11f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner/* 21f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner** 31f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner** Copyright 2010, The Android Open Source Project 41f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner** 51f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner** Licensed under the Apache License, Version 2.0 (the "License"); 61f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner** you may not use this file except in compliance with the License. 71f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner** You may obtain a copy of the License at 81f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner** 91f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner** http://www.apache.org/licenses/LICENSE-2.0 101f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner** 111f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner** Unless required by applicable law or agreed to in writing, software 121f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner** distributed under the License is distributed on an "AS IS" BASIS, 131f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 141f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner** See the License for the specific language governing permissions and 151f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner** limitations under the License. 161f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner*/ 171f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner#include <errno.h> 181f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner#include <fcntl.h> 191f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner#include <unistd.h> 201f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner#include <sys/stat.h> 211f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner#include <private/android_filesystem_config.h> 221f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner#include "package.h" 231f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 241f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner/* 251f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner * WARNING WARNING WARNING WARNING 261f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner * 271f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner * The following code runs as root on production devices, before 281f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner * the run-as command has dropped the uid/gid. Hence be very 291f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner * conservative and keep in mind the following: 301f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner * 311f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner * - Performance does not matter here, clarity and safety of the code 321f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner * does however. Documentation is a must. 331f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner * 341f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner * - Avoid calling C library functions with complex implementations 351f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner * like malloc() and printf(). You want to depend on simple system 361f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner * calls instead, which behaviour is not going to be altered in 371f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner * unpredictible ways by environment variables or system properties. 381f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner * 391f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner * - Do not trust user input and/or the filesystem whenever possible. 401f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner * 411f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner */ 421f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 431f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner/* The file containing the list of installed packages on the system */ 441f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner#define PACKAGES_LIST_FILE "/data/system/packages.list" 451f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 461f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner/* This should be large enough to hold the content of the package database file */ 471468cb540f5c257d32bde182ae8f0f522c582d07David 'Digit' Turner#define PACKAGES_LIST_BUFFER_SIZE 65536 481f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 491f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner/* Copy 'srclen' string bytes from 'src' into buffer 'dst' of size 'dstlen' 501f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner * This function always zero-terminate the destination buffer unless 511f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner * 'dstlen' is 0, even in case of overflow. 521f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner */ 531f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turnerstatic void 541f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turnerstring_copy(char* dst, size_t dstlen, const char* src, size_t srclen) 551f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner{ 561f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner const char* srcend = src + srclen; 571f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner const char* dstend = dst + dstlen; 581f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 591f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner if (dstlen == 0) 601f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner return; 611f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 621f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner dstend--; /* make room for terminating zero */ 631f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 641f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner while (dst < dstend && src < srcend && *src != '\0') 651f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner *dst++ = *src++; 661f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 671f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner *dst = '\0'; /* zero-terminate result */ 681f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner} 691f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 701f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner/* Read up to 'buffsize' bytes into 'buff' from the file 711f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner * named 'filename'. Return byte length on success, or -1 721f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner * on error. 731f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner */ 741f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turnerstatic int 751f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turnerread_file(const char* filename, char* buff, size_t buffsize) 761f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner{ 771f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner int fd, len, old_errno; 781f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 791f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner /* check the input buffer size */ 801f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner if (buffsize >= INT_MAX) { 811f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner errno = EINVAL; 821f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner return -1; 831f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner } 841f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 851f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner /* open the file for reading */ 861f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner do { 871f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner fd = open(filename, O_RDONLY); 881f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner } while (fd < 0 && errno == EINTR); 891f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 901f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner if (fd < 0) 911f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner return -1; 921f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 931f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner /* read the content */ 941f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner do { 951f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner len = read(fd, buff, buffsize); 961f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner } while (len < 0 && errno == EINTR); 971f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 981f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner /* close the file, preserve old errno for better diagnostics */ 991f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner old_errno = errno; 1001f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner close(fd); 1011f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner errno = old_errno; 1021f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 1031f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner return len; 1041f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner} 1051f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 1061f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner/* Check that a given directory: 1071f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner * - exists 1081f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner * - is owned by a given uid/gid 1091f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner * - is a real directory, not a symlink 1101f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner * - isn't readable or writable by others 1111f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner * 1121f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner * Return 0 on success, or -1 on error. 