2012-10-24 17:45:23 +00:00
|
|
|
/*
|
|
|
|
** Copyright 2008, The Android Open Source Project
|
|
|
|
**
|
|
|
|
** Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
** you may not use this file except in compliance with the License.
|
|
|
|
** You may obtain a copy of the License at
|
|
|
|
**
|
|
|
|
** http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
**
|
|
|
|
** Unless required by applicable law or agreed to in writing, software
|
|
|
|
** distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
** See the License for the specific language governing permissions and
|
|
|
|
** limitations under the License.
|
|
|
|
*/
|
|
|
|
|
2013-03-01 00:59:13 +00:00
|
|
|
#include <sys/capability.h>
|
2012-10-24 17:45:23 +00:00
|
|
|
#include <linux/prctl.h>
|
2013-04-16 16:16:50 +00:00
|
|
|
#include <selinux/android.h>
|
|
|
|
#include <selinux/avc.h>
|
2012-10-24 17:45:23 +00:00
|
|
|
|
|
|
|
#include "installd.h"
|
|
|
|
|
|
|
|
|
|
|
|
#define BUFFER_MAX 1024 /* input buffer for commands */
|
|
|
|
#define TOKEN_MAX 8 /* max number of arguments in buffer */
|
|
|
|
#define REPLY_MAX 256 /* largest reply allowed */
|
|
|
|
|
|
|
|
static int do_ping(char **arg, char reply[REPLY_MAX])
|
|
|
|
{
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int do_install(char **arg, char reply[REPLY_MAX])
|
|
|
|
{
|
2013-03-25 10:33:03 +00:00
|
|
|
return install(arg[0], atoi(arg[1]), atoi(arg[2]), arg[3]); /* pkgname, uid, gid, seinfo */
|
2012-10-24 17:45:23 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static int do_dexopt(char **arg, char reply[REPLY_MAX])
|
|
|
|
{
|
2014-01-30 22:19:23 +00:00
|
|
|
/* apk_path, uid, is_public, pkgname */
|
|
|
|
return dexopt(arg[0], atoi(arg[1]), atoi(arg[2]), arg[3]);
|
2012-10-24 17:45:23 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static int do_move_dex(char **arg, char reply[REPLY_MAX])
|
|
|
|
{
|
|
|
|
return move_dex(arg[0], arg[1]); /* src, dst */
|
|
|
|
}
|
|
|
|
|
|
|
|
static int do_rm_dex(char **arg, char reply[REPLY_MAX])
|
|
|
|
{
|
|
|
|
return rm_dex(arg[0]); /* pkgname */
|
|
|
|
}
|
|
|
|
|
|
|
|
static int do_remove(char **arg, char reply[REPLY_MAX])
|
|
|
|
{
|
|
|
|
return uninstall(arg[0], atoi(arg[1])); /* pkgname, userid */
|
|
|
|
}
|
|
|
|
|
|
|
|
static int do_rename(char **arg, char reply[REPLY_MAX])
|
|
|
|
{
|
|
|
|
return renamepkg(arg[0], arg[1]); /* oldpkgname, newpkgname */
|
|
|
|
}
|
|
|
|
|
|
|
|
static int do_fixuid(char **arg, char reply[REPLY_MAX])
|
|
|
|
{
|
|
|
|
return fix_uid(arg[0], atoi(arg[1]), atoi(arg[2])); /* pkgname, uid, gid */
|
|
|
|
}
|
|
|
|
|
|
|
|
static int do_free_cache(char **arg, char reply[REPLY_MAX]) /* TODO int:free_size */
|
|
|
|
{
|
|
|
|
return free_cache((int64_t)atoll(arg[0])); /* free_size */
|
|
|
|
}
|
|
|
|
|
|
|
|
static int do_rm_cache(char **arg, char reply[REPLY_MAX])
|
|
|
|
{
|
|
|
|
return delete_cache(arg[0], atoi(arg[1])); /* pkgname, userid */
|
|
|
|
}
|
|
|
|
|
|
|
|
static int do_get_size(char **arg, char reply[REPLY_MAX])
|
|
|
|
{
|
|
|
|
int64_t codesize = 0;
|
|
|
|
int64_t datasize = 0;
|
|
|
|
int64_t cachesize = 0;
|
|
|
|
int64_t asecsize = 0;
|
|
|
|
int res = 0;
|
|
|
|
|
2013-07-10 23:55:46 +00:00
|
|
|
/* pkgdir, userid, apkpath */
|
2013-05-02 01:55:10 +00:00
|
|
|
res = get_size(arg[0], atoi(arg[1]), arg[2], arg[3], arg[4], arg[5],
|
2012-10-24 17:45:23 +00:00
|
|
|
&codesize, &datasize, &cachesize, &asecsize);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Each int64_t can take up 22 characters printed out. Make sure it
|
|
|
|
* doesn't go over REPLY_MAX in the future.
