blob: 69ac979ac6054a4dd80526fb76f9b8ce45da843a [file] [log] [blame]
/*
** Copyright 2008, The Android Open Source Project
**
** Licensed under the Apache License, Version 2.0 (the "License");
** you may not use this file except in compliance with the License.
** You may obtain a copy of the License at
**
** http://www.apache.org/licenses/LICENSE-2.0
**
** Unless required by applicable law or agreed to in writing, software
** distributed under the License is distributed on an "AS IS" BASIS,
** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
** See the License for the specific language governing permissions and
** limitations under the License.
*/
#include "commands.h"
#include <errno.h>
#include <inttypes.h>
#include <regex>
#include <stdlib.h>
#include <sys/capability.h>
#include <sys/file.h>
#include <sys/resource.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <sys/xattr.h>
#include <unistd.h>
#include <android-base/logging.h>
#include <android-base/stringprintf.h>
#include <android-base/strings.h>
#include <android-base/unique_fd.h>
#include <cutils/fs.h>
#include <cutils/log.h> // TODO: Move everything to base/logging.
#include <cutils/sched_policy.h>
#include <diskusage/dirsize.h>
#include <logwrap/logwrap.h>
#include <private/android_filesystem_config.h>
#include <selinux/android.h>
#include <system/thread_defs.h>
#include <globals.h>
#include <installd_deps.h>
#include <otapreopt_utils.h>
#include <utils.h>
#ifndef LOG_TAG
#define LOG_TAG "installd"
#endif
using android::base::EndsWith;
using android::base::StringPrintf;
namespace android {
namespace installd {
static constexpr const char* kCpPath = "/system/bin/cp";
static constexpr const char* kXattrDefault = "user.default";
static constexpr const char* PKG_LIB_POSTFIX = "/lib";
static constexpr const char* CACHE_DIR_POSTFIX = "/cache";
static constexpr const char* CODE_CACHE_DIR_POSTFIX = "/code_cache";
static constexpr const char* IDMAP_PREFIX = "/data/resource-cache/";
static constexpr const char* IDMAP_SUFFIX = "@idmap";
// NOTE: keep in sync with StorageManager
static constexpr int FLAG_STORAGE_DE = 1 << 0;
static constexpr int FLAG_STORAGE_CE = 1 << 1;
// NOTE: keep in sync with Installer
static constexpr int FLAG_CLEAR_CACHE_ONLY = 1 << 8;
static constexpr int FLAG_CLEAR_CODE_CACHE_ONLY = 1 << 9;
/* dexopt needed flags matching those in dalvik.system.DexFile */
static constexpr int DEX2OAT_FROM_SCRATCH = 1;
static constexpr int DEX2OAT_FOR_BOOT_IMAGE = 2;
static constexpr int DEX2OAT_FOR_FILTER = 3;
static constexpr int DEX2OAT_FOR_RELOCATION = 4;
static constexpr int PATCHOAT_FOR_RELOCATION = 5;
#define MIN_RESTRICTED_HOME_SDK_VERSION 24 // > M
typedef int fd_t;
namespace {
constexpr const char* kDump = "android.permission.DUMP";
binder::Status checkPermission(const char* permission) {
pid_t pid;
uid_t uid;
if (checkCallingPermission(String16(permission), reinterpret_cast<int32_t*>(&pid),
reinterpret_cast<int32_t*>(&uid))) {
return binder::Status::ok();
} else {
auto err = StringPrintf("UID %d / PID %d lacks permission %s", uid, pid, permission);
return binder::Status::fromExceptionCode(binder::Status::EX_SECURITY, String8(err.c_str()));
}
}
binder::Status checkUid(uid_t expectedUid) {
uid_t uid = IPCThreadState::self()->getCallingUid();
if (uid == expectedUid || uid == AID_ROOT) {
return binder::Status::ok();
} else {
auto err = StringPrintf("UID %d is not expected UID %d", uid, expectedUid);
return binder::Status::fromExceptionCode(binder::Status::EX_SECURITY, String8(err.c_str()));
}
}
#define ENFORCE_UID(uid) { \
binder::Status status = checkUid((uid)); \
if (!status.isOk()) { \
return status; \
} \
}
} // namespace
status_t InstalldNativeService::start() {
IPCThreadState::self()->disableBackgroundScheduling(true);
status_t ret = BinderService<InstalldNativeService>::publish();
if (ret != android::OK) {
return ret;
}
sp<ProcessState> ps(ProcessState::self());
ps->startThreadPool();
ps->giveThreadPoolName();
return android::OK;
}
status_t InstalldNativeService::dump(int fd, const Vector<String16> & /* args */) {
const binder::Status dump_permission = checkPermission(kDump);
if (!dump_permission.isOk()) {
const String8 msg(dump_permission.toString8());
write(fd, msg.string(), msg.size());
return PERMISSION_DENIED;
}
std::string msg = "installd is happy\n";
write(fd, msg.c_str(), strlen(msg.c_str()));
return NO_ERROR;
}
static bool property_get_bool(const char* property_name, bool default_value = false) {
char tmp_property_value[kPropertyValueMax];
bool have_property = get_property(property_name, tmp_property_value, nullptr) > 0;
if (!have_property) {
return default_value;
}
return strcmp(tmp_property_value, "true") == 0;
}
// Keep profile paths in sync with ActivityThread.
constexpr const char* PRIMARY_PROFILE_NAME = "primary.prof";
static std::string create_primary_profile(const std::string& profile_dir) {
return StringPrintf("%s/%s", profile_dir.c_str(), PRIMARY_PROFILE_NAME);
}
/**
* Perform restorecon of the given path, but only perform recursive restorecon
* if the label of that top-level file actually changed. This can save us
* significant time by avoiding no-op traversals of large filesystem trees.
*/
static int restorecon_app_data_lazy(const std::string& path, const std::string& seInfo, uid_t uid) {
int res = 0;
char* before = nullptr;
char* after = nullptr;
// Note that SELINUX_ANDROID_RESTORECON_DATADATA flag is set by
// libselinux. Not needed here.
if (lgetfilecon(path.c_str(), &before) < 0) {
PLOG(ERROR) << "Failed before getfilecon for " << path;
goto fail;
}
if (selinux_android_restorecon_pkgdir(path.c_str(), seInfo.c_str(), uid, 0) < 0) {
PLOG(ERROR) << "Failed top-level restorecon for " << path;
goto fail;
}
if (lgetfilecon(path.c_str(), &after) < 0) {
PLOG(ERROR) << "Failed after getfilecon for " << path;
goto fail;
}
// If the initial top-level restorecon above changed the label, then go
// back and restorecon everything recursively
if (strcmp(before, after)) {
LOG(DEBUG) << "Detected label change from " << before << " to " << after << " at " << path
<< "; running recursive restorecon";
if (selinux_android_restorecon_pkgdir(path.c_str(), seInfo.c_str(), uid,
SELINUX_ANDROID_RESTORECON_RECURSE) < 0) {
PLOG(ERROR) << "Failed recursive restorecon for " << path;
goto fail;
}
}
goto done;
fail:
res = -1;
done:
free(before);
free(after);
return res;
}
static int restorecon_app_data_lazy(const std::string& parent, const char* name,
const std::string& seInfo, uid_t uid) {
return restorecon_app_data_lazy(StringPrintf("%s/%s", parent.c_str(), name), seInfo, uid);
}
static int prepare_app_dir(const std::string& path, mode_t target_mode, uid_t uid) {
if (fs_prepare_dir_strict(path.c_str(), target_mode, uid, uid) != 0) {
PLOG(ERROR) << "Failed to prepare " << path;
return -1;
}
return 0;
}
static int prepare_app_dir(const std::string& parent, const char* name, mode_t target_mode,
uid_t uid) {
return prepare_app_dir(StringPrintf("%s/%s", parent.c_str(), name), target_mode, uid);
}
binder::Status InstalldNativeService::createAppData(const std::unique_ptr<std::string>& uuid,
const std::string& packageName, int32_t userId, int32_t flags, int32_t appId,
const std::string& seInfo, int32_t targetSdkVersion) {
ENFORCE_UID(AID_SYSTEM);
const char* uuid_ = uuid ? uuid->c_str() : nullptr;
const char* pkgname = packageName.c_str();
uid_t uid = multiuser_get_uid(userId, appId);
mode_t target_mode = targetSdkVersion >= MIN_RESTRICTED_HOME_SDK_VERSION ? 0700 : 0751;
if (flags & FLAG_STORAGE_CE) {
auto path = create_data_user_ce_package_path(uuid_, userId, pkgname);
if (prepare_app_dir(path, target_mode, uid) ||
prepare_app_dir(path, "cache", 0771, uid) ||
prepare_app_dir(path, "code_cache", 0771, uid)) {
return binder::Status::fromServiceSpecificError(-1);
}
// Consider restorecon over contents if label changed
if (restorecon_app_data_lazy(path, seInfo, uid) ||
restorecon_app_data_lazy(path, "cache", seInfo, uid) ||
restorecon_app_data_lazy(path, "code_cache", seInfo, uid)) {
return binder::Status::fromServiceSpecificError(-1);
}
// Remember inode numbers of cache directories so that we can clear
// contents while CE storage is locked
if (write_path_inode(path, "cache", kXattrInodeCache) ||
write_path_inode(path, "code_cache", kXattrInodeCodeCache)) {
return binder::Status::fromServiceSpecificError(-1);
}
}
if (flags & FLAG_STORAGE_DE) {
auto path = create_data_user_de_package_path(uuid_, userId, pkgname);
if (prepare_app_dir(path, target_mode, uid)) {
// TODO: include result once 25796509 is fixed
return binder::Status::ok();
}
// Consider restorecon over contents if label changed
if (restorecon_app_data_lazy(path, seInfo, uid)) {
return binder::Status::fromServiceSpecificError(-1);
}
if (property_get_bool("dalvik.vm.usejitprofiles")) {
const std::string profile_path = create_data_user_profile_package_path(userId, pkgname);
// read-write-execute only for the app user.
if (fs_prepare_dir_strict(profile_path.c_str(), 0700, uid, uid) != 0) {
PLOG(ERROR) << "Failed to prepare " << profile_path;
return binder::Status::fromServiceSpecificError(-1);
}
std::string profile_file = create_primary_profile(profile_path);
// read-write only for the app user.
if (fs_prepare_file_strict(profile_file.c_str(), 0600, uid, uid) != 0) {
PLOG(ERROR) << "Failed to prepare " << profile_path;
return binder::Status::fromServiceSpecificError(-1);
}
const std::string ref_profile_path = create_data_ref_profile_package_path(pkgname);
// dex2oat/profman runs under the shared app gid and it needs to read/write reference
// profiles.
appid_t shared_app_gid = multiuser_get_shared_app_gid(uid);
if (fs_prepare_dir_strict(
ref_profile_path.c_str(), 0700, shared_app_gid, shared_app_gid) != 0) {
PLOG(ERROR) << "Failed to prepare " << ref_profile_path;
return binder::Status::fromServiceSpecificError(-1);
}
}
}
return binder::Status::ok();
}
binder::Status InstalldNativeService::migrateAppData(const std::unique_ptr<std::string>& uuid,
const std::string& packageName, int32_t userId, int32_t flags) {
ENFORCE_UID(AID_SYSTEM);
const char* uuid_ = uuid ? uuid->c_str() : nullptr;
const char* pkgname = packageName.c_str();
// This method only exists to upgrade system apps that have requested
// forceDeviceEncrypted, so their default storage always lives in a
// consistent location. This only works on non-FBE devices, since we
// never want to risk exposing data on a device with real CE/DE storage.
auto ce_path = create_data_user_ce_package_path(uuid_, userId, pkgname);
auto de_path = create_data_user_de_package_path(uuid_, userId, pkgname);
// If neither directory is marked as default, assume CE is default
if (getxattr(ce_path.c_str(), kXattrDefault, nullptr, 0) == -1
&& getxattr(de_path.c_str(), kXattrDefault, nullptr, 0) == -1) {
if (setxattr(ce_path.c_str(), kXattrDefault, nullptr, 0, 0) != 0) {
PLOG(ERROR) << "Failed to mark default storage " << ce_path;
return binder::Status::fromServiceSpecificError(-1);
}
}
// Migrate default data location if needed
auto target = (flags & FLAG_STORAGE_DE) ? de_path : ce_path;
auto source = (flags & FLAG_STORAGE_DE) ? ce_path : de_path;
if (getxattr(target.c_str(), kXattrDefault, nullptr, 0) == -1) {
LOG(WARNING) << "Requested default storage " << target
<< " is not active; migrating from " << source;
if (delete_dir_contents_and_dir(target) != 0) {
PLOG(ERROR) << "Failed to delete";
return binder::Status::fromServiceSpecificError(-1);
}
if (rename(source.c_str(), target.c_str()) != 0) {
PLOG(ERROR) << "Failed to rename";
return binder::Status::fromServiceSpecificError(-1);
}
}
return binder::Status::ok();
}
static bool clear_profile(const std::string& profile) {
base::unique_fd ufd(open(profile.c_str(), O_WRONLY | O_NOFOLLOW | O_CLOEXEC));
if (ufd.get() < 0) {
if (errno != ENOENT) {
PLOG(WARNING) << "Could not open profile " << profile;
return false;
} else {
// Nothing to clear. That's ok.
return true;
}
}
if (flock(ufd.get(), LOCK_EX | LOCK_NB) != 0) {
if (errno != EWOULDBLOCK) {
PLOG(WARNING) << "Error locking profile " << profile;
}
// This implies that the app owning this profile is running
// (and has acquired the lock).
