Initial Binder interface for installd.

am: 9087400f3c

Change-Id: I4912defb2edafb60d429d90679bffe88589fcad9

5 files changed, 200 insertions, 2 deletions

diff --git a/cmds/installd/Android.mk b/cmds/installd/Android.mk
index 34453c05f8..1f5ae65fe8 100644
--- a/cmds/installd/Android.mk
+++ b/cmds/installd/Android.mk
@@ -91,13 +91,19 @@ include $(CLEAR_VARS)
 LOCAL_MODULE := installd
 LOCAL_MODULE_TAGS := optional
 LOCAL_CFLAGS := $(common_cflags)
-LOCAL_SRC_FILES := installd.cpp $(common_src_files)
+LOCAL_SRC_FILES := $(common_src_files) \
+    installd.cpp \
+    InstalldNativeService.cpp \
+    binder/android/os/IInstalld.aidl \
+
 LOCAL_SHARED_LIBRARIES := \
     libbase \
+    libbinder \
     libcutils \
     liblog \
     liblogwrap \
     libselinux \
+    libutils
 
 LOCAL_STATIC_LIBRARIES := libdiskusage
 LOCAL_ADDITIONAL_DEPENDENCIES += $(LOCAL_PATH)/Android.mk
diff --git a/cmds/installd/InstalldNativeService.cpp b/cmds/installd/InstalldNativeService.cpp
new file mode 100644
index 0000000000..d68035fb5a
--- /dev/null
+++ b/cmds/installd/InstalldNativeService.cpp
@@ -0,0 +1,120 @@
+/**
+ * Copyright (c) 2016, The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#define LOG_TAG "installd"
+
+#include <vector>
+#include <fstream>
+
+#include <android-base/stringprintf.h>
+#include <binder/IPCThreadState.h>
+#include <binder/IServiceManager.h>
+#include <cutils/log.h>
+#include <cutils/properties.h>
+#include <private/android_filesystem_config.h>
+#include <utils/Errors.h>
+#include <utils/String16.h>
+
+#include "InstalldNativeService.h"
+
+#include "commands.h"
+
+using android::base::StringPrintf;
+
+namespace android {
+namespace installd {
+
+namespace {
+
+constexpr const char* kDump = "android.permission.DUMP";
+
+binder::Status checkPermission(const char* permission) {
+    pid_t pid;
+    uid_t uid;
+
+    if (checkCallingPermission(String16(permission), reinterpret_cast<int32_t*>(&pid),
+            reinterpret_cast<int32_t*>(&uid))) {
+        return binder::Status::ok();
+    } else {
+        auto err = StringPrintf("UID %d / PID %d lacks permission %s", uid, pid, permission);
+        return binder::Status::fromExceptionCode(binder::Status::EX_SECURITY, String8(err.c_str()));
+    }
+}
+
+binder::Status checkUid(uid_t expectedUid) {
+    uid_t uid = IPCThreadState::self()->getCallingUid();
+    if (uid == expectedUid) {
+        return binder::Status::ok();
+    } else {
+        auto err = StringPrintf("UID %d is not expected UID %d", uid, expectedUid);
+        return binder::Status::fromExceptionCode(binder::Status::EX_SECURITY, String8(err.c_str()));
+    }
+}
+
+#define ENFORCE_UID(uid) {                                  \
+    binder::Status status = checkUid((uid));                \
+    if (!status.isOk()) {                                   \
+        return status;                                      \
+    }                                                       \
+}
+
+}  // namespace
+
+status_t InstalldNativeService::start() {
+    IPCThreadState::self()->disableBackgroundScheduling(true);
+    status_t ret = BinderService<InstalldNativeService>::publish();
+    if (ret != android::OK) {
+        return ret;
+    }
+    sp<ProcessState> ps(ProcessState::self());
+    ps->startThreadPool();
+    ps->giveThreadPoolName();
+    return android::OK;
+}
+
+status_t InstalldNativeService::dump(int fd, const Vector<String16> & /* args */) {
+    const binder::Status dump_permission = checkPermission(kDump);
+    if (!dump_permission.isOk()) {
+        const String8 msg(dump_permission.toString8());
+        write(fd, msg.string(), msg.size());
+        return PERMISSION_DENIED;
+    }
+
+    std::string msg = "installd is happy\n";