|
|
|
|
*/
|
|
|
|
snprintf(reply, REPLY_MAX, "%" PRId64 " %" PRId64 " %" PRId64 " %" PRId64,
|
|
|
|
codesize, datasize, cachesize, asecsize);
|
|
|
|
return res;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int do_rm_user_data(char **arg, char reply[REPLY_MAX])
|
|
|
|
{
|
|
|
|
return delete_user_data(arg[0], atoi(arg[1])); /* pkgname, userid */
|
|
|
|
}
|
|
|
|
|
|
|
|
static int do_mk_user_data(char **arg, char reply[REPLY_MAX])
|
|
|
|
{
|
2013-07-29 13:18:09 +00:00
|
|
|
return make_user_data(arg[0], atoi(arg[1]), atoi(arg[2]), arg[3]);
|
|
|
|
/* pkgname, uid, userid, seinfo */
|
2012-10-24 17:45:23 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static int do_rm_user(char **arg, char reply[REPLY_MAX])
|
|
|
|
{
|
2013-07-10 23:55:46 +00:00
|
|
|
return delete_user(atoi(arg[0])); /* userid */
|
2012-10-24 17:45:23 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static int do_movefiles(char **arg, char reply[REPLY_MAX])
|
|
|
|
{
|
|
|
|
return movefiles();
|
|
|
|
}
|
|
|
|
|
|
|
|
static int do_linklib(char **arg, char reply[REPLY_MAX])
|
|
|
|
{
|
|
|
|
return linklib(arg[0], arg[1], atoi(arg[2]));
|
|
|
|
}
|
|
|
|
|
Runtime resource overlay, iteration 2
Support any number of overlay packages. Support any target package.
UPDATED PACKAGE MATCHING
------------------------
In Runtime resource overlay, iteration 1, only a single overlay package
was considered. Package matching was based on file paths:
/vendor/overlay/system/framework-res.apk corresponded to
/system/framework-res.apk. Introduce a more flexible matching scheme
where any package is an overlay package if its manifest includes
<overlay targetPackage="com.target.package"/>
For security reasons, an overlay package must fulfill certain criteria
to take effect: see below.
THE IDMAP TOOL AND IDMAP FILES
------------------------------
Idmap files are created by the 'idmap' binary; idmap files must be
present when loading packages. For the Android system, Zygote calls
'idmap' as part of the resource pre-loading. For application packages,
'idmap' is invoked via 'installd' during package installation (similar
to 'dexopt').
UPDATED FLOW
------------
The following is an outline of the start-up sequences for the Android
system and Android apps. Steps marked with '+' are introduced by this
commit.
Zygote initialization
Initial AssetManager object created
+ idmap --scan creates idmaps for overlays targeting 'android', \
stores list of overlays in /data/resource-cache/overlays.list
AssetManager caches framework-res.apk
+ AssetManager caches overlay packages listed in overlays.list
Android boot
New AssetManager's ResTable acquired
AssetManager re-uses cached framework-res.apk
+ AssetManager re-uses cached 'android' overlays (if any)
App boot
ActivityThread prepares AssetManager to load app.apk
+ ActivityThread prepares AssetManager to load app overlays (if any)
New AssetManager's ResTable acquired as per Android boot
SECURITY
--------
Overlay packages are required to be pre-loaded (in /vendor/overlay).
These packages are trusted by definition. A future iteration of runtime
resource overlay may add support for downloaded overlays, which would
likely require target and overlay signatures match for the overlay to
be trusted.
LOOKUP PRIORITY
---------------
During resource lookup, packages are sequentially queried to provide a
best match, given the constraints of the current configuration. If any
package provide a better match than what has been found so far, it
replaces the previous match. The target package is always queried last.
When loading a package with more than one overlay, the order in which
the overlays are added become significant if several packages overlay
the same resource.
Had downloaded overlays been supported, the install time could have been
used to determine the load order. Regardless, for pre-installed
overlays, the install time is randomly determined by the order in which
the Package Manager locates the packages during initial boot. To support
a well-defined order, pre-installed overlay packages are expected to
define an additional 'priority' attribute in their <overlay> tags:
<overlay targetPackage="com.target.package" priority="1234"/>
Pre-installed overlays are loaded in order of their priority attributes,
sorted in ascending order.
Assigning the same priority to several overlays targeting the same base
package leads to undefined behaviour. It is the responsibility of the
vendor to avoid this.
The following example shows the ResTable and PackageGroups after loading
an application and two overlays. The resource lookup framework will
query the packages in the order C, B, A.