//
// If we can't acquire the lock bail out since clearing is useless anyway
// (the app will write again to the profile).
//
// Note:
// This does not impact the this is not an issue for the profiling correctness.
// In case this is needed because of an app upgrade, profiles will still be
// eventually cleared by the app itself due to checksum mismatch.
// If this is needed because profman advised, then keeping the data around
// until the next run is again not an issue.
//
// If the app attempts to acquire a lock while we've held one here,
// it will simply skip the current write cycle.
return false;
}
bool truncated = ftruncate(ufd.get(), 0) == 0;
if (!truncated) {
PLOG(WARNING) << "Could not truncate " << profile;
}
if (flock(ufd.get(), LOCK_UN) != 0) {
PLOG(WARNING) << "Error unlocking profile " << profile;
}
return truncated;
}
static bool clear_reference_profile(const char* pkgname) {
std::string reference_profile_dir = create_data_ref_profile_package_path(pkgname);
std::string reference_profile = create_primary_profile(reference_profile_dir);
return clear_profile(reference_profile);
}
static bool clear_current_profile(const char* pkgname, userid_t user) {
std::string profile_dir = create_data_user_profile_package_path(user, pkgname);
std::string profile = create_primary_profile(profile_dir);
return clear_profile(profile);
}
static bool clear_current_profiles(const char* pkgname) {
bool success = true;
std::vector<userid_t> users = get_known_users(/*volume_uuid*/ nullptr);
for (auto user : users) {
success &= clear_current_profile(pkgname, user);
}
return success;
}
binder::Status InstalldNativeService::clearAppProfiles(const std::string& packageName) {
ENFORCE_UID(AID_SYSTEM);
const char* pkgname = packageName.c_str();
bool success = true;
success &= clear_reference_profile(pkgname);
success &= clear_current_profiles(pkgname);
return success ? binder::Status::ok() : binder::Status::fromServiceSpecificError(-1);
}
binder::Status InstalldNativeService::clearAppData(const std::unique_ptr<std::string>& uuid,
const std::string& packageName, int32_t userId, int32_t flags, int64_t ceDataInode) {
ENFORCE_UID(AID_SYSTEM);
const char* uuid_ = uuid ? uuid->c_str() : nullptr;
const char* pkgname = packageName.c_str();
int res = 0;
if (flags & FLAG_STORAGE_CE) {
auto path = create_data_user_ce_package_path(uuid_, userId, pkgname, ceDataInode);
if (flags & FLAG_CLEAR_CACHE_ONLY) {
path = read_path_inode(path, "cache", kXattrInodeCache);
} else if (flags & FLAG_CLEAR_CODE_CACHE_ONLY) {
path = read_path_inode(path, "code_cache", kXattrInodeCodeCache);
}
if (access(path.c_str(), F_OK) == 0) {
res |= delete_dir_contents(path);
}
}
if (flags & FLAG_STORAGE_DE) {
std::string suffix = "";
bool only_cache = false;
if (flags & FLAG_CLEAR_CACHE_ONLY) {
suffix = CACHE_DIR_POSTFIX;
only_cache = true;
} else if (flags & FLAG_CLEAR_CODE_CACHE_ONLY) {
suffix = CODE_CACHE_DIR_POSTFIX;
only_cache = true;
}
auto path = create_data_user_de_package_path(uuid_, userId, pkgname) + suffix;
if (access(path.c_str(), F_OK) == 0) {
// TODO: include result once 25796509 is fixed
delete_dir_contents(path);
}
if (!only_cache) {
if (!clear_current_profile(pkgname, userId)) {
res |= -1;
}
}
}
return res ? binder::Status::fromServiceSpecificError(-1) : binder::Status::ok();
}
static int destroy_app_reference_profile(const char *pkgname) {
return delete_dir_contents_and_dir(
create_data_ref_profile_package_path(pkgname),
/*ignore_if_missing*/ true);
}
static int destroy_app_current_profiles(const char *pkgname, userid_t userid) {
return delete_dir_contents_and_dir(
create_data_user_profile_package_path(userid, pkgname),
/*ignore_if_missing*/ true);
}
binder::Status InstalldNativeService::destroyAppProfiles(const std::string& packageName) {
ENFORCE_UID(AID_SYSTEM);
const char* pkgname = packageName.c_str();
int result = 0;
std::vector<userid_t> users = get_known_users(/*volume_uuid*/ nullptr);
for (auto user : users) {
result |= destroy_app_current_profiles(pkgname, user);
}
result |= destroy_app_reference_profile(pkgname);
return result ? binder::Status::fromServiceSpecificError(-1) : binder::Status::ok();
}
binder::Status InstalldNativeService::destroyAppData(const std::unique_ptr<std::string>& uuid,
const std::string& packageName, int32_t userId, int32_t flags, int64_t ceDataInode) {
ENFORCE_UID(AID_SYSTEM);
const char* uuid_ = uuid ? uuid->c_str() : nullptr;
const char* pkgname = packageName.c_str();
int res = 0;
if (flags & FLAG_STORAGE_CE) {
res |= delete_dir_contents_and_dir(
create_data_user_ce_package_path(uuid_, userId, pkgname, ceDataInode));
}
if (flags & FLAG_STORAGE_DE) {
res |= delete_dir_contents_and_dir(
create_data_user_de_package_path(uuid_, userId, pkgname));
destroy_app_current_profiles(pkgname, userId);
// TODO(calin): If the package is still installed by other users it's probably
// beneficial to keep the reference profile around.
// Verify if it's ok to do that.
destroy_app_reference_profile(pkgname);
}
return res ? binder::Status::fromServiceSpecificError(-1) : binder::Status::ok();
}
binder::Status InstalldNativeService::moveCompleteApp(const std::unique_ptr<std::string>& fromUuid,
const std::unique_ptr<std::string>& toUuid, const std::string& packageName,
const std::string& dataAppName, int32_t appId, const std::string& seInfo,
int32_t targetSdkVersion) {
const char* from_uuid = fromUuid ? fromUuid->c_str() : nullptr;
const char* to_uuid = toUuid ? toUuid->c_str() : nullptr;
const char* package_name = packageName.c_str();
const char* data_app_name = dataAppName.c_str();
std::vector<userid_t> users = get_known_users(from_uuid);
// Copy app
{
auto from = create_data_app_package_path(from_uuid, data_app_name);
auto to = create_data_app_package_path(to_uuid, data_app_name);
auto to_parent = create_data_app_path(to_uuid);
char *argv[] = {
(char*) kCpPath,
(char*) "-F", /* delete any existing destination file first (--remove-destination) */
(char*) "-p", /* preserve timestamps, ownership, and permissions */
(char*) "-R", /* recurse into subdirectories (DEST must be a directory) */
(char*) "-P", /* Do not follow symlinks [default] */
(char*) "-d", /* don't dereference symlinks */
(char*) from.c_str(),
(char*) to_parent.c_str()
};
LOG(DEBUG) << "Copying " << from << " to " << to;
int rc = android_fork_execvp(ARRAY_SIZE(argv), argv, NULL, false, true);
if (rc != 0) {
LOG(ERROR) << "Failed copying " << from << " to " << to
<< ": status " << rc;
goto fail;
}
if (selinux_android_restorecon(to.c_str(), SELINUX_ANDROID_RESTORECON_RECURSE) != 0) {
LOG(ERROR) << "Failed to restorecon " << to;
goto fail;
}
}
// Copy private data for all known users
for (auto user : users) {
// Data source may not exist for all users; that's okay
auto from_ce = create_data_user_ce_package_path(from_uuid, user, package_name);
if (access(from_ce.c_str(), F_OK) != 0) {
LOG(INFO) << "Missing source " << from_ce;
continue;
}
if (!createAppData(toUuid, packageName, user, FLAG_STORAGE_CE | FLAG_STORAGE_DE, appId,
seInfo, targetSdkVersion).isOk()) {
LOG(ERROR) << "Failed to create package target on " << to_uuid;
goto fail;
}
char *argv[] = {
(char*) kCpPath,
(char*) "-F", /* delete any existing destination file first (--remove-destination) */
(char*) "-p", /* preserve timestamps, ownership, and permissions */
(char*) "-R", /* recurse into subdirectories (DEST must be a directory) */
(char*) "-P", /* Do not follow symlinks [default] */
(char*) "-d", /* don't dereference symlinks */
nullptr,
nullptr
};
{
auto from = create_data_user_de_package_path(from_uuid, user, package_name);
auto to = create_data_user_de_path(to_uuid, user);
argv[6] = (char*) from.c_str();
argv[7] = (char*) to.c_str();
LOG(DEBUG) << "Copying " << from << " to " << to;
int rc = android_fork_execvp(ARRAY_SIZE(argv), argv, NULL, false, true);
if (rc != 0) {
LOG(ERROR) << "Failed copying " << from << " to " << to << " with status " << rc;
goto fail;
}
}
{
auto from = create_data_user_ce_package_path(from_uuid, user, package_name);
auto to = create_data_user_ce_path(to_uuid, user);
argv[6] = (char*) from.c_str();
argv[7] = (char*) to.c_str();
LOG(DEBUG) << "Copying " << from << " to " << to;
int rc = android_fork_execvp(ARRAY_SIZE(argv), argv, NULL, false, true);
if (rc != 0) {
LOG(ERROR) << "Failed copying " << from << " to " << to << " with status " << rc;
goto fail;
}
}
if (!restoreconAppData(toUuid, packageName, user, FLAG_STORAGE_CE | FLAG_STORAGE_DE,
appId, seInfo).isOk()) {
LOG(ERROR) << "Failed to restorecon";
goto fail;
}
}
// We let the framework scan the new location and persist that before
// deleting the data in the old location; this ordering ensures that
// we can recover from things like battery pulls.
return binder::Status::ok();
fail:
// Nuke everything we might have already copied
{
auto to = create_data_app_package_path(to_uuid, data_app_name);
if (delete_dir_contents(to.c_str(), 1, NULL) != 0) {
LOG(WARNING) << "Failed to rollback " << to;
}
}
for (auto user : users) {
{
auto to = create_data_user_de_package_path(to_uuid, user, package_name);
if (delete_dir_contents(to.c_str(), 1, NULL) != 0) {
LOG(WARNING) << "Failed to rollback " << to;
}
}
{
auto to = create_data_user_ce_package_path(to_uuid, user, package_name);
if (delete_dir_contents(to.c_str(), 1, NULL) != 0) {
LOG(WARNING) << "Failed to rollback " << to;
}
}
}
return binder::Status::fromServiceSpecificError(-1);
}
binder::Status InstalldNativeService::createUserData(const std::unique_ptr<std::string>& uuid,
int32_t userId, int32_t userSerial ATTRIBUTE_UNUSED, int32_t flags) {
ENFORCE_UID(AID_SYSTEM);
const char* uuid_ = uuid ? uuid->c_str() : nullptr;
int res = 0;
if (flags & FLAG_STORAGE_DE) {
if (uuid_ == nullptr) {
res = ensure_config_user_dirs(userId);
}
}
return res ? binder::Status::fromServiceSpecificError(-1) : binder::Status::ok();
}
binder::Status InstalldNativeService::destroyUserData(const std::unique_ptr<std::string>& uuid,
int32_t userId, int32_t flags) {
ENFORCE_UID(AID_SYSTEM);
const char* uuid_ = uuid ? uuid->c_str() : nullptr;
int res = 0;
if (flags & FLAG_STORAGE_DE) {
res |= delete_dir_contents_and_dir(create_data_user_de_path(uuid_, userId), true);
if (uuid_ == nullptr) {
res |= delete_dir_contents_and_dir(create_data_misc_legacy_path(userId), true);
res |= delete_dir_contents_and_dir(create_data_user_profiles_path(userId), true);
}
}
if (flags & FLAG_STORAGE_CE) {
res |= delete_dir_contents_and_dir(create_data_user_ce_path(uuid_, userId), true);
res |= delete_dir_contents_and_dir(create_data_media_path(uuid_, userId), true);
}
return res ? binder::Status::fromServiceSpecificError(-1) : binder::Status::ok();
}
/* Try to ensure free_size bytes of storage are available.
