintf("%s/%s",
129 create_data_user_de_path(volume_uuid, user).c_str(), package_name);
130 }
131
create_pkg_path(char path[PKG_PATH_MAX],const char * pkgname,const char * postfix,userid_t userid)132 int create_pkg_path(char path[PKG_PATH_MAX], const char *pkgname,
133 const char *postfix, userid_t userid) {
134 if (!is_valid_package_name(pkgname)) {
135 path[0] = '\0';
136 return -1;
137 }
138
139 std::string _tmp(create_data_user_ce_package_path(nullptr, userid, pkgname) + postfix);
140 const char* tmp = _tmp.c_str();
141 if (strlen(tmp) >= PKG_PATH_MAX) {
142 path[0] = '\0';
143 return -1;
144 } else {
145 strcpy(path, tmp);
146 return 0;
147 }
148 }
149
create_data_path(const char * volume_uuid)150 std::string create_data_path(const char* volume_uuid) {
151 if (volume_uuid == nullptr) {
152 return "/data";
153 } else if (!strcmp(volume_uuid, "TEST")) {
154 CHECK(property_get_bool("ro.debuggable", false));
155 return "/data/local/tmp";
156 } else {
157 CHECK(is_valid_filename(volume_uuid));
158 return StringPrintf("/mnt/expand/%s", volume_uuid);
159 }
160 }
161
162 /**
163 * Create the path name for app data.
164 */
create_data_app_path(const char * volume_uuid)165 std::string create_data_app_path(const char* volume_uuid) {
166 return StringPrintf("%s/app", create_data_path(volume_uuid).c_str());
167 }
168
169 /**
170 * Create the path name for user data for a certain userid.
171 */
create_data_user_ce_path(const char * volume_uuid,userid_t userid)172 std::string create_data_user_ce_path(const char* volume_uuid, userid_t userid) {
173 std::string data(create_data_path(volume_uuid));
174 if (volume_uuid == nullptr) {
175 if (userid == 0) {
176 return StringPrintf("%s/data", data.c_str());
177 } else {
178 return StringPrintf("%s/user/%u", data.c_str(), userid);
179 }
180 } else {
181 return StringPrintf("%s/user/%u", data.c_str(), userid);
182 }
183 }
184
185 /**
186 * Create the path name for device encrypted user data for a certain userid.
187 */
create_data_user_de_path(const char * volume_uuid,userid_t userid)188 std::string create_data_user_de_path(const char* volume_uuid, userid_t userid) {
189 std::string data(create_data_path(volume_uuid));
190 return StringPrintf("%s/user_de/%u", data.c_str(), userid);
191 }
192
193 /**
194 * Create the path name for media for a certain userid.
195 */
create_data_media_path(const char * volume_uuid,userid_t userid)196 std::string create_data_media_path(const char* volume_uuid, userid_t userid) {
197 return StringPrintf("%s/media/%u", create_data_path(volume_uuid).c_str(), userid);
198 }
199
create_data_media_obb_path(const char * volume_uuid,const char * package_name)200 std::string create_data_media_obb_path(const char* volume_uuid, const char* package_name) {
201 return StringPrintf("%s/media/obb/%s", create_data_path(volume_uuid).c_str(), package_name);
202 }
203
create_data_media_package_path(const char * volume_uuid,userid_t userid,const char * data_type,const char * package_name)204 std::string create_data_media_package_path(const char* volume_uuid, userid_t userid,
205 const char* data_type, const char* package_name) {
206 return StringPrintf("%s/Android/%s/%s", create_data_media_path(volume_uuid, userid).c_str(),
207 data_type, package_name);
208 }
209
create_data_misc_legacy_path(userid_t userid)210 std::string create_data_misc_legacy_path(userid_t userid) {
211 return StringPrintf("%s/misc/user/%u", create_data_path(nullptr).c_str(), userid);
212 }
213
create_primary_cur_profile_dir_path(userid_t userid)214 std::string create_primary_cur_profile_dir_path(userid_t userid) {
215 return StringPrintf("%s/cur/%u", android_profiles_dir.path, userid);
216 }
217
create_primary_current_profile_package_dir_path(userid_t user,const std::string & package_name)218 std::string create_primary_current_profile_package_dir_path(userid_t user,
219 const std::string& package_name) {
220 check_package_name(package_name.c_str());
221 return StringPrintf("%s/%s",
222 create_primary_cur_profile_dir_path(user).c_str(), package_name.c_str());
223 }
224
create_primary_ref_profile_dir_path()225 std::string create_primary_ref_profile_dir_path() {
226 return StringPrintf("%s/ref", android_profiles_dir.path);
227 }
228
create_primary_reference_profile_package_dir_path(const std::string & package_name)229 std::string create_primary_reference_profile_package_dir_path(const std::string& package_name) {
230 check_package_name(package_name.c_str());
231 return StringPrintf("%s/ref/%s", android_profiles_dir.path, package_name.c_str());
232 }
233
create_data_dalvik_cache_path()234 std::string create_data_dalvik_cache_path() {
235 return "/data/dalvik-cache";
236 }
237
238 // Keep profile paths in sync with ActivityThread and LoadedApk.