+------+------+- -+------+------+
| 0x01 | | ... | | 0x7f |
+------+------+- -+------+------+
| |
"android" Target package A
|
Pre-installed overlay B (priority 1)
|
Pre-installed overlay C (priority 2)
Change-Id: If49c963149369b1957f7d2303b3dd27f669ed24e
2014-01-31 13:42:59 +00:00
|
|
|
static int do_idmap(char **arg, char reply[REPLY_MAX])
|
|
|
|
{
|
|
|
|
return idmap(arg[0], arg[1], atoi(arg[2]));
|
|
|
|
}
|
|
|
|
|
2014-03-27 14:21:12 +00:00
|
|
|
static int do_restorecon_data(char **arg, char reply[REPLY_MAX] __attribute__((unused)))
|
2014-02-20 15:25:56 +00:00
|
|
|
{
|
2014-03-27 14:21:12 +00:00
|
|
|
return restorecon_data(arg[0], arg[1], atoi(arg[2]));
|
|
|
|
/* pkgName, seinfo, uid*/
|
2014-02-20 15:25:56 +00:00
|
|
|
}
|
|
|
|
|
2012-10-24 17:45:23 +00:00
|
|
|
struct cmdinfo {
|
|
|
|
const char *name;
|
|
|
|
unsigned numargs;
|
|
|
|
int (*func)(char **arg, char reply[REPLY_MAX]);
|
|
|
|
};
|
|
|
|
|
|
|
|
struct cmdinfo cmds[] = {
|
|
|
|
{ "ping", 0, do_ping },
|
2013-03-25 10:33:03 +00:00
|
|
|
{ "install", 4, do_install },
|
2014-01-30 22:19:23 +00:00
|
|
|
{ "dexopt", 4, do_dexopt },
|
2012-10-24 17:45:23 +00:00
|
|
|
{ "movedex", 2, do_move_dex },
|
|
|
|
{ "rmdex", 1, do_rm_dex },
|
|
|
|
{ "remove", 2, do_remove },
|
|
|
|
{ "rename", 2, do_rename },
|
|
|
|
{ "fixuid", 3, do_fixuid },
|
|
|
|
{ "freecache", 1, do_free_cache },
|
|
|
|
{ "rmcache", 2, do_rm_cache },
|
2013-05-02 01:55:10 +00:00
|
|
|
{ "getsize", 6, do_get_size },
|
2012-10-24 17:45:23 +00:00
|
|
|
{ "rmuserdata", 2, do_rm_user_data },
|
|
|
|
{ "movefiles", 0, do_movefiles },
|
|
|
|
{ "linklib", 3, do_linklib },
|
2013-07-29 13:18:09 +00:00
|
|
|
{ "mkuserdata", 4, do_mk_user_data },
|
2012-10-24 17:45:23 +00:00
|
|
|
{ "rmuser", 1, do_rm_user },
|
Runtime resource overlay, iteration 2
Support any number of overlay packages. Support any target package.
UPDATED PACKAGE MATCHING
------------------------
In Runtime resource overlay, iteration 1, only a single overlay package
was considered. Package matching was based on file paths:
/vendor/overlay/system/framework-res.apk corresponded to
/system/framework-res.apk. Introduce a more flexible matching scheme
where any package is an overlay package if its manifest includes
<overlay targetPackage="com.target.package"/>
For security reasons, an overlay package must fulfill certain criteria
to take effect: see below.
THE IDMAP TOOL AND IDMAP FILES
------------------------------
Idmap files are created by the 'idmap' binary; idmap files must be
present when loading packages. For the Android system, Zygote calls
'idmap' as part of the resource pre-loading. For application packages,
'idmap' is invoked via 'installd' during package installation (similar
to 'dexopt').
UPDATED FLOW
------------
The following is an outline of the start-up sequences for the Android
system and Android apps. Steps marked with '+' are introduced by this
commit.
Zygote initialization
Initial AssetManager object created
+ idmap --scan creates idmaps for overlays targeting 'android', \
stores list of overlays in /data/resource-cache/overlays.list
AssetManager caches framework-res.apk
+ AssetManager caches overlay packages listed in overlays.list
Android boot
New AssetManager's ResTable acquired
AssetManager re-uses cached framework-res.apk
+ AssetManager re-uses cached 'android' overlays (if any)
App boot
ActivityThread prepares AssetManager to load app.apk
+ ActivityThread prepares AssetManager to load app overlays (if any)
New AssetManager's ResTable acquired as per Android boot
SECURITY
--------
Overlay packages are required to be pre-loaded (in /vendor/overlay).
These packages are trusted by definition. A future iteration of runtime
resource overlay may add support for downloaded overlays, which would
likely require target and overlay signatures match for the overlay to
be trusted.
LOOKUP PRIORITY
---------------
During resource lookup, packages are sequentially queried to provide a
best match, given the constraints of the current configuration. If any
package provide a better match than what has been found so far, it
replaces the previous match. The target package is always queried last.
When loading a package with more than one overlay, the order in which
the overlays are added become significant if several packages overlay
the same resource.
Had downloaded overlays been supported, the install time could have been
used to determine the load order. Regardless, for pre-installed
overlays, the install time is randomly determined by the order in which
the Package Manager locates the packages during initial boot. To support
a well-defined order, pre-installed overlay packages are expected to
define an additional 'priority' attribute in their <overlay> tags:
<overlay targetPackage="com.target.package" priority="1234"/>
Pre-installed overlays are loaded in order of their priority attributes,
sorted in ascending order.
