1 /*
2 ** Copyright 2008, The Android Open Source Project
3 **
4 ** Licensed under the Apache License, Version 2.0 (the "License");
5 ** you may not use this file except in compliance with the License.
6 ** You may obtain a copy of the License at
7 **
8 ** http://www.apache.org/licenses/LICENSE-2.0
9 **
10 ** Unless required by applicable law or agreed to in writing, software
11 ** distributed under the License is distributed on an "AS IS" BASIS,
12 ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 ** See the License for the specific language governing permissions and
14 ** limitations under the License.
15 */
16
17 #include "utils.h"
18
19 #include <errno.h>
20 #include <fcntl.h>
21 #include <fts.h>
22 #include <stdlib.h>
23 #include <sys/stat.h>
24 #include <sys/wait.h>
25 #include <sys/xattr.h>
26 #include <sys/statvfs.h>
27
28 #include <android-base/logging.h>
29 #include <android-base/strings.h>
30 #include <android-base/stringprintf.h>
31 #include <android-base/unique_fd.h>
32 #include <cutils/fs.h>
33 #include <cutils/properties.h>
34 #include <log/log.h>
35 #include <private/android_filesystem_config.h>
36
37 #include "globals.h" // extern variables.
38
39 #ifndef LOG_TAG
40 #define LOG_TAG "installd"
41 #endif
42
43 #define DEBUG_XATTRS 0
44
45 using android::base::EndsWith;
46 using android::base::StringPrintf;
47 using android::base::unique_fd;
48
49 namespace android {
50 namespace installd {
51
52 /**
53 * Check that given string is valid filename, and that it attempts no
54 * parent or child directory traversal.
55 */
is_valid_filename(const std::string & name)56 bool is_valid_filename(const std::string& name) {
57 if (name.empty() || (name == ".") || (name == "..")
58 || (name.find('/') != std::string::npos)) {
59 return false;
60 } else {
61 return true;
62 }
63 }
64
check_package_name(const char * package_name)65 static void check_package_name(const char* package_name) {
66 CHECK(is_valid_filename(package_name));
67 CHECK(is_valid_package_name(package_name));
68 }
69
70 /**
71 * Create the path name where package app contents should be stored for
72 * the given volume UUID and package name. An empty UUID is assumed to
73 * be internal storage.
74 */
create_data_app_package_path(const char * volume_uuid,const char * package_name)75 std::string create_data_app_package_path(const char* volume_uuid,
76 const char* package_name) {
77 check_package_name(package_name);
78 return StringPrintf("%s/%s",
79 create_data_app_path(volume_uuid).c_str(), package_name);
80 }
81
82 /**
83 * Create the path name where package data should be stored for the given
84 * volume UUID, package name, and user ID. An empty UUID is assumed to be
85 * internal storage.
86 */
create_data_user_ce_package_path(const char * volume_uuid,userid_t user,const char * package_name)87 std::string create_data_user_ce_package_path(const char* volume_uuid,
88 userid_t user, const char* package_name) {
89 check_package_name(package_name);
90 return StringPrintf("%s/%s",
91 create_data_user_ce_path(volume_uuid, user).c_str(), package_name);
92 }
93
94 /**
95 * Create the path name where package data should be stored for the given
96 * volume UUID, package name, and user ID. An empty UUID is assumed to be
97 * internal storage.
98 * Compared to create_data_user_ce_package_path this method always return the
99 * ".../user/..." directory.
100 */
create_data_user_ce_package_path_as_user_link(const char * volume_uuid,userid_t userid,const char * package_name)101 std::string create_data_user_ce_package_path_as_user_link(
102 const char* volume_uuid, userid_t userid, const char* package_name) {
103 check_package_name(package_name);
104 std::string data(create_data_path(volume_uuid));
105 return StringPrintf("%s/user/%u/%s", data.c_str(), userid, package_name);
106 }
107
create_data_user_ce_package_path(const char * volume_uuid,userid_t user,const char * package_name,ino_t ce_data_inode)108 std::string create_data_user_ce_package_path(const char* volume_uuid, userid_t user,
109 const char* package_name, ino_t ce_data_inode) {
110 // For testing purposes, rely on the inode when defined; this could be
111 // optimized to use access() in the future.
112 auto fallback = create_data_user_ce_package_path(volume_uuid, user, package_name);
113 if (ce_data_inode != 0) {
114 auto user_path = create_data_user_ce_path(volume_uuid, user);
115 DIR* dir = opendir(user_path.c_str());
116 if (dir == nullptr) {
117 PLOG(ERROR) << "Failed to opendir " << user_path;
118 return fallback;
119 }
120
121 struct dirent* ent;
122 while ((ent = readdir(dir))) {
123 if (ent->d_ino == ce_data_inode) {
124 auto resolved = StringPrintf("%s/%s", user_path.c_str(), ent->d_name);
125 #if DEBUG_XATTRS
126 if (resolved != fallback) {
127 LOG(DEBUG) << "Resolved path " << resolved << " for inode " << ce_data_inode
128 << " instead of " << fallback;
129 }
130 #endif
131 closedir(dir);
132 return resolved;
133 }
134 }
135 LOG(WARNING) << "Failed to resolve inode " << ce_data_inode << "; using " << fallback;
136 closedir(dir);
137 return fallback;
138 } else {
139 return fallback;
140 }
141 }
142
create_data_user_de_package_path(const char * volume_uuid,userid_t user,const char * package_name)143 std::string create_data_user_de_package_path(const char* volume_uuid,
144 userid_t user, const char* package_name) {
145 check_package_name(package_name);
146 return StringPrintf("%s/%s",
147 create_data_user_de_path(volume_uuid, user).c_str(), package_name);
148 }
149
create_data_path(const char * volume_uuid)150 std::string create_data_path(const char* volume_uuid) {
151 if (volume_uuid == nullptr) {
152 return "/data";
153 } else if (!strcmp(volume_uuid, "TEST")) {
154 CHECK(property_get_bool("ro.debuggable", false));
155 return "/data/local/tmp";
156 } else {
157 CHECK(is_valid_filename(volume_uuid));
158 return StringPrintf("/mnt/expand/%s", volume_uuid);
159 }
160 }
161
162 /**
163 * Create the path name for app data.