239 const std::string PROFILE_EXT = ".prof";
240 const std::string PRIMARY_PROFILE_NAME = "primary" + PROFILE_EXT;
241
create_current_profile_path(userid_t user,const std::string & location,bool is_secondary_dex)242 std::string create_current_profile_path(userid_t user, const std::string& location,
243 bool is_secondary_dex) {
244 if (is_secondary_dex) {
245 // Secondary dex profiles are stored next to the dex files using .prof extension.
246 return StringPrintf("%s%s", location.c_str(), PROFILE_EXT.c_str());
247 } else {
248 // Profiles for primary apks are under /data/misc/profiles/cur.
249 std::string profile_dir = create_primary_current_profile_package_dir_path(user, location);
250 return StringPrintf("%s/%s", profile_dir.c_str(), PRIMARY_PROFILE_NAME.c_str());
251 }
252 }
253
create_reference_profile_path(const std::string & location,bool is_secondary_dex)254 std::string create_reference_profile_path(const std::string& location, bool is_secondary_dex) {
255 if (is_secondary_dex) {
256 // Secondary dex reference profiles are stored next to the dex files under the oat folder.
257 size_t dirIndex = location.rfind('/');
258 CHECK(dirIndex != std::string::npos)
259 << "Unexpected dir structure for secondary dex " << location;
260
261 std::string dex_dir = location.substr(0, dirIndex);
262 std::string dex_name = location.substr(dirIndex +1);
263 return StringPrintf("%s/oat/%s%s",
264 dex_dir.c_str(), dex_name.c_str(), PROFILE_EXT.c_str());
265 } else {
266 // Reference profiles for primary apks are stored in /data/misc/profile/ref.
267 std::string profile_dir = create_primary_reference_profile_package_dir_path(location);
268 return StringPrintf("%s/%s", profile_dir.c_str(), PRIMARY_PROFILE_NAME.c_str());
269 }
270 }
271
get_known_users(const char * volume_uuid)272 std::vector<userid_t> get_known_users(const char* volume_uuid) {
273 std::vector<userid_t> users;
274
275 // We always have an owner
276 users.push_back(0);
277
278 std::string path(create_data_path(volume_uuid) + "/" + SECONDARY_USER_PREFIX);
279 DIR* dir = opendir(path.c_str());
280 if (dir == NULL) {
281 // Unable to discover other users, but at least return owner
282 PLOG(ERROR) << "Failed to opendir " << path;
283 return users;
284 }
285
286 struct dirent* ent;
287 while ((ent = readdir(dir))) {
288 if (ent->d_type != DT_DIR) {
289 continue;
290 }
291
292 char* end;
293 userid_t user = strtol(ent->d_name, &end, 10);
294 if (*end == '\0' && user != 0) {
295 LOG(DEBUG) << "Found valid user " << user;
296 users.push_back(user);
297 }
298 }
299 closedir(dir);
300
301 return users;
302 }
303
calculate_tree_size(const std::string & path,int64_t * size,int32_t include_gid,int32_t exclude_gid,bool exclude_apps)304 int calculate_tree_size(const std::string& path, int64_t* size,
305 int32_t include_gid, int32_t exclude_gid, bool exclude_apps) {
306 FTS *fts;
307 FTSENT *p;
308 int64_t matchedSize = 0;
309 char *argv[] = { (char*) path.c_str(), nullptr };
310 if (!(fts = fts_open(argv, FTS_PHYSICAL | FTS_NOCHDIR | FTS_XDEV, NULL))) {
311 if (errno != ENOENT) {
312 PLOG(ERROR) << "Failed to fts_open " << path;
313 }
314 return -1;
315 }
316 while ((p = fts_read(fts)) != NULL) {
317 switch (p->fts_info) {
318 case FTS_D:
319 case FTS_DEFAULT:
320 case FTS_F:
321 case FTS_SL:
322 case FTS_SLNONE:
323 int32_t uid = p->fts_statp->st_uid;
324 int32_t gid = p->fts_statp->st_gid;
325 int32_t user_uid = multiuser_get_app_id(uid);
326 int32_t user_gid = multiuser_get_app_id(gid);
327 if (exclude_apps && ((user_uid >= AID_APP_START && user_uid <= AID_APP_END)
328 || (user_gid >= AID_CACHE_GID_START && user_gid <= AID_CACHE_GID_END)
329 || (user_gid >= AID_SHARED_GID_START && user_gid <= AID_SHARED_GID_END))) {