1131f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner * errno is set to EINVAL in case of failed check. 1141f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner */ 1151f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turnerstatic int 1161f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turnercheck_directory_ownership(const char* path, uid_t uid) 1171f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner{ 1181f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner int ret; 1191f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner struct stat st; 1201f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 1211f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner do { 1221f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner ret = lstat(path, &st); 1231f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner } while (ret < 0 && errno == EINTR); 1241f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 1251f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner if (ret < 0) 1261f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner return -1; 1271f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 1281f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner /* must be a real directory, not a symlink */ 1291f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner if (!S_ISDIR(st.st_mode)) 1301f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner goto BAD; 1311f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 1321f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner /* must be owned by specific uid/gid */ 1331f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner if (st.st_uid != uid || st.st_gid != uid) 1341f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner goto BAD; 1351f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 1361f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner /* must not be readable or writable by others */ 1371f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner if ((st.st_mode & (S_IROTH|S_IWOTH)) != 0) 1381f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner goto BAD; 1391f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 1401f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner /* everything ok */ 1411f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner return 0; 1421f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 1431f4d95296acf34a93128332441782a80c10845b4David 'Digit' TurnerBAD: 1441f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner errno = EINVAL; 1451f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner return -1; 1461f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner} 1471f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 1481f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner/* This function is used to check the data directory path for safety. 1491f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner * We check that every sub-directory is owned by the 'system' user 1501f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner * and exists and is not a symlink. We also check that the full directory 1511f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner * path is properly owned by the user ID. 1521f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner * 1531f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner * Return 0 on success, -1 on error. 1541f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner */ 1551f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turnerint 1561f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turnercheck_data_path(const char* dataPath, uid_t uid) 1571f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner{ 1581f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner int nn; 1591f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 1601f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner /* the path should be absolute */ 1611f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner if (dataPath[0] != '/') { 1621f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner errno = EINVAL; 1631f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner return -1; 1641f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner } 1651f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 1661f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner /* look for all sub-paths, we do that by finding 1671f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner * directory separators in the input path and 1681f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner * checking each sub-path independently 1691f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner */ 1701f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner for (nn = 1; dataPath[nn] != '\0'; nn++) 1711f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner { 1721f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner char subpath[PATH_MAX]; 1731f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 1741f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner /* skip non-separator characters */ 1751f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner if (dataPath[nn] != '/') 1761f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner continue; 1771f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 1781f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner /* handle trailing separator case */ 1791f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner if (dataPath[nn+1] == '\0') { 1801f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner break; 1811f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner } 1821f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 1831f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner /* found a separator, check that dataPath is not too long. */ 1841f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner if (nn >= (int)(sizeof subpath)) { 1851f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner errno = EINVAL; 1861f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner return -1; 1871f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner } 1881f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 1891f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner /* reject any '..' subpath */ 1901f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner if (nn >= 3 && 1911f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner dataPath[nn-3] == '/' && 1921f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner dataPath[nn-2] == '.' && 1931f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner dataPath[nn-1] == '.') { 1941f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner errno = EINVAL; 1951f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner return -1; 1961f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner } 1971f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 1981f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner /* copy to 'subpath', then check ownership */ 1991f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner memcpy(subpath, dataPath, nn); 2001f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner subpath[nn] = '\0'; 2011f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 2021f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner if (check_directory_ownership(subpath, AID_SYSTEM) < 0) 2031f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner return -1; 2041f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner } 2051f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 2061f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner /* All sub-paths were checked, now verify that the full data 2071f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner * directory is owned by the application uid 2081f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner */ 2091f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner if (check_directory_ownership(dataPath, uid) < 0) 2101f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner return -1; 2111f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 2121f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner /* all clear */ 2131f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner return 0; 2141f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner} 2151f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 2161f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner/* Return TRUE iff a character is a space or tab */ 2171f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turnerstatic inline int 2181f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turneris_space(char c) 2191f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner{ 2201f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner return (c == ' ' || c == '\t'); 2211f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner} 2221f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 2231f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner/* Skip any space or tab character from 'p' until 'end' is reached. 2241f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner * Return new position. 2251f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner */ 2261f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turnerstatic const char* 2271f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turnerskip_spaces(const char* p, const char* end) 2281f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner{ 2291f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner while (p < end && is_space(*p)) 2301f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner p++; 2311f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 2321f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner return p; 2331f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner} 2341f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 2351f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner/* Skip any non-space and non-tab character from 'p' until 'end'. 