164 */
create_data_app_path(const char * volume_uuid)165 std::string create_data_app_path(const char* volume_uuid) {
166 return StringPrintf("%s/app", create_data_path(volume_uuid).c_str());
167 }
168
169 /**
170 * Create the path name for user data for a certain userid.
171 * Keep same implementation as vold to minimize path walking overhead
172 */
create_data_user_ce_path(const char * volume_uuid,userid_t userid)173 std::string create_data_user_ce_path(const char* volume_uuid, userid_t userid) {
174 std::string data(create_data_path(volume_uuid));
175 if (volume_uuid == nullptr && userid == 0) {
176 std::string legacy = StringPrintf("%s/data", data.c_str());
177 struct stat sb;
178 if (lstat(legacy.c_str(), &sb) == 0 && S_ISDIR(sb.st_mode)) {
179 /* /data/data is dir, return /data/data for legacy system */
180 return legacy;
181 }
182 }
183 return StringPrintf("%s/user/%u", data.c_str(), userid);
184 }
185
186 /**
187 * Create the path name for device encrypted user data for a certain userid.
188 */
create_data_user_de_path(const char * volume_uuid,userid_t userid)189 std::string create_data_user_de_path(const char* volume_uuid, userid_t userid) {
190 std::string data(create_data_path(volume_uuid));
191 return StringPrintf("%s/user_de/%u", data.c_str(), userid);
192 }
193
194 /**
195 * Create the path name for media for a certain userid.
196 */
create_data_media_path(const char * volume_uuid,userid_t userid)197 std::string create_data_media_path(const char* volume_uuid, userid_t userid) {
198 return StringPrintf("%s/media/%u", create_data_path(volume_uuid).c_str(), userid);
199 }
200
create_data_media_obb_path(const char * volume_uuid,const char * package_name)201 std::string create_data_media_obb_path(const char* volume_uuid, const char* package_name) {
202 return StringPrintf("%s/media/obb/%s", create_data_path(volume_uuid).c_str(), package_name);
203 }
204
create_data_media_package_path(const char * volume_uuid,userid_t userid,const char * data_type,const char * package_name)205 std::string create_data_media_package_path(const char* volume_uuid, userid_t userid,
206 const char* data_type, const char* package_name) {
207 return StringPrintf("%s/Android/%s/%s", create_data_media_path(volume_uuid, userid).c_str(),
208 data_type, package_name);
209 }
210
create_data_misc_legacy_path(userid_t userid)211 std::string create_data_misc_legacy_path(userid_t userid) {
212 return StringPrintf("%s/misc/user/%u", create_data_path(nullptr).c_str(), userid);
213 }
214
create_primary_cur_profile_dir_path(userid_t userid)215 std::string create_primary_cur_profile_dir_path(userid_t userid) {
216 return StringPrintf("%s/cur/%u", android_profiles_dir.c_str(), userid);
217 }
218
create_primary_current_profile_package_dir_path(userid_t user,const std::string & package_name)219 std::string create_primary_current_profile_package_dir_path(userid_t user,
220 const std::string& package_name) {
221 check_package_name(package_name.c_str());
222 return StringPrintf("%s/%s",
223 create_primary_cur_profile_dir_path(user).c_str(), package_name.c_str());
224 }
225
create_primary_ref_profile_dir_path()226 std::string create_primary_ref_profile_dir_path() {
227 return StringPrintf("%s/ref", android_profiles_dir.c_str());
228 }
229
create_primary_reference_profile_package_dir_path(const std::string & package_name)230 std::string create_primary_reference_profile_package_dir_path(const std::string& package_name) {
231 check_package_name(package_name.c_str());
232 return StringPrintf("%s/ref/%s", android_profiles_dir.c_str(), package_name.c_str());
233 }
234
create_data_dalvik_cache_path()235 std::string create_data_dalvik_cache_path() {
236 return "/data/dalvik-cache";
237 }
238
239 // Keep profile paths in sync with ActivityThread and LoadedApk.
240 const std::string PROFILE_EXT = ".prof";
241 const std::string CURRENT_PROFILE_EXT = ".cur";
242 const std::string SNAPSHOT_PROFILE_EXT = ".snapshot";
243
244 // Gets the parent directory and the file name for the given secondary dex path.