Assigning the same priority to several overlays targeting the same base
package leads to undefined behaviour. It is the responsibility of the
vendor to avoid this.
The following example shows the ResTable and PackageGroups after loading
an application and two overlays. The resource lookup framework will
query the packages in the order C, B, A.
+------+------+- -+------+------+
| 0x01 | | ... | | 0x7f |
+------+------+- -+------+------+
| |
"android" Target package A
|
Pre-installed overlay B (priority 1)
|
Pre-installed overlay C (priority 2)
Change-Id: If49c963149369b1957f7d2303b3dd27f669ed24e
2014-01-31 13:42:59 +00:00
|
|
|
{ "idmap", 3, do_idmap },
|
2014-03-27 14:21:12 +00:00
|
|
|
{ "restorecondata", 3, do_restorecon_data },
|
2012-10-24 17:45:23 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
static int readx(int s, void *_buf, int count)
|
|
|
|
{
|
|
|
|
char *buf = _buf;
|
|
|
|
int n = 0, r;
|
|
|
|
if (count < 0) return -1;
|
|
|
|
while (n < count) {
|
|
|
|
r = read(s, buf + n, count - n);
|
|
|
|
if (r < 0) {
|
|
|
|
if (errno == EINTR) continue;
|
|
|
|
ALOGE("read error: %s\n", strerror(errno));
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
if (r == 0) {
|
|
|
|
ALOGE("eof\n");
|
|
|
|
return -1; /* EOF */
|
|
|
|
}
|
|
|
|
n += r;
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int writex(int s, const void *_buf, int count)
|
|
|
|
{
|
|
|
|
const char *buf = _buf;
|
|
|
|
int n = 0, r;
|
|
|
|
if (count < 0) return -1;
|
|
|
|
while (n < count) {
|
|
|
|
r = write(s, buf + n, count - n);
|
|
|
|
if (r < 0) {
|
|
|
|
if (errno == EINTR) continue;
|
|
|
|
ALOGE("write error: %s\n", strerror(errno));
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
n += r;
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/* Tokenize the command buffer, locate a matching command,
|
|
|
|
* ensure that the required number of arguments are provided,
|
|
|
|
* call the function(), return the result.
|
|
|
|
*/
|
|
|
|
static int execute(int s, char cmd[BUFFER_MAX])
|
|
|
|
{
|
|
|
|
char reply[REPLY_MAX];
|
|
|
|
char *arg[TOKEN_MAX+1];
|
|
|
|
unsigned i;
|
|
|
|
unsigned n = 0;
|
|
|
|
unsigned short count;
|
|
|
|
int ret = -1;
|
|
|
|
|
2013-03-22 01:20:22 +00:00
|
|
|
// ALOGI("execute('%s')\n", cmd);
|
2012-10-24 17:45:23 +00:00
|
|
|
|
|
|
|
/* default reply is "" */
|
|
|
|
reply[0] = 0;
|
|
|
|
|
|
|
|
/* n is number of args (not counting arg[0]) */
|
|
|
|
arg[0] = cmd;
|
|
|
|
while (*cmd) {
|
|
|
|
if (isspace(*cmd)) {
|
|
|
|
*cmd++ = 0;
|
|
|
|
n++;
|
|
|
|
arg[n] = cmd;
|
|
|
|
if (n == TOKEN_MAX) {
|
|
|
|
ALOGE("too many arguments\n");
|
|
|
|
goto done;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
cmd++;
|
|
|
|
}
|
|
|
|
|
|
|
|
for (i = 0; i < sizeof(cmds) / sizeof(cmds[0]); i++) {
|
|
|
|
if (!strcmp(cmds[i].name,arg[0])) {
|
|
|
|
if (n != cmds[i].numargs) {
|
|
|
|
ALOGE("%s requires %d arguments (%d given)\n",
|
|
|
|
cmds[i].name, cmds[i].numargs, n);
|
|
|
|
} else {
|
|
|
|
ret = cmds[i].func(arg + 1, reply);
|
|
|
|
}
|
|
|
|
goto done;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
ALOGE("unsupported command '%s'\n", arg[0]);
|
|
|
|
|
|
|
|
done:
|
|
|
|
if (reply[0]) {
|
|
|
|
n = snprintf(cmd, BUFFER_MAX, "%d %s", ret, reply);
|
|
|
|
} else {
|
|
|
|
n = snprintf(cmd, BUFFER_MAX, "%d", ret);
|
|
|
|
}
|
|
|
|
if (n > BUFFER_MAX) n = BUFFER_MAX;
|
|
|
|
count = n;
|
|
|
|
|
2013-03-22 01:20:22 +00:00
|
|
|
// ALOGI("reply: '%s'\n", cmd);
|
2012-10-24 17:45:23 +00:00
|
|
|
if (writex(s, &count, sizeof(count))) return -1;
|
|
|
|
if (writex(s, cmd, count)) return -1;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Initialize all the global variables that are used elsewhere. Returns 0 upon
|
|
|
|
* success and -1 on error.