330 // Don't traverse inside or measure
331 fts_set(fts, p, FTS_SKIP);
332 break;
333 }
334 if (include_gid != -1 && gid != include_gid) {
335 break;
336 }
337 if (exclude_gid != -1 && gid == exclude_gid) {
338 break;
339 }
340 matchedSize += (p->fts_statp->st_blocks * 512);
341 break;
342 }
343 }
344 fts_close(fts);
345 #if MEASURE_DEBUG
346 if ((include_gid == -1) && (exclude_gid == -1)) {
347 LOG(DEBUG) << "Measured " << path << " size " << matchedSize;
348 } else {
349 LOG(DEBUG) << "Measured " << path << " size " << matchedSize << "; include " << include_gid
350 << " exclude " << exclude_gid;
351 }
352 #endif
353 *size += matchedSize;
354 return 0;
355 }
356
create_move_path(char path[PKG_PATH_MAX],const char * pkgname,const char * leaf,userid_t userid ATTRIBUTE_UNUSED)357 int create_move_path(char path[PKG_PATH_MAX],
358 const char* pkgname,
359 const char* leaf,
360 userid_t userid ATTRIBUTE_UNUSED)
361 {
362 if ((android_data_dir.len + strlen(PRIMARY_USER_PREFIX) + strlen(pkgname) + strlen(leaf) + 1)
363 >= PKG_PATH_MAX) {
364 return -1;
365 }
366
367 sprintf(path, "%s%s%s/%s", android_data_dir.path, PRIMARY_USER_PREFIX, pkgname, leaf);
368 return 0;
369 }
370
371 /**
372 * Checks whether the package name is valid. Returns -1 on error and
373 * 0 on success.
374 */
is_valid_package_name(const std::string & packageName)375 bool is_valid_package_name(const std::string& packageName) {
376 // This logic is borrowed from PackageParser.java
377 bool hasSep = false;
378 bool front = true;
379
380 auto it = packageName.begin();
381 for (; it != packageName.end() && *it != '-'; it++) {
382 char c = *it;
383 if ((c >= 'a' && c <= 'z') || (c >= 'A' && c <= 'Z')) {
384 front = false;
385 continue;
386 }
387 if (!front) {
388 if ((c >= '0' && c <= '9') || c == '_') {
389 continue;
390 }
391 }
392 if (c == '.') {
393 hasSep = true;
394 front = true;
395 continue;
396 }
397 LOG(WARNING) << "Bad package character " << c << " in " << packageName;
398 return false;
399 }
400
401 if (front) {
402 LOG(WARNING) << "Missing separator in " << packageName;
403 return false;
404 }
405
406 for (; it != packageName.end(); it++) {
407 char c = *it;
408 if ((c >= 'a' && c <= 'z') || (c >= 'A' && c <= 'Z')) continue;
409 if ((c >= '0' && c <= '9') || c == '_' || c == '-' || c == '=') continue;
410 LOG(WARNING) << "Bad suffix character " << c << " in " << packageName;
411 return false;
412 }
413
414 return true;
415 }
416
_delete_dir_contents(DIR * d,int (* exclusion_predicate)(const char * name,const int is_dir))417 static int _delete_dir_contents(DIR *d,
418 int (*exclusion_predicate)(const char *name, const int is_dir))
419 {
420 int result = 0;
421 struct dirent *de;
422 int dfd;
423
424 dfd = dirfd(d);
425
426 if (dfd < 0) return -1;
427
428 while ((de = readdir(d))) {
429 const char *name = de->d_name;
430
431 /* check using the exclusion predicate, if provided */
432 if (exclusion_predicate && exclusion_predicate(name, (de->d_type == DT_DIR))) {
433 continue;
434 }
435
436 if (de->d_type == DT_DIR) {
437 int subfd;
438 DIR *subdir;
439
440 /* always skip "." and ".." */
441 if (name[0] == '.') {
442 if (name[1] == 0) continue;
443 if ((name[1] == '.') && (name[2] == 0)) continue;
444 }
445
446 subfd = openat(dfd, name, O_RDONLY | O_DIRECTORY | O_NOFOLLOW | O_CLOEXEC);
447 if (subfd < 0) {
448 ALOGE("Couldn't openat %s: %s\n", name, strerror(errno));
449 result = -1;
450 continue;
451 }
452 subdir = fdopendir(subfd);
453 if (subdir == NULL) {
454 ALOGE("Couldn't fdopendir %s: %s\n", name, strerror(errno));
455 close(subfd);
456 result = -1;
457 continue;
458 }
459 if (_delete_dir_contents(subdir, exclusion_predicate)) {
460 result = -1;
461 }
462 closedir(subdir);