245 // Returns true on success, false on failure (if the dex_path does not have the expected
246 // structure).
get_secondary_dex_location(const std::string & dex_path,std::string * out_dir_name,std::string * out_file_name)247 static bool get_secondary_dex_location(const std::string& dex_path,
248 std::string* out_dir_name, std::string* out_file_name) {
249 size_t dirIndex = dex_path.rfind('/');
250 if (dirIndex == std::string::npos) {
251 return false;
252 }
253 if (dirIndex == dex_path.size() - 1) {
254 return false;
255 }
256 *out_dir_name = dex_path.substr(0, dirIndex);
257 *out_file_name = dex_path.substr(dirIndex + 1);
258
259 return true;
260 }
261
create_current_profile_path(userid_t user,const std::string & package_name,const std::string & location,bool is_secondary_dex)262 std::string create_current_profile_path(userid_t user, const std::string& package_name,
263 const std::string& location, bool is_secondary_dex) {
264 if (is_secondary_dex) {
265 // Secondary dex current profiles are stored next to the dex files under the oat folder.
266 std::string dex_dir;
267 std::string dex_name;
268 CHECK(get_secondary_dex_location(location, &dex_dir, &dex_name))
269 << "Unexpected dir structure for secondary dex " << location;
270 return StringPrintf("%s/oat/%s%s%s",
271 dex_dir.c_str(), dex_name.c_str(), CURRENT_PROFILE_EXT.c_str(),
272 PROFILE_EXT.c_str());
273 } else {
274 // Profiles for primary apks are under /data/misc/profiles/cur.
275 std::string profile_dir = create_primary_current_profile_package_dir_path(
276 user, package_name);
277 return StringPrintf("%s/%s", profile_dir.c_str(), location.c_str());
278 }
279 }
280
create_reference_profile_path(const std::string & package_name,const std::string & location,bool is_secondary_dex)281 std::string create_reference_profile_path(const std::string& package_name,
282 const std::string& location, bool is_secondary_dex) {
283 if (is_secondary_dex) {
284 // Secondary dex reference profiles are stored next to the dex files under the oat folder.
285 std::string dex_dir;
286 std::string dex_name;
287 CHECK(get_secondary_dex_location(location, &dex_dir, &dex_name))
288 << "Unexpected dir structure for secondary dex " << location;
289 return StringPrintf("%s/oat/%s%s",
290 dex_dir.c_str(), dex_name.c_str(), PROFILE_EXT.c_str());
291 } else {
292 // Reference profiles for primary apks are stored in /data/misc/profile/ref.
293 std::string profile_dir = create_primary_reference_profile_package_dir_path(package_name);
294 return StringPrintf("%s/%s", profile_dir.c_str(), location.c_str());
295 }
296 }
297
create_snapshot_profile_path(const std::string & package,const std::string & profile_name)298 std::string create_snapshot_profile_path(const std::string& package,
299 const std::string& profile_name) {
300 std::string ref_profile = create_reference_profile_path(package, profile_name,
301 /*is_secondary_dex*/ false);
302 return ref_profile + SNAPSHOT_PROFILE_EXT;
303 }
304
get_known_users(const char * volume_uuid)305 std::vector<userid_t> get_known_users(const char* volume_uuid) {
306 std::vector<userid_t> users;
307
308 // We always have an owner
309 users.push_back(0);
310
311 std::string path(create_data_path(volume_uuid) + "/" + SECONDARY_USER_PREFIX);
312 DIR* dir = opendir(path.c_str());
313 if (dir == NULL) {
314 // Unable to discover other users, but at least return owner
315 PLOG(ERROR) << "Failed to opendir " << path;
316 return users;
317 }
318
319 struct dirent* ent;
320 while ((ent = readdir(dir))) {
321 if (ent->d_type != DT_DIR) {
322 continue;
323 }
324
325 char* end;
326 userid_t user = strtol(ent->d_name, &end, 10);
327 if (*end == '\0' && user != 0) {
328 LOG(DEBUG) << "Found valid user " << user;
329 users.push_back(user);
330 }
331 }
332 closedir(dir);
333
334 return users;
335 }
336
calculate_tree_size(const std::string & path,int64_t * size,int32_t include_gid,int32_t exclude_gid,bool exclude_apps)337 int calculate_tree_size(const std::string& path, int64_t* size,
338 int32_t include_gid, int32_t exclude_gid, bool exclude_apps) {
339 FTS *fts;
340 FTSENT *p;
341 int64_t matchedSize = 0;
342 char *argv[] = { (char*) path.c_str(), nullptr };
343 if (!(fts = fts_open(argv, FTS_PHYSICAL | FTS_NOCHDIR | FTS_XDEV, NULL))) {
344 if (errno != ENOENT) {
345 PLOG(ERROR) << "Failed to fts_open " << path;
346 }
347 return -1;
348 }
349 while ((p = fts_read(fts)) != NULL) {
350 switch (p->fts_info) {
351 case FTS_D:
352 case FTS_DEFAULT:
353 case FTS_F:
354 case FTS_SL:
355 case FTS_SLNONE:
356 int32_t uid = p->fts_statp->st_uid;
357 int32_t gid = p->fts_statp->st_gid;
358 int32_t user_uid = multiuser_get_app_id(uid);
359 int32_t user_gid = multiuser_get_app_id(gid);
360 if (exclude_apps && ((user_uid >= AID_APP_START && user_uid <= AID_APP_END)
361 || (user_gid >= AID_CACHE_GID_START && user_gid <= AID_CACHE_GID_END)
362 || (user_gid >= AID_SHARED_GID_START && user_gid <= AID_SHARED_GID_END))) {
363 // Don't traverse inside or measure
364 fts_set(fts, p, FTS_SKIP);
365 break;
366 }
367 if (include_gid != -1 && gid != include_gid) {
368 break;
369 }
370 if (exclude_gid != -1 && gid == exclude_gid) {
371 break;
372 }
373 matchedSize += (p->fts_statp->st_blocks * 512);
374 break;
375 }
376 }
377 fts_close(fts);
378 #if MEASURE_DEBUG
379 if ((include_gid == -1) && (exclude_gid == -1)) {
380 LOG(DEBUG) << "Measured " << path << " size " << matchedSize;
381 } else {
382 LOG(DEBUG) << "Measured " << path << " size " << matchedSize << "; include " << include_gid
383 << " exclude " << exclude_gid;
384 }
385 #endif
386 *size += matchedSize;
387 return 0;
388 }
389
390 /**
391 * Checks whether the package name is valid. Returns -1 on error and
392 * 0 on success.