+    write(fd, msg.c_str(), strlen(msg.c_str()));
+    return NO_ERROR;
+}
+
+static binder::Status translateStatus(int ret) {
+    if (ret != 0) {
+        auto err = StringPrintf("Failed with error %d", ret);
+        return binder::Status::fromServiceSpecificError(ret, String8(err.c_str()));
+    } else {
+        return binder::Status::ok();
+    }
+}
+
+binder::Status InstalldNativeService::createAppData(const std::unique_ptr<std::string>& uuid,
+        const std::string& pkgname, int32_t userid, int32_t flags, int32_t appid,
+        const std::string& seinfo, int32_t targetSdkVersion) {
+    ENFORCE_UID(AID_SYSTEM);
+    const char* _uuid = uuid ? (*uuid).c_str() : nullptr;
+    return translateStatus(create_app_data(_uuid, pkgname.c_str(), userid, flags, appid,
+            seinfo.c_str(), targetSdkVersion));
+}
+
+}  // namespace installd
+}  // namespace android
diff --git a/cmds/installd/InstalldNativeService.h b/cmds/installd/InstalldNativeService.h
new file mode 100644
index 0000000000..64973bf9e1
--- /dev/null
+++ b/cmds/installd/InstalldNativeService.h
@@ -0,0 +1,43 @@
+/**
+ * Copyright (c) 2016, The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef _INSTALLD_NATIVE_SERVICE_H_
+#define _INSTALLD_NATIVE_SERVICE_H_
+
+#include <vector>
+
+#include <binder/BinderService.h>
+
+#include "android/os/BnInstalld.h"
+
+namespace android {
+namespace installd {
+
+class InstalldNativeService : public BinderService<InstalldNativeService>, public os::BnInstalld {
+  public:
+    static status_t start();
+    static char const* getServiceName() { return "installd"; }
+    virtual status_t dump(int fd, const Vector<String16> &args) override;
+
+    binder::Status createAppData(const std::unique_ptr<std::string>& uuid,
+            const std::string& pkgname, int32_t userid, int32_t flags, int32_t appid,
+            const std::string& seinfo, int32_t targetSdkVersion);
+};
+
+}  // namespace installd
+}  // namespace android
+
+#endif  // _INSTALLD_NATIVE_SERVICE_H_
diff --git a/cmds/installd/binder/android/os/IInstalld.aidl b/cmds/installd/binder/android/os/IInstalld.aidl
new file mode 100644
index 0000000000..5e36244696
--- /dev/null
+++ b/cmds/installd/binder/android/os/IInstalld.aidl
@@ -0,0 +1,22 @@
+/*
+ * Copyright (C) 2016 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package android.os;
+
+interface IInstalld {
+    void createAppData(in @nullable @utf8InCpp String uuid, in @utf8InCpp String pkgname,
+            int userid, int flags, int appid, in @utf8InCpp String seinfo, int targetSdkVersion);
+}
diff --git a/cmds/installd/installd.cpp b/cmds/installd/installd.cpp
index c81a33965c..332bc5e175 100644
--- a/cmds/installd/installd.cpp
+++ b/cmds/installd/installd.cpp
@@ -30,6 +30,8 @@
 #include <cutils/sockets.h>
 #include <private/android_filesystem_config.h>
 
+#include <InstalldNativeService.h>
+
 #include <commands.h>
 #include <globals.h>
 #include <installd_constants.h>
@@ -705,7 +707,7 @@ static int installd_main(const int argc ATTRIBUTE_UNUSED, char *argv[]) {
     char buf[BUFFER_MAX];
     struct sockaddr addr;
     socklen_t alen;
-    int lsocket, s;
+    int lsocket, s, ret;
     int selinux_enabled = (is_selinux_enabled() > 0);
 
     setenv("ANDROID_LOG_TAGS", "*:v", 1);
@@ -732,6 +734,11 @@ static int installd_main(const int argc ATTRIBUTE_UNUSED, char *argv[]) {
         exit(1);
     }
 
+    if ((ret = InstalldNativeService::start()) != android::OK) {
+        ALOGE("Unable to start InstalldNativeService: %d", ret);
+        exit(1);
+    }
+
     lsocket = android_get_control_socket(SOCKET_PATH);
     if (lsocket < 0) {
         ALOGE("Failed to get socket from environment: %s\n", strerror(errno));