* Returns 0 on success.
* This is rather simple-minded because doing a full LRU would
* be potentially memory-intensive, and without atime it would
* also require that apps constantly modify file metadata even
* when just reading from the cache, which is pretty awful.
*/
binder::Status InstalldNativeService::freeCache(const std::unique_ptr<std::string>& uuid,
int64_t freeStorageSize) {
ENFORCE_UID(AID_SYSTEM);
const char* uuid_ = uuid ? uuid->c_str() : nullptr;
cache_t* cache;
int64_t avail;
auto data_path = create_data_path(uuid_);
avail = data_disk_free(data_path);
if (avail < 0) {
return binder::Status::fromServiceSpecificError(-1);
}
ALOGI("free_cache(%" PRId64 ") avail %" PRId64 "\n", freeStorageSize, avail);
if (avail >= freeStorageSize) {
return binder::Status::ok();
}
cache = start_cache_collection();
auto users = get_known_users(uuid_);
for (auto user : users) {
add_cache_files(cache, create_data_user_ce_path(uuid_, user));
add_cache_files(cache, create_data_user_de_path(uuid_, user));
add_cache_files(cache,
StringPrintf("%s/Android/data", create_data_media_path(uuid_, user).c_str()));
}
clear_cache_files(data_path, cache, freeStorageSize);
finish_cache_collection(cache);
if (data_disk_free(data_path) >= freeStorageSize) {
return binder::Status::ok();
} else {
return binder::Status::fromServiceSpecificError(-1);
}
}
binder::Status InstalldNativeService::rmdex(const std::string& codePath,
const std::string& instructionSet) {
ENFORCE_UID(AID_SYSTEM);
char dex_path[PKG_PATH_MAX];
const char* path = codePath.c_str();
const char* instruction_set = instructionSet.c_str();
if (validate_apk_path(path) && validate_system_app_path(path)) {
ALOGE("invalid apk path '%s' (bad prefix)\n", path);
return binder::Status::fromServiceSpecificError(-1);
}
if (!create_cache_path(dex_path, path, instruction_set)) {
return binder::Status::fromServiceSpecificError(-1);
}
ALOGV("unlink %s\n", dex_path);
if (unlink(dex_path) < 0) {
if (errno != ENOENT) {
ALOGE("Couldn't unlink %s: %s\n", dex_path, strerror(errno));
}
return binder::Status::fromServiceSpecificError(-1);
} else {
return binder::Status::ok();
}
}
static void add_app_data_size(std::string& path, int64_t *codesize, int64_t *datasize,
int64_t *cachesize) {
DIR *d;
int dfd;
struct dirent *de;
struct stat s;
d = opendir(path.c_str());
if (d == nullptr) {
PLOG(WARNING) << "Failed to open " << path;
return;
}
dfd = dirfd(d);
while ((de = readdir(d))) {
const char *name = de->d_name;
int64_t statsize = 0;
if (fstatat(dfd, name, &s, AT_SYMLINK_NOFOLLOW) == 0) {
statsize = stat_size(&s);
}
if (de->d_type == DT_DIR) {
int subfd;
int64_t dirsize = 0;
/* always skip "." and ".." */
if (name[0] == '.') {
if (name[1] == 0) continue;
if ((name[1] == '.') && (name[2] == 0)) continue;
}
subfd = openat(dfd, name, O_RDONLY | O_DIRECTORY);
if (subfd >= 0) {
dirsize = calculate_dir_size(subfd);
close(subfd);
}
// TODO: check xattrs!
if (!strcmp(name, "cache") || !strcmp(name, "code_cache")) {
*datasize += statsize;
*cachesize += dirsize;
} else {
*datasize += dirsize + statsize;
}
} else if (de->d_type == DT_LNK && !strcmp(name, "lib")) {
*codesize += statsize;
} else {
*datasize += statsize;
}
}
closedir(d);
}
int get_app_size(const char *uuid, const char *pkgname, int userid, int flags, ino_t ce_data_inode,
const char *code_path, int64_t *codesize, int64_t *datasize, int64_t *cachesize,
int64_t* asecsize) {
DIR *d;
int dfd;
d = opendir(code_path);
if (d != nullptr) {
dfd = dirfd(d);
*codesize += calculate_dir_size(dfd);
closedir(d);
}
if (flags & FLAG_STORAGE_CE) {
auto path = create_data_user_ce_package_path(uuid, userid, pkgname, ce_data_inode);
add_app_data_size(path, codesize, datasize, cachesize);
}
if (flags & FLAG_STORAGE_DE) {
auto path = create_data_user_de_package_path(uuid, userid, pkgname);
add_app_data_size(path, codesize, datasize, cachesize);
}
*asecsize = 0;
return 0;
}
binder::Status InstalldNativeService::getAppDataInode(const std::unique_ptr<std::string>& uuid,
const std::string& packageName, int32_t userId, int32_t flags, int64_t* _aidl_return) {
ENFORCE_UID(AID_SYSTEM);
const char* uuid_ = uuid ? uuid->c_str() : nullptr;
const char* pkgname = packageName.c_str();
int res = 0;
if (flags & FLAG_STORAGE_CE) {
auto path = create_data_user_ce_package_path(uuid_, userId, pkgname);
res = get_path_inode(path, reinterpret_cast<ino_t*>(_aidl_return));
}
return res ? binder::Status::fromServiceSpecificError(-1) : binder::Status::ok();
}
static int split_count(const char *str)
{
char *ctx;
int count = 0;
char buf[kPropertyValueMax];
strncpy(buf, str, sizeof(buf));
char *pBuf = buf;
while(strtok_r(pBuf, " ", &ctx) != NULL) {
count++;
pBuf = NULL;
}
return count;
}
static int split(char *buf, const char **argv)
{
char *ctx;
int count = 0;
char *tok;
char *pBuf = buf;
while((tok = strtok_r(pBuf, " ", &ctx)) != NULL) {
argv[count++] = tok;
pBuf = NULL;
}
return count;
}
static void run_patchoat(int input_oat_fd, int input_vdex_fd, int out_oat_fd, int out_vdex_fd,
const char* input_oat_file_name, const char* input_vdex_file_name,
const char* output_oat_file_name, const char* output_vdex_file_name,
const char *pkgname ATTRIBUTE_UNUSED, const char *instruction_set)
{
static const int MAX_INT_LEN = 12; // '-'+10dig+'\0' -OR- 0x+8dig
static const unsigned int MAX_INSTRUCTION_SET_LEN = 7;
static const char* PATCHOAT_BIN = "/system/bin/patchoat";
if (strlen(instruction_set) >= MAX_INSTRUCTION_SET_LEN) {
ALOGE("Instruction set %s longer than max length of %d",
instruction_set, MAX_INSTRUCTION_SET_LEN);
return;
}
/* input_file_name/input_fd should be the .odex/.oat file that is precompiled. I think*/
char instruction_set_arg[strlen("--instruction-set=") + MAX_INSTRUCTION_SET_LEN];
char input_oat_fd_arg[strlen("--input-oat-fd=") + MAX_INT_LEN];
char input_vdex_fd_arg[strlen("--input-vdex-fd=") + MAX_INT_LEN];
char output_oat_fd_arg[strlen("--output-oat-fd=") + MAX_INT_LEN];
char output_vdex_fd_arg[strlen("--output-vdex-fd=") + MAX_INT_LEN];
const char* patched_image_location_arg = "--patched-image-location=/system/framework/boot.art";
// The caller has already gotten all the locks we need.
const char* no_lock_arg = "--no-lock-output";
sprintf(instruction_set_arg, "--instruction-set=%s", instruction_set);
sprintf(output_oat_fd_arg, "--output-oat-fd=%d", out_oat_fd);
sprintf(input_oat_fd_arg, "--input-oat-fd=%d", input_oat_fd);
ALOGV("Running %s isa=%s in-oat-fd=%d (%s) in-vdex-fd=%d (%s) "
"out-oat-fd=%d (%s) out-vdex-fd=%d (%s)\n",
PATCHOAT_BIN, instruction_set,
input_oat_fd, input_oat_file_name,
input_vdex_fd, input_vdex_file_name,
out_oat_fd, output_oat_file_name,
out_vdex_fd, output_vdex_file_name);
/* patchoat, patched-image-location, no-lock, isa, input-fd, output-fd */
char* argv[9];
argv[0] = (char*) PATCHOAT_BIN;
argv[1] = (char*) patched_image_location_arg;
argv[2] = (char*) no_lock_arg;
argv[3] = instruction_set_arg;
argv[4] = input_oat_fd_arg;
argv[5] = input_vdex_fd_arg;
argv[6] = output_oat_fd_arg;
argv[7] = output_vdex_fd_arg;
argv[8] = NULL;
execv(PATCHOAT_BIN, (char* const *)argv);
ALOGE("execv(%s) failed: %s\n", PATCHOAT_BIN, strerror(errno));
}
static void run_dex2oat(int zip_fd, int oat_fd, int input_vdex_fd, int output_vdex_fd, int image_fd,
const char* input_file_name, const char* output_file_name, int swap_fd,
const char *instruction_set, const char* compiler_filter, bool vm_safe_mode,
bool debuggable, bool post_bootcomplete, int profile_fd, const char* shared_libraries) {
static const unsigned int MAX_INSTRUCTION_SET_LEN = 7;
if (strlen(instruction_set) >= MAX_INSTRUCTION_SET_LEN) {
ALOGE("Instruction set %s longer than max length of %d",
instruction_set, MAX_INSTRUCTION_SET_LEN);
return;
}
char dex2oat_Xms_flag[kPropertyValueMax];
bool have_dex2oat_Xms_flag = get_property("dalvik.vm.dex2oat-Xms", dex2oat_Xms_flag, NULL) > 0;
char dex2oat_Xmx_flag[kPropertyValueMax];
bool have_dex2oat_Xmx_flag = get_property("dalvik.vm.dex2oat-Xmx", dex2oat_Xmx_flag, NULL) > 0;
char dex2oat_threads_buf[kPropertyValueMax];
bool have_dex2oat_threads_flag = get_property(post_bootcomplete
? "dalvik.vm.dex2oat-threads"
: "dalvik.vm.boot-dex2oat-threads",
dex2oat_threads_buf,
NULL) > 0;
char dex2oat_threads_arg[kPropertyValueMax + 2];
if (have_dex2oat_threads_flag) {
sprintf(dex2oat_threads_arg, "-j%s", dex2oat_threads_buf);
}
char dex2oat_isa_features_key[kPropertyKeyMax];
sprintf(dex2oat_isa_features_key, "dalvik.vm.isa.%s.features", instruction_set);
char dex2oat_isa_features[kPropertyValueMax];
bool have_dex2oat_isa_features = get_property(dex2oat_isa_features_key,
dex2oat_isa_features, NULL) > 0;
char dex2oat_isa_variant_key[kPropertyKeyMax];
sprintf(dex2oat_isa_variant_key, "dalvik.vm.isa.%s.variant", instruction_set);
char dex2oat_isa_variant[kPropertyValueMax];
bool have_dex2oat_isa_variant = get_property(dex2oat_isa_variant_key,
dex2oat_isa_variant, NULL) > 0;
const char *dex2oat_norelocation = "-Xnorelocate";
bool have_dex2oat_relocation_skip_flag = false;
char dex2oat_flags[kPropertyValueMax];
int dex2oat_flags_count = get_property("dalvik.vm.dex2oat-flags",
dex2oat_flags, NULL) <= 0 ? 0 : split_count(dex2oat_flags);
ALOGV("dalvik.vm.dex2oat-flags=%s\n", dex2oat_flags);
// If we booting without the real /data, don't spend time compiling.