2361f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner * Return new position. 2371f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner */ 2381f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turnerstatic const char* 2391f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turnerskip_non_spaces(const char* p, const char* end) 2401f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner{ 2411f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner while (p < end && !is_space(*p)) 2421f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner p++; 2431f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 2441f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner return p; 2451f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner} 2461f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 2471f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner/* Find the first occurence of 'ch' between 'p' and 'end' 2481f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner * Return its position, or 'end' if none is found. 2491f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner */ 2501f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turnerstatic const char* 2511f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turnerfind_first(const char* p, const char* end, char ch) 2521f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner{ 2531f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner while (p < end && *p != ch) 2541f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner p++; 2551f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 2561f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner return p; 2571f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner} 2581f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 2591f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner/* Check that the non-space string starting at 'p' and eventually 2601f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner * ending at 'end' equals 'name'. Return new position (after name) 2611f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner * on success, or NULL on failure. 2621f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner * 2631f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner * This function fails is 'name' is NULL, empty or contains any space. 2641f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner */ 2651f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turnerstatic const char* 2661f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turnercompare_name(const char* p, const char* end, const char* name) 2671f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner{ 2681f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner /* 'name' must not be NULL or empty */ 2691f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner if (name == NULL || name[0] == '\0' || p == end) 2701f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner return NULL; 2711f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 2721f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner /* compare characters to those in 'name', excluding spaces */ 2731f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner while (*name) { 2741f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner /* note, we don't check for *p == '\0' since 2751f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner * it will be caught in the next conditional. 2761f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner */ 2771f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner if (p >= end || is_space(*p)) 2781f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner goto BAD; 2791f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 2801f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner if (*p != *name) 2811f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner goto BAD; 2821f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 2831f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner p++; 2841f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner name++; 2851f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner } 2861f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 2871f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner /* must be followed by end of line or space */ 2881f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner if (p < end && !is_space(*p)) 2891f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner goto BAD; 2901f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 2911f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner return p; 2921f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 2931f4d95296acf34a93128332441782a80c10845b4David 'Digit' TurnerBAD: 2941f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner return NULL; 2951f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner} 2961f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 2971f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner/* Parse one or more whitespace characters starting from '*pp' 2981f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner * until 'end' is reached. Updates '*pp' on exit. 2991f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner * 3001f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner * Return 0 on success, -1 on failure. 3011f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner */ 3021f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turnerstatic int 3031f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turnerparse_spaces(const char** pp, const char* end) 3041f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner{ 3051f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner const char* p = *pp; 3061f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 3071f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner if (p >= end || !is_space(*p)) { 3081f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner errno = EINVAL; 3091f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner return -1; 3101f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner } 3111f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner p = skip_spaces(p, end); 3121f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner *pp = p; 3131f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner return 0; 3141f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner} 3151f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 3161f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner/* Parse a positive decimal number starting from '*pp' until 'end' 3171f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner * is reached. Adjust '*pp' on exit. Return decimal value or -1 3181f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner * in case of error. 3191f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner * 3201f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner * If the value is larger than INT_MAX, -1 will be returned, 3211f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner * and errno set to EOVERFLOW. 3221f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner * 3231f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner * If '*pp' does not start with a decimal digit, -1 is returned 3241f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner * and errno set to EINVAL. 3251f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner */ 3261f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turnerstatic int 3271f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turnerparse_positive_decimal(const char** pp, const char* end) 3281f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner{ 3291f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner const char* p = *pp; 3301f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner int value = 0; 3311f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner int overflow = 0; 3321f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 3331f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner if (p >= end || *p < '0' || *p > '9') { 3341f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner errno = EINVAL; 3351f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner return -1; 3361f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner } 3371f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 3381f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner while (p < end) { 3391f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner int ch = *p; 3401f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner unsigned d = (unsigned)(ch - '0'); 3411f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner int val2; 3421f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 3431f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner if (d >= 10U) /* d is unsigned, no lower bound check */ 3441f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner break; 3451f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 3461f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner val2 = value*10 + (int)d; 3471f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner if (val2 < value) 3481f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner overflow = 1; 3491f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner value = val2; 3501f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner p++; 3511f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner } 3521f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner *pp = p; 3531f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 3541f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner if (overflow) { 3551f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner errno = EOVERFLOW; 3561f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner value = -1; 3571f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner } 3581f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner return value; 3591f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 3601f4d95296acf34a93128332441782a80c10845b4David 'Digit' TurnerBAD: 3611f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner *pp = p; 3621f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner return -1; 3631f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner} 3641f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 3651f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner/* Read the system's package database and extract information about 3661f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner * 'pkgname'. Return 0 in case of success, or -1 in case of error. 