commands.c revision a8529f68671a8a118751cb6ad577f44eaf076b96
1/* 2** Copyright 2008, The Android Open Source Project 3** 4** Licensed under the Apache License, Version 2.0 (the "License"); 5** you may not use this file except in compliance with the License. 6** You may obtain a copy of the License at 7** 8** http://www.apache.org/licenses/LICENSE-2.0 9** 10** Unless required by applicable law or agreed to in writing, software 11** distributed under the License is distributed on an "AS IS" BASIS, 12** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13** See the License for the specific language governing permissions and 14** limitations under the License. 15*/ 16 17#include "installd.h" 18 19int install(const char *pkgname, int encrypted_fs_flag, uid_t uid, gid_t gid) 20{ 21 char pkgdir[PKG_PATH_MAX]; 22 char libdir[PKG_PATH_MAX]; 23 24 if ((uid < AID_SYSTEM) || (gid < AID_SYSTEM)) { 25 LOGE("invalid uid/gid: %d %d\n", uid, gid); 26 return -1; 27 28 } 29 30 if (encrypted_fs_flag == USE_UNENCRYPTED_FS) { 31 if (create_pkg_path(pkgdir, PKG_DIR_PREFIX, pkgname, PKG_DIR_POSTFIX)) 32 return -1; 33 if (create_pkg_path(libdir, PKG_LIB_PREFIX, pkgname, PKG_LIB_POSTFIX)) 34 return -1; 35 } else { 36 if (create_pkg_path(pkgdir, PKG_SEC_DIR_PREFIX, pkgname, PKG_DIR_POSTFIX)) 37 return -1; 38 if (create_pkg_path(libdir, PKG_SEC_LIB_PREFIX, pkgname, PKG_LIB_POSTFIX)) 39 return -1; 40 } 41 42 if (mkdir(pkgdir, 0755) < 0) { 43 LOGE("cannot create dir '%s': %s\n", pkgdir, strerror(errno)); 44 return -errno; 45 } 46 if (chown(pkgdir, uid, gid) < 0) { 47 LOGE("cannot chown dir '%s': %s\n", pkgdir, strerror(errno)); 48 unlink(pkgdir); 49 return -errno; 50 } 51 if (mkdir(libdir, 0755) < 0) { 52 LOGE("cannot create dir '%s': %s\n", libdir, strerror(errno)); 53 unlink(pkgdir); 54 return -errno; 55 } 56 if (chown(libdir, AID_SYSTEM, AID_SYSTEM) < 0) { 57 LOGE("cannot chown dir '%s': %s\n", libdir, strerror(errno)); 58 unlink(libdir); 59 unlink(pkgdir); 60 return -errno; 61 } 62 return 0; 63} 64 65int uninstall(const char *pkgname, int encrypted_fs_flag) 66{ 67 char pkgdir[PKG_PATH_MAX]; 68 69 if (encrypted_fs_flag == USE_UNENCRYPTED_FS) { 70 if (create_pkg_path(pkgdir, PKG_DIR_PREFIX, pkgname, PKG_DIR_POSTFIX)) 71 return -1; 72 } else { 73 if (create_pkg_path(pkgdir, PKG_SEC_DIR_PREFIX, pkgname, PKG_DIR_POSTFIX)) 74 return -1; 75 } 76 77 /* delete contents AND directory, no exceptions */ 78 return delete_dir_contents(pkgdir, 1, 0); 79} 80 81int delete_user_data(const char *pkgname, int encrypted_fs_flag) 82{ 83 char pkgdir[PKG_PATH_MAX]; 84 85 if (encrypted_fs_flag == USE_UNENCRYPTED_FS) { 86 if (create_pkg_path(pkgdir, PKG_DIR_PREFIX, pkgname, PKG_DIR_POSTFIX)) 87 return -1; 88 } else { 89 if (create_pkg_path(pkgdir, PKG_SEC_DIR_PREFIX, pkgname, PKG_DIR_POSTFIX)) 90 return -1; 91 } 92 93 /* delete contents, excluding "lib", but not the directory itself */ 94 return delete_dir_contents(pkgdir, 0, "lib"); 95} 96 97int delete_cache(const char *pkgname, int encrypted_fs_flag) 98{ 99 char cachedir[PKG_PATH_MAX]; 100 101 if (encrypted_fs_flag == USE_UNENCRYPTED_FS) { 102 if (create_pkg_path(cachedir, CACHE_DIR_PREFIX, pkgname, CACHE_DIR_POSTFIX)) 103 return -1; 104 } else { 