char vold_decrypt[kPropertyValueMax];
bool have_vold_decrypt = get_property("vold.decrypt", vold_decrypt, "") > 0;
bool skip_compilation = (have_vold_decrypt &&
(strcmp(vold_decrypt, "trigger_restart_min_framework") == 0 ||
(strcmp(vold_decrypt, "1") == 0)));
bool generate_debug_info = property_get_bool("debug.generate-debug-info");
char app_image_format[kPropertyValueMax];
char image_format_arg[strlen("--image-format=") + kPropertyValueMax];
bool have_app_image_format =
image_fd >= 0 && get_property("dalvik.vm.appimageformat", app_image_format, NULL) > 0;
if (have_app_image_format) {
sprintf(image_format_arg, "--image-format=%s", app_image_format);
}
char dex2oat_large_app_threshold[kPropertyValueMax];
bool have_dex2oat_large_app_threshold =
get_property("dalvik.vm.dex2oat-very-large", dex2oat_large_app_threshold, NULL) > 0;
char dex2oat_large_app_threshold_arg[strlen("--very-large-app-threshold=") + kPropertyValueMax];
if (have_dex2oat_large_app_threshold) {
sprintf(dex2oat_large_app_threshold_arg,
"--very-large-app-threshold=%s",
dex2oat_large_app_threshold);
}
static const char* DEX2OAT_BIN = "/system/bin/dex2oat";
static const char* RUNTIME_ARG = "--runtime-arg";
static const int MAX_INT_LEN = 12; // '-'+10dig+'\0' -OR- 0x+8dig
char zip_fd_arg[strlen("--zip-fd=") + MAX_INT_LEN];
char zip_location_arg[strlen("--zip-location=") + PKG_PATH_MAX];
char input_vdex_fd_arg[strlen("--input-vdex-fd=") + MAX_INT_LEN];
char output_vdex_fd_arg[strlen("--output-vdex-fd=") + MAX_INT_LEN];
char oat_fd_arg[strlen("--oat-fd=") + MAX_INT_LEN];
char oat_location_arg[strlen("--oat-location=") + PKG_PATH_MAX];
char instruction_set_arg[strlen("--instruction-set=") + MAX_INSTRUCTION_SET_LEN];
char instruction_set_variant_arg[strlen("--instruction-set-variant=") + kPropertyValueMax];
char instruction_set_features_arg[strlen("--instruction-set-features=") + kPropertyValueMax];
char dex2oat_Xms_arg[strlen("-Xms") + kPropertyValueMax];
char dex2oat_Xmx_arg[strlen("-Xmx") + kPropertyValueMax];
char dex2oat_compiler_filter_arg[strlen("--compiler-filter=") + kPropertyValueMax];
bool have_dex2oat_swap_fd = false;
char dex2oat_swap_fd[strlen("--swap-fd=") + MAX_INT_LEN];
bool have_dex2oat_image_fd = false;
char dex2oat_image_fd[strlen("--app-image-fd=") + MAX_INT_LEN];
sprintf(zip_fd_arg, "--zip-fd=%d", zip_fd);
sprintf(zip_location_arg, "--zip-location=%s", input_file_name);
sprintf(input_vdex_fd_arg, "--input-vdex-fd=%d", input_vdex_fd);
sprintf(output_vdex_fd_arg, "--output-vdex-fd=%d", output_vdex_fd);
sprintf(oat_fd_arg, "--oat-fd=%d", oat_fd);
sprintf(oat_location_arg, "--oat-location=%s", output_file_name);
sprintf(instruction_set_arg, "--instruction-set=%s", instruction_set);
sprintf(instruction_set_variant_arg, "--instruction-set-variant=%s", dex2oat_isa_variant);
sprintf(instruction_set_features_arg, "--instruction-set-features=%s", dex2oat_isa_features);
if (swap_fd >= 0) {
have_dex2oat_swap_fd = true;
sprintf(dex2oat_swap_fd, "--swap-fd=%d", swap_fd);
}
if (image_fd >= 0) {
have_dex2oat_image_fd = true;
sprintf(dex2oat_image_fd, "--app-image-fd=%d", image_fd);
}
if (have_dex2oat_Xms_flag) {
sprintf(dex2oat_Xms_arg, "-Xms%s", dex2oat_Xms_flag);
}
if (have_dex2oat_Xmx_flag) {
sprintf(dex2oat_Xmx_arg, "-Xmx%s", dex2oat_Xmx_flag);
}
// Compute compiler filter.
bool have_dex2oat_compiler_filter_flag;
if (skip_compilation) {
strcpy(dex2oat_compiler_filter_arg, "--compiler-filter=verify-none");
have_dex2oat_compiler_filter_flag = true;
have_dex2oat_relocation_skip_flag = true;
} else if (vm_safe_mode) {
strcpy(dex2oat_compiler_filter_arg, "--compiler-filter=interpret-only");
have_dex2oat_compiler_filter_flag = true;
} else if (compiler_filter != nullptr &&
strlen(compiler_filter) + strlen("--compiler-filter=") <
arraysize(dex2oat_compiler_filter_arg)) {
sprintf(dex2oat_compiler_filter_arg, "--compiler-filter=%s", compiler_filter);
have_dex2oat_compiler_filter_flag = true;
} else {
char dex2oat_compiler_filter_flag[kPropertyValueMax];
have_dex2oat_compiler_filter_flag = get_property("dalvik.vm.dex2oat-filter",
dex2oat_compiler_filter_flag, NULL) > 0;
if (have_dex2oat_compiler_filter_flag) {
sprintf(dex2oat_compiler_filter_arg,
"--compiler-filter=%s",
dex2oat_compiler_filter_flag);
}
}
// Check whether all apps should be compiled debuggable.
if (!debuggable) {
char prop_buf[kPropertyValueMax];
debuggable =
(get_property("dalvik.vm.always_debuggable", prop_buf, "0") > 0) &&
(prop_buf[0] == '1');
}
char profile_arg[strlen("--profile-file-fd=") + MAX_INT_LEN];
if (profile_fd != -1) {
sprintf(profile_arg, "--profile-file-fd=%d", profile_fd);
}
ALOGV("Running %s in=%s out=%s\n", DEX2OAT_BIN, input_file_name, output_file_name);
const char* argv[9 // program name, mandatory arguments and the final NULL
+ (have_dex2oat_isa_variant ? 1 : 0)
+ (have_dex2oat_isa_features ? 1 : 0)
+ (have_dex2oat_Xms_flag ? 2 : 0)
+ (have_dex2oat_Xmx_flag ? 2 : 0)
+ (have_dex2oat_compiler_filter_flag ? 1 : 0)
+ (have_dex2oat_threads_flag ? 1 : 0)
+ (have_dex2oat_swap_fd ? 1 : 0)
+ (have_dex2oat_image_fd ? 1 : 0)
+ (have_dex2oat_relocation_skip_flag ? 2 : 0)
+ (generate_debug_info ? 1 : 0)
+ (debuggable ? 1 : 0)
+ (have_app_image_format ? 1 : 0)
+ dex2oat_flags_count
+ (profile_fd == -1 ? 0 : 1)
+ (shared_libraries != nullptr ? 4 : 0)
+ (have_dex2oat_large_app_threshold ? 1 : 0)];
int i = 0;
argv[i++] = DEX2OAT_BIN;
argv[i++] = zip_fd_arg;
argv[i++] = zip_location_arg;
argv[i++] = input_vdex_fd_arg;
argv[i++] = output_vdex_fd_arg;
argv[i++] = oat_fd_arg;
argv[i++] = oat_location_arg;
argv[i++] = instruction_set_arg;
if (have_dex2oat_isa_variant) {
argv[i++] = instruction_set_variant_arg;
}
if (have_dex2oat_isa_features) {
argv[i++] = instruction_set_features_arg;
}
if (have_dex2oat_Xms_flag) {
argv[i++] = RUNTIME_ARG;
argv[i++] = dex2oat_Xms_arg;
}
if (have_dex2oat_Xmx_flag) {
argv[i++] = RUNTIME_ARG;
argv[i++] = dex2oat_Xmx_arg;
}
if (have_dex2oat_compiler_filter_flag) {
argv[i++] = dex2oat_compiler_filter_arg;
}
if (have_dex2oat_threads_flag) {
argv[i++] = dex2oat_threads_arg;
}
if (have_dex2oat_swap_fd) {
argv[i++] = dex2oat_swap_fd;
}
if (have_dex2oat_image_fd) {
argv[i++] = dex2oat_image_fd;
}
if (generate_debug_info) {
argv[i++] = "--generate-debug-info";
}
if (debuggable) {
argv[i++] = "--debuggable";
}
if (have_app_image_format) {
argv[i++] = image_format_arg;
}
if (have_dex2oat_large_app_threshold) {
argv[i++] = dex2oat_large_app_threshold_arg;
}
if (dex2oat_flags_count) {
i += split(dex2oat_flags, argv + i);
}
if (have_dex2oat_relocation_skip_flag) {
argv[i++] = RUNTIME_ARG;
argv[i++] = dex2oat_norelocation;
}
if (profile_fd != -1) {
argv[i++] = profile_arg;
}
if (shared_libraries != nullptr) {
argv[i++] = RUNTIME_ARG;
argv[i++] = "-classpath";
argv[i++] = RUNTIME_ARG;
argv[i++] = shared_libraries;
}
// Do not add after dex2oat_flags, they should override others for debugging.
argv[i] = NULL;
execv(DEX2OAT_BIN, (char * const *)argv);
ALOGE("execv(%s) failed: %s\n", DEX2OAT_BIN, strerror(errno));
}
/*
* Whether dexopt should use a swap file when compiling an APK.
*
* If kAlwaysProvideSwapFile, do this on all devices (dex2oat will make a more informed decision
* itself, anyways).
*
* Otherwise, read "dalvik.vm.dex2oat-swap". If the property exists, return whether it is "true".
*
* Otherwise, return true if this is a low-mem device.
*
* Otherwise, return default value.