463 if (unlinkat(dfd, name, AT_REMOVEDIR) < 0) {
464 ALOGE("Couldn't unlinkat %s: %s\n", name, strerror(errno));
465 result = -1;
466 }
467 } else {
468 if (unlinkat(dfd, name, 0) < 0) {
469 ALOGE("Couldn't unlinkat %s: %s\n", name, strerror(errno));
470 result = -1;
471 }
472 }
473 }
474
475 return result;
476 }
477
delete_dir_contents(const std::string & pathname,bool ignore_if_missing)478 int delete_dir_contents(const std::string& pathname, bool ignore_if_missing) {
479 return delete_dir_contents(pathname.c_str(), 0, NULL, ignore_if_missing);
480 }
481
delete_dir_contents_and_dir(const std::string & pathname,bool ignore_if_missing)482 int delete_dir_contents_and_dir(const std::string& pathname, bool ignore_if_missing) {
483 return delete_dir_contents(pathname.c_str(), 1, NULL, ignore_if_missing);
484 }
485
delete_dir_contents(const char * pathname,int also_delete_dir,int (* exclusion_predicate)(const char *,const int),bool ignore_if_missing)486 int delete_dir_contents(const char *pathname,
487 int also_delete_dir,
488 int (*exclusion_predicate)(const char*, const int),
489 bool ignore_if_missing)
490 {
491 int res = 0;
492 DIR *d;
493
494 d = opendir(pathname);
495 if (d == NULL) {
496 if (ignore_if_missing && (errno == ENOENT)) {
497 return 0;
498 }
499 ALOGE("Couldn't opendir %s: %s\n", pathname, strerror(errno));
500 return -errno;
501 }
502 res = _delete_dir_contents(d, exclusion_predicate);
503 closedir(d);
504 if (also_delete_dir) {
505 if (rmdir(pathname)) {
506 ALOGE("Couldn't rmdir %s: %s\n", pathname, strerror(errno));
507 res = -1;
508 }
509 }
510 return res;
511 }
512
delete_dir_contents_fd(int dfd,const char * name)513 int delete_dir_contents_fd(int dfd, const char *name)
514 {
515 int fd, res;
516 DIR *d;
517
518 fd = openat(dfd, name, O_RDONLY | O_DIRECTORY | O_NOFOLLOW | O_CLOEXEC);
519 if (fd < 0) {
520 ALOGE("Couldn't openat %s: %s\n", name, strerror(errno));
521 return -1;
522 }
523 d = fdopendir(fd);
524 if (d == NULL) {
525 ALOGE("Couldn't fdopendir %s: %s\n", name, strerror(errno));
526 close(fd);
527 return -1;
528 }
529 res = _delete_dir_contents(d, 0);
530 closedir(d);
531 return res;
532 }
533
_copy_owner_permissions(int srcfd,int dstfd)534 static int _copy_owner_permissions(int srcfd, int dstfd)
535 {
536 struct stat st;
537 if (fstat(srcfd, &st) != 0) {
538 return -1;
539 }
540 if (fchmod(dstfd, st.st_mode) != 0) {
541 return -1;
542 }
543 return 0;
544 }
545
_copy_dir_files(int sdfd,int ddfd,uid_t owner,gid_t group)546 static int _copy_dir_files(int sdfd, int ddfd, uid_t owner, gid_t group)
547 {
548 int result = 0;
549 if (_copy_owner_permissions(sdfd, ddfd) != 0) {
550 ALOGE("_copy_dir_files failed to copy dir permissions\n");
551 }
552 if (fchown(ddfd, owner, group) != 0) {
553 ALOGE("_copy_dir_files failed to change dir owner\n");
554 }
555
556 DIR *ds = fdopendir(sdfd);
557 if (ds == NULL) {
558 ALOGE("Couldn't fdopendir: %s\n", strerror(errno));
559 return -1;
560 }
561 struct dirent *de;
562 while ((de = readdir(ds))) {
563 if (de->d_type != DT_REG) {
564 continue;
565 }
566
567 const char *name = de->d_name;
568 int fsfd = openat(sdfd, name, O_RDONLY | O_NOFOLLOW | O_CLOEXEC);
569 int fdfd = openat(ddfd, name, O_WRONLY | O_NOFOLLOW | O_CLOEXEC | O_CREAT, 0600);
570 if (fsfd == -1 || fdfd == -1) {
571 ALOGW("Couldn't copy %s: %s\n", name, strerror(errno));
572 } else {
573 if (_copy_owner_permissions(fsfd, fdfd) != 0) {
574 ALOGE("Failed to change file permissions\n");
575 }
576 if (fchown(fdfd, owner, group) != 0) {
577 ALOGE("Failed to change file owner\n");
578 }
579
580 char buf[8192];
581 ssize_t size;
582 while ((size = read(fsfd, buf, sizeof(buf))) > 0) {
583 write(fdfd, buf, size);
584 }
585 if (size < 0) {