3671f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner * 3681f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner * If the package is unknown, return -1 and set errno to ENOENT 3691f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner * If the package database is corrupted, return -1 and set errno to EINVAL 3701f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner */ 3711f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turnerint 3721f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turnerget_package_info(const char* pkgName, PackageInfo *info) 3731f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner{ 3741f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner static char buffer[PACKAGES_LIST_BUFFER_SIZE]; 3751f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner int buffer_len; 3761f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner const char* p; 3771f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner const char* buffer_end; 3781f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner int result; 3791f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 3801f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner info->uid = 0; 3811f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner info->isDebuggable = 0; 3821f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner info->dataDir[0] = '\0'; 3831f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 3841f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner buffer_len = read_file(PACKAGES_LIST_FILE, buffer, sizeof buffer); 3851f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner if (buffer_len < 0) 3861f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner return -1; 3871f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 3881f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner p = buffer; 3891f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner buffer_end = buffer + buffer_len; 3901f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 3911f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner /* expect the following format on each line of the control file: 3921f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner * 3931f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner * <pkgName> <uid> <debugFlag> <dataDir> 3941f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner * 3951f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner * where: 3961f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner * <pkgName> is the package's name 3971f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner * <uid> is the application-specific user Id (decimal) 3981f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner * <debugFlag> is 1 if the package is debuggable, or 0 otherwise 3991f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner * <dataDir> is the path to the package's data directory (e.g. /data/data/com.example.foo) 4001f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner * 4011f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner * The file is generated in com.android.server.PackageManagerService.Settings.writeLP() 4021f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner */ 4031f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 4041f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner while (p < buffer_end) { 4051f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner /* find end of current line and start of next one */ 4061f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner const char* end = find_first(p, buffer_end, '\n'); 4071f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner const char* next = (end < buffer_end) ? end + 1 : buffer_end; 4081f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner const char* q; 4091f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner int uid, debugFlag; 4101f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 4111f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner /* first field is the package name */ 4121f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner p = compare_name(p, end, pkgName); 4131f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner if (p == NULL) 4141f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner goto NEXT_LINE; 4151f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 4161f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner /* skip spaces */ 4171f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner if (parse_spaces(&p, end) < 0) 4181f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner goto BAD_FORMAT; 4191f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 4201f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner /* second field is the pid */ 4211f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner uid = parse_positive_decimal(&p, end); 4221f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner if (uid < 0) 4231f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner return -1; 4241f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 4251f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner info->uid = (uid_t) uid; 4261f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 4271f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner /* skip spaces */ 4281f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner if (parse_spaces(&p, end) < 0) 4291f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner goto BAD_FORMAT; 4301f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 4311f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner /* third field is debug flag (0 or 1) */ 4321f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner debugFlag = parse_positive_decimal(&p, end); 4331f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner switch (debugFlag) { 4341f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner case 0: 4351f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner info->isDebuggable = 0; 4361f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner break; 4371f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner case 1: 4381f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner info->isDebuggable = 1; 4391f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner break; 4401f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner default: 4411f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner goto BAD_FORMAT; 4421f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner } 4431f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 4441f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner /* skip spaces */ 4451f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner if (parse_spaces(&p, end) < 0) 4461f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner goto BAD_FORMAT; 4471f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 4481f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner /* fourth field is data directory path and must not contain 4491f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner * spaces. 4501f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner */ 4511f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner q = skip_non_spaces(p, end); 4521f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner if (q == p) 4531f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner goto BAD_FORMAT; 4541f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 4551f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner string_copy(info->dataDir, sizeof info->dataDir, p, q - p); 4561f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 4571f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner /* Ignore the rest */ 4581f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner return 0; 4591f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 4601f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner NEXT_LINE: 4611f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner p = next; 4621f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner } 4631f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 4641f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner /* the package is unknown */ 4651f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner errno = ENOENT; 4661f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner return -1; 4671f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner 4681f4d95296acf34a93128332441782a80c10845b4David 'Digit' TurnerBAD_FORMAT: 4691f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner errno = EINVAL; 4701f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner return -1; 4711f4d95296acf34a93128332441782a80c10845b4David 'Digit' Turner} 472