*/
static bool kAlwaysProvideSwapFile = false;
static bool kDefaultProvideSwapFile = true;
static bool ShouldUseSwapFileForDexopt() {
if (kAlwaysProvideSwapFile) {
return true;
}
// Check the "override" property. If it exists, return value == "true".
char dex2oat_prop_buf[kPropertyValueMax];
if (get_property("dalvik.vm.dex2oat-swap", dex2oat_prop_buf, "") > 0) {
if (strcmp(dex2oat_prop_buf, "true") == 0) {
return true;
} else {
return false;
}
}
// Shortcut for default value. This is an implementation optimization for the process sketched
// above. If the default value is true, we can avoid to check whether this is a low-mem device,
// as low-mem is never returning false. The compiler will optimize this away if it can.
if (kDefaultProvideSwapFile) {
return true;
}
bool is_low_mem = property_get_bool("ro.config.low_ram");
if (is_low_mem) {
return true;
}
// Default value must be false here.
return kDefaultProvideSwapFile;
}
static void SetDex2OatAndPatchOatScheduling(bool set_to_bg) {
if (set_to_bg) {
if (set_sched_policy(0, SP_BACKGROUND) < 0) {
ALOGE("set_sched_policy failed: %s\n", strerror(errno));
exit(70);
}
if (setpriority(PRIO_PROCESS, 0, ANDROID_PRIORITY_BACKGROUND) < 0) {
ALOGE("setpriority failed: %s\n", strerror(errno));
exit(71);
}
}
}
static void close_all_fds(const std::vector<fd_t>& fds, const char* description) {
for (size_t i = 0; i < fds.size(); i++) {
if (close(fds[i]) != 0) {
PLOG(WARNING) << "Failed to close fd for " << description << " at index " << i;
}
}
}
static fd_t open_profile_dir(const std::string& profile_dir) {
fd_t profile_dir_fd = TEMP_FAILURE_RETRY(open(profile_dir.c_str(),
O_PATH | O_CLOEXEC | O_DIRECTORY | O_NOFOLLOW));
if (profile_dir_fd < 0) {
// In a multi-user environment, these directories can be created at
// different points and it's possible we'll attempt to open a profile
// dir before it exists.
if (errno != ENOENT) {
PLOG(ERROR) << "Failed to open profile_dir: " << profile_dir;
}
}
return profile_dir_fd;
}
static fd_t open_primary_profile_file_from_dir(const std::string& profile_dir, mode_t open_mode) {
fd_t profile_dir_fd = open_profile_dir(profile_dir);
if (profile_dir_fd < 0) {
return -1;
}
fd_t profile_fd = -1;
std::string profile_file = create_primary_profile(profile_dir);
profile_fd = TEMP_FAILURE_RETRY(open(profile_file.c_str(), open_mode | O_NOFOLLOW));
if (profile_fd == -1) {
// It's not an error if the profile file does not exist.
if (errno != ENOENT) {
PLOG(ERROR) << "Failed to lstat profile_dir: " << profile_dir;
}
}
// TODO(calin): use AutoCloseFD instead of closing the fd manually.
if (close(profile_dir_fd) != 0) {
PLOG(WARNING) << "Could not close profile dir " << profile_dir;
}
return profile_fd;
}
static fd_t open_primary_profile_file(userid_t user, const char* pkgname) {
std::string profile_dir = create_data_user_profile_package_path(user, pkgname);
return open_primary_profile_file_from_dir(profile_dir, O_RDONLY);
}
static fd_t open_reference_profile(uid_t uid, const char* pkgname, bool read_write) {
std::string reference_profile_dir = create_data_ref_profile_package_path(pkgname);
int flags = read_write ? O_RDWR | O_CREAT : O_RDONLY;
fd_t fd = open_primary_profile_file_from_dir(reference_profile_dir, flags);
if (fd < 0) {
return -1;
}
if (read_write) {
// Fix the owner.
if (fchown(fd, uid, uid) < 0) {
close(fd);
return -1;
}
}
return fd;
}
static void open_profile_files(uid_t uid, const char* pkgname,
/*out*/ std::vector<fd_t>* profiles_fd, /*out*/ fd_t* reference_profile_fd) {
// Open the reference profile in read-write mode as profman might need to save the merge.
*reference_profile_fd = open_reference_profile(uid, pkgname, /*read_write*/ true);
if (*reference_profile_fd < 0) {
// We can't access the reference profile file.
return;
}
std::vector<userid_t> users = get_known_users(/*volume_uuid*/ nullptr);
for (auto user : users) {
fd_t profile_fd = open_primary_profile_file(user, pkgname);
// Add to the lists only if both fds are valid.
if (profile_fd >= 0) {
profiles_fd->push_back(profile_fd);
}
}
}
static void drop_capabilities(uid_t uid) {
if (setgid(uid) != 0) {
ALOGE("setgid(%d) failed in installd during dexopt\n", uid);
exit(64);
}
if (setuid(uid) != 0) {
ALOGE("setuid(%d) failed in installd during dexopt\n", uid);
exit(65);
}
// drop capabilities
struct __user_cap_header_struct capheader;
struct __user_cap_data_struct capdata[2];
memset(&capheader, 0, sizeof(capheader));
memset(&capdata, 0, sizeof(capdata));
capheader.version = _LINUX_CAPABILITY_VERSION_3;
if (capset(&capheader, &capdata[0]) < 0) {
ALOGE("capset failed: %s\n", strerror(errno));
exit(66);
}
}
static constexpr int PROFMAN_BIN_RETURN_CODE_COMPILE = 0;
static constexpr int PROFMAN_BIN_RETURN_CODE_SKIP_COMPILATION = 1;
static constexpr int PROFMAN_BIN_RETURN_CODE_BAD_PROFILES = 2;
static constexpr int PROFMAN_BIN_RETURN_CODE_ERROR_IO = 3;
static constexpr int PROFMAN_BIN_RETURN_CODE_ERROR_LOCKING = 4;
static void run_profman_merge(const std::vector<fd_t>& profiles_fd, fd_t reference_profile_fd) {
static const size_t MAX_INT_LEN = 32;
static const char* PROFMAN_BIN = "/system/bin/profman";
std::vector<std::string> profile_args(profiles_fd.size());
char profile_buf[strlen("--profile-file-fd=") + MAX_INT_LEN];
for (size_t k = 0; k < profiles_fd.size(); k++) {
sprintf(profile_buf, "--profile-file-fd=%d", profiles_fd[k]);
profile_args[k].assign(profile_buf);
}
char reference_profile_arg[strlen("--reference-profile-file-fd=") + MAX_INT_LEN];
sprintf(reference_profile_arg, "--reference-profile-file-fd=%d", reference_profile_fd);
// program name, reference profile fd, the final NULL and the profile fds
const char* argv[3 + profiles_fd.size()];
int i = 0;
argv[i++] = PROFMAN_BIN;
argv[i++] = reference_profile_arg;
for (size_t k = 0; k < profile_args.size(); k++) {
argv[i++] = profile_args[k].c_str();
}
// Do not add after dex2oat_flags, they should override others for debugging.
argv[i] = NULL;
execv(PROFMAN_BIN, (char * const *)argv);
ALOGE("execv(%s) failed: %s\n", PROFMAN_BIN, strerror(errno));
exit(68); /* only get here on exec failure */
}
// Decides if profile guided compilation is needed or not based on existing profiles.
// Returns true if there is enough information in the current profiles that worth
// a re-compilation of the package.
// If the return value is true all the current profiles would have been merged into
// the reference profiles accessible with open_reference_profile().
static bool analyse_profiles(uid_t uid, const char* pkgname) {
std::vector<fd_t> profiles_fd;
fd_t reference_profile_fd = -1;
open_profile_files(uid, pkgname, &profiles_fd, &reference_profile_fd);
if (profiles_fd.empty() || (reference_profile_fd == -1)) {
// Skip profile guided compilation because no profiles were found.
// Or if the reference profile info couldn't be opened.
close_all_fds(profiles_fd, "profiles_fd");
if ((reference_profile_fd != - 1) && (close(reference_profile_fd) != 0)) {
PLOG(WARNING) << "Failed to close fd for reference profile";
}
return false;
}
ALOGV("PROFMAN (MERGE): --- BEGIN '%s' ---\n", pkgname);
pid_t pid = fork();
if (pid == 0) {
/* child -- drop privileges before continuing */
drop_capabilities(uid);
run_profman_merge(profiles_fd, reference_profile_fd);
exit(68); /* only get here on exec failure */
}
/* parent */
int return_code = wait_child(pid);
bool need_to_compile = false;
bool should_clear_current_profiles = false;
bool should_clear_reference_profile = false;
if (!WIFEXITED(return_code)) {
LOG(WARNING) << "profman failed for package " << pkgname << ": " << return_code;
} else {
return_code = WEXITSTATUS(return_code);
switch (return_code) {
case PROFMAN_BIN_RETURN_CODE_COMPILE:
need_to_compile = true;
should_clear_current_profiles = true;
should_clear_reference_profile = false;
break;
case PROFMAN_BIN_RETURN_CODE_SKIP_COMPILATION:
need_to_compile = false;
should_clear_current_profiles = false;
should_clear_reference_profile = false;
break;
case PROFMAN_BIN_RETURN_CODE_BAD_PROFILES:
LOG(WARNING) << "Bad profiles for package " << pkgname;
need_to_compile = false;
should_clear_current_profiles = true;
should_clear_reference_profile = true;
break;
case PROFMAN_BIN_RETURN_CODE_ERROR_IO: // fall-through
case PROFMAN_BIN_RETURN_CODE_ERROR_LOCKING:
// Temporary IO problem (e.g. locking). Ignore but log a warning.
LOG(WARNING) << "IO error while reading profiles for package " << pkgname;
need_to_compile = false;
should_clear_current_profiles = false;
should_clear_reference_profile = false;
break;
default:
// Unknown return code or error. Unlink profiles.
LOG(WARNING) << "Unknown error code while processing profiles for package " << pkgname
<< ": " << return_code;
need_to_compile = false;
should_clear_current_profiles = true;
should_clear_reference_profile = true;
break;
}
}
close_all_fds(profiles_fd, "profiles_fd");
if (close(reference_profile_fd) != 0) {
PLOG(WARNING) << "Failed to close fd for reference profile";
}
if (should_clear_current_profiles) {
clear_current_profiles(pkgname);
}
if (should_clear_reference_profile) {
clear_reference_profile(pkgname);
}
return need_to_compile;
}
static void run_profman_dump(const std::vector<fd_t>& profile_fds,
fd_t reference_profile_fd,
const std::vector<std::string>& dex_locations,
const std::vector<fd_t>& apk_fds,
fd_t output_fd) {
std::vector<std::string> profman_args;
static const char* PROFMAN_BIN = "/system/bin/profman";
profman_args.push_back(PROFMAN_BIN);
profman_args.push_back("--dump-only");
profman_args.push_back(StringPrintf("--dump-output-to-fd=%d", output_fd));
if (reference_profile_fd != -1) {
profman_args.push_back(StringPrintf("--reference-profile-file-fd=%d",
reference_profile_fd));
}
for (fd_t profile_fd : profile_fds) {
profman_args.push_back(StringPrintf("--profile-file-fd=%d", profile_fd));
}
for (const std::string& dex_location : dex_locations) {
profman_args.push_back(StringPrintf("--dex-location=%s", dex_location.c_str()));
}
for (fd_t apk_fd : apk_fds) {
profman_args.push_back(StringPrintf("--apk-fd=%d", apk_fd));
}
const char **argv = new const char*[profman_args.size() + 1];
size_t i = 0;
for (const std::string& profman_arg : profman_args) {
argv[i++] = profman_arg.c_str();
}
argv[i] = NULL;
execv(PROFMAN_BIN, (char * const *)argv);
ALOGE("execv(%s) failed: %s\n", PROFMAN_BIN, strerror(errno));
exit(68); /* only get here on exec failure */
}
static const char* get_location_from_path(const char* path) {
static constexpr char kLocationSeparator = '/';
const char *location = strrchr(path, kLocationSeparator);
if (location == NULL) {
return path;
} else {
// Skip the separator character.
return location + 1;
}
}
// Dumps the contents of a profile file, using pkgname's dex files for pretty
// printing the result.