586 ALOGW("Couldn't copy %s: %s\n", name, strerror(errno));
587 result = -1;
588 }
589 }
590 close(fdfd);
591 close(fsfd);
592 }
593
594 return result;
595 }
596
copy_dir_files(const char * srcname,const char * dstname,uid_t owner,uid_t group)597 int copy_dir_files(const char *srcname,
598 const char *dstname,
599 uid_t owner,
600 uid_t group)
601 {
602 int res = 0;
603 DIR *ds = NULL;
604 DIR *dd = NULL;
605
606 ds = opendir(srcname);
607 if (ds == NULL) {
608 ALOGE("Couldn't opendir %s: %s\n", srcname, strerror(errno));
609 return -errno;
610 }
611
612 mkdir(dstname, 0600);
613 dd = opendir(dstname);
614 if (dd == NULL) {
615 ALOGE("Couldn't opendir %s: %s\n", dstname, strerror(errno));
616 closedir(ds);
617 return -errno;
618 }
619
620 int sdfd = dirfd(ds);
621 int ddfd = dirfd(dd);
622 if (sdfd != -1 && ddfd != -1) {
623 res = _copy_dir_files(sdfd, ddfd, owner, group);
624 } else {
625 res = -errno;
626 }
627 closedir(dd);
628 closedir(ds);
629 return res;
630 }
631
data_disk_free(const std::string & data_path)632 int64_t data_disk_free(const std::string& data_path) {
633 struct statvfs sfs;
634 if (statvfs(data_path.c_str(), &sfs) == 0) {
635 return sfs.f_bavail * sfs.f_frsize;
636 } else {
637 PLOG(ERROR) << "Couldn't statvfs " << data_path;
638 return -1;
639 }
640 }
641
get_path_inode(const std::string & path,ino_t * inode)642 int get_path_inode(const std::string& path, ino_t *inode) {
643 struct stat buf;
644 memset(&buf, 0, sizeof(buf));
645 if (stat(path.c_str(), &buf) != 0) {
646 PLOG(WARNING) << "Failed to stat " << path;
647 return -1;
648 } else {
649 *inode = buf.st_ino;
650 return 0;
651 }
652 }
653
654 /**
655 * Write the inode of a specific child file into the given xattr on the
656 * parent directory. This allows you to find the child later, even if its
657 * name is encrypted.
658 */
write_path_inode(const std::string & parent,const char * name,const char * inode_xattr)659 int write_path_inode(const std::string& parent, const char* name, const char* inode_xattr) {
660 ino_t inode = 0;
661 uint64_t inode_raw = 0;
662 auto path = StringPrintf("%s/%s", parent.c_str(), name);
663
664 if (get_path_inode(path, &inode) != 0) {
665 // Path probably doesn't exist yet; ignore
666 return 0;
667 }
668
669 // Check to see if already set correctly
670 if (getxattr(parent.c_str(), inode_xattr, &inode_raw, sizeof(inode_raw)) == sizeof(inode_raw)) {
671 if (inode_raw == inode) {
672 // Already set correctly; skip writing
673 return 0;
674 } else {
675 PLOG(WARNING) << "Mismatched inode value; found " << inode
676 << " on disk but marked value was " << inode_raw << "; overwriting";
677 }
678 }
679
680 inode_raw = inode;
681 if (setxattr(parent.c_str(), inode_xattr, &inode_raw, sizeof(inode_raw), 0) != 0 && errno != EOPNOTSUPP) {
682 PLOG(ERROR) << "Failed to write xattr " << inode_xattr << " at " << parent;
683 return -1;
684 } else {
685 return 0;
686 }
687 }
688
689 /**
690 * Read the inode of a specific child file from the given xattr on the
691 * parent directory. Returns a currently valid path for that child, which
692 * might have an encrypted name.
693 */
read_path_inode(const std::string & parent,const char * name,const char * inode_xattr)694 std::string read_path_inode(const std::string& parent, const char* name, const char* inode_xattr) {
695 ino_t inode = 0;
696 uint64_t inode_raw = 0;
697 auto fallback = StringPrintf("%s/%s", parent.c_str(), name);
698
699 // Lookup the inode value written earlier
700 if (getxattr(parent.c_str(), inode_xattr, &inode_raw, sizeof(inode_raw)) == sizeof(inode_raw)) {
701 inode = inode_raw;
702 }
703
704 // For testing purposes, rely on the inode when defined; this could be
705 // optimized to use access() in the future.