|
|
|
|
*/
|
|
|
|
void free_globals() {
|
|
|
|
size_t i;
|
|
|
|
|
|
|
|
for (i = 0; i < android_system_dirs.count; i++) {
|
|
|
|
if (android_system_dirs.dirs[i].path != NULL) {
|
|
|
|
free(android_system_dirs.dirs[i].path);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
free(android_system_dirs.dirs);
|
|
|
|
}
|
|
|
|
|
|
|
|
int initialize_globals() {
|
|
|
|
// Get the android data directory.
|
|
|
|
if (get_path_from_env(&android_data_dir, "ANDROID_DATA") < 0) {
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Get the android app directory.
|
|
|
|
if (copy_and_append(&android_app_dir, &android_data_dir, APP_SUBDIR) < 0) {
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Get the android protected app directory.
|
|
|
|
if (copy_and_append(&android_app_private_dir, &android_data_dir, PRIVATE_APP_SUBDIR) < 0) {
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Get the android app native library directory.
|
|
|
|
if (copy_and_append(&android_app_lib_dir, &android_data_dir, APP_LIB_SUBDIR) < 0) {
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Get the sd-card ASEC mount point.
|
|
|
|
if (get_path_from_env(&android_asec_dir, "ASEC_MOUNTPOINT") < 0) {
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Get the android media directory.
|
|
|
|
if (copy_and_append(&android_media_dir, &android_data_dir, MEDIA_SUBDIR) < 0) {
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Take note of the system and vendor directories.
|
|
|
|
android_system_dirs.count = 2;
|
|
|
|
|
|
|
|
android_system_dirs.dirs = calloc(android_system_dirs.count, sizeof(dir_rec_t));
|
|
|
|
if (android_system_dirs.dirs == NULL) {
|
|
|
|
ALOGE("Couldn't allocate array for dirs; aborting\n");
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
// system
|
|
|
|
if (get_path_from_env(&android_system_dirs.dirs[0], "ANDROID_ROOT") < 0) {
|
|
|
|
free_globals();
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
// append "app/" to dirs[0]
|
|
|
|
char *system_app_path = build_string2(android_system_dirs.dirs[0].path, APP_SUBDIR);
|
|
|
|
android_system_dirs.dirs[0].path = system_app_path;
|
|
|
|
android_system_dirs.dirs[0].len = strlen(system_app_path);
|
|
|
|
|
|
|
|
// vendor
|
|
|
|
// TODO replace this with an environment variable (doesn't exist yet)
|
|
|
|
android_system_dirs.dirs[1].path = "/vendor/app/";
|
|
|
|
android_system_dirs.dirs[1].len = strlen(android_system_dirs.dirs[1].path);
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
int initialize_directories() {
|
|
|
|
int res = -1;
|
|
|
|
|
|
|
|
// Read current filesystem layout version to handle upgrade paths
|
|
|
|
char version_path[PATH_MAX];
|
|
|
|
snprintf(version_path, PATH_MAX, "%s.layout_version", android_data_dir.path);
|
|
|
|
|
|
|
|
int oldVersion;
|
|
|
|
if (fs_read_atomic_int(version_path, &oldVersion) == -1) {
|
|
|
|
oldVersion = 0;
|
|
|
|
}
|
|
|
|
int version = oldVersion;
|
|
|
|
|
|
|
|
// /data/user
|
|
|
|
char *user_data_dir = build_string2(android_data_dir.path, SECONDARY_USER_PREFIX);
|
|
|
|
// /data/data
|
|
|
|
char *legacy_data_dir = build_string2(android_data_dir.path, PRIMARY_USER_PREFIX);
|
|
|
|
// /data/user/0
|
|
|
|
char *primary_data_dir = build_string3(android_data_dir.path, SECONDARY_USER_PREFIX, "0");
|
|
|
|
if (!user_data_dir || !legacy_data_dir || !primary_data_dir) {
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Make the /data/user directory if necessary
|
|
|
|
if (access(user_data_dir, R_OK) < 0) {
|
|
|
|
if (mkdir(user_data_dir, 0711) < 0) {
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
if (chown(user_data_dir, AID_SYSTEM, AID_SYSTEM) < 0) {
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
if (chmod(user_data_dir, 0711) < 0) {
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
// Make the /data/user/0 symlink to /data/data if necessary
|
|
|
|
if (access(primary_data_dir, R_OK) < 0) {
|
|
|
|
if (symlink(legacy_data_dir, primary_data_dir)) {