105 if (create_pkg_path(cachedir, CACHE_SEC_DIR_PREFIX, pkgname, CACHE_DIR_POSTFIX)) 106 return -1; 107 } 108 109 /* delete contents, not the directory, no exceptions */ 110 return delete_dir_contents(cachedir, 0, 0); 111} 112 113/* TODO(oam): depending on use case (ecryptfs or dmcrypt) 114 * change implementation 115 */ 116static int disk_free() 117{ 118 struct statfs sfs; 119 if (statfs(PKG_DIR_PREFIX, &sfs) == 0) { 120 return sfs.f_bavail * sfs.f_bsize; 121 } else { 122 return -1; 123 } 124} 125 126/* Try to ensure free_size bytes of storage are available. 127 * Returns 0 on success. 128 * This is rather simple-minded because doing a full LRU would 129 * be potentially memory-intensive, and without atime it would 130 * also require that apps constantly modify file metadata even 131 * when just reading from the cache, which is pretty awful. 132 */ 133int free_cache(int free_size) 134{ 135 const char *name; 136 int dfd, subfd; 137 DIR *d; 138 struct dirent *de; 139 int avail; 140 141 avail = disk_free(); 142 if (avail < 0) return -1; 143 144 LOGI("free_cache(%d) avail %d\n", free_size, avail); 145 if (avail >= free_size) return 0; 146 147 /* First try encrypted dir */ 148 d = opendir(PKG_SEC_DIR_PREFIX); 149 if (d == NULL) { 150 LOGE("cannot open %s\n", PKG_SEC_DIR_PREFIX); 151 } else { 152 dfd = dirfd(d); 153 154 while ((de = readdir(d))) { 155 if (de->d_type != DT_DIR) continue; 156 name = de->d_name; 157 158 /* always skip "." and ".." */ 159 if (name[0] == '.') { 160 if (name[1] == 0) continue; 161 if ((name[1] == '.') && (name[2] == 0)) continue; 162 } 163 164 subfd = openat(dfd, name, O_RDONLY | O_DIRECTORY); 165 if (subfd < 0) continue; 166 167 delete_dir_contents_fd(subfd, "cache"); 168 close(subfd); 169 170 avail = disk_free(); 171 if (avail >= free_size) { 172 closedir(d); 173 return 0; 174 } 175 } 176 closedir(d); 177 } 178 179 /* Next try unencrypted dir... */ 180 d = opendir(PKG_DIR_PREFIX); 181 if (d == NULL) { 182 LOGE("cannot open %s\n", PKG_DIR_PREFIX); 183 return -1; 184 } 185 dfd = dirfd(d); 186 187 while ((de = readdir(d))) { 188 if (de->d_type != DT_DIR) continue; 189 name = de->d_name; 190 191 /* always skip "." and ".." */ 192 if (name[0] == '.') { 193 if (name[1] == 0) continue; 194 if ((name[1] == '.') && (name[2] == 0)) continue; 195 } 196 197 subfd = openat(dfd, name, O_RDONLY | O_DIRECTORY); 198 if (subfd < 0) continue; 199 200 delete_dir_contents_fd(subfd, "cache"); 201 close(subfd); 202 203 avail = disk_free(); 204 if (avail >= free_size) { 205 closedir(d); 206 return 0; 207 } 208 } 209 closedir(d); 210 211 /* Fail case - not possible to free space */ 212 return -1; 213} 214 215/* used by move_dex, rm_dex, etc to ensure that the provided paths 216 * don't point anywhere other than at the APK_DIR_PREFIX 217 */ 218static int is_valid_apk_path(const char *path) 219{ 220 int len = strlen(APK_DIR_PREFIX); 221 if (strncmp(path, APK_DIR_PREFIX, len)) { 222 len = strlen(PROTECTED_DIR_PREFIX); 223 if (strncmp(path, PROTECTED_DIR_PREFIX, len)) { 224 LOGE("invalid apk path '%s' (bad prefix)\n", path); 225 return 0; 226 } 227 } 228 if (strchr(path + len, '/')) { 229 LOGE("invalid apk path '%s' (subdir?)