706 if (inode != 0) {
707 DIR* dir = opendir(parent.c_str());
708 if (dir == nullptr) {
709 PLOG(ERROR) << "Failed to opendir " << parent;
710 return fallback;
711 }
712
713 struct dirent* ent;
714 while ((ent = readdir(dir))) {
715 if (ent->d_ino == inode) {
716 auto resolved = StringPrintf("%s/%s", parent.c_str(), ent->d_name);
717 #if DEBUG_XATTRS
718 if (resolved != fallback) {
719 LOG(DEBUG) << "Resolved path " << resolved << " for inode " << inode
720 << " instead of " << fallback;
721 }
722 #endif
723 closedir(dir);
724 return resolved;
725 }
726 }
727 LOG(WARNING) << "Failed to resolve inode " << inode << "; using " << fallback;
728 closedir(dir);
729 return fallback;
730 } else {
731 return fallback;
732 }
733 }
734
735 /**
736 * Validate that the path is valid in the context of the provided directory.
737 * The path is allowed to have at most one subdirectory and no indirections
738 * to top level directories (i.e. have "..").
739 */
validate_path(const dir_rec_t * dir,const char * path,int maxSubdirs)740 static int validate_path(const dir_rec_t* dir, const char* path, int maxSubdirs) {
741 size_t dir_len = dir->len;
742 const char* subdir = strchr(path + dir_len, '/');
743
744 // Only allow the path to have at most one subdirectory.
745 if (subdir != NULL) {
746 ++subdir;
747 if ((--maxSubdirs == 0) && strchr(subdir, '/') != NULL) {
748 ALOGE("invalid apk path '%s' (subdir?)\n", path);
749 return -1;
750 }
751 }
752
753 // Directories can't have a period directly after the directory markers to prevent "..".
754 if ((path[dir_len] == '.') || ((subdir != NULL) && (*subdir == '.'))) {
755 ALOGE("invalid apk path '%s' (trickery)\n", path);
756 return -1;
757 }
758
759 return 0;
760 }
761
762 /**
763 * Checks whether a path points to a system app (.apk file). Returns 0
764 * if it is a system app or -1 if it is not.
765 */
validate_system_app_path(const char * path)766 int validate_system_app_path(const char* path) {
767 size_t i;
768
769 for (i = 0; i < android_system_dirs.count; i++) {
770 const size_t dir_len = android_system_dirs.dirs[i].len;
771 if (!strncmp(path, android_system_dirs.dirs[i].path, dir_len)) {
772 return validate_path(android_system_dirs.dirs + i, path, 1);
773 }
774 }
775
776 return -1;
777 }
778
validate_secondary_dex_path(const std::string & pkgname,const std::string & dex_path,const char * volume_uuid,int uid,int storage_flag)779 bool validate_secondary_dex_path(const std::string& pkgname, const std::string& dex_path,
780 const char* volume_uuid, int uid, int storage_flag) {
781 CHECK(storage_flag == FLAG_STORAGE_CE || storage_flag == FLAG_STORAGE_DE);
782
783 std::string app_private_dir = storage_flag == FLAG_STORAGE_CE
784 ? create_data_user_ce_package_path(
785 volume_uuid, multiuser_get_user_id(uid), pkgname.c_str())
786 : create_data_user_de_package_path(
787 volume_uuid, multiuser_get_user_id(uid), pkgname.c_str());
788 dir_rec_t dir;
789 if (get_path_from_string(&dir, app_private_dir.c_str()) != 0) {
790 LOG(WARNING) << "Could not get dir rec for " << app_private_dir;
791 return false;
792 }
793 // Usually secondary dex files have a nested directory structure.
794 // Pick at most 10 subdirectories when validating (arbitrary value).
795 // If the secondary dex file is >10 directory nested then validation will
796 // fail and the file will not be compiled.
797 return validate_path(&dir, dex_path.c_str(), /*max_subdirs*/ 10) == 0;
798 }
799
800 /**
801 * Get the contents of a environment variable that contains a path. Caller
802 * owns the string that is inserted into the directory record. Returns
803 * 0 on success and -1 on error.
804 */
get_path_from_env(dir_rec_t * rec,const char * var)805 int get_path_from_env(dir_rec_t* rec, const char* var) {
806 const char* path = getenv(var);
807 int ret = get_path_from_string(rec, path);
808 if (ret < 0) {
809 ALOGW("Problem finding value for environment variable %s\n", var);
810 }
811 return ret;
812 }
813
814 /**
815 * Puts the string into the record as a directory. Appends '/' to the end
816 * of all paths. Caller owns the string that is inserted into the directory
817 * record. A null value will result in an error.
818 *
819 * Returns 0 on success and -1 on error.
820 */
get_path_from_string(dir_rec_t * rec,const char * path)821 int get_path_from_string(dir_rec_t* rec, const char* path) {
822 if (path == NULL) {
823 return -1;
824 } else {
825 const size_t path_len = strlen(path);
826 if (path_len <= 0) {
827 return -1;
828 }
829
830 // Make sure path is absolute.