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (version == 0) {
|
|
|
|
// Introducing multi-user, so migrate /data/media contents into /data/media/0
|
|
|
|
ALOGD("Upgrading /data/media for multi-user");
|
|
|
|
|
|
|
|
// Ensure /data/media
|
|
|
|
if (fs_prepare_dir(android_media_dir.path, 0770, AID_MEDIA_RW, AID_MEDIA_RW) == -1) {
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
|
|
|
|
// /data/media.tmp
|
|
|
|
char media_tmp_dir[PATH_MAX];
|
|
|
|
snprintf(media_tmp_dir, PATH_MAX, "%smedia.tmp", android_data_dir.path);
|
|
|
|
|
|
|
|
// Only copy when upgrade not already in progress
|
|
|
|
if (access(media_tmp_dir, F_OK) == -1) {
|
|
|
|
if (rename(android_media_dir.path, media_tmp_dir) == -1) {
|
|
|
|
ALOGE("Failed to move legacy media path: %s", strerror(errno));
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Create /data/media again
|
|
|
|
if (fs_prepare_dir(android_media_dir.path, 0770, AID_MEDIA_RW, AID_MEDIA_RW) == -1) {
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
|
2014-02-07 14:16:46 +00:00
|
|
|
if (selinux_android_restorecon(android_media_dir.path, 0)) {
|
2013-12-17 21:04:20 +00:00
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
|
2012-10-24 17:45:23 +00:00
|
|
|
// /data/media/0
|
|
|
|
char owner_media_dir[PATH_MAX];
|
|
|
|
snprintf(owner_media_dir, PATH_MAX, "%s0", android_media_dir.path);
|
|
|
|
|
|
|
|
// Move any owner data into place
|
|
|
|
if (access(media_tmp_dir, F_OK) == 0) {
|
|
|
|
if (rename(media_tmp_dir, owner_media_dir) == -1) {
|
|
|
|
ALOGE("Failed to move owner media path: %s", strerror(errno));
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Ensure media directories for any existing users
|
|
|
|
DIR *dir;
|
|
|
|
struct dirent *dirent;
|
|
|
|
char user_media_dir[PATH_MAX];
|
|
|
|
|
|
|
|
dir = opendir(user_data_dir);
|
|
|
|
if (dir != NULL) {
|
|
|
|
while ((dirent = readdir(dir))) {
|
|
|
|
if (dirent->d_type == DT_DIR) {
|
|
|
|
const char *name = dirent->d_name;
|
|
|
|
|
|
|
|
// skip "." and ".."
|
|
|
|
if (name[0] == '.') {
|
|
|
|
if (name[1] == 0) continue;
|
|
|
|
if ((name[1] == '.') && (name[2] == 0)) continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
// /data/media/<user_id>
|
|
|
|
snprintf(user_media_dir, PATH_MAX, "%s%s", android_media_dir.path, name);
|
|
|
|
if (fs_prepare_dir(user_media_dir, 0770, AID_MEDIA_RW, AID_MEDIA_RW) == -1) {
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
closedir(dir);
|
|
|
|
}
|
|
|
|
|
|
|
|
version = 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
// /data/media/obb
|
|
|
|
char media_obb_dir[PATH_MAX];
|
|
|
|
snprintf(media_obb_dir, PATH_MAX, "%sobb", android_media_dir.path);
|
|
|
|
|
|
|
|
if (version == 1) {
|
|
|
|
// Introducing /data/media/obb for sharing OBB across users; migrate
|
|
|
|
// any existing OBB files from owner.
|
|
|
|
ALOGD("Upgrading to shared /data/media/obb");
|
|
|
|
|
|
|
|
// /data/media/0/Android/obb
|
|
|
|
char owner_obb_path[PATH_MAX];
|
|
|
|
snprintf(owner_obb_path, PATH_MAX, "%s0/Android/obb", android_media_dir.path);
|
|
|
|
|
|
|
|
// Only move if target doesn't already exist
|
|
|
|
if (access(media_obb_dir, F_OK) != 0 && access(owner_obb_path, F_OK) == 0) {
|
|
|
|
if (rename(owner_obb_path, media_obb_dir) == -1) {
|
|
|
|
ALOGE("Failed to move OBB from owner: %s", strerror(errno));
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
version = 2;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (ensure_media_user_dirs(0) == -1) {
|
|
|
|
ALOGE("Failed to setup media for user 0");
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
if (fs_prepare_dir(media_obb_dir, 0770, AID_MEDIA_RW, AID_MEDIA_RW) == -1) {
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Persist layout version if changed
|
|
|
|
if (version != oldVersion) {
|
|
|
|
if (fs_write_atomic_int(version_path, version) == -1) {
|
|
|
|
ALOGE("Failed to save version to %s: %s", version_path, strerror(errno));
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Success!