393 */
is_valid_package_name(const std::string & packageName)394 bool is_valid_package_name(const std::string& packageName) {
395 // This logic is borrowed from PackageParser.java
396 bool hasSep = false;
397 bool front = true;
398
399 auto it = packageName.begin();
400 for (; it != packageName.end() && *it != '-'; it++) {
401 char c = *it;
402 if ((c >= 'a' && c <= 'z') || (c >= 'A' && c <= 'Z')) {
403 front = false;
404 continue;
405 }
406 if (!front) {
407 if ((c >= '0' && c <= '9') || c == '_') {
408 continue;
409 }
410 }
411 if (c == '.') {
412 hasSep = true;
413 front = true;
414 continue;
415 }
416 LOG(WARNING) << "Bad package character " << c << " in " << packageName;
417 return false;
418 }
419
420 if (front) {
421 LOG(WARNING) << "Missing separator in " << packageName;
422 return false;
423 }
424
425 for (; it != packageName.end(); it++) {
426 char c = *it;
427 if ((c >= 'a' && c <= 'z') || (c >= 'A' && c <= 'Z')) continue;
428 if ((c >= '0' && c <= '9') || c == '_' || c == '-' || c == '=') continue;
429 LOG(WARNING) << "Bad suffix character " << c << " in " << packageName;
430 return false;
431 }
432
433 return true;
434 }
435
_delete_dir_contents(DIR * d,int (* exclusion_predicate)(const char * name,const int is_dir))436 static int _delete_dir_contents(DIR *d,
437 int (*exclusion_predicate)(const char *name, const int is_dir))
438 {
439 int result = 0;
440 struct dirent *de;
441 int dfd;
442
443 dfd = dirfd(d);
444
445 if (dfd < 0) return -1;
446
447 while ((de = readdir(d))) {
448 const char *name = de->d_name;
449
450 /* check using the exclusion predicate, if provided */
451 if (exclusion_predicate && exclusion_predicate(name, (de->d_type == DT_DIR))) {
452 continue;
453 }
454
455 if (de->d_type == DT_DIR) {
456 int subfd;
457 DIR *subdir;
458
459 /* always skip "." and ".." */
460 if (name[0] == '.') {
461 if (name[1] == 0) continue;
462 if ((name[1] == '.') && (name[2] == 0)) continue;
463 }
464
465 subfd = openat(dfd, name, O_RDONLY | O_DIRECTORY | O_NOFOLLOW | O_CLOEXEC);
466 if (subfd < 0) {
467 ALOGE("Couldn't openat %s: %s\n", name, strerror(errno));
468 result = -1;
469 continue;
470 }
471 subdir = fdopendir(subfd);
472 if (subdir == NULL) {
473 ALOGE("Couldn't fdopendir %s: %s\n", name, strerror(errno));
474 close(subfd);
475 result = -1;
476 continue;
477 }
478 if (_delete_dir_contents(subdir, exclusion_predicate)) {
479 result = -1;
480 }
481 closedir(subdir);
482 if (unlinkat(dfd, name, AT_REMOVEDIR) < 0) {
483 ALOGE("Couldn't unlinkat %s: %s\n", name, strerror(errno));
484 result = -1;
485 }
486 } else {
487 if (unlinkat(dfd, name, 0) < 0) {
488 ALOGE("Couldn't unlinkat %s: %s\n", name, strerror(errno));
489 result = -1;
490 }
491 }
492 }
493
494 return result;
495 }
496
delete_dir_contents(const std::string & pathname,bool ignore_if_missing)497 int delete_dir_contents(const std::string& pathname, bool ignore_if_missing) {
498 return delete_dir_contents(pathname.c_str(), 0, NULL, ignore_if_missing);
499 }
500
delete_dir_contents_and_dir(const std::string & pathname,bool ignore_if_missing)501 int delete_dir_contents_and_dir(const std::string& pathname, bool ignore_if_missing) {
502 return delete_dir_contents(pathname.c_str(), 1, NULL, ignore_if_missing);
503 }
504
delete_dir_contents(const char * pathname,int also_delete_dir,int (* exclusion_predicate)(const char *,const int),bool ignore_if_missing)505 int delete_dir_contents(const char *pathname,
506 int also_delete_dir,
507 int (*exclusion_predicate)(const char*, const int),
508 bool ignore_if_missing)
509 {
510 int res = 0;
511 DIR *d;
512
513 d = opendir(pathname);
514 if (d == NULL) {
515 if (ignore_if_missing && (errno == ENOENT)) {
516 return 0;
517 }
518 ALOGE("Couldn't opendir %s: %s\n", pathname, strerror(errno));
519 return -errno;
520 }
521 res = _delete_dir_contents(d, exclusion_predicate);
522 closedir(d);
523 if (also_delete_dir) {
524 if (rmdir(pathname)) {
525 ALOGE("Couldn't rmdir %s: %s\n", pathname, strerror(errno));
526 res = -1;