binder::Status InstalldNativeService::dumpProfiles(int32_t uid, const std::string& packageName,
const std::string& codePaths, bool* _aidl_return) {
ENFORCE_UID(AID_SYSTEM);
const char* pkgname = packageName.c_str();
const char* code_path_string = codePaths.c_str();
std::vector<fd_t> profile_fds;
fd_t reference_profile_fd = -1;
std::string out_file_name = StringPrintf("/data/misc/profman/%s.txt", pkgname);
ALOGV("PROFMAN (DUMP): --- BEGIN '%s' ---\n", pkgname);
open_profile_files(uid, pkgname, &profile_fds, &reference_profile_fd);
const bool has_reference_profile = (reference_profile_fd != -1);
const bool has_profiles = !profile_fds.empty();
if (!has_reference_profile && !has_profiles) {
ALOGE("profman dump: no profiles to dump for '%s'", pkgname);
*_aidl_return = false;
return binder::Status::ok();
}
fd_t output_fd = open(out_file_name.c_str(), O_WRONLY | O_CREAT | O_TRUNC | O_NOFOLLOW);
if (fchmod(output_fd, S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH) < 0) {
ALOGE("installd cannot chmod '%s' dump_profile\n", out_file_name.c_str());
*_aidl_return = false;
return binder::Status::ok();
}
std::vector<std::string> code_full_paths = base::Split(code_path_string, ";");
std::vector<std::string> dex_locations;
std::vector<fd_t> apk_fds;
for (const std::string& code_full_path : code_full_paths) {
const char* full_path = code_full_path.c_str();
fd_t apk_fd = open(full_path, O_RDONLY | O_NOFOLLOW);
if (apk_fd == -1) {
ALOGE("installd cannot open '%s'\n", full_path);
*_aidl_return = false;
return binder::Status::ok();
}
dex_locations.push_back(get_location_from_path(full_path));
apk_fds.push_back(apk_fd);
}
pid_t pid = fork();
if (pid == 0) {
/* child -- drop privileges before continuing */
drop_capabilities(uid);
run_profman_dump(profile_fds, reference_profile_fd, dex_locations,
apk_fds, output_fd);
exit(68); /* only get here on exec failure */
}
/* parent */
close_all_fds(apk_fds, "apk_fds");
close_all_fds(profile_fds, "profile_fds");
if (close(reference_profile_fd) != 0) {
PLOG(WARNING) << "Failed to close fd for reference profile";
}
int return_code = wait_child(pid);
if (!WIFEXITED(return_code)) {
LOG(WARNING) << "profman failed for package " << pkgname << ": "
<< return_code;
*_aidl_return = false;
return binder::Status::ok();
}
*_aidl_return = true;
return binder::Status::ok();
}
static std::string replace_file_extension(const std::string& oat_path, const std::string& new_ext) {
// A standard dalvik-cache entry. Replace ".dex" with `new_ext`.
if (EndsWith(oat_path, ".dex")) {
std::string new_path = oat_path;
new_path.replace(new_path.length() - strlen(".dex"), strlen(".dex"), new_ext);
CHECK(EndsWith(new_path, new_ext.c_str()));
return new_path;
}
// An odex entry. Not that this may not be an extension, e.g., in the OTA
// case (where the base name will have an extension for the B artifact).
size_t odex_pos = oat_path.rfind(".odex");
if (odex_pos != std::string::npos) {
std::string new_path = oat_path;
new_path.replace(odex_pos, strlen(".odex"), new_ext);
CHECK_NE(new_path.find(new_ext), std::string::npos);
return new_path;
}
// Don't know how to handle this.
return "";
}
// Translate the given oat path to an art (app image) path. An empty string
// denotes an error.
static std::string create_image_filename(const std::string& oat_path) {
return replace_file_extension(oat_path, ".art");
}
// Translate the given oat path to a vdex path. An empty string denotes an error.
static std::string create_vdex_filename(const std::string& oat_path) {
return replace_file_extension(oat_path, ".vdex");
}
static bool add_extension_to_file_name(char* file_name, const char* extension) {
if (strlen(file_name) + strlen(extension) + 1 > PKG_PATH_MAX) {
return false;
}
strcat(file_name, extension);
return true;
}
static int open_output_file(const char* file_name, bool recreate, int permissions) {
int flags = O_RDWR | O_CREAT;
if (recreate) {
if (unlink(file_name) < 0) {
if (errno != ENOENT) {
PLOG(ERROR) << "open_output_file: Couldn't unlink " << file_name;
}
}
flags |= O_EXCL;
}
return open(file_name, flags, permissions);
}
static bool set_permissions_and_ownership(int fd, bool is_public, int uid, const char* path) {
if (fchmod(fd,
S_IRUSR|S_IWUSR|S_IRGRP |
(is_public ? S_IROTH : 0)) < 0) {
ALOGE("installd cannot chmod '%s' during dexopt\n", path);
return false;
} else if (fchown(fd, AID_SYSTEM, uid) < 0) {
ALOGE("installd cannot chown '%s' during dexopt\n", path);
return false;
}
return true;
}
static bool IsOutputDalvikCache(const char* oat_dir) {
// InstallerConnection.java (which invokes installd) transforms Java null arguments
// into '!'. Play it safe by handling it both.
// TODO: ensure we never get null.
// TODO: pass a flag instead of inferring if the output is dalvik cache.
return oat_dir == nullptr || oat_dir[0] == '!';
}
static bool create_oat_out_path(const char* apk_path, const char* instruction_set,
const char* oat_dir, /*out*/ char* out_oat_path) {
// Early best-effort check whether we can fit the the path into our buffers.
// Note: the cache path will require an additional 5 bytes for ".swap", but we'll try to run
// without a swap file, if necessary. Reference profiles file also add an extra ".prof"
// extension to the cache path (5 bytes).
if (strlen(apk_path) >= (PKG_PATH_MAX - 8)) {
ALOGE("apk_path too long '%s'\n", apk_path);
return false;
}
if (!IsOutputDalvikCache(oat_dir)) {
if (validate_apk_path(oat_dir)) {
ALOGE("cannot validate apk path with oat_dir '%s'\n", oat_dir);
return false;
}
if (!calculate_oat_file_path(out_oat_path, oat_dir, apk_path, instruction_set)) {
return false;
}
} else {
if (!create_cache_path(out_oat_path, apk_path, instruction_set)) {
return false;
}
}
return true;
}
// TODO: Consider returning error codes.
binder::Status InstalldNativeService::mergeProfiles(int32_t uid, const std::string& packageName,
bool* _aidl_return) {
ENFORCE_UID(AID_SYSTEM);
const char* pkgname = packageName.c_str();
*_aidl_return = analyse_profiles(uid, pkgname);
return binder::Status::ok();
}
static const char* parse_null(const char* arg) {
if (strcmp(arg, "!") == 0) {
return nullptr;
} else {
return arg;
}
}
int dexopt(const char* const params[DEXOPT_PARAM_COUNT]) {
return dexopt(params[0], // apk_path
atoi(params[1]), // uid
params[2], // pkgname
params[3], // instruction_set
atoi(params[4]), // dexopt_needed
params[5], // oat_dir
atoi(params[6]), // dexopt_flags
params[7], // compiler_filter
parse_null(params[8]), // volume_uuid
parse_null(params[9])); // shared_libraries
static_assert(DEXOPT_PARAM_COUNT == 10U, "Unexpected dexopt param count");
}
// Helper for fd management. This is similar to a unique_fd in that it closes the file descriptor
// on destruction. It will also run the given cleanup (unless told not to) after closing.
//
// Usage example:
//
// Dex2oatFileWrapper<std::function<void ()>> file(open(...),
// [name]() {
// unlink(name.c_str());
// });
// // Note: care needs to be taken about name, as it needs to have a lifetime longer than the
// wrapper if captured as a reference.
//
// if (file.get() == -1) {
// // Error opening...
// }
//
// ...
// if (error) {
// // At this point, when the Dex2oatFileWrapper is destructed, the cleanup function will run
// // and delete the file (after the fd is closed).
// return -1;
// }
//
// (Success case)
// file.SetCleanup(false);
// // At this point, when the Dex2oatFileWrapper is destructed, the cleanup function will not run
// // (leaving the file around; after the fd is closed).
//
template <typename Cleanup>
class Dex2oatFileWrapper {
public:
Dex2oatFileWrapper() : value_(-1), cleanup_(), do_cleanup_(true) {
}
Dex2oatFileWrapper(int value, Cleanup cleanup)
: value_(value), cleanup_(cleanup), do_cleanup_(true) {}
~Dex2oatFileWrapper() {
reset(-1);
}
int get() {
return value_;
}
void SetCleanup(bool cleanup) {
do_cleanup_ = cleanup;
}
void reset(int new_value) {
if (value_ >= 0) {
close(value_);
}
if (do_cleanup_ && cleanup_ != nullptr) {
cleanup_();
}
value_ = new_value;
}
void reset(int new_value, Cleanup new_cleanup) {
if (value_ >= 0) {
close(value_);
}
if (do_cleanup_ && cleanup_ != nullptr) {
cleanup_();
}
value_ = new_value;
cleanup_ = new_cleanup;
}
private:
int value_;
Cleanup cleanup_;
bool do_cleanup_;
};
int dexopt(const char* apk_path, uid_t uid, const char* pkgname, const char* instruction_set,
int dexopt_needed, const char* oat_dir, int dexopt_flags, const char* compiler_filter,
const char* volume_uuid ATTRIBUTE_UNUSED, const char* shared_libraries)
{
bool is_public = ((dexopt_flags & DEXOPT_PUBLIC) != 0);
bool vm_safe_mode = (dexopt_flags & DEXOPT_SAFEMODE) != 0;
bool debuggable = (dexopt_flags & DEXOPT_DEBUGGABLE) != 0;
bool boot_complete = (dexopt_flags & DEXOPT_BOOTCOMPLETE) != 0;
bool profile_guided = (dexopt_flags & DEXOPT_PROFILE_GUIDED) != 0;
CHECK(pkgname != nullptr);
CHECK(pkgname[0] != 0);
// Public apps should not be compiled with profile information ever. Same goes for the special
// package '*' used for the system server.
Dex2oatFileWrapper<std::function<void ()>> reference_profile_fd;
if (!is_public && pkgname[0] != '*') {
// Open reference profile in read only mode as dex2oat does not get write permissions.
const std::string pkgname_str(pkgname);
reference_profile_fd.reset(open_reference_profile(uid, pkgname, /*read_write*/ false),
[pkgname_str]() {
clear_reference_profile(pkgname_str.c_str());
});
// Note: it's OK to not find a profile here.
}
if ((dexopt_flags & ~DEXOPT_MASK) != 0) {
LOG_FATAL("dexopt flags contains unknown fields\n");
}
char out_oat_path[PKG_PATH_MAX];
if (!create_oat_out_path(apk_path, instruction_set, oat_dir, out_oat_path)) {
return false;
}
const char *input_file;
char in_odex_path[PKG_PATH_MAX];
int dexopt_action = abs(dexopt_needed);
bool is_odex_location = dexopt_needed < 0;
switch (dexopt_action) {
case DEX2OAT_FROM_SCRATCH:
case DEX2OAT_FOR_BOOT_IMAGE:
case DEX2OAT_FOR_FILTER:
case DEX2OAT_FOR_RELOCATION:
input_file = apk_path;
break;
case PATCHOAT_FOR_RELOCATION:
if (is_odex_location) {
if (!calculate_odex_file_path(in_odex_path, apk_path, instruction_set)) {
return -1;
}
input_file = in_odex_path;
} else {
input_file = out_oat_path;
}
break;
default:
ALOGE("Invalid dexopt needed: %d\n", dexopt_needed);
return 72;
}
struct stat input_stat;
memset(&input_stat, 0, sizeof(input_stat));
stat(input_file, &input_stat);
// Open the input file. If running dex2oat, `input_file` is the APK. If running
// patchoat, it is the OAT file to be relocated.
base::unique_fd input_fd(open(input_file, O_RDONLY, 0));
if (input_fd.get() < 0) {
ALOGE("installd cannot open '%s' for input during dexopt\n", input_file);
return -1;
}
// Create the output OAT file.
const std::string out_oat_path_str(out_oat_path);
Dex2oatFileWrapper<std::function<void ()>> out_oat_fd(
open_output_file(out_oat_path, /*recreate*/true, /*permissions*/0644),
[out_oat_path_str]() { unlink(out_oat_path_str.c_str()); });
if (out_oat_fd.get() < 0) {
ALOGE("installd cannot open '%s' for output during dexopt\n", out_oat_path);
return -1;
}
if (!set_permissions_and_ownership(out_oat_fd.get(), is_public, uid, out_oat_path)) {
return -1;
}
// Open the existing VDEX. We do this before creating the new output VDEX, which will
// unlink the old one.
base::unique_fd in_vdex_fd;
std::string in_vdex_path_str;
if (dexopt_action == PATCHOAT_FOR_RELOCATION) {
// `input_file` is the OAT file to be relocated. The VDEX has to be there as well.
in_vdex_path_str = create_vdex_filename(input_file);
if (in_vdex_path_str.empty()) {
ALOGE("installd cannot compute input vdex location for '%s'\n", input_file);
return -1;
}
in_vdex_fd.reset(open(in_vdex_path_str.c_str(), O_RDONLY, 0));
if (in_vdex_fd.get() < 0) {
ALOGE("installd cannot open '%s' for input during dexopt: %s\n",
in_vdex_path_str.c_str(), strerror(errno));
return -1;
}
} else if (dexopt_action != DEX2OAT_FROM_SCRATCH) {
// Open the possibly existing vdex. If none exist, we pass -1 to dex2oat for input-vdex-fd.