|
|
|
|
res = 0;
|
|
|
|
|
|
|
|
fail:
|
|
|
|
free(user_data_dir);
|
|
|
|
free(legacy_data_dir);
|
|
|
|
free(primary_data_dir);
|
|
|
|
return res;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void drop_privileges() {
|
|
|
|
if (prctl(PR_SET_KEEPCAPS, 1) < 0) {
|
|
|
|
ALOGE("prctl(PR_SET_KEEPCAPS) failed: %s\n", strerror(errno));
|
|
|
|
exit(1);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (setgid(AID_INSTALL) < 0) {
|
|
|
|
ALOGE("setgid() can't drop privileges; exiting.\n");
|
|
|
|
exit(1);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (setuid(AID_INSTALL) < 0) {
|
|
|
|
ALOGE("setuid() can't drop privileges; exiting.\n");
|
|
|
|
exit(1);
|
|
|
|
}
|
|
|
|
|
|
|
|
struct __user_cap_header_struct capheader;
|
|
|
|
struct __user_cap_data_struct capdata[2];
|
|
|
|
memset(&capheader, 0, sizeof(capheader));
|
|
|
|
memset(&capdata, 0, sizeof(capdata));
|
|
|
|
capheader.version = _LINUX_CAPABILITY_VERSION_3;
|
|
|
|
capheader.pid = 0;
|
|
|
|
|
|
|
|
capdata[CAP_TO_INDEX(CAP_DAC_OVERRIDE)].permitted |= CAP_TO_MASK(CAP_DAC_OVERRIDE);
|
|
|
|
capdata[CAP_TO_INDEX(CAP_CHOWN)].permitted |= CAP_TO_MASK(CAP_CHOWN);
|
|
|
|
capdata[CAP_TO_INDEX(CAP_SETUID)].permitted |= CAP_TO_MASK(CAP_SETUID);
|
|
|
|
capdata[CAP_TO_INDEX(CAP_SETGID)].permitted |= CAP_TO_MASK(CAP_SETGID);
|
Runtime resource overlay, iteration 2
Support any number of overlay packages. Support any target package.
UPDATED PACKAGE MATCHING
------------------------
In Runtime resource overlay, iteration 1, only a single overlay package
was considered. Package matching was based on file paths:
/vendor/overlay/system/framework-res.apk corresponded to
/system/framework-res.apk. Introduce a more flexible matching scheme
where any package is an overlay package if its manifest includes
<overlay targetPackage="com.target.package"/>
For security reasons, an overlay package must fulfill certain criteria
to take effect: see below.
THE IDMAP TOOL AND IDMAP FILES
------------------------------
Idmap files are created by the 'idmap' binary; idmap files must be
present when loading packages. For the Android system, Zygote calls
'idmap' as part of the resource pre-loading. For application packages,
'idmap' is invoked via 'installd' during package installation (similar
to 'dexopt').
UPDATED FLOW
------------
The following is an outline of the start-up sequences for the Android
system and Android apps. Steps marked with '+' are introduced by this
commit.
Zygote initialization
Initial AssetManager object created
+ idmap --scan creates idmaps for overlays targeting 'android', \
stores list of overlays in /data/resource-cache/overlays.list
AssetManager caches framework-res.apk
+ AssetManager caches overlay packages listed in overlays.list
Android boot
New AssetManager's ResTable acquired
AssetManager re-uses cached framework-res.apk
+ AssetManager re-uses cached 'android' overlays (if any)
App boot
ActivityThread prepares AssetManager to load app.apk
+ ActivityThread prepares AssetManager to load app overlays (if any)
New AssetManager's ResTable acquired as per Android boot
SECURITY
--------
Overlay packages are required to be pre-loaded (in /vendor/overlay).
These packages are trusted by definition. A future iteration of runtime
resource overlay may add support for downloaded overlays, which would
likely require target and overlay signatures match for the overlay to
be trusted.
LOOKUP PRIORITY
---------------
During resource lookup, packages are sequentially queried to provide a
best match, given the constraints of the current configuration. If any
package provide a better match than what has been found so far, it
replaces the previous match. The target package is always queried last.
When loading a package with more than one overlay, the order in which
the overlays are added become significant if several packages overlay
the same resource.
Had downloaded overlays been supported, the install time could have been
used to determine the load order. Regardless, for pre-installed
overlays, the install time is randomly determined by the order in which
the Package Manager locates the packages during initial boot. To support
a well-defined order, pre-installed overlay packages are expected to
define an additional 'priority' attribute in their <overlay> tags:
<overlay targetPackage="com.target.package" priority="1234"/>
Pre-installed overlays are loaded in order of their priority attributes,
sorted in ascending order.
Assigning the same priority to several overlays targeting the same base
package leads to undefined behaviour. It is the responsibility of the
vendor to avoid this.
The following example shows the ResTable and PackageGroups after loading
an application and two overlays. The resource lookup framework will
query the packages in the order C, B, A.