527 }
528 }
529 return res;
530 }
531
delete_dir_contents_fd(int dfd,const char * name)532 int delete_dir_contents_fd(int dfd, const char *name)
533 {
534 int fd, res;
535 DIR *d;
536
537 fd = openat(dfd, name, O_RDONLY | O_DIRECTORY | O_NOFOLLOW | O_CLOEXEC);
538 if (fd < 0) {
539 ALOGE("Couldn't openat %s: %s\n", name, strerror(errno));
540 return -1;
541 }
542 d = fdopendir(fd);
543 if (d == NULL) {
544 ALOGE("Couldn't fdopendir %s: %s\n", name, strerror(errno));
545 close(fd);
546 return -1;
547 }
548 res = _delete_dir_contents(d, 0);
549 closedir(d);
550 return res;
551 }
552
_copy_owner_permissions(int srcfd,int dstfd)553 static int _copy_owner_permissions(int srcfd, int dstfd)
554 {
555 struct stat st;
556 if (fstat(srcfd, &st) != 0) {
557 return -1;
558 }
559 if (fchmod(dstfd, st.st_mode) != 0) {
560 return -1;
561 }
562 return 0;
563 }
564
_copy_dir_files(int sdfd,int ddfd,uid_t owner,gid_t group)565 static int _copy_dir_files(int sdfd, int ddfd, uid_t owner, gid_t group)
566 {
567 int result = 0;
568 if (_copy_owner_permissions(sdfd, ddfd) != 0) {
569 ALOGE("_copy_dir_files failed to copy dir permissions\n");
570 }
571 if (fchown(ddfd, owner, group) != 0) {
572 ALOGE("_copy_dir_files failed to change dir owner\n");
573 }
574
575 DIR *ds = fdopendir(sdfd);
576 if (ds == NULL) {
577 ALOGE("Couldn't fdopendir: %s\n", strerror(errno));
578 return -1;
579 }
580 struct dirent *de;
581 while ((de = readdir(ds))) {
582 if (de->d_type != DT_REG) {
583 continue;
584 }
585
586 const char *name = de->d_name;
587 int fsfd = openat(sdfd, name, O_RDONLY | O_NOFOLLOW | O_CLOEXEC);
588 int fdfd = openat(ddfd, name, O_WRONLY | O_NOFOLLOW | O_CLOEXEC | O_CREAT, 0600);
589 if (fsfd == -1 || fdfd == -1) {
590 ALOGW("Couldn't copy %s: %s\n", name, strerror(errno));
591 } else {
592 if (_copy_owner_permissions(fsfd, fdfd) != 0) {
593 ALOGE("Failed to change file permissions\n");
594 }
595 if (fchown(fdfd, owner, group) != 0) {
596 ALOGE("Failed to change file owner\n");
597 }
598
599 char buf[8192];
600 ssize_t size;
601 while ((size = read(fsfd, buf, sizeof(buf))) > 0) {
602 write(fdfd, buf, size);
603 }
604 if (size < 0) {
605 ALOGW("Couldn't copy %s: %s\n", name, strerror(errno));
606 result = -1;
607 }
608 }
609 close(fdfd);
610 close(fsfd);
611 }
612
613 return result;
614 }
615
copy_dir_files(const char * srcname,const char * dstname,uid_t owner,uid_t group)616 int copy_dir_files(const char *srcname,
617 const char *dstname,
618 uid_t owner,
619 uid_t group)
620 {
621 int res = 0;
622 DIR *ds = NULL;
623 DIR *dd = NULL;
624
625 ds = opendir(srcname);
626 if (ds == NULL) {
627 ALOGE("Couldn't opendir %s: %s\n", srcname, strerror(errno));
628 return -errno;
629 }
630
631 mkdir(dstname, 0600);
632 dd = opendir(dstname);
633 if (dd == NULL) {
634 ALOGE("Couldn't opendir %s: %s\n", dstname, strerror(errno));
635 closedir(ds);
636 return -errno;
637 }
638
639 int sdfd = dirfd(ds);
640 int ddfd = dirfd(dd);
641 if (sdfd != -1 && ddfd != -1) {
642 res = _copy_dir_files(sdfd, ddfd, owner, group);
643 } else {
644 res = -errno;
645 }
646 closedir(dd);
647 closedir(ds);
648 return res;
649 }
650
data_disk_free(const std::string & data_path)651 int64_t data_disk_free(const std::string& data_path) {
652 struct statvfs sfs;
653 if (statvfs(data_path.c_str(), &sfs) == 0) {
654 return static_cast<int64_t>(sfs.f_bavail) * sfs.f_frsize;
655 } else {
656 PLOG(ERROR) << "Couldn't statvfs " << data_path;
657 return -1;
658 }
659 }
660
get_path_inode(const std::string & path,ino_t * inode)661 int get_path_inode(const std::string& path, ino_t *inode) {
662 struct stat buf;
663 memset(&buf, 0, sizeof(buf));
664 if (stat(path.c_str(), &buf) != 0) {
665 PLOG(WARNING) << "Failed to stat " << path;
666 return -1;
667 } else {
668 *inode = buf.st_ino;
669 return 0;
670 }
671 }
672
673 /**
674 * Write the inode of a specific child file into the given xattr on the
675 * parent directory. This allows you to find the child later, even if its
676 * name is encrypted.