831 if (path[0] != '/') {
832 return -1;
833 }
834
835 if (path[path_len - 1] == '/') {
836 // Path ends with a forward slash. Make our own copy.
837
838 rec->path = strdup(path);
839 if (rec->path == NULL) {
840 return -1;
841 }
842
843 rec->len = path_len;
844 } else {
845 // Path does not end with a slash. Generate a new string.
846 char *dst;
847
848 // Add space for slash and terminating null.
849 size_t dst_size = path_len + 2;
850
851 rec->path = (char*) malloc(dst_size);
852 if (rec->path == NULL) {
853 return -1;
854 }
855
856 dst = rec->path;
857
858 if (append_and_increment(&dst, path, &dst_size) < 0
859 || append_and_increment(&dst, "/", &dst_size)) {
860 ALOGE("Error canonicalizing path");
861 return -1;
862 }
863
864 rec->len = dst - rec->path;
865 }
866 }
867 return 0;
868 }
869
copy_and_append(dir_rec_t * dst,const dir_rec_t * src,const char * suffix)870 int copy_and_append(dir_rec_t* dst, const dir_rec_t* src, const char* suffix) {
871 dst->len = src->len + strlen(suffix);
872 const size_t dstSize = dst->len + 1;
873 dst->path = (char*) malloc(dstSize);
874
875 if (dst->path == NULL
876 || snprintf(dst->path, dstSize, "%s%s", src->path, suffix)
877 != (ssize_t) dst->len) {
878 ALOGE("Could not allocate memory to hold appended path; aborting\n");
879 return -1;
880 }
881
882 return 0;
883 }
884
885 /**
886 * Check whether path points to a valid path for an APK file. The path must
887 * begin with a whitelisted prefix path and must be no deeper than |maxSubdirs| within
888 * that path. Returns -1 when an invalid path is encountered and 0 when a valid path
889 * is encountered.
890 */
validate_apk_path_internal(const char * path,int maxSubdirs)891 static int validate_apk_path_internal(const char *path, int maxSubdirs) {
892 const dir_rec_t* dir = NULL;
893 if (!strncmp(path, android_app_dir.path, android_app_dir.len)) {
894 dir = &android_app_dir;
895 } else if (!strncmp(path, android_app_private_dir.path, android_app_private_dir.len)) {
896 dir = &android_app_private_dir;
897 } else if (!strncmp(path, android_app_ephemeral_dir.path, android_app_ephemeral_dir.len)) {
898 dir = &android_app_ephemeral_dir;
899 } else if (!strncmp(path, android_asec_dir.path, android_asec_dir.len)) {
900 dir = &android_asec_dir;
901 } else if (!strncmp(path, android_mnt_expand_dir.path, android_mnt_expand_dir.len)) {
902 dir = &android_mnt_expand_dir;
903 if (maxSubdirs < 2) {
904 maxSubdirs = 2;
905 }
906 } else {
907 return -1;
908 }
909
910 return validate_path(dir, path, maxSubdirs);
911 }
912
validate_apk_path(const char * path)913 int validate_apk_path(const char* path) {
914 return validate_apk_path_internal(path, 1 /* maxSubdirs */);
915 }
916
validate_apk_path_subdirs(const char * path)917 int validate_apk_path_subdirs(const char* path) {
918 return validate_apk_path_internal(path, 3 /* maxSubdirs */);
919 }
920
append_and_increment(char ** dst,const char * src,size_t * dst_size)921 int append_and_increment(char** dst, const char* src, size_t* dst_size) {
922 ssize_t ret = strlcpy(*dst, src, *dst_size);
923 if (ret < 0 || (size_t) ret >= *dst_size) {
924 return -1;
925 }
926 *dst += ret;
927 *dst_size -= ret;
928 return 0;
929 }
930
build_string2(const char * s1,const char * s2)931 char *build_string2(const char *s1, const char *s2) {
932 if (s1 == NULL || s2 == NULL) return NULL;
933
934 int len_s1 = strlen(s1);
935 int len_s2 = strlen(s2);
936 int len = len_s1 + len_s2 + 1;
937 char *result = (char *) malloc(len);
938 if (result == NULL) return NULL;
939
940 strcpy(result, s1);
941 strcpy(result + len_s1, s2);
942
943 return result;
944 }
945
build_string3(const char * s1,const char * s2,const char * s3)946 char *build_string3(const char *s1, const char *s2, const char *s3) {
947 if (s1 == NULL || s2 == NULL || s3 == NULL) return NULL;
948
949 int len_s1 = strlen(s1);
950 int len_s2 = strlen(s2);