\n", path); 230 return 0; 231 } 232 if (path[len] == '.') { 233 LOGE("invalid apk path '%s' (trickery)\n", path); 234 return 0; 235 } 236 return 1; 237} 238 239int move_dex(const char *src, const char *dst) 240{ 241 char src_dex[PKG_PATH_MAX]; 242 char dst_dex[PKG_PATH_MAX]; 243 244 if (!is_valid_apk_path(src)) return -1; 245 if (!is_valid_apk_path(dst)) return -1; 246 247 if (create_cache_path(src_dex, src)) return -1; 248 if (create_cache_path(dst_dex, dst)) return -1; 249 250 LOGI("move %s -> %s\n", src_dex, dst_dex); 251 if (rename(src_dex, dst_dex) < 0) { 252 return -1; 253 } else { 254 return 0; 255 } 256} 257 258int rm_dex(const char *path) 259{ 260 char dex_path[PKG_PATH_MAX]; 261 262 if (!is_valid_apk_path(path)) return -1; 263 if (create_cache_path(dex_path, path)) return -1; 264 265 LOGI("unlink %s\n", dex_path); 266 if (unlink(dex_path) < 0) { 267 return -1; 268 } else { 269 return 0; 270 } 271} 272 273int protect(char *pkgname, gid_t gid) 274{ 275 struct stat s; 276 char pkgpath[PKG_PATH_MAX]; 277 278 if (gid < AID_SYSTEM) return -1; 279 280 if (create_pkg_path(pkgpath, PROTECTED_DIR_PREFIX, pkgname, ".apk")) 281 return -1; 282 283 if (stat(pkgpath, &s) < 0) return -1; 284 285 if (chown(pkgpath, s.st_uid, gid) < 0) { 286 LOGE("failed to chgrp '%s': %s\n", pkgpath, strerror(errno)); 287 return -1; 288 } 289 290 if (chmod(pkgpath, S_IRUSR|S_IWUSR|S_IRGRP) < 0) { 291 LOGE("failed to chmod '%s': %s\n", pkgpath, strerror(errno)); 292 return -1; 293 } 294 295 return 0; 296} 297 298static int stat_size(struct stat *s) 299{ 300 int blksize = s->st_blksize; 301 int size = s->st_size; 302 303 if (blksize) { 304 /* round up to filesystem block size */ 305 size = (size + blksize - 1) & (~(blksize - 1)); 306 } 307 308 return size; 309} 310 311static int calculate_dir_size(int dfd) 312{ 313 int size = 0; 314 struct stat s; 315 DIR *d; 316 struct dirent *de; 317 318 d = fdopendir(dfd); 319 if (d == NULL) { 320 close(dfd); 321 return 0; 322 } 323 324 while ((de = readdir(d))) { 325 const char *name = de->d_name; 326 if (de->d_type == DT_DIR) { 327 int subfd; 328 /* always skip "." and ".." */ 329 if (name[0] == '.') { 330 if (name[1] == 0) continue; 331 if ((name[1] == '.') && (name[2] == 0)) continue; 332 } 333 subfd = openat(dfd, name, O_RDONLY | O_DIRECTORY); 334 if (subfd >= 0) { 335 size += calculate_dir_size(subfd); 336 } 337 } else { 338 if (fstatat(dfd, name, &s, AT_SYMLINK_NOFOLLOW) == 0) { 339 size += stat_size(&s); 340 } 341 } 342 } 343 closedir(d); 344 return size; 345} 346 347int get_size(const char *pkgname, const char *apkpath, 348 const char *fwdlock_apkpath, 349 int *_codesize, int *_datasize, int *_cachesize, int encrypted_fs_flag) 350{ 351 DIR *d; 352 int dfd; 353 struct dirent *de; 354 struct stat s; 355 char path[PKG_PATH_MAX]; 356 357 int codesize = 0; 358 int datasize = 0; 359 int cachesize = 0; 360 361 /* count the source apk as code -- but only if it's not 362 * on the /system partition 363 */ 364 if (strncmp(apkpath, "/system", 7) != 0) { 365 if (stat(apkpath, &s) == 0) { 366 codesize += stat_size(&s); 367 } 368 } 369 /* count the forward locked apk as code if it is given 370 */ 371 if (fwdlock_apkpath != NULL && fwdlock_apkpath[0] != '!') { 372 if (stat(fwdlock_apkpath, &s) == 0) { 373 codesize += stat_size(&s); 374 } 375 } 376 377 378 /* count the cached dexfile as code */ 379 if (!create_cache_path(path, apkpath)) { 380 if (stat(path, &s) == 0) { 381 codesize += stat_size(&s); 382 } 383 } 384 385 if (encrypted_fs_flag == 0) { 386 if (create_pkg_path(path, PKG_DIR_PREFIX, pkgname, PKG_DIR_POSTFIX)) { 387 goto done; 388 } 389 } else { 390 if (create_pkg_path(path, PKG_SEC_DIR_PREFIX, pkgname, PKG_DIR_POSTFIX)) { 391 goto done; 392 } 393 } 394 395 d = opendir(path); 396 if (d == NULL) { 397 goto done; 398 } 399 dfd = dirfd(d); 400 401 /* most stuff in the pkgdir is data, except for the "cache" 402 * directory and below, which is cache, and the "lib" directory 403 * and below, which is code... 404 */ 405 while ((de = readdir(d))) { 406 const char *name = de->d_name; 407 408 if (de->d_type == DT_DIR) { 409 int subfd; 410 /* always skip "." and ".." */ 411 if (name[0] == '.') { 412 if (name[1] == 0) continue; 413 if ((name[1] == '.') && (name[2] == 0)) continue; 414 } 415 subfd = openat(dfd, name, O_RDONLY | O_DIRECTORY); 416 if (subfd >= 0) { 417 int size = calculate_dir_size(subfd); 418 if (!strcmp(name,"lib")) { 419 codesize += size; 420 } else if(!strcmp(name,"cache")) { 421 cachesize += size; 422 } else { 423 datasize += size; 424 } 425 } 426 } else { 427 if (fstatat(dfd, name, &s, AT_SYMLINK_NOFOLLOW) == 0) { 428 datasize += stat_size(&s); 429 } 430 } 431 } 432 closedir(d); 433done: 434 *_codesize = codesize; 435 *_datasize = datasize; 436 *_cachesize = cachesize; 437 return 0; 438} 439 440 441/* a simpler version of dexOptGenerateCacheFileName() */ 442int create_cache_path(char path[PKG_PATH_MAX], const char *src) 443{ 444 char *tmp; 445 int srclen; 446 int dstlen; 447 448 srclen = strlen(src); 449 450 /* demand that we are an absolute path */ 451 if ((src == 0) || (src[0] != '/') || strstr(src,"..")) { 452 return -1; 453 } 454 455 if (srclen > PKG_PATH_MAX) { // XXX: PKG_NAME_MAX? 456 return -1; 457 } 458 459 dstlen = srclen + strlen(DALVIK_CACHE_PREFIX) + 460 strlen(DALVIK_CACHE_POSTFIX) + 1; 461 462 if (dstlen > PKG_PATH_MAX) { 463 return -1; 464 } 465 466 sprintf(path,"%s%s%s", 467 DALVIK_CACHE_PREFIX, 468 src + 1, /* skip the leading / */ 469 DALVIK_CACHE_POSTFIX); 470 471 for(tmp = path + strlen(DALVIK_CACHE_PREFIX); *tmp; tmp++) { 472 if (*tmp == '/') { 473 *tmp = '@'; 474 } 475 } 476 477 return 0; 478} 479 480static void run_dexopt(int zip_fd, int odex_fd, const char* input_file_name, 481 const char* dexopt_flags) 482{ 483 static const char* DEX_OPT_BIN = "/system/bin/dexopt"; 484 static const int MAX_INT_LEN = 12; // '-'+10dig+'\0' -OR- 0x+8dig 485 char zip_num[MAX_INT_LEN]; 486 char odex_num[MAX_INT_LEN]; 487 488 sprintf(zip_num, "%d", zip_fd); 489 sprintf(odex_num, "%d", odex_fd); 490 491 execl(DEX_OPT_BIN, DEX_OPT_BIN, "--zip", zip_num, odex_num, input_file_name, 492 dexopt_flags, (char*) NULL); 493 LOGE("execl(%s) failed: %s\n", DEX_OPT_BIN, strerror(errno)); 494} 495 496static int wait_dexopt(pid_t pid, const char* apk_path) 497{ 498 int status; 499 pid_t got_pid; 500 501 /* 502 * Wait for the optimization process to finish. 