677 */
write_path_inode(const std::string & parent,const char * name,const char * inode_xattr)678 int write_path_inode(const std::string& parent, const char* name, const char* inode_xattr) {
679 ino_t inode = 0;
680 uint64_t inode_raw = 0;
681 auto path = StringPrintf("%s/%s", parent.c_str(), name);
682
683 if (get_path_inode(path, &inode) != 0) {
684 // Path probably doesn't exist yet; ignore
685 return 0;
686 }
687
688 // Check to see if already set correctly
689 if (getxattr(parent.c_str(), inode_xattr, &inode_raw, sizeof(inode_raw)) == sizeof(inode_raw)) {
690 if (inode_raw == inode) {
691 // Already set correctly; skip writing
692 return 0;
693 } else {
694 PLOG(WARNING) << "Mismatched inode value; found " << inode
695 << " on disk but marked value was " << inode_raw << "; overwriting";
696 }
697 }
698
699 inode_raw = inode;
700 if (setxattr(parent.c_str(), inode_xattr, &inode_raw, sizeof(inode_raw), 0) != 0 && errno != EOPNOTSUPP) {
701 PLOG(ERROR) << "Failed to write xattr " << inode_xattr << " at " << parent;
702 return -1;
703 } else {
704 return 0;
705 }
706 }
707
708 /**
709 * Read the inode of a specific child file from the given xattr on the
710 * parent directory. Returns a currently valid path for that child, which
711 * might have an encrypted name.
712 */
read_path_inode(const std::string & parent,const char * name,const char * inode_xattr)713 std::string read_path_inode(const std::string& parent, const char* name, const char* inode_xattr) {
714 ino_t inode = 0;
715 uint64_t inode_raw = 0;
716 auto fallback = StringPrintf("%s/%s", parent.c_str(), name);
717
718 // Lookup the inode value written earlier
719 if (getxattr(parent.c_str(), inode_xattr, &inode_raw, sizeof(inode_raw)) == sizeof(inode_raw)) {
720 inode = inode_raw;
721 }
722
723 // For testing purposes, rely on the inode when defined; this could be
724 // optimized to use access() in the future.
725 if (inode != 0) {
726 DIR* dir = opendir(parent.c_str());
727 if (dir == nullptr) {
728 PLOG(ERROR) << "Failed to opendir " << parent;
729 return fallback;
730 }
731
732 struct dirent* ent;
733 while ((ent = readdir(dir))) {
734 if (ent->d_ino == inode) {
735 auto resolved = StringPrintf("%s/%s", parent.c_str(), ent->d_name);
736 #if DEBUG_XATTRS
737 if (resolved != fallback) {
738 LOG(DEBUG) << "Resolved path " << resolved << " for inode " << inode
739 << " instead of " << fallback;
740 }
741 #endif
742 closedir(dir);
743 return resolved;
744 }
745 }
746 LOG(WARNING) << "Failed to resolve inode " << inode << "; using " << fallback;
747 closedir(dir);
748 return fallback;
749 } else {
750 return fallback;
751 }
752 }
753
remove_path_xattr(const std::string & path,const char * inode_xattr)754 void remove_path_xattr(const std::string& path, const char* inode_xattr) {
755 if (removexattr(path.c_str(), inode_xattr) && errno != ENODATA) {
756 PLOG(ERROR) << "Failed to remove xattr " << inode_xattr << " at " << path;
757 }
758 }
759
760 /**
761 * Validate that the path is valid in the context of the provided directory.
762 * The path is allowed to have at most one subdirectory and no indirections
763 * to top level directories (i.e. have "..").
764 */
validate_path(const std::string & dir,const std::string & path,int maxSubdirs)765 static int validate_path(const std::string& dir, const std::string& path, int maxSubdirs) {
766 // Argument sanity checking
767 if (dir.find('/') != 0 || dir.rfind('/') != dir.size() - 1
768 || dir.find("..") != std::string::npos) {
769 LOG(ERROR) << "Invalid directory " << dir;
770 return -1;
771 }
772 if (path.find("..") != std::string::npos) {
773 LOG(ERROR) << "Invalid path " << path;
774 return -1;
775 }
776
777 if (path.compare(0, dir.size(), dir) != 0) {
778 // Common case, path isn't under directory
779 return -1;
780 }
781
782 // Count number of subdirectories
783 auto pos = path.find('/', dir.size());
784 int count = 0;
785 while (pos != std::string::npos) {
786 auto next = path.find('/', pos + 1);
787 if (next > pos + 1) {
788 count++;
789 }
790 pos = next;
791 }
792
793 if (count > maxSubdirs) {
794 LOG(ERROR) << "Invalid path depth " << path << " when tested against " << dir;
795 return -1;
796 }
797
798 return 0;
799 }
800
801 /**
802 * Checks whether a path points to a system app (.apk file). Returns 0
803 * if it is a system app or -1 if it is not.