+------+------+- -+------+------+
| 0x01 | | ... | | 0x7f |
+------+------+- -+------+------+
| |
"android" Target package A
|
Pre-installed overlay B (priority 1)
|
Pre-installed overlay C (priority 2)
Change-Id: If49c963149369b1957f7d2303b3dd27f669ed24e
2014-01-31 13:42:59 +00:00
|
|
|
capdata[CAP_TO_INDEX(CAP_FOWNER)].permitted |= CAP_TO_MASK(CAP_FOWNER);
|
2012-10-24 17:45:23 +00:00
|
|
|
|
|
|
|
capdata[0].effective = capdata[0].permitted;
|
|
|
|
capdata[1].effective = capdata[1].permitted;
|
|
|
|
capdata[0].inheritable = 0;
|
|
|
|
capdata[1].inheritable = 0;
|
|
|
|
|
|
|
|
if (capset(&capheader, &capdata[0]) < 0) {
|
|
|
|
ALOGE("capset failed: %s\n", strerror(errno));
|
|
|
|
exit(1);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2014-03-26 13:30:37 +00:00
|
|
|
static int log_callback(int type, const char *fmt, ...) {
|
|
|
|
va_list ap;
|
|
|
|
int priority;
|
|
|
|
|
|
|
|
switch (type) {
|
|
|
|
case SELINUX_WARNING:
|
|
|
|
priority = ANDROID_LOG_WARN;
|
|
|
|
break;
|
|
|
|
case SELINUX_INFO:
|
|
|
|
priority = ANDROID_LOG_INFO;
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
priority = ANDROID_LOG_ERROR;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
va_start(ap, fmt);
|
|
|
|
LOG_PRI_VA(priority, "SELinux", fmt, ap);
|
|
|
|
va_end(ap);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2012-10-24 17:45:23 +00:00
|
|
|
int main(const int argc, const char *argv[]) {
|
|
|
|
char buf[BUFFER_MAX];
|
|
|
|
struct sockaddr addr;
|
|
|
|
socklen_t alen;
|
|
|
|
int lsocket, s, count;
|
2013-04-16 16:16:50 +00:00
|
|
|
int selinux_enabled = (is_selinux_enabled() > 0);
|
2012-10-24 17:45:23 +00:00
|
|
|
|
|
|
|
ALOGI("installd firing up\n");
|
|
|
|
|
2014-03-26 13:30:37 +00:00
|
|
|
union selinux_callback cb;
|
|
|
|
cb.func_log = log_callback;
|
|
|
|
selinux_set_callback(SELINUX_CB_LOG, cb);
|
|
|
|
|
2012-10-24 17:45:23 +00:00
|
|
|
if (initialize_globals() < 0) {
|
|
|
|
ALOGE("Could not initialize globals; exiting.\n");
|
|
|
|
exit(1);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (initialize_directories() < 0) {
|
|
|
|
ALOGE("Could not create directories; exiting.\n");
|
|
|
|
exit(1);
|
|
|
|
}
|
|
|
|
|
2013-04-16 16:16:50 +00:00
|
|
|
if (selinux_enabled && selinux_status_open(true) < 0) {
|
|
|
|
ALOGE("Could not open selinux status; exiting.\n");
|
|
|
|
exit(1);
|
|
|
|
}
|
|
|
|
|
2012-10-24 17:45:23 +00:00
|
|
|
drop_privileges();
|
|
|
|
|
|
|
|
lsocket = android_get_control_socket(SOCKET_PATH);
|
|
|
|
if (lsocket < 0) {
|
|
|
|
ALOGE("Failed to get socket from environment: %s\n", strerror(errno));
|
|
|
|
exit(1);
|
|
|
|
}
|
|
|
|
if (listen(lsocket, 5)) {
|
|
|
|
ALOGE("Listen on socket failed: %s\n", strerror(errno));
|
|
|
|
exit(1);
|
|
|
|
}
|
|
|
|
fcntl(lsocket, F_SETFD, FD_CLOEXEC);
|
|
|
|
|
|
|
|
for (;;) {
|
|
|
|
alen = sizeof(addr);
|
|
|
|
s = accept(lsocket, &addr, &alen);
|
|
|
|
if (s < 0) {
|
|
|
|
ALOGE("Accept failed: %s\n", strerror(errno));
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
fcntl(s, F_SETFD, FD_CLOEXEC);
|
|
|
|
|
|
|
|
ALOGI("new connection\n");
|
|
|
|
for (;;) {
|
|
|
|
unsigned short count;
|
|
|
|
if (readx(s, &count, sizeof(count))) {
|
|
|
|
ALOGE("failed to read size\n");
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
if ((count < 1) || (count >= BUFFER_MAX)) {
|
|
|
|
ALOGE("invalid size %d\n", count);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
if (readx(s, buf, count)) {
|
|
|
|
ALOGE("failed to read command\n");
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
buf[count] = 0;
|
2013-04-16 16:16:50 +00:00
|
|
|
if (selinux_enabled && selinux_status_updated() > 0) {
|
|
|
|
selinux_android_seapp_context_reload();
|
|
|
|
}
|
2012-10-24 17:45:23 +00:00
|
|
|
if (execute(s, buf)) break;
|
|
|
|
}
|
|
|
|
ALOGI("closing connection\n");
|
|
|
|
close(s);
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|