503 */ 504 while (1) { 505 got_pid = waitpid(pid, &status, 0); 506 if (got_pid == -1 && errno == EINTR) { 507 printf("waitpid interrupted, retrying\n"); 508 } else { 509 break; 510 } 511 } 512 if (got_pid != pid) { 513 LOGW("waitpid failed: wanted %d, got %d: %s\n", 514 (int) pid, (int) got_pid, strerror(errno)); 515 return 1; 516 } 517 518 if (WIFEXITED(status) && WEXITSTATUS(status) == 0) { 519 LOGD("DexInv: --- END '%s' (success) ---\n", apk_path); 520 return 0; 521 } else { 522 LOGW("DexInv: --- END '%s' --- status=0x%04x, process failed\n", 523 apk_path, status); 524 return status; /* always nonzero */ 525 } 526} 527 528int dexopt(const char *apk_path, uid_t uid, int is_public) 529{ 530 struct utimbuf ut; 531 struct stat apk_stat, dex_stat; 532 char dex_path[PKG_PATH_MAX]; 533 char dexopt_flags[PROPERTY_VALUE_MAX]; 534 char *end; 535 int res, zip_fd=-1, odex_fd=-1; 536 537 /* Before anything else: is there a .odex file? If so, we have 538 * pre-optimized the apk and there is nothing to do here. 539 */ 540 if (strlen(apk_path) >= (PKG_PATH_MAX - 8)) { 541 return -1; 542 } 543 544 /* platform-specific flags affecting optimization and verification */ 545 property_get("dalvik.vm.dexopt-flags", dexopt_flags, ""); 546 547 strcpy(dex_path, apk_path); 548 end = strrchr(dex_path, '.'); 549 if (end != NULL) { 550 strcpy(end, ".odex"); 551 if (stat(dex_path, &dex_stat) == 0) { 552 return 0; 553 } 554 } 555 556 if (create_cache_path(dex_path, apk_path)) { 557 return -1; 558 } 559 560 memset(&apk_stat, 0, sizeof(apk_stat)); 561 stat(apk_path, &apk_stat); 562 563 zip_fd = open(apk_path, O_RDONLY, 0); 564 if (zip_fd < 0) { 565 LOGE("dexopt cannot open '%s' for input\n", apk_path); 566 return -1; 567 } 568 569 unlink(dex_path); 570 odex_fd = open(dex_path, O_RDWR | O_CREAT | O_EXCL, 0644); 571 if (odex_fd < 0) { 572 LOGE("dexopt cannot open '%s' for output\n", dex_path); 573 goto fail; 574 } 575 if (fchown(odex_fd, AID_SYSTEM, uid) < 0) { 576 LOGE("dexopt cannot chown '%s'\n", dex_path); 577 goto fail; 578 } 579 if (fchmod(odex_fd, 580 S_IRUSR|S_IWUSR|S_IRGRP | 581 (is_public ? S_IROTH : 0)) < 0) { 582 LOGE("dexopt cannot chmod '%s'\n", dex_path); 583 goto fail; 584 } 585 586 LOGD("DexInv: --- BEGIN '%s' ---\n", apk_path); 587 588 pid_t pid; 589 pid = fork(); 590 if (pid == 0) { 591 /* child -- drop privileges before continuing */ 592 if (setgid(uid) != 0) { 593 LOGE("setgid(%d) failed during dexopt\n", uid); 594 exit(64); 595 } 596 if (setuid(uid) != 0) { 597 LOGE("setuid(%d) during dexopt\n", uid); 598 exit(65); 599 } 600 if (flock(odex_fd, LOCK_EX | LOCK_NB) != 0) { 601 LOGE("flock(%s) failed: %s\n", dex_path, strerror(errno)); 602 exit(66); 603 } 604 605 run_dexopt(zip_fd, odex_fd, apk_path, dexopt_flags); 606 exit(67); /* only get here on exec failure */ 607 } else { 608 res = wait_dexopt(pid, apk_path); 609 if (res != 0) { 610 LOGE("dexopt failed on '%s' res = %d\n", dex_path, res); 611 goto fail; 612 } 613 } 614 615 ut.actime = apk_stat.st_atime; 616 ut.modtime = apk_stat.st_mtime; 617 utime(dex_path, &ut); 618 619 close(odex_fd); 620 close(zip_fd); 621 return 0; 622 623fail: 624 if (odex_fd >= 0) { 625 close(odex_fd); 626 unlink(dex_path); 627 } 628 if (zip_fd >= 0) { 629 close(zip_fd); 630 } 631 return -1; 632} 633