804 */
validate_system_app_path(const char * path)805 int validate_system_app_path(const char* path) {
806 std::string path_ = path;
807 for (const auto& dir : android_system_dirs) {
808 if (validate_path(dir, path, 1) == 0) {
809 return 0;
810 }
811 }
812 return -1;
813 }
814
validate_secondary_dex_path(const std::string & pkgname,const std::string & dex_path,const char * volume_uuid,int uid,int storage_flag)815 bool validate_secondary_dex_path(const std::string& pkgname, const std::string& dex_path,
816 const char* volume_uuid, int uid, int storage_flag) {
817 CHECK(storage_flag == FLAG_STORAGE_CE || storage_flag == FLAG_STORAGE_DE);
818
819 // Empty paths are not allowed.
820 if (dex_path.empty()) { return false; }
821 // First character should always be '/'. No relative paths.
822 if (dex_path[0] != '/') { return false; }
823 // The last character should not be '/'.
824 if (dex_path[dex_path.size() - 1] == '/') { return false; }
825 // There should be no '.' after the directory marker.
826 if (dex_path.find("/.") != std::string::npos) { return false; }
827 // The path should be at most PKG_PATH_MAX long.
828 if (dex_path.size() > PKG_PATH_MAX) { return false; }
829
830 // The dex_path should be under the app data directory.
831 std::string app_private_dir = storage_flag == FLAG_STORAGE_CE
832 ? create_data_user_ce_package_path(
833 volume_uuid, multiuser_get_user_id(uid), pkgname.c_str())
834 : create_data_user_de_package_path(
835 volume_uuid, multiuser_get_user_id(uid), pkgname.c_str());
836
837 if (strncmp(dex_path.c_str(), app_private_dir.c_str(), app_private_dir.size()) != 0) {
838 // The check above might fail if the dex file is accessed via the /data/user/0 symlink.
839 // If that's the case, attempt to validate against the user data link.
840 std::string app_private_dir_symlink = create_data_user_ce_package_path_as_user_link(
841 volume_uuid, multiuser_get_user_id(uid), pkgname.c_str());
842 if (strncmp(dex_path.c_str(), app_private_dir_symlink.c_str(),
843 app_private_dir_symlink.size()) != 0) {
844 return false;
845 }
846 }
847
848 // If we got here we have a valid path.
849 return true;
850 }
851
852 /**
853 * Check whether path points to a valid path for an APK file. The path must
854 * begin with a whitelisted prefix path and must be no deeper than |maxSubdirs| within
855 * that path. Returns -1 when an invalid path is encountered and 0 when a valid path
856 * is encountered.
857 */
validate_apk_path_internal(const std::string & path,int maxSubdirs)858 static int validate_apk_path_internal(const std::string& path, int maxSubdirs) {
859 if (validate_path(android_app_dir, path, maxSubdirs) == 0) {
860 return 0;
861 } else if (validate_path(android_app_private_dir, path, maxSubdirs) == 0) {
862 return 0;
863 } else if (validate_path(android_app_ephemeral_dir, path, maxSubdirs) == 0) {
864 return 0;
865 } else if (validate_path(android_asec_dir, path, maxSubdirs) == 0) {
866 return 0;
867 } else if (android::base::StartsWith(path, android_mnt_expand_dir)) {
868 // Rewrite the path as if it were on internal storage, and test that
869 size_t end = path.find('/', android_mnt_expand_dir.size() + 1);
870 if (end != std::string::npos) {
871 auto modified = path;
872 modified.replace(0, end + 1, android_data_dir);
873 return validate_apk_path_internal(modified, maxSubdirs);
874 }
875 }
876 return -1;
877 }
878
validate_apk_path(const char * path)879 int validate_apk_path(const char* path) {
880 return validate_apk_path_internal(path, 1 /* maxSubdirs */);
881 }
882
validate_apk_path_subdirs(const char * path)883 int validate_apk_path_subdirs(const char* path) {
884 return validate_apk_path_internal(path, 3 /* maxSubdirs */);
885 }
886
ensure_config_user_dirs(userid_t userid)887 int ensure_config_user_dirs(userid_t userid) {
888 // writable by system, readable by any app within the same user
889 const int uid = multiuser_get_uid(userid, AID_SYSTEM);
890 const int gid = multiuser_get_uid(userid, AID_EVERYBODY);
891
892 // Ensure /data/misc/user/<userid> exists
893 auto path = create_data_misc_legacy_path(userid);
894 return fs_prepare_dir(path.c_str(), 0750, uid, gid);
895 }
896
wait_child(pid_t pid)897 int wait_child(pid_t pid)
898 {
899 int status;
900 pid_t got_pid;
901
902 while (1) {
903 got_pid = waitpid(pid, &status, 0);
904 if (got_pid == -1 && errno == EINTR) {
905 printf("waitpid interrupted, retrying\n");
906 } else {
907 break;
908 }
909 }
910 if (got_pid != pid) {
911 ALOGW("waitpid failed: wanted %d, got %d: %s\n",
912 (int) pid, (int) got_pid, strerror(errno));
913 return 1;
914 }
915
916 if (WIFEXITED(status) && WEXITSTATUS(status) == 0) {
917 return 0;
918 } else {
919 return status; /* always nonzero */
920 }
921 }
922
923 /**
924 * Prepare an app cache directory, which offers to fix-up the GID and
925 * directory mode flags during a platform upgrade.
926 * The app cache directory path will be 'parent'/'name'.