951 int len_s3 = strlen(s3);
952 int len = len_s1 + len_s2 + len_s3 + 1;
953 char *result = (char *) malloc(len);
954 if (result == NULL) return NULL;
955
956 strcpy(result, s1);
957 strcpy(result + len_s1, s2);
958 strcpy(result + len_s1 + len_s2, s3);
959
960 return result;
961 }
962
ensure_config_user_dirs(userid_t userid)963 int ensure_config_user_dirs(userid_t userid) {
964 // writable by system, readable by any app within the same user
965 const int uid = multiuser_get_uid(userid, AID_SYSTEM);
966 const int gid = multiuser_get_uid(userid, AID_EVERYBODY);
967
968 // Ensure /data/misc/user/<userid> exists
969 auto path = create_data_misc_legacy_path(userid);
970 return fs_prepare_dir(path.c_str(), 0750, uid, gid);
971 }
972
wait_child(pid_t pid)973 int wait_child(pid_t pid)
974 {
975 int status;
976 pid_t got_pid;
977
978 while (1) {
979 got_pid = waitpid(pid, &status, 0);
980 if (got_pid == -1 && errno == EINTR) {
981 printf("waitpid interrupted, retrying\n");
982 } else {
983 break;
984 }
985 }
986 if (got_pid != pid) {
987 ALOGW("waitpid failed: wanted %d, got %d: %s\n",
988 (int) pid, (int) got_pid, strerror(errno));
989 return 1;
990 }
991
992 if (WIFEXITED(status) && WEXITSTATUS(status) == 0) {
993 return 0;
994 } else {
995 return status; /* always nonzero */
996 }
997 }
998
999 /**
1000 * Prepare an app cache directory, which offers to fix-up the GID and
1001 * directory mode flags during a platform upgrade.
1002 * The app cache directory path will be 'parent'/'name'.
1003 */
prepare_app_cache_dir(const std::string & parent,const char * name,mode_t target_mode,uid_t uid,gid_t gid)1004 int prepare_app_cache_dir(const std::string& parent, const char* name, mode_t target_mode,
1005 uid_t uid, gid_t gid) {
1006 auto path = StringPrintf("%s/%s", parent.c_str(), name);
1007 struct stat st;
1008 if (stat(path.c_str(), &st) != 0) {
1009 if (errno == ENOENT) {
1010 // This is fine, just create it
1011 if (fs_prepare_dir_strict(path.c_str(), target_mode, uid, gid) != 0) {
1012 PLOG(ERROR) << "Failed to prepare " << path;
1013 return -1;
1014 } else {
1015 return 0;
1016 }
1017 } else {
1018 PLOG(ERROR) << "Failed to stat " << path;
1019 return -1;
1020 }
1021 }
1022
1023 mode_t actual_mode = st.st_mode & (S_IRWXU | S_IRWXG | S_IRWXO | S_ISGID);
1024 if (st.st_uid != uid) {
1025 // Mismatched UID is real trouble; we can't recover
1026 LOG(ERROR) << "Mismatched UID at " << path << ": found " << st.st_uid
1027 << " but expected " << uid;
1028 return -1;
1029 } else if (st.st_gid == gid && actual_mode == target_mode) {
1030 // Everything looks good!
1031 return 0;
1032 } else {
1033 // Mismatched GID/mode is recoverable; fall through to update
1034 LOG(DEBUG) << "Mismatched cache GID/mode at " << path << ": found " << st.st_gid
1035 << " but expected " << gid;
1036 }
1037
1038 // Directory is owned correctly, but GID or mode mismatch means it's
1039 // probably a platform upgrade so we need to fix them
1040 FTS *fts;
1041 FTSENT *p;
1042 char *argv[] = { (char*) path.c_str(), nullptr };
1043 if (!(fts = fts_open(argv, FTS_PHYSICAL | FTS_NOCHDIR | FTS_XDEV, NULL))) {
1044 PLOG(ERROR) << "Failed to fts_open " << path;
1045 return -1;
1046 }
1047 while ((p = fts_read(fts)) != NULL) {
1048 switch (p->fts_info) {
1049 case FTS_DP:
1050 if (chmod(p->fts_path, target_mode) != 0) {
1051 PLOG(WARNING) << "Failed to chmod " << p->fts_path;
1052 }
1053 // Intentional fall through to also set GID
1054 case FTS_F:
1055 if (chown(p->fts_path, -1, gid) != 0) {
1056 PLOG(WARNING) << "Failed to chown " << p->fts_path;
1057 }
1058 break;
1059 case FTS_SL:
1060 case FTS_SLNONE:
1061 if (lchown(p->fts_path, -1, gid) != 0) {
1062 PLOG(WARNING) << "Failed to chown " << p->fts_path;
1063 }
1064 break;
1065 }
1066 }
1067 fts_close(fts);
1068 return 0;
1069 }
1070
1071 } // namespace installd
1072 } // namespace android
1073