const char* path = nullptr;
if (is_odex_location) {
if (calculate_odex_file_path(in_odex_path, apk_path, instruction_set)) {
path = in_odex_path;
} else {
ALOGE("installd cannot compute input vdex location for '%s'\n", apk_path);
return -1;
}
} else {
path = out_oat_path;
}
in_vdex_path_str = create_vdex_filename(path);
if (in_vdex_path_str.empty()) {
ALOGE("installd cannot compute input vdex location for '%s'\n", path);
return -1;
}
in_vdex_fd.reset(open(in_vdex_path_str.c_str(), O_RDONLY, 0));
}
// Infer the name of the output VDEX and create it.
const std::string out_vdex_path_str = create_vdex_filename(out_oat_path_str);
if (out_vdex_path_str.empty()) {
return -1;
}
Dex2oatFileWrapper<std::function<void ()>> out_vdex_fd(
open_output_file(out_vdex_path_str.c_str(), /*recreate*/true, /*permissions*/0644),
[out_vdex_path_str]() { unlink(out_vdex_path_str.c_str()); });
if (out_vdex_fd.get() < 0) {
ALOGE("installd cannot open '%s' for output during dexopt\n", out_vdex_path_str.c_str());
return -1;
}
if (!set_permissions_and_ownership(out_vdex_fd.get(), is_public,
uid, out_vdex_path_str.c_str())) {
return -1;
}
// Create a swap file if necessary.
base::unique_fd swap_fd;
if (ShouldUseSwapFileForDexopt()) {
// Make sure there really is enough space.
char swap_file_name[PKG_PATH_MAX];
strcpy(swap_file_name, out_oat_path);
if (add_extension_to_file_name(swap_file_name, ".swap")) {
swap_fd.reset(open_output_file(swap_file_name, /*recreate*/true, /*permissions*/0600));
}
if (swap_fd.get() < 0) {
// Could not create swap file. Optimistically go on and hope that we can compile
// without it.
ALOGE("installd could not create '%s' for swap during dexopt\n", swap_file_name);
} else {
// Immediately unlink. We don't really want to hit flash.
if (unlink(swap_file_name) < 0) {
PLOG(ERROR) << "Couldn't unlink swap file " << swap_file_name;
}
}
}
// Avoid generating an app image for extract only since it will not contain any classes.
Dex2oatFileWrapper<std::function<void ()>> image_fd;
const std::string image_path = create_image_filename(out_oat_path);
if (dexopt_action != PATCHOAT_FOR_RELOCATION && !image_path.empty()) {
char app_image_format[kPropertyValueMax];
bool have_app_image_format =
get_property("dalvik.vm.appimageformat", app_image_format, NULL) > 0;
// Use app images only if it is enabled (by a set image format) and we are compiling
// profile-guided (so the app image doesn't conservatively contain all classes).
if (profile_guided && have_app_image_format) {
// Recreate is true since we do not want to modify a mapped image. If the app is
// already running and we modify the image file, it can cause crashes (b/27493510).
image_fd.reset(open_output_file(image_path.c_str(),
true /*recreate*/,
0600 /*permissions*/),
[image_path]() { unlink(image_path.c_str()); }
);
if (image_fd.get() < 0) {
// Could not create application image file. Go on since we can compile without
// it.
LOG(ERROR) << "installd could not create '"
<< image_path
<< "' for image file during dexopt";
} else if (!set_permissions_and_ownership(image_fd.get(),
is_public,
uid,
image_path.c_str())) {
image_fd.reset(-1);
}
}
// If we have a valid image file path but no image fd, explicitly erase the image file.
if (image_fd.get() < 0) {
if (unlink(image_path.c_str()) < 0) {
if (errno != ENOENT) {
PLOG(ERROR) << "Couldn't unlink image file " << image_path;
}
}
}
}
ALOGV("DexInv: --- BEGIN '%s' ---\n", input_file);
pid_t pid = fork();
if (pid == 0) {
/* child -- drop privileges before continuing */
drop_capabilities(uid);
SetDex2OatAndPatchOatScheduling(boot_complete);
if (flock(out_oat_fd.get(), LOCK_EX | LOCK_NB) != 0) {
ALOGE("flock(%s) failed: %s\n", out_oat_path, strerror(errno));
_exit(67);
}
if (dexopt_action == PATCHOAT_FOR_RELOCATION) {
run_patchoat(input_fd.get(),
in_vdex_fd.get(),
out_oat_fd.get(),
out_vdex_fd.get(),
input_file,
in_vdex_path_str.c_str(),
out_oat_path,
out_vdex_path_str.c_str(),
pkgname,
instruction_set);
} else {
// Pass dex2oat the relative path to the input file.
const char *input_file_name = get_location_from_path(input_file);
run_dex2oat(input_fd.get(),
out_oat_fd.get(),
in_vdex_fd.get(),
out_vdex_fd.get(),
image_fd.get(),
input_file_name,
out_oat_path,
swap_fd.get(),
instruction_set,
compiler_filter,
vm_safe_mode,
debuggable,
boot_complete,
reference_profile_fd.get(),
shared_libraries);
}
_exit(68); /* only get here on exec failure */
} else {
int res = wait_child(pid);
if (res == 0) {
ALOGV("DexInv: --- END '%s' (success) ---\n", input_file);
} else {
ALOGE("DexInv: --- END '%s' --- status=0x%04x, process failed\n", input_file, res);
return -1;
}
}
struct utimbuf ut;
ut.actime = input_stat.st_atime;
ut.modtime = input_stat.st_mtime;
utime(out_oat_path, &ut);
// We've been successful, don't delete output.
out_oat_fd.SetCleanup(false);
out_vdex_fd.SetCleanup(false);
image_fd.SetCleanup(false);
reference_profile_fd.SetCleanup(false);
return 0;
}
binder::Status InstalldNativeService::markBootComplete(const std::string& instructionSet) {
ENFORCE_UID(AID_SYSTEM);
const char* instruction_set = instructionSet.c_str();
char boot_marker_path[PKG_PATH_MAX];
sprintf(boot_marker_path,
"%s/%s/%s/.booting",
android_data_dir.path,
DALVIK_CACHE,
instruction_set);
ALOGV("mark_boot_complete : %s", boot_marker_path);
if (unlink(boot_marker_path) != 0) {
ALOGE("Unable to unlink boot marker at %s, error=%s", boot_marker_path, strerror(errno));
return binder::Status::fromServiceSpecificError(-1);
}
return binder::Status::ok();
}
void mkinnerdirs(char* path, int basepos, mode_t mode, int uid, int gid,
struct stat* statbuf)
{
while (path[basepos] != 0) {
if (path[basepos] == '/') {
path[basepos] = 0;
if (lstat(path, statbuf) < 0) {
ALOGV("Making directory: %s\n", path);
if (mkdir(path, mode) == 0) {
chown(path, uid, gid);
} else {
ALOGW("Unable to make directory %s: %s\n", path, strerror(errno));
}
}
path[basepos] = '/';
basepos++;
}
basepos++;
}
}
binder::Status InstalldNativeService::linkNativeLibraryDirectory(
const std::unique_ptr<std::string>& uuid, const std::string& packageName,
const std::string& nativeLibPath32, int32_t userId) {
ENFORCE_UID(AID_SYSTEM);
const char* uuid_ = uuid ? uuid->c_str() : nullptr;
const char* pkgname = packageName.c_str();
const char* asecLibDir = nativeLibPath32.c_str();
struct stat s, libStat;
int rc = 0;
std::string _pkgdir(create_data_user_ce_package_path(uuid_, userId, pkgname));
std::string _libsymlink(_pkgdir + PKG_LIB_POSTFIX);
const char* pkgdir = _pkgdir.c_str();
const char* libsymlink = _libsymlink.c_str();
if (stat(pkgdir, &s) < 0) {
return binder::Status::fromServiceSpecificError(-1);
}
if (chown(pkgdir, AID_INSTALL, AID_INSTALL) < 0) {
ALOGE("failed to chown '%s': %s\n", pkgdir, strerror(errno));
return binder::Status::fromServiceSpecificError(-1);
}
if (chmod(pkgdir, 0700) < 0) {
ALOGE("linklib() 1: failed to chmod '%s': %s\n", pkgdir, strerror(errno));
rc = -1;
goto out;
}
if (lstat(libsymlink, &libStat) < 0) {
if (errno != ENOENT) {
ALOGE("couldn't stat lib dir: %s\n", strerror(errno));
rc = -1;
goto out;
}
} else {
if (S_ISDIR(libStat.st_mode)) {
if (delete_dir_contents(libsymlink, 1, NULL) < 0) {
rc = -1;
goto out;
}
} else if (S_ISLNK(libStat.st_mode)) {
if (unlink(libsymlink) < 0) {
ALOGE("couldn't unlink lib dir: %s\n", strerror(errno));
rc = -1;
goto out;
}
}
}
if (symlink(asecLibDir, libsymlink) < 0) {
ALOGE("couldn't symlink directory '%s' -> '%s': %s\n", libsymlink, asecLibDir,
strerror(errno));
rc = -errno;
goto out;
}
out:
if (chmod(pkgdir, s.st_mode) < 0) {
ALOGE("linklib() 2: failed to chmod '%s': %s\n", pkgdir, strerror(errno));
rc = -errno;
}
if (chown(pkgdir, s.st_uid, s.st_gid) < 0) {
ALOGE("failed to chown '%s' : %s\n", pkgdir, strerror(errno));
rc = -errno;
}
return rc ? binder::Status::fromServiceSpecificError(-1) : binder::Status::ok();
}
static void run_idmap(const char *target_apk, const char *overlay_apk, int idmap_fd)
{
static const char *IDMAP_BIN = "/system/bin/idmap";
static const size_t MAX_INT_LEN = 32;
char idmap_str[MAX_INT_LEN];
snprintf(idmap_str, sizeof(idmap_str), "%d", idmap_fd);
execl(IDMAP_BIN, IDMAP_BIN, "--fd", target_apk, overlay_apk, idmap_str, (char*)NULL);
ALOGE("execl(%s) failed: %s\n", IDMAP_BIN, strerror(errno));
}
// Transform string /a/b/c.apk to (prefix)/a@b@c.apk@(suffix)
// eg /a/b/c.apk to /data/resource-cache/a@b@c.apk@idmap
static int flatten_path(const char *prefix, const char *suffix,
const char *overlay_path, char *idmap_path, size_t N)
{
if (overlay_path == NULL || idmap_path == NULL) {
return -1;
}
const size_t len_overlay_path = strlen(overlay_path);
// will access overlay_path + 1 further below; requires absolute path
if (len_overlay_path < 2 || *overlay_path != '/') {
return -1;
}
const size_t len_idmap_root = strlen(prefix);
const size_t len_suffix = strlen(suffix);
if (SIZE_MAX - len_idmap_root < len_overlay_path ||
SIZE_MAX - (len_idmap_root + len_overlay_path) < len_suffix) {
// additions below would cause overflow
return -1;
}
if (N < len_idmap_root + len_overlay_path + len_suffix) {
return -1;
}
memset(idmap_path, 0, N);
snprintf(idmap_path, N, "%s%s%s", prefix, overlay_path + 1, suffix);
char *ch = idmap_path + len_idmap_root;
while (*ch != '\0') {
if (*ch == '/') {
*ch = '@';
}
++ch;
}
return 0;
}
binder::Status InstalldNativeService::idmap(const std::string& targetApkPath,
const std::string& overlayApkPath, int32_t uid) {
ENFORCE_UID(AID_SYSTEM);
const char* target_apk = targetApkPath.c_str();
const char* overlay_apk = overlayApkPath.c_str();
ALOGV("idmap target_apk=%s overlay_apk=%s uid=%d\n", target_apk, overlay_apk, uid);
int idmap_fd = -1;
char idmap_path[PATH_MAX];
if (flatten_path(IDMAP_PREFIX, IDMAP_SUFFIX, overlay_apk,
idmap_path, sizeof(idmap_path)) == -1) {
ALOGE("idmap cannot generate idmap path for overlay %s\n", overlay_apk);
goto fail;
}
unlink(idmap_path);
idmap_fd = open(idmap_path, O_RDWR | O_CREAT | O_EXCL, 0644);
if (idmap_fd < 0) {
ALOGE("idmap cannot open '%s' for output: %s\n", idmap_path, strerror(errno));
goto fail;
}
if (fchown(idmap_fd, AID_SYSTEM, uid) < 0) {
ALOGE("idmap cannot chown '%s'\n", idmap_path);
goto fail;
}
if (fchmod(idmap_fd, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH) < 0) {
ALOGE("idmap cannot chmod '%s'\n", idmap_path);
goto fail;
}
pid_t pid;
pid = fork();
if (pid == 0) {
/* child -- drop privileges before continuing */
if (setgid(uid) != 0) {
ALOGE("setgid(%d) failed during idmap\n", uid);
exit(1);
}
if (setuid(uid) != 0) {
ALOGE("setuid(%d) failed during idmap\n", uid);
exit(1);
}
if (flock(idmap_fd, LOCK_EX | LOCK_NB) != 0) {
ALOGE("flock(%s) failed during idmap: %s\n", idmap_path, strerror(errno));
exit(1);
}
run_idmap(target_apk, overlay_apk, idmap_fd);
exit(1); /* only if exec call to idmap failed */
} else {
int status = wait_child(pid);
if (status != 0) {
ALOGE("idmap failed, status=0x%04x\n", status);
goto fail;
}
}
close(idmap_fd);
return binder::Status::ok();
fail:
if (idmap_fd >= 0) {
close(idmap_fd);
unlink(idmap_path);
}
return binder::Status::fromServiceSpecificError(-1);
}
binder::Status InstalldNativeService::restoreconAppData(const std::unique_ptr<std::string>& uuid,
const std::string& packageName, int32_t userId, int32_t flags, int32_t appId,
const std::string& seInfo) {
ENFORCE_UID(AID_SYSTEM);
int res = 0;
// SELINUX_ANDROID_RESTORECON_DATADATA flag is set by libselinux. Not needed here.
unsigned int seflags = SELINUX_ANDROID_RESTORECON_RECURSE;
const char* uuid_ = uuid ? uuid->c_str() : nullptr;
const char* pkgName = packageName.c_str();
const char* seinfo = seInfo.c_str();
if (!pkgName || !seinfo) {
ALOGE("Package name or seinfo tag is null when trying to restorecon.");
return binder::Status::fromServiceSpecificError(-1);
}
uid_t uid = multiuser_get_uid(userId, appId);
if (flags & FLAG_STORAGE_CE) {
auto path = create_data_user_ce_package_path(uuid_, userId, pkgName);
if (selinux_android_restorecon_pkgdir(path.c_str(), seinfo, uid, seflags) < 0) {
PLOG(ERROR) << "restorecon failed for " << path;
res = -1;
}
}
if (flags & FLAG_STORAGE_DE) {
auto path = create_data_user_de_package_path(uuid_, userId, pkgName);
if (selinux_android_restorecon_pkgdir(path.c_str(), seinfo, uid, seflags) < 0) {
PLOG(ERROR) << "restorecon failed for " << path;
// TODO: include result once 25796509 is fixed
}
}
return res ? binder::Status::fromServiceSpecificError(-1) : binder::Status::ok();
}
binder::Status InstalldNativeService::createOatDir(const std::string& oatDir,
const std::string& instructionSet) {
ENFORCE_UID(AID_SYSTEM);
const char* oat_dir = oatDir.c_str();
const char* instruction_set = instructionSet.c_str();
char oat_instr_dir[PKG_PATH_MAX];
if (validate_apk_path(oat_dir)) {
ALOGE("invalid apk path '%s' (bad prefix)\n", oat_dir);
return binder::Status::fromServiceSpecificError(-1);
}
if (fs_prepare_dir(oat_dir, S_IRWXU | S_IRWXG | S_IXOTH, AID_SYSTEM, AID_INSTALL)) {
return binder::Status::fromServiceSpecificError(-1);
}
if (selinux_android_restorecon(oat_dir, 0)) {
ALOGE("cannot restorecon dir '%s': %s\n", oat_dir, strerror(errno));
return binder::Status::fromServiceSpecificError(-1);
}
snprintf(oat_instr_dir, PKG_PATH_MAX, "%s/%s", oat_dir, instruction_set);
if (fs_prepare_dir(oat_instr_dir, S_IRWXU | S_IRWXG | S_IXOTH, AID_SYSTEM, AID_INSTALL)) {
return binder::Status::fromServiceSpecificError(-1);
}
return binder::Status::ok();
}
binder::Status InstalldNativeService::rmPackageDir(const std::string& packageDir) {
ENFORCE_UID(AID_SYSTEM);
const char* apk_path = packageDir.c_str();
if (validate_apk_path(apk_path)) {
ALOGE("invalid apk path '%s' (bad prefix)\n", apk_path);
return binder::Status::fromServiceSpecificError(-1);
}
int res = delete_dir_contents(apk_path, 1 /* also_delete_dir */,
NULL /* exclusion_predicate */);
return res ? binder::Status::fromServiceSpecificError(-1) : binder::Status::ok();
}
binder::Status InstalldNativeService::linkFile(const std::string& relativePath,
const std::string& fromBase, const std::string& toBase) {
ENFORCE_UID(AID_SYSTEM);
const char* relative_path = relativePath.c_str();
const char* from_base = fromBase.c_str();
const char* to_base = toBase.c_str();
char from_path[PKG_PATH_MAX];
char to_path[PKG_PATH_MAX];
snprintf(from_path, PKG_PATH_MAX, "%s/%s", from_base, relative_path);
snprintf(to_path, PKG_PATH_MAX, "%s/%s", to_base, relative_path);
if (validate_apk_path_subdirs(from_path)) {
ALOGE("invalid app data sub-path '%s' (bad prefix)\n", from_path);
return binder::Status::fromServiceSpecificError(-1);
}
if (validate_apk_path_subdirs(to_path)) {
ALOGE("invalid app data sub-path '%s' (bad prefix)\n", to_path);
return binder::Status::fromServiceSpecificError(-1);
}
const int ret = link(from_path, to_path);
if (ret < 0) {
ALOGE("link(%s, %s) failed : %s", from_path, to_path, strerror(errno));
return binder::Status::fromServiceSpecificError(-1);
}
return binder::Status::ok();
}
// Helper for move_ab, so that we can have common failure-case cleanup.
static bool unlink_and_rename(const char* from, const char* to) {
// Check whether "from" exists, and if so whether it's regular. If it is, unlink. Otherwise,
// return a failure.
struct stat s;
if (stat(to, &s) == 0) {
if (!S_ISREG(s.st_mode)) {
LOG(ERROR) << from << " is not a regular file to replace for A/B.";
return false;
}
if (unlink(to) != 0) {
LOG(ERROR) << "Could not unlink " << to << " to move A/B.";
return false;
}
} else {
// This may be a permission problem. We could investigate the error code, but we'll just
// let the rename failure do the work for us.
}
// Try to rename "to" to "from."
if (rename(from, to) != 0) {
PLOG(ERROR) << "Could not rename " << from << " to " << to;
return false;
}
return true;
}
// Move/rename a B artifact (from) to an A artifact (to).
static bool move_ab_path(const std::string& b_path, const std::string& a_path) {
// Check whether B exists.
{
struct stat s;
if (stat(b_path.c_str(), &s) != 0) {
// Silently ignore for now. The service calling this isn't smart enough to understand
// lack of artifacts at the moment.
return false;
}
if (!S_ISREG(s.st_mode)) {
LOG(ERROR) << "A/B artifact " << b_path << " is not a regular file.";
// Try to unlink, but swallow errors.
unlink(b_path.c_str());
return false;
}
}
// Rename B to A.
if (!unlink_and_rename(b_path.c_str(), a_path.c_str())) {
// Delete the b_path so we don't try again (or fail earlier).
if (unlink(b_path.c_str()) != 0) {
PLOG(ERROR) << "Could not unlink " << b_path;
}
return false;
}
return true;
}
//int move_ab(const char* apk_path, const char* instruction_set, const char* oat_dir) {
binder::Status InstalldNativeService::moveAb(const std::string& apkPath,
const std::string& instructionSet, const std::string& outputPath) {
ENFORCE_UID(AID_SYSTEM);
const char* apk_path = apkPath.c_str();
const char* instruction_set = instructionSet.c_str();
const char* oat_dir = outputPath.c_str();
// Get the current slot suffix. No suffix, no A/B.
std::string slot_suffix;
{
char buf[kPropertyValueMax];
if (get_property("ro.boot.slot_suffix", buf, nullptr) <= 0) {
return binder::Status::fromServiceSpecificError(-1);
}
slot_suffix = buf;
if (!ValidateTargetSlotSuffix(slot_suffix)) {
LOG(ERROR) << "Target slot suffix not legal: " << slot_suffix;
return binder::Status::fromServiceSpecificError(-1);
}
}
// Validate other inputs.
if (validate_apk_path(apk_path) != 0) {
LOG(ERROR) << "invalid apk_path " << apk_path;
return binder::Status::fromServiceSpecificError(-1);
}
if (validate_apk_path(oat_dir) != 0) {
LOG(ERROR) << "invalid oat_dir " << oat_dir;
return binder::Status::fromServiceSpecificError(-1);
}
char a_path[PKG_PATH_MAX];
if (!calculate_oat_file_path(a_path, oat_dir, apk_path, instruction_set)) {
return binder::Status::fromServiceSpecificError(-1);
}
const std::string a_vdex_path = create_vdex_filename(a_path);
const std::string a_image_path = create_image_filename(a_path);
// B path = A path + slot suffix.
const std::string b_path = StringPrintf("%s.%s", a_path, slot_suffix.c_str());
const std::string b_vdex_path = StringPrintf("%s.%s", a_vdex_path.c_str(), slot_suffix.c_str());
const std::string b_image_path = StringPrintf("%s.%s",
a_image_path.c_str(),
slot_suffix.c_str());
bool success = true;
if (move_ab_path(b_path, a_path)) {
if (move_ab_path(b_vdex_path, a_vdex_path)) {
// Note: we can live without an app image. As such, ignore failure to move the image file.
// If we decide to require the app image, or the app image being moved correctly,
// then change accordingly.
constexpr bool kIgnoreAppImageFailure = true;
if (!a_image_path.empty()) {
if (!move_ab_path(b_image_path, a_image_path)) {
unlink(a_image_path.c_str());
if (!kIgnoreAppImageFailure) {
success = false;
}
}
}
} else {
// Cleanup: delete B image, ignore errors.
unlink(b_image_path.c_str());
success = false;
}
} else {
// Cleanup: delete B image, ignore errors.
unlink(b_vdex_path.c_str());
unlink(b_image_path.c_str());
success = false;
}
return success ? binder::Status::ok() : binder::Status::fromServiceSpecificError(-1);
}
binder::Status InstalldNativeService::deleteOdex(const std::string& apkPath,
const std::string& instructionSet, const std::string& outputPath) {
ENFORCE_UID(AID_SYSTEM);
const char* apk_path = apkPath.c_str();
const char* instruction_set = instructionSet.c_str();
const char* oat_dir = outputPath.c_str();
// Delete the oat/odex file.
char out_path[PKG_PATH_MAX];
if (!create_oat_out_path(apk_path, instruction_set, oat_dir, out_path)) {
return binder::Status::fromServiceSpecificError(-1);
}
// In case of a permission failure report the issue. Otherwise just print a warning.
auto unlink_and_check = [](const char* path) -> bool {
int result = unlink(path);
if (result != 0) {
if (errno == EACCES || errno == EPERM) {
PLOG(ERROR) << "Could not unlink " << path;
return false;
}
PLOG(WARNING) << "Could not unlink " << path;
}
return true;
};
// Delete the oat/odex file.
bool return_value_oat = unlink_and_check(out_path);
// Derive and delete the app image.
bool return_value_art = unlink_and_check(create_image_filename(out_path).c_str());
// Report success.
bool success = return_value_oat && return_value_art;
return success ? binder::Status::ok() : binder::Status::fromServiceSpecificError(-1);
}
} // namespace installd
} // namespace android