927 */
prepare_app_cache_dir(const std::string & parent,const char * name,mode_t target_mode,uid_t uid,gid_t gid)928 int prepare_app_cache_dir(const std::string& parent, const char* name, mode_t target_mode,
929 uid_t uid, gid_t gid) {
930 auto path = StringPrintf("%s/%s", parent.c_str(), name);
931 struct stat st;
932 if (stat(path.c_str(), &st) != 0) {
933 if (errno == ENOENT) {
934 // This is fine, just create it
935 if (fs_prepare_dir_strict(path.c_str(), target_mode, uid, gid) != 0) {
936 PLOG(ERROR) << "Failed to prepare " << path;
937 return -1;
938 } else {
939 return 0;
940 }
941 } else {
942 PLOG(ERROR) << "Failed to stat " << path;
943 return -1;
944 }
945 }
946
947 mode_t actual_mode = st.st_mode & (S_IRWXU | S_IRWXG | S_IRWXO | S_ISGID);
948 if (st.st_uid != uid) {
949 // Mismatched UID is real trouble; we can't recover
950 LOG(ERROR) << "Mismatched UID at " << path << ": found " << st.st_uid
951 << " but expected " << uid;
952 return -1;
953 } else if (st.st_gid == gid && actual_mode == target_mode) {
954 // Everything looks good!
955 return 0;
956 } else {
957 // Mismatched GID/mode is recoverable; fall through to update
958 LOG(DEBUG) << "Mismatched cache GID/mode at " << path << ": found " << st.st_gid
959 << "/" << actual_mode << " but expected " << gid << "/" << target_mode;
960 }
961
962 // Directory is owned correctly, but GID or mode mismatch means it's
963 // probably a platform upgrade so we need to fix them
964 FTS *fts;
965 FTSENT *p;
966 char *argv[] = { (char*) path.c_str(), nullptr };
967 if (!(fts = fts_open(argv, FTS_PHYSICAL | FTS_NOCHDIR | FTS_XDEV, NULL))) {
968 PLOG(ERROR) << "Failed to fts_open " << path;
969 return -1;
970 }
971 while ((p = fts_read(fts)) != NULL) {
972 switch (p->fts_info) {
973 case FTS_DP:
974 if (chmod(p->fts_path, target_mode) != 0) {
975 PLOG(WARNING) << "Failed to chmod " << p->fts_path;
976 }
977 // Intentional fall through to also set GID
978 case FTS_F:
979 if (chown(p->fts_path, -1, gid) != 0) {
980 PLOG(WARNING) << "Failed to chown " << p->fts_path;
981 }
982 break;
983 case FTS_SL:
984 case FTS_SLNONE:
985 if (lchown(p->fts_path, -1, gid) != 0) {
986 PLOG(WARNING) << "Failed to chown " << p->fts_path;
987 }
988 break;
989 }
990 }
991 fts_close(fts);
992 return 0;
993 }
994
995 // Collect all non empty profiles from the given directory and puts then into profile_paths.
996 // The profiles are identified based on PROFILE_EXT extension.
997 // If a subdirectory or profile file cannot be opened the method logs a warning and moves on.
998 // It returns true if there were no errors at all, and false otherwise.
collect_profiles(DIR * d,const std::string & current_path,std::vector<std::string> * profiles_paths)999 static bool collect_profiles(DIR* d,
1000 const std::string& current_path,
1001 std::vector<std::string>* profiles_paths) {
1002 int32_t dir_fd = dirfd(d);
1003 if (dir_fd < 0) {
1004 return false;
1005 }
1006
1007 bool result = true;
1008 struct dirent* dir_entry;
1009 while ((dir_entry = readdir(d))) {
1010 std::string name = dir_entry->d_name;
1011 std::string local_path = current_path + "/" + name;
1012
1013 if (dir_entry->d_type == DT_REG) {
1014 // Check if this is a non empty profile file.
1015 if (EndsWith(name, PROFILE_EXT)) {
1016 struct stat st;
1017 if (stat(local_path.c_str(), &st) != 0) {
1018 PLOG(WARNING) << "Cannot stat local path " << local_path;
1019 result = false;
1020 continue;
1021 } else if (st.st_size > 0) {
1022 profiles_paths->push_back(local_path);
1023 }
1024 }
1025 } else if (dir_entry->d_type == DT_DIR) {
1026 // always skip "." and ".."
1027 if (name == "." || name == "..") {
1028 continue;
1029 }
1030
1031 unique_fd subdir_fd(openat(dir_fd, name.c_str(),
1032 O_RDONLY | O_DIRECTORY | O_NOFOLLOW | O_CLOEXEC));
1033 if (subdir_fd < 0) {
1034 PLOG(WARNING) << "Could not open dir path " << local_path;
1035 result = false;
1036 continue;
1037 }
1038
1039 DIR* subdir = fdopendir(subdir_fd);
1040 if (subdir == NULL) {
1041 PLOG(WARNING) << "Could not open dir path " << local_path;
1042 result = false;
1043 continue;
1044 }
1045 bool new_result = collect_profiles(subdir, local_path, profiles_paths);
1046 result = result && new_result;
1047 if (closedir(subdir) != 0) {
1048 PLOG(WARNING) << "Could not close dir path " << local_path;
1049 }
1050 }
1051 }
1052
1053 return result;
1054 }
1055
collect_profiles(std::vector<std::string> * profiles_paths)1056 bool collect_profiles(std::vector<std::string>* profiles_paths) {
1057 DIR* d = opendir(android_profiles_dir.c_str());
1058 if (d == NULL) {
1059 return false;
1060 } else {
1061 return collect_profiles(d, android_profiles_dir, profiles_paths);
1062 }
1063 }
1064
1065 } // namespace installd
1066